Feb 22 CVE-2006-6456 MS Word Taiwan 2010 from diguapinggao@gmail.com Febr 22, 2010 4:17 AM

• CVE-2006-6456 Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.

This is an old exploit targeting systems that have been unpatched for a long time. It appears that the document was created using 2007最新DOC捆绑器 (thanks to zha0 for helping translate and spell the tool name). The tool can be easily found online and is designed to exploit CVE-2006-6456 / MS07-014 vulnerabitly. According to the Symantec post describing this tool in April 2007, shellcode in documents generated by the tool usually starts at offset 0x16730, which seems to be our case too. The exploit will not work on Office 2003 SP3 and earlier versions with MS Update kb 929434 (MS07-014).

Update March 3, 2010 - Abhishek Lyall kindly provided additional details about the sample
"The "taskmgr.exe" embedded from offset 0x24E00. The exe is XOR'ed with 64 bit key 0xCA5039AF00000000. If you  XOR the file again with same key you'll find the exe headers at offset 0x24E00." Please see his screenshot below


 
Download  the following files as a password protected archive. (Please contact me if you need the password)

• Details 9ef09819aa5d552ecb15067a14a33152 - Taiwan 2010.doc

├───analysis files (by Tom - see below)
│ exe (taskmgr.ex   441D239744D05B861202E3E25A2AF0CD 32,768 bytes; taskmgr.idb)
│ shell  (shel1.bin; shel1.idb; shel2.bin; shel2.idb)
├───collected
│ 1.tmp                   441D239744D05B861202E3E25A2AF0CD 32,768 bytes
│ Taiwan 2010.doc 85AF26A74E548B56ADEA933CFB878520 52,224 bytes
│ taskmgr.exe          441D239744D05B861202E3E25A2AF0CD 32,768 bytes
└───original doc
   Taiwan 2010.doc  9EF09819AA5D552ECB15067A14A33152 183,808 bytes

From: 孙丰 [mailto:diguapinggao@gmail.com]
Sent: Monday, February 22, 2010 4:17 AM
To: diguapinggao@gmail.com
Subject: Taiwan 2010

Virustotal
http://www.virustotal.com/analisis/0f57baeb3070bf7a806f004ab61243aaf1b16f328e0c5f96d0c9128294d95b2c-1266926867
File Taiwan_2010.doc received on 2010.02.23 12:07:47 (UTC)
Result: 8/41 (19.52%)
Authentium    5.2.0.5    2010.02.23    MSWord/Dropper.B!Camelot
Avast    4.8.1351.0    2010.02.23    MPPT97:ShellCode-A
Fortinet    4.0.14.0    2010.02.21    MSWord/Agent.Y!exploit
GData    19    2010.02.23    MPPT97:ShellCode-A
Jiangmin    13.0.900    2010.02.23    Exploit.MSWord.b
McAfee-GW-Edition    6.8.5    2010.02.23    Heuristic.BehavesLike.Exploit.OLE2.CodeExec.EBKP
Panda    10.0.2.2    2010.02.22    Trj/1Table.C
Sophos    4.50.0    2010.02.23    Troj/MalDoc-Fam
File size: 183808 bytes
MD5...: 9ef09819aa5d552ecb15067a14a33152

OfficeMalScanner results

+------------------------------------------+ | OfficeMalScanner v0.51 | | Frank Boldewin / www.reconstructer.org | +------------------------------------------+ [*] SCAN mode selected [*] Filesize is 183808 (0x2ce00) Bytes [*] Ms Office OLE2 Compound Format document detected [*] Scanning now... FS:[00h] signature found at offset: 0x19388 64A100000000 mov eax, fs:[00h] 50 push eax 64892500000000 mov fs:[00000000h], esp 83EC10 sub esp, 00000010h 53 push ebx 56 push esi 57 push edi 8965E8 mov [ebp-18h], esp FF1518504000 call [00405018h] 33D2 xor edx, edx 8AD4 mov dl, ah 89151C7B4000 mov [00407B1Ch], edx 8BC8 mov ecx, eax 81E1FF000000 and ecx, 000000FFh 890D187B4000 mov [00407B18h], ecx C1E108 shl ecx, 08h -------------------------------------------------------------------------- FS:[00h] signature found at offset: 0x1a1f4 648B0D00000000 mov ecx, fs:[00000000h] 817904681F4000 cmp [ecx+04h], 00401F68h 7510 jnz $+12h 8B510C mov edx, [ecx+0Ch] 8B520C mov edx, [edx+0Ch] 395108 cmp [ecx+08h], edx 7505 jnz $+07h B801000000 mov eax, 00000001h C3 ret 53 push ebx 51 push ecx BB54754000 mov ebx, 00407554h EB0A jmp $+0Ch 53 push ebx 51 push ecx BB54754000 mov ebx, 00407554h -------------------------------------------------------------------------- FS:[00h] signature found at offset: 0x1c72a 64A100000000 mov eax, fs:[00h] 50 push eax 64892500000000 mov fs:[00000000h], esp 83EC1C sub esp, 0000001Ch 53 push ebx 56 push esi 57 push edi 8965E8 mov [ebp-18h], esp 33FF xor edi, edi 393DA47C4000 cmp [00407CA4h], edi 7546 jnz $+48h 57 push edi 57 push edi 6A01 push 00000001h 5B pop ebx 53 push ebx -------------------------------------------------------------------------- FS:[00h] signature found at offset: 0x1c979 64A100000000 mov eax, fs:[00h] 50 push eax 64892500000000 mov fs:[00000000h], esp 83EC18 sub esp, 00000018h 53 push ebx 56 push esi 57 push edi 8965E8 mov [ebp-18h], esp A1A87C4000 mov eax, [407CA8h] 33DB xor ebx, ebx 3BC3 cmp eax, ebx 753E jnz $+40h 8D45E4 lea eax, [ebp-1Ch] 50 push eax 6A01 push 00000001h 5E pop esi -------------------------------------------------------------------------- API-Name CreateFile string found at offset: 0x1d97e [ PE-File - 256 bytes ] 43 72 65 61 74 65 46 69 6c 65 41 00 bf 00 47 65 | CreateFileA...Ge 74 43 50 49 6e 66 6f 00 b9 00 47 65 74 41 43 50 | tCPInfo...GetACP 00 00 31 01 47 65 74 4f 45 4d 43 50 00 00 3e 01 | ..1.GetOEMCP..>. 47 65 74 50 72 6f 63 41 64 64 72 65 73 73 00 00 | GetProcAddress.. c2 01 4c 6f 61 64 4c 69 62 72 61 72 79 41 00 00 | ..LoadLibraryA.. 6a 02 53 65 74 46 69 6c 65 50 6f 69 6e 74 65 72 | j.SetFilePointer 00 00 61 02 53 65 74 45 6e 64 4f 66 46 69 6c 65 | ..a.SetEndOfFile 00 00 18 02 52 65 61 64 46 69 6c 65 00 00 e4 01 | ....ReadFile.... 4d 75 6c 74 69 42 79 74 65 54 6f 57 69 64 65 43 | MultiByteToWideC 68 61 72 00 bf 01 4c 43 4d 61 70 53 74 72 69 6e | har...LCMapStrin 67 41 00 00 c0 01 4c 43 4d 61 70 53 74 72 69 6e | gA....LCMapStrin 67 57 00 00 53 01 47 65 74 53 74 72 69 6e 67 54 | gW..S.GetStringT 79 70 65 41 00 00 56 01 47 65 74 53 74 72 69 6e | ypeA..V.GetStrin 67 54 79 70 65 57 00 00 00 00 00 00 00 00 00 00 | gTypeW.......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -------------------------------------------------------------------------- API-Name CloseHandle string found at offset: 0x1d7c8 [ PE-File - 256 bytes ] 43 6c 6f 73 65 48 61 6e 64 6c 65 00 9e 02 54 65 | CloseHandle...Te 72 6d 69 6e 61 74 65 50 72 6f 63 65 73 73 00 00 | rminateProcess.. f7 00 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 | ..GetCurrentProc 65 73 73 00 ad 02 55 6e 68 61 6e 64 6c 65 64 45 | ess...UnhandledE 78 63 65 70 74 69 6f 6e 46 69 6c 74 65 72 00 00 | xceptionFilter.. 24 01 47 65 74 4d 6f 64 75 6c 65 46 69 6c 65 4e | $.GetModuleFileN 61 6d 65 41 00 00 b2 00 46 72 65 65 45 6e 76 69 | ameA....FreeEnvi 72 6f 6e 6d 65 6e 74 53 74 72 69 6e 67 73 41 00 | ronmentStringsA. b3 00 46 72 65 65 45 6e 76 69 72 6f 6e 6d 65 6e | ..FreeEnvironmen 74 53 74 72 69 6e 67 73 57 00 d2 02 57 69 64 65 | tStringsW...Wide 43 68 61 72 54 6f 4d 75 6c 74 69 42 79 74 65 00 | CharToMultiByte. 06 01 47 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 | ..GetEnvironment 53 74 72 69 6e 67 73 00 08 01 47 65 74 45 6e 76 | Strings...GetEnv 69 72 6f 6e 6d 65 6e 74 53 74 72 69 6e 67 73 57 | ironmentStringsW 00 00 6d 02 53 65 74 48 61 6e 64 6c 65 43 6f 75 | ..m.SetHandleCou 6e 74 00 00 52 01 47 65 74 53 74 64 48 61 6e 64 | nt..R.GetStdHand -------------------------------------------------------------------------- API-Name ReadFile string found at offset: 0x1d9f2 [ PE-File - 256 bytes ] 52 65 61 64 46 69 6c 65 00 00 e4 01 4d 75 6c 74 | ReadFile....Mult 69 42 79 74 65 54 6f 57 69 64 65 43 68 61 72 00 | iByteToWideChar. bf 01 4c 43 4d 61 70 53 74 72 69 6e 67 41 00 00 | ..LCMapStringA.. c0 01 4c 43 4d 61 70 53 74 72 69 6e 67 57 00 00 | ..LCMapStringW.. 53 01 47 65 74 53 74 72 69 6e 67 54 79 70 65 41 | S.GetStringTypeA 00 00 56 01 47 65 74 53 74 72 69 6e 67 54 79 70 | ..V.GetStringTyp 65 57 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | eW.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -------------------------------------------------------------------------- API-Name WriteFile string found at offset: 0x1d924 [ PE-File - 256 bytes ] 57 72 69 74 65 46 69 6c 65 00 99 01 48 65 61 70 | WriteFile...Heap 41 6c 6c 6f 63 00 bb 02 56 69 72 74 75 61 6c 41 | Alloc...VirtualA 6c 6c 6f 63 00 00 a2 01 48 65 61 70 52 65 41 6c | lloc....HeapReAl 6c 6f 63 00 7c 02 53 65 74 53 74 64 48 61 6e 64 | loc.|.SetStdHand 6c 65 00 00 aa 00 46 6c 75 73 68 46 69 6c 65 42 | le....FlushFileB 75 66 66 65 72 73 00 00 34 00 43 72 65 61 74 65 | uffers..4.Create 46 69 6c 65 41 00 bf 00 47 65 74 43 50 49 6e 66 | FileA...GetCPInf 6f 00 b9 00 47 65 74 41 43 50 00 00 31 01 47 65 | o...GetACP..1.Ge 74 4f 45 4d 43 50 00 00 3e 01 47 65 74 50 72 6f | tOEMCP..>.GetPro 63 41 64 64 72 65 73 73 00 00 c2 01 4c 6f 61 64 | cAddress....Load 4c 69 62 72 61 72 79 41 00 00 6a 02 53 65 74 46 | LibraryA..j.SetF 69 6c 65 50 6f 69 6e 74 65 72 00 00 61 02 53 65 | ilePointer..a.Se 74 45 6e 64 4f 66 46 69 6c 65 00 00 18 02 52 65 | tEndOfFile....Re 61 64 46 69 6c 65 00 00 e4 01 4d 75 6c 74 69 42 | adFile....MultiB 79 74 65 54 6f 57 69 64 65 43 68 61 72 00 bf 01 | yteToWideChar... 4c 43 4d 61 70 53 74 72 69 6e 67 41 00 00 c0 01 | LCMapStringA.... -------------------------------------------------------------------------- API-Name SetFilePointer string found at offset: 0x1d9d0 [ PE-File - 256 bytes ] 53 65 74 46 69 6c 65 50 6f 69 6e 74 65 72 00 00 | SetFilePointer.. 61 02 53 65 74 45 6e 64 4f 66 46 69 6c 65 00 00 | a.SetEndOfFile.. 18 02 52 65 61 64 46 69 6c 65 00 00 e4 01 4d 75 | ..ReadFile....Mu 6c 74 69 42 79 74 65 54 6f 57 69 64 65 43 68 61 | ltiByteToWideCha 72 00 bf 01 4c 43 4d 61 70 53 74 72 69 6e 67 41 | r...LCMapStringA 00 00 c0 01 4c 43 4d 61 70 53 74 72 69 6e 67 57 | ....LCMapStringW 00 00 53 01 47 65 74 53 74 72 69 6e 67 54 79 70 | ..S.GetStringTyp 65 41 00 00 56 01 47 65 74 53 74 72 69 6e 67 54 | eA..V.GetStringT 79 70 65 57 00 00 00 00 00 00 00 00 00 00 00 00 | ypeW............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -------------------------------------------------------------------------- API-Name VirtualAlloc string found at offset: 0x1d93c [ PE-File - 256 bytes ] 56 69 72 74 75 61 6c 41 6c 6c 6f 63 00 00 a2 01 | VirtualAlloc.... 48 65 61 70 52 65 41 6c 6c 6f 63 00 7c 02 53 65 | HeapReAlloc.|.Se 74 53 74 64 48 61 6e 64 6c 65 00 00 aa 00 46 6c | tStdHandle....Fl 75 73 68 46 69 6c 65 42 75 66 66 65 72 73 00 00 | ushFileBuffers.. 34 00 43 72 65 61 74 65 46 69 6c 65 41 00 bf 00 | 4.CreateFileA... 47 65 74 43 50 49 6e 66 6f 00 b9 00 47 65 74 41 | GetCPInfo...GetA 43 50 00 00 31 01 47 65 74 4f 45 4d 43 50 00 00 | CP..1.GetOEMCP.. 3e 01 47 65 74 50 72 6f 63 41 64 64 72 65 73 73 | >.GetProcAddress 00 00 c2 01 4c 6f 61 64 4c 69 62 72 61 72 79 41 | ....LoadLibraryA 00 00 6a 02 53 65 74 46 69 6c 65 50 6f 69 6e 74 | ..j.SetFilePoint 65 72 00 00 61 02 53 65 74 45 6e 64 4f 66 46 69 | er..a.SetEndOfFi 6c 65 00 00 18 02 52 65 61 64 46 69 6c 65 00 00 | le....ReadFile.. e4 01 4d 75 6c 74 69 42 79 74 65 54 6f 57 69 64 | ..MultiByteToWid 65 43 68 61 72 00 bf 01 4c 43 4d 61 70 53 74 72 | eChar...LCMapStr 69 6e 67 41 00 00 c0 01 4c 43 4d 61 70 53 74 72 | ingA....LCMapStr 69 6e 67 57 00 00 53 01 47 65 74 53 74 72 69 6e | ingW..S.GetStrin -------------------------------------------------------------------------- API-Name GetProcAddr string found at offset: 0x1d9ae [ PE-File - 256 bytes ] 47 65 74 50 72 6f 63 41 64 64 72 65 73 73 00 00 | GetProcAddress.. c2 01 4c 6f 61 64 4c 69 62 72 61 72 79 41 00 00 | ..LoadLibraryA.. 6a 02 53 65 74 46 69 6c 65 50 6f 69 6e 74 65 72 | j.SetFilePointer 00 00 61 02 53 65 74 45 6e 64 4f 66 46 69 6c 65 | ..a.SetEndOfFile 00 00 18 02 52 65 61 64 46 69 6c 65 00 00 e4 01 | ....ReadFile.... 4d 75 6c 74 69 42 79 74 65 54 6f 57 69 64 65 43 | MultiByteToWideC 68 61 72 00 bf 01 4c 43 4d 61 70 53 74 72 69 6e | har...LCMapStrin 67 41 00 00 c0 01 4c 43 4d 61 70 53 74 72 69 6e | gA....LCMapStrin 67 57 00 00 53 01 47 65 74 53 74 72 69 6e 67 54 | gW..S.GetStringT 79 70 65 41 00 00 56 01 47 65 74 53 74 72 69 6e | ypeA..V.GetStrin 67 54 79 70 65 57 00 00 00 00 00 00 00 00 00 00 | gTypeW.......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -------------------------------------------------------------------------- API-Name LoadLibrary string found at offset: 0x1d9c0 [ PE-File - 256 bytes ] 4c 6f 61 64 4c 69 62 72 61 72 79 41 00 00 6a 02 | LoadLibraryA..j. 53 65 74 46 69 6c 65 50 6f 69 6e 74 65 72 00 00 | SetFilePointer.. 61 02 53 65 74 45 6e 64 4f 66 46 69 6c 65 00 00 | a.SetEndOfFile.. 18 02 52 65 61 64 46 69 6c 65 00 00 e4 01 4d 75 | ..ReadFile....Mu 6c 74 69 42 79 74 65 54 6f 57 69 64 65 43 68 61 | ltiByteToWideCha 72 00 bf 01 4c 43 4d 61 70 53 74 72 69 6e 67 41 | r...LCMapStringA 00 00 c0 01 4c 43 4d 61 70 53 74 72 69 6e 67 57 | ....LCMapStringW 00 00 53 01 47 65 74 53 74 72 69 6e 67 54 79 70 | ..S.GetStringTyp 65 41 00 00 56 01 47 65 74 53 74 72 69 6e 67 54 | eA..V.GetStringT 79 70 65 57 00 00 00 00 00 00 00 00 00 00 00 00 | ypeW............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -------------------------------------------------------------------------- Function prolog signature found at offset: 0x1a351 55 push ebp 8BEC mov ebp, esp 81ECA4010000 sub esp, 000001A4h 8B5508 mov edx, [ebp+08h] 33C9 xor ecx, ecx B868754000 mov eax, 00407568h 3B10 cmp edx, [eax] 740B jz $+0Dh 83C008 add eax, 00000008h 41 inc ecx 3DF8754000 cmp eax, 004075F8h 7CF1 jl $-0Dh 56 push esi 8BF1 mov esi, ecx C1E603 shl esi, 03h 3B9668754000 cmp edx, [esi+00407568h] -------------------------------------------------------------------------- Function prolog signature found at offset: 0x1af6e 55 push ebp 8BEC mov ebp, esp 81EC14040000 sub esp, 00000414h 8B4D08 mov ecx, [ebp+08h] 53 push ebx 3B0D00904000 cmp ecx, [00409000h] 56 push esi 57 push edi 0F8379010000 jnb $+0000017Fh 8BC1 mov eax, ecx 8BF1 mov esi, ecx C1F805 sar eax, 05h 83E61F and esi, 0000001Fh 8D1C85008F4000 lea ebx, [eax*4+00408F00h] C1E603 shl esi, 03h 8B03 mov eax, [ebx] -------------------------------------------------------------------------- Function prolog signature found at offset: 0x1b8ba 55 push ebp 8BEC mov ebp, esp 81EC14050000 sub esp, 00000514h 8D45EC lea eax, [ebp-14h] 56 push esi 50 push eax FF35AC7C4000 push [00407CACh] FF158C504000 call [0040508Ch] 83F801 cmp eax, 00000001h 0F8516010000 jnz $+0000011Ch 33C0 xor eax, eax BE00010000 mov esi, 00000100h 888405ECFEFFFF mov [ebp+eax-00000114h], al 40 inc eax 3BC6 cmp eax, esi 72F4 jb $-0Ah -------------------------------------------------------------------------- JMP [0xEB]/CALL/POP signature found at offset: 0x20d85 EB09 jmp $+0Bh 5B pop ebx 81C3A0000000 add ebx, 000000A0h FFE3 jmp ebx E8F2FFFFFF call $-00000009h BF00001400 mov edi, 00140000h 3B17 cmp edx, [edi] 7403 jz $+05h 47 inc edi EBF9 jmp $-05h 67648F060000 pop fs:[0000h] 83C704 add edi, 00000004h 57 push edi C3 ret 0000 add [eax], al 0000 add [eax], al -------------------------------------------------------------------------- JMP [0xEB]/CALL/POP signature found at offset: 0x20e46 EB03 jmp $+05h 5E pop esi FFE6 jmp esi E8F8FFFFFF call $-00000003h 40 inc eax 48 dec eax 90 nop 33C9 xor ecx, ecx 66B90A01 mov cx, 010Ah 90 nop 83C619 add esi, 00000019h 56 push esi 8BFE mov edi, esi AC lodsb 90 nop C0C004 rol al, 04h -------------------------------------------------------------------------- Brute-forcing for encrypted PE- and embedded OLE-files now... Bruting XOR Key: 0x01 Bruting XOR Key: 0x02 Bruting XOR Key: 0x03 Bruting XOR Key: 0x04 Bruting XOR Key: 0x05 Bruting XOR Key: 0x06 Bruting XOR Key: 0x07 Bruting XOR Key: 0x08 Bruting XOR Key: 0x09 Bruting XOR Key: 0x0a Bruting XOR Key: 0x0b Bruting XOR Key: 0x0c Bruting XOR Key: 0x0d Bruting XOR Key: 0x0e Bruting XOR Key: 0x0f Bruting XOR Key: 0x10 Bruting XOR Key: 0x11 Bruting XOR Key: 0x12 Bruting XOR Key: 0x13 Bruting XOR Key: 0x14 Bruting XOR Key: 0x15 Bruting XOR Key: 0x16 Bruting XOR Key: 0x17 Bruting XOR Key: 0x18 Bruting XOR Key: 0x19 Bruting XOR Key: 0x1a Bruting XOR Key: 0x1b Bruting XOR Key: 0x1c Bruting XOR Key: 0x1d Bruting XOR Key: 0x1e Bruting XOR Key: 0x1f Bruting XOR Key: 0x20 Bruting XOR Key: 0x21 Bruting XOR Key: 0x22 Bruting XOR Key: 0x23 Bruting XOR Key: 0x24 Bruting XOR Key: 0x25 Bruting XOR Key: 0x26 Bruting XOR Key: 0x27 Bruting XOR Key: 0x28 Bruting XOR Key: 0x29 Bruting XOR Key: 0x2a Bruting XOR Key: 0x2b Bruting XOR Key: 0x2c Bruting XOR Key: 0x2d Bruting XOR Key: 0x2e Bruting XOR Key: 0x2f Bruting XOR Key: 0x30 Bruting XOR Key: 0x31 Bruting XOR Key: 0x32 Bruting XOR Key: 0x33 Bruting XOR Key: 0x34 Bruting XOR Key: 0x35 Bruting XOR Key: 0x36 Bruting XOR Key: 0x37 Bruting XOR Key: 0x38 Bruting XOR Key: 0x39 Bruting XOR Key: 0x3a Bruting XOR Key: 0x3b Bruting XOR Key: 0x3c Bruting XOR Key: 0x3d Bruting XOR Key: 0x3e Bruting XOR Key: 0x3f Bruting XOR Key: 0x40 Bruting XOR Key: 0x41 Bruting XOR Key: 0x42 Bruting XOR Key: 0x43 Bruting XOR Key: 0x44 Bruting XOR Key: 0x45 Bruting XOR Key: 0x46 Bruting XOR Key: 0x47 Bruting XOR Key: 0x48 Bruting XOR Key: 0x49 Bruting XOR Key: 0x4a Bruting XOR Key: 0x4b Bruting XOR Key: 0x4c Bruting XOR Key: 0x4d Bruting XOR Key: 0x4e Bruting XOR Key: 0x4f Bruting XOR Key: 0x50 Bruting XOR Key: 0x51 Bruting XOR Key: 0x52 Bruting XOR Key: 0x53 Bruting XOR Key: 0x54 Bruting XOR Key: 0x55 Bruting XOR Key: 0x56 Bruting XOR Key: 0x57 Bruting XOR Key: 0x58 Bruting XOR Key: 0x59 Bruting XOR Key: 0x5a Bruting XOR Key: 0x5b Bruting XOR Key: 0x5c Bruting XOR Key: 0x5d Bruting XOR Key: 0x5e Bruting XOR Key: 0x5f Bruting XOR Key: 0x60 Bruting XOR Key: 0x61 Bruting XOR Key: 0x62 Bruting XOR Key: 0x63 Bruting XOR Key: 0x64 Bruting XOR Key: 0x65 Bruting XOR Key: 0x66 Bruting XOR Key: 0x67 Bruting XOR Key: 0x68 Bruting XOR Key: 0x69 Bruting XOR Key: 0x6a Bruting XOR Key: 0x6b Bruting XOR Key: 0x6c Bruting XOR Key: 0x6d Bruting XOR Key: 0x6e Bruting XOR Key: 0x6f Bruting XOR Key: 0x70 Bruting XOR Key: 0x71 Bruting XOR Key: 0x72 Bruting XOR Key: 0x73 Bruting XOR Key: 0x74 Bruting XOR Key: 0x75 Bruting XOR Key: 0x76 Bruting XOR Key: 0x77 Bruting XOR Key: 0x78 Bruting XOR Key: 0x79 Bruting XOR Key: 0x7a Bruting XOR Key: 0x7b Bruting XOR Key: 0x7c Bruting XOR Key: 0x7d Bruting XOR Key: 0x7e Bruting XOR Key: 0x7f Bruting XOR Key: 0x80 Bruting XOR Key: 0x81 Bruting XOR Key: 0x82 Bruting XOR Key: 0x83 Bruting XOR Key: 0x84 Bruting XOR Key: 0x85 Bruting XOR Key: 0x86 Bruting XOR Key: 0x87 Bruting XOR Key: 0x88 Bruting XOR Key: 0x89 Bruting XOR Key: 0x8a Bruting XOR Key: 0x8b Bruting XOR Key: 0x8c Bruting XOR Key: 0x8d Bruting XOR Key: 0x8e Bruting XOR Key: 0x8f Bruting XOR Key: 0x90 Bruting XOR Key: 0x91 Bruting XOR Key: 0x92 Bruting XOR Key: 0x93 Bruting XOR Key: 0x94 Bruting XOR Key: 0x95 Bruting XOR Key: 0x96 Bruting XOR Key: 0x97 Bruting XOR Key: 0x98 Bruting XOR Key: 0x99 Bruting XOR Key: 0x9a Bruting XOR Key: 0x9b Bruting XOR Key: 0x9c Bruting XOR Key: 0x9d Bruting XOR Key: 0x9e Bruting XOR Key: 0x9f Bruting XOR Key: 0xa0 Bruting XOR Key: 0xa1 Bruting XOR Key: 0xa2 Bruting XOR Key: 0xa3 Bruting XOR Key: 0xa4 Bruting XOR Key: 0xa5 Bruting XOR Key: 0xa6 Bruting XOR Key: 0xa7 Bruting XOR Key: 0xa8 Bruting XOR Key: 0xa9 Bruting XOR Key: 0xaa Bruting XOR Key: 0xab Bruting XOR Key: 0xac Bruting XOR Key: 0xad Bruting XOR Key: 0xae Bruting XOR Key: 0xaf Bruting XOR Key: 0xb0 Bruting XOR Key: 0xb1 Bruting XOR Key: 0xb2 Bruting XOR Key: 0xb3 Bruting XOR Key: 0xb4 Bruting XOR Key: 0xb5 Bruting XOR Key: 0xb6 Bruting XOR Key: 0xb7 Bruting XOR Key: 0xb8 Bruting XOR Key: 0xb9 Bruting XOR Key: 0xba Bruting XOR Key: 0xbb Bruting XOR Key: 0xbc Bruting XOR Key: 0xbd Bruting XOR Key: 0xbe Bruting XOR Key: 0xbf Bruting XOR Key: 0xc0 Bruting XOR Key: 0xc1 Bruting XOR Key: 0xc2 Bruting XOR Key: 0xc3 Bruting XOR Key: 0xc4 Bruting XOR Key: 0xc5 Bruting XOR Key: 0xc6 Bruting XOR Key: 0xc7 Bruting XOR Key: 0xc8 Bruting XOR Key: 0xc9 Bruting XOR Key: 0xca Bruting XOR Key: 0xcb Bruting XOR Key: 0xcc Bruting XOR Key: 0xcd Bruting XOR Key: 0xce Bruting XOR Key: 0xcf Bruting XOR Key: 0xd0 Bruting XOR Key: 0xd1 Bruting XOR Key: 0xd2 Bruting XOR Key: 0xd3 Bruting XOR Key: 0xd4 Bruting XOR Key: 0xd5 Bruting XOR Key: 0xd6 Bruting XOR Key: 0xd7 Bruting XOR Key: 0xd8 Bruting XOR Key: 0xd9 Bruting XOR Key: 0xda Bruting XOR Key: 0xdb Bruting XOR Key: 0xdc Bruting XOR Key: 0xdd Bruting XOR Key: 0xde Bruting XOR Key: 0xdf Bruting XOR Key: 0xe0 Bruting XOR Key: 0xe1 Bruting XOR Key: 0xe2 Bruting XOR Key: 0xe3 Bruting XOR Key: 0xe4 Bruting XOR Key: 0xe5 Bruting XOR Key: 0xe6 Bruting XOR Key: 0xe7 Bruting XOR Key: 0xe8 Bruting XOR Key: 0xe9 Bruting XOR Key: 0xea Bruting XOR Key: 0xeb Bruting XOR Key: 0xec Bruting XOR Key: 0xed Bruting XOR Key: 0xee Bruting XOR Key: 0xef Bruting XOR Key: 0xf0 Bruting XOR Key: 0xf1 Bruting XOR Key: 0xf2 Bruting XOR Key: 0xf3 Bruting XOR Key: 0xf4 Bruting XOR Key: 0xf5 Bruting XOR Key: 0xf6 Bruting XOR Key: 0xf7 Bruting XOR Key: 0xf8 Bruting XOR Key: 0xf9 Bruting XOR Key: 0xfa Bruting XOR Key: 0xfb Bruting XOR Key: 0xfc Bruting XOR Key: 0xfd Bruting XOR Key: 0xfe Bruting XOR Key: 0xff Bruting ADD Key: 0x01 Bruting ADD Key: 0x02 Bruting ADD Key: 0x03 Bruting ADD Key: 0x04 Bruting ADD Key: 0x05 Bruting ADD Key: 0x06 Bruting ADD Key: 0x07 Bruting ADD Key: 0x08 Bruting ADD Key: 0x09 Bruting ADD Key: 0x0a Bruting ADD Key: 0x0b Bruting ADD Key: 0x0c Bruting ADD Key: 0x0d Bruting ADD Key: 0x0e Bruting ADD Key: 0x0f Bruting ADD Key: 0x10 Bruting ADD Key: 0x11 Bruting ADD Key: 0x12 Bruting ADD Key: 0x13 Bruting ADD Key: 0x14 Bruting ADD Key: 0x15 Bruting ADD Key: 0x16 Bruting ADD Key: 0x17 Bruting ADD Key: 0x18 Bruting ADD Key: 0x19 Bruting ADD Key: 0x1a Bruting ADD Key: 0x1b Bruting ADD Key: 0x1c Bruting ADD Key: 0x1d Bruting ADD Key: 0x1e Bruting ADD Key: 0x1f Bruting ADD Key: 0x20 Bruting ADD Key: 0x21 Bruting ADD Key: 0x22 Bruting ADD Key: 0x23 Bruting ADD Key: 0x24 Bruting ADD Key: 0x25 Bruting ADD Key: 0x26 Bruting ADD Key: 0x27 Bruting ADD Key: 0x28 Bruting ADD Key: 0x29 Bruting ADD Key: 0x2a Bruting ADD Key: 0x2b Bruting ADD Key: 0x2c Bruting ADD Key: 0x2d Bruting ADD Key: 0x2e Bruting ADD Key: 0x2f Bruting ADD Key: 0x30 Bruting ADD Key: 0x31 Bruting ADD Key: 0x32 Bruting ADD Key: 0x33 Bruting ADD Key: 0x34 Bruting ADD Key: 0x35 Bruting ADD Key: 0x36 Bruting ADD Key: 0x37 Bruting ADD Key: 0x38 Bruting ADD Key: 0x39 Bruting ADD Key: 0x3a Bruting ADD Key: 0x3b Bruting ADD Key: 0x3c Bruting ADD Key: 0x3d Bruting ADD Key: 0x3e Bruting ADD Key: 0x3f Bruting ADD Key: 0x40 Bruting ADD Key: 0x41 Bruting ADD Key: 0x42 Bruting ADD Key: 0x43 Bruting ADD Key: 0x44 Bruting ADD Key: 0x45 Bruting ADD Key: 0x46 Bruting ADD Key: 0x47 Bruting ADD Key: 0x48 Bruting ADD Key: 0x49 Bruting ADD Key: 0x4a Bruting ADD Key: 0x4b Bruting ADD Key: 0x4c Bruting ADD Key: 0x4d Bruting ADD Key: 0x4e Bruting ADD Key: 0x4f Bruting ADD Key: 0x50 Bruting ADD Key: 0x51 Bruting ADD Key: 0x52 Bruting ADD Key: 0x53 Bruting ADD Key: 0x54 Bruting ADD Key: 0x55 Bruting ADD Key: 0x56 Bruting ADD Key: 0x57 Bruting ADD Key: 0x58 Bruting ADD Key: 0x59 Bruting ADD Key: 0x5a Bruting ADD Key: 0x5b Bruting ADD Key: 0x5c Bruting ADD Key: 0x5d Bruting ADD Key: 0x5e Bruting ADD Key: 0x5f Bruting ADD Key: 0x60 Bruting ADD Key: 0x61 Bruting ADD Key: 0x62 Bruting ADD Key: 0x63 Bruting ADD Key: 0x64 Bruting ADD Key: 0x65 Bruting ADD Key: 0x66 Bruting ADD Key: 0x67 Bruting ADD Key: 0x68 Bruting ADD Key: 0x69 Bruting ADD Key: 0x6a Bruting ADD Key: 0x6b Bruting ADD Key: 0x6c Bruting ADD Key: 0x6d Bruting ADD Key: 0x6e Bruting ADD Key: 0x6f Bruting ADD Key: 0x70 Bruting ADD Key: 0x71 Bruting ADD Key: 0x72 Bruting ADD Key: 0x73 Bruting ADD Key: 0x74 Bruting ADD Key: 0x75 Bruting ADD Key: 0x76 Bruting ADD Key: 0x77 Bruting ADD Key: 0x78 Bruting ADD Key: 0x79 Bruting ADD Key: 0x7a Bruting ADD Key: 0x7b Bruting ADD Key: 0x7c Bruting ADD Key: 0x7d Bruting ADD Key: 0x7e Bruting ADD Key: 0x7f Bruting ADD Key: 0x80 Bruting ADD Key: 0x81 Bruting ADD Key: 0x82 Bruting ADD Key: 0x83 Bruting ADD Key: 0x84 Bruting ADD Key: 0x85 Bruting ADD Key: 0x86 Bruting ADD Key: 0x87 Bruting ADD Key: 0x88 Bruting ADD Key: 0x89 Bruting ADD Key: 0x8a Bruting ADD Key: 0x8b Bruting ADD Key: 0x8c Bruting ADD Key: 0x8d Bruting ADD Key: 0x8e Bruting ADD Key: 0x8f Bruting ADD Key: 0x90 Bruting ADD Key: 0x91 Bruting ADD Key: 0x92 Bruting ADD Key: 0x93 Bruting ADD Key: 0x94 Bruting ADD Key: 0x95 Bruting ADD Key: 0x96 Bruting ADD Key: 0x97 Bruting ADD Key: 0x98 Bruting ADD Key: 0x99 Bruting ADD Key: 0x9a Bruting ADD Key: 0x9b Bruting ADD Key: 0x9c Bruting ADD Key: 0x9d Bruting ADD Key: 0x9e Bruting ADD Key: 0x9f Bruting ADD Key: 0xa0 Bruting ADD Key: 0xa1 Bruting ADD Key: 0xa2 Bruting ADD Key: 0xa3 Bruting ADD Key: 0xa4 Bruting ADD Key: 0xa5 Bruting ADD Key: 0xa6 Bruting ADD Key: 0xa7 Bruting ADD Key: 0xa8 Bruting ADD Key: 0xa9 Bruting ADD Key: 0xaa Bruting ADD Key: 0xab Bruting ADD Key: 0xac Bruting ADD Key: 0xad Bruting ADD Key: 0xae Bruting ADD Key: 0xaf Bruting ADD Key: 0xb0 Bruting ADD Key: 0xb1 Bruting ADD Key: 0xb2 Bruting ADD Key: 0xb3 Bruting ADD Key: 0xb4 Bruting ADD Key: 0xb5 Bruting ADD Key: 0xb6 Bruting ADD Key: 0xb7 Bruting ADD Key: 0xb8 Bruting ADD Key: 0xb9 Bruting ADD Key: 0xba Bruting ADD Key: 0xbb Bruting ADD Key: 0xbc Bruting ADD Key: 0xbd Bruting ADD Key: 0xbe Bruting ADD Key: 0xbf Bruting ADD Key: 0xc0 Bruting ADD Key: 0xc1 Bruting ADD Key: 0xc2 Bruting ADD Key: 0xc3 Bruting ADD Key: 0xc4 Bruting ADD Key: 0xc5 Bruting ADD Key: 0xc6 Bruting ADD Key: 0xc7 Bruting ADD Key: 0xc8 Bruting ADD Key: 0xc9 Bruting ADD Key: 0xca Bruting ADD Key: 0xcb Bruting ADD Key: 0xcc Bruting ADD Key: 0xcd Bruting ADD Key: 0xce Bruting ADD Key: 0xcf Bruting ADD Key: 0xd0 Bruting ADD Key: 0xd1 Bruting ADD Key: 0xd2 Bruting ADD Key: 0xd3 Bruting ADD Key: 0xd4 Bruting ADD Key: 0xd5 Bruting ADD Key: 0xd6 Bruting ADD Key: 0xd7 Bruting ADD Key: 0xd8 Bruting ADD Key: 0xd9 Bruting ADD Key: 0xda Bruting ADD Key: 0xdb Bruting ADD Key: 0xdc Bruting ADD Key: 0xdd Bruting ADD Key: 0xde Bruting ADD Key: 0xdf Bruting ADD Key: 0xe0 Bruting ADD Key: 0xe1 Bruting ADD Key: 0xe2 Bruting ADD Key: 0xe3 Bruting ADD Key: 0xe4 Bruting ADD Key: 0xe5 Bruting ADD Key: 0xe6 Bruting ADD Key: 0xe7 Bruting ADD Key: 0xe8 Bruting ADD Key: 0xe9 Bruting ADD Key: 0xea Bruting ADD Key: 0xeb Bruting ADD Key: 0xec Bruting ADD Key: 0xed Bruting ADD Key: 0xee Bruting ADD Key: 0xef Bruting ADD Key: 0xf0 Bruting ADD Key: 0xf1 Bruting ADD Key: 0xf2 Bruting ADD Key: 0xf3 Bruting ADD Key: 0xf4 Bruting ADD Key: 0xf5 Bruting ADD Key: 0xf6 Bruting ADD Key: 0xf7 Bruting ADD Key: 0xf8 Bruting ADD Key: 0xf9 Bruting ADD Key: 0xfa Bruting ADD Key: 0xfb Bruting ADD Key: 0xfc Bruting ADD Key: 0xfd Bruting ADD Key: 0xfe Bruting ADD Key: 0xff Analysis finished! --------------------------------------------------- tw.doc seems to be malicious! Malicious Index = 106 ---------------------------------------------------
+------------------------------------------+ | OfficeMalScanner v0.51 | | Frank Boldewin / www.reconstructer.org | +------------------------------------------+ [*] SCAN mode selected [*] Filesize is 183808 (0x2ce00) Bytes [*] Ms Office OLE2 Compound Format document detected [*] Scanning now... FS:[00h] signature found at offset: 0x19388 FS:[00h] signature found at offset: 0x1a1f4 FS:[00h] signature found at offset: 0x1c72a FS:[00h] signature found at offset: 0x1c979 API-Name CreateFile string found at offset: 0x1d97e API-Name CloseHandle string found at offset: 0x1d7c8 API-Name ReadFile string found at offset: 0x1d9f2 API-Name WriteFile string found at offset: 0x1d924 API-Name SetFilePointer string found at offset: 0x1d9d0 API-Name VirtualAlloc string found at offset: 0x1d93c API-Name GetProcAddr string found at offset: 0x1d9ae API-Name LoadLibrary string found at offset: 0x1d9c0 Function prolog signature found at offset: 0x1a351 Function prolog signature found at offset: 0x1af6e Function prolog signature found at offset: 0x1b8ba JMP [0xEB]/CALL/POP signature found at offset: 0x20d85 JMP [0xEB]/CALL/POP signature found at offset: 0x20e46 Analysis finished! --------------------------------------------------- tw.doc seems to be malicious! Malicious Index = 106 ---------------------------------------------------


/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--/--
Analysis by Tom (thank you, Tom)---------------------------

 Shellcode in hex
obfuscated shellcode

Obfuscated second part of the shell and part of the exe

Shellcode 1

EXE  - taskmgr.exe
before and after transposition.

 

 ===========

Embedded exe  


Virustotal scan results
http://www.virustotal.com/analisis/d4340b59ef53951316d66f2f171029c7dba363d9fd0c2f4f828544583405a944-1266988204
  File taskmgr.ex received on 2010.02.24 05:10:04 (UTC)
Result: 1/41 (2.44%)
Symantec     20091.2.0.41     2010.02.24     Suspicious.Insight
Additional information
File size: 32768 bytes
MD5   : 441d239744d05b861202e3e25a2af0cd



 ================================================
 Screenshot from Abhishek Lyall

Additional information:
 Connections

Dropped file tskmgr.exe establishes connection with xwwl8899.vicp.net hosted a server in China
information from robtex.com

    Hostname:    218.23.30.101
      ISP:    CHINANET Anhui province network
      Organization:    CHINANET Anhui province network
      Country:    China
      State/Region:    Anhui

Wireshark capture
DNS queries and TCP connections to 218.23.30.101:80

wwl8866.vicp.net has one IP number. vicp.net is a domain controlled by two nameservers at dnsoray.net. They are on different IP networks. vicp.net has one IP number. xwwl8866.vicp.net is hosted on a server in China. It is not listed in any blacklists.

xwwl8866.vicp.net point to 218.23.30.101. It is blacklisted in four lists.

• dev.null.dk 
• spamsources.fabel.dk   
• spam.dnsbl.sorbs.net  - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. This zone also contains netblocks of spam supporting service providers, this could be for providing websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be blocked. 
• no-more-funn.moensted.dk

inetnum: 218.22.0.0 - 218.23.255.255
netname: CHINANET-AH
country: CN
descr: CHINANET Anhui province network
descr: Data Communication Division
descr: China Telecom
admin-c: CH93-AP
tech-c: AT318-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-AH
changed: hm-changed@apnic.net 20060322
source: APNIC


role: ANHUI TELECOM
address: 305 Changjiang West Road
address: Hefei Anhui China
country: CN
phone: +86 0551 5185089
fax-no: +86 0551 5185500
e-mail: wanglinlin2@anhuitelecom.com
trouble: send spam reports to abuse@ah163.com
trouble: and abuse reports to abuse@ah163.com
trouble: Please include detailed information and
trouble: times in GMT+8:00
admin-c: LW604-AP
tech-c: LW604-AP
nic-hdl: AT318-AP
remarks: http://www.ah163.net
notify: wanglinlin2@anhuitelecom.com
mnt-by: MAINT-CHINANET-AH
changed: wanglinlin2@anhuitelecom.com 20060323
source: APNIC


person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
mnt-by: MAINT-CHINANET
source: APNIC


route: 218.22.0.0/15
descr: PNAP-SEA usei chinanet routes
origin: AS4134
mnt-by: INAP-MAINT-RADB
changed: swhitson@internap.com 20010524
source: RADB

====================================
Anubis report

http://anubis.iseclab.org/?action=result&task_id=1face8929a332692425ef0e12a533fa3a

Exe autostart

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run  Value C:\Taskmgr.exe

Anubis Analysis Report for taskmgr.exe MD5: 441d239744d05b861202e3e25a2af0cd Summary: - Autostart capabilities: This executable registers processes to be executed at system start. This could result in unwanted actions to be performed automatically. - Performs File Modification and Destruction: The executable modifiesand destructs files which are not temporary. - Performs Registry Activities: The executable reads and modifies registry values. It also creates and monitors registry keys. [==================================] Table of Contents [==================================] - General information - taskmgr.exe a) Registry Activities b) File Activities c) Network Activities [###################################################] 1. General Information [####################################################] [========================================] Information about Anubis' invocation [========================================] Time needed: 239 s Report created: 02/24/10, 06:28:40 UTC Termination reason: Timeout Program version: 1.74.2603 [========================================] Global Network Activities [========================================] [=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Unknown UDP Traffic: [=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=] From ANUBIS:1025 to 192.168.0.1:53 State: [ Normal establishment and termination ], Outbound Bytes: [ 35 ], Inbound Bytes: [ 95 ] [########################################] 2. taskmgr.exe [########################################] [========================================] General information about this executable [========================================] Analysis Reason: Primary Analysis Subject Filename: taskmgr.exe MD5: 441d239744d05b861202e3e25a2af0cd SHA-1: a89581454895ffba71b7cebaeb3803ccc9a4c12e File Size: 32768 Bytes Command Line: "C:\taskmgr.exe" Process-status at analysis end: alive Exit Code: 0 [=========================================] Load-time Dlls [=========================================] Module Name: [ C:\WINDOWS\system32\ntdll.dll ], Base Address: [0x7C900000 ], Size: [0x000AF000 ] Module Name: [ C:\WINDOWS\system32\kernel32.dll ], Base Address: [0x7C800000 ], Size: [0x000F6000 ] Module Name: [ C:\WINDOWS\system32\USER32.dll ], Base Address: [0x7E410000 ], Size: [0x00091000 ] Module Name: [ C:\WINDOWS\system32\GDI32.dll ], Base Address: [0x77F10000 ], Size: [0x00049000 ] [=======================================] Run-time Dlls [=======================================] Module Name: [ C:\WINDOWS\system32\COMCTL32.dll ], Base Address: [0x5D090000 ], Size: [0x0009A000 ] Module Name: [ C:\WINDOWS\system32\pstorec.dll ], Base Address: [0x5E0C0000 ], Size: [0x0000D000 ] Module Name: [ C:\WINDOWS\system32\hnetcfg.dll ], Base Address: [0x662B0000 ], Size: [0x00058000 ] Module Name: [ C:\WINDOWS\system32\mswsock.dll ], Base Address: [0x71A50000 ], Size: [0x0003F000 ] Module Name: [ C:\WINDOWS\System32\wshtcpip.dll ], Base Address: [0x71A90000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ], Base Address: [0x71AA0000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\system32\ws2_32.dll ], Base Address: [0x71AB0000 ], Size: [0x00017000 ] Module Name: [ C:\WINDOWS\system32\mpr.dll ], Base Address: [0x71B20000 ], Size: [0x00012000 ] Module Name: [ C:\WINDOWS\system32\avicap32.dll ], Base Address: [0x73B80000 ], Size: [0x00012000 ] Module Name: [ C:\WINDOWS\system32\MSCTF.dll ], Base Address: [0x74720000 ], Size: [0x0004C000 ] Module Name: [ C:\WINDOWS\system32\advpack.dll ], Base Address: [0x75260000 ], Size: [0x00029000 ] Module Name: [ C:\WINDOWS\system32\MSVFW32.dll ], Base Address: [0x75A70000 ], Size: [0x00021000 ] Module Name: [ C:\WINDOWS\system32\ATL.DLL ], Base Address: [0x76B20000 ], Size: [0x00011000 ] Module Name: [ C:\WINDOWS\system32\WINMM.dll ], Base Address: [0x76B40000 ], Size: [0x0002D000 ] Module Name: [ C:\WINDOWS\system32\iphlpapi.dll ], Base Address: [0x76D60000 ], Size: [0x00019000 ] Module Name: [ C:\WINDOWS\system32\DNSAPI.dll ], Base Address: [0x76F20000 ], Size: [0x00027000 ] Module Name: [ C:\WINDOWS\system32\WLDAP32.dll ], Base Address: [0x76F60000 ], Size: [0x0002C000 ] Module Name: [ C:\WINDOWS\System32\winrnr.dll ], Base Address: [0x76FB0000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\system32\rasadhlp.dll ], Base Address: [0x76FC0000 ], Size: [0x00006000 ] Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ], Base Address: [0x773D0000 ], Size: [0x00103000 ] Module Name: [ C:\WINDOWS\system32\ole32.dll ], Base Address: [0x774E0000 ], Size: [0x0013D000 ] Module Name: [ C:\WINDOWS\system32\crypt32.dll ], Base Address: [0x77A80000 ], Size: [0x00095000 ] Module Name: [ C:\WINDOWS\system32\MSASN1.dll ], Base Address: [0x77B20000 ], Size: [0x00012000 ] Module Name: [ C:\WINDOWS\system32\VERSION.dll ], Base Address: [0x77C00000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\system32\msvcrt.dll ], Base Address: [0x77C10000 ], Size: [0x00058000 ] Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ], Base Address: [0x77DD0000 ], Size: [0x0009B000 ] Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ], Base Address: [0x77E70000 ], Size: [0x00092000 ] Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ], Base Address: [0x77F60000 ], Size: [0x00076000 ] Module Name: [ C:\WINDOWS\system32\Secur32.dll ], Base Address: [0x77FE0000 ], Size: [0x00011000 ] Module Name: [ C:\WINDOWS\system32\SHELL32.dll ], Base Address: [0x7C9C0000 ], Size: [0x00817000 ] [======================================] 2.a) taskmgr.exe - Registry Activities [======================================] [=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=] Registry Values Modified: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ], Value Name: [ cfmon ], New Value: [ C:\taskmgr.exe ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ], Value Name: [ CUAS ], Value: [ 0 ], 1 time Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time Key: [ HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters ], Value Name: [ Transports ], Value: [ 0x5400630070006900700000004e0065007400420049004f00530000000000 ], 2 times Key: [ HKLM\SYSTEM\Setup ], Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ], Value Name: [ ComputerName ], Value: [ PC ], 2 times Key: [ HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ], Value Name: [ wheel ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\LDAP ], Value Name: [ LdapClientIntegrity ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ], Value Name: [ Domain ], Value: [ ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ], Value Name: [ Hostname ], Value: [ pc ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ], Value Name: [ UseDomainNameDevolution ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ], Value Name: [ HelperDllName ], Value: [ %SystemRoot%\System32\wshtcpip.dll ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ], Value Name: [ Mapping ], Value: [ 0x0b0000000300000002000000010000000600000002000000010000000000 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ], Value Name: [ MaxSockaddrLength ], Value: [ 16 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ], Value Name: [ MinSockaddrLength ], Value: [ 16 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ], Value Name: [ UseDelayedAcceptance ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ], Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 4 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ], Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ], Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ Enabled ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ Version ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ DisplayString ], Value: [ NTDS ], 4 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ Enabled ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ Version ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ Enabled ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ Version ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ], Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1012 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ], Value Name: [ Num_Catalog_Entries ], Value: [ 11 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ], Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\Setup ], Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Monitored Registry Keys: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ], Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ], Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time Key: [ HKLM\system\CurrentControlSet\control\NetworkProvider\HwOrder ], Watch subtree: [ 0 ], Notify Filter: [ Value Change ], 1 time [=============================================================================] 2.b) taskmgr.exe - File Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ PIPE\lsarpc ] [=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=] Files Modified: [=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ Ip ] File Name: [ PIPE\lsarpc ] File Name: [ \Device\Afd\Endpoint ] File Name: [ \Device\Ip ] File Name: [ \Device\RasAcd ] File Name: [ \Device\Tcp ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File System Control Communication: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 3 times [-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=] Device Control Communication: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_INFO (0x0001207B) ], 2 times File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_CONTEXT (0x00012047) ], 3 times File: [ \Device\RasAcd ], Control Code: [ 0x00F14014 ], 1 time File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_BIND (0x00012003) ], 1 time File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_TDI_HANDLES (0x00012037) ], 2 times File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_CONNECT (0x00012007) ], 1 time File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SEND (0x0001201F) ], 7 times File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SELECT (0x00012024) ], 31 times File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_RECV (0x00012017) ], 31 times File: [ \Device\Tcp ], Control Code: [ 0x00120003 ], 6 times File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_SOCK_NAME (0x0001202F) ], 1 time [=-=-=-=-=-=-=-=-=-=-=-=-=-=] Memory Mapped Files: [=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\WINDOWS\System32\winrnr.dll ] File Name: [ C:\WINDOWS\System32\wshtcpip.dll ] File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ] File Name: [ C:\WINDOWS\WindowsShell.Manifest ] File Name: [ C:\WINDOWS\system32\ATL.DLL ] File Name: [ C:\WINDOWS\system32\COMCTL32.dll ] File Name: [ C:\WINDOWS\system32\DNSAPI.dll ] File Name: [ C:\WINDOWS\system32\MSCTF.dll ] File Name: [ C:\WINDOWS\system32\MSVFW32.dll ] File Name: [ C:\WINDOWS\system32\SHELL32.dll ] File Name: [ C:\WINDOWS\system32\WINMM.dll ] File Name: [ C:\WINDOWS\system32\WS2HELP.dll ] File Name: [ C:\WINDOWS\system32\advpack.dll ] File Name: [ C:\WINDOWS\system32\avicap32.dll ] File Name: [ C:\WINDOWS\system32\hnetcfg.dll ] File Name: [ C:\WINDOWS\system32\imm32.dll ] File Name: [ C:\WINDOWS\system32\iphlpapi.dll ] File Name: [ C:\WINDOWS\system32\mswsock.dll ] File Name: [ C:\WINDOWS\system32\pstorec.dll ] File Name: [ C:\WINDOWS\system32\rasadhlp.dll ] File Name: [ C:\WINDOWS\system32\ws2_32.dll ] File Name: [ C:\taskmgr.exe ] [========================] 2.c) taskmgr.exe - Network Activities [========================] [=-=-=-=-=-=-==-=-=-=-=-=-=-=] DNS Queries: [=-=-=-=-=-=-=-==-=-=-=-=-=-=] Name: [ xwwL8866.vicp.net ], Query Type: [ DNS_TYPE_A ], Query Result: [ 218.23.30.101 ], Successful: [ 1 ], Protocol: [ ] [=-=-=-=-=-=-=-=-=-=] Unknown TCP Traffic: [=-=-=-=-=-=-=-=-=-=] From ANUBIS:1038 to 218.23.30.101:80 State: [ Connection established, not terminated ], Outbound Bytes: [ 528 ], Inbound Bytes: [ 14513 ] Data sent: 6bb0 0431 9f30 c1b8 cac5 2ca1 7a85 592e k..1.0....,.z.Y. f203 6497 5f59 9e9b 7ffe cce8 4347 d4e9 ..d._Y......CG.. d403 75ba 7d7e 1700 0b0d f478 f81a e51e ..u.}~.....x.... f44c 9144 02e9 c581 717d 0ca4 0879 fa4a .L.D....q}...y.J 959e 64eb eff1 426d 76af acf9 99cd 1dd6 ..d...Bmv....... 6610 0a7a 889a 76b7 b729 df27 5c8e d0b9 f..z..v..).'\... 995a bd92 e4da 6ca0 cc09 cbd3 738c b94f .Z....l.....s..O ea1c 9e1f 2ba3 d1e3 463d 64bf 99fe 1910 ....+...F=d..... 05fd fe9b f7f5 3515 8c82 c048 9605 6627 ......5....H..f' 1abe b53e fba7 b919 63c0 fad2 966a 4119 ...>....c....jA. c23c c5d6 cd56 096e 4f4a d1a1 5ffd 8446 .<...V.nOJ.._..F bb03 6461 3922 19fb bbbb c763 562e 6d3b ..da9".....cV.m; f376 2926 4d3d 2b0b 2816 848b 6a98 13b4 .v)&M=+.(...j... 63e4 e6e3 6aca b617 6aba 216d dc52 f4cb c...j...j.!m.R.. 6d2c 88ff 13fd 6e8c 6dd1 443e 4d56 c7a7 m,....n.m.D>MV.. 3023 8708 1adb 2b25 788a a3a5 3f47 2289 Data received: 44a0 17e7 f0c1 008a 8f1a 8d67 b460 8514 D..........g.`.. f720 9b1d e1c5 cabf 4d8a 3e12 77c7 8dee . ......M.>.w... c151 16a4 0108 2430 97bd 3655 ce2b 118f .Q....$0..6U.+.. 50ba f112 3077 1507 d20c 4b86 3be3 4222 P...0w....K.;.B" 64dc e5f5 4df2 ee94 2849 5106 d36c e007 d...M...(IQ..l.. f1af 40bc 6316 b069 bdc0 7f68 7892 4d3d ..@.c..i...hx.M= 4d4c bbce e758 d487 c7be e927 f7ab 1ec1 ML...X.....'.... f491 21e0 c8fb d104 09f8 3a91 75fb ea3f ..!.......:.u..? 2097 bacf e9d7 a3b7 e455 dc7a 0397 92b1 ........U.z.... ddbf 9d8b a08b 3fa4 f81c 9f00 293c 527f ......?.....)<R. 4730 c45c bafe fac8 8a1f f00d 1816 814d G0.\...........M 1e9b 9e6a d446 3ba7 6b82 55d7 0f51 7d0f ...j.F;.k.U..Q}. ce5a 05d7 ea2f e42c b8e7 ea98 299f e89d .Z.../.,....)... 933d 61d7 e7e2 ec8a b71c 1a17 ae57 dbb9 .=a..........W.. 8db8 8dbf 5497 94b1 d018 a677 82cc aa15 ....T......w.... 052a d3af 35a2 626b 2e5b 3c13 5b4a fc6d Data received: d015 0000 8831 ac40 08dd dc8d ef81 6ff3 .....1.@......o. dba8 f1fe d263 3bd5 1d1f d09c f0f5 112a .....c;........* 96ef 3990 ce4f 8e45 64fa 0a83 e0a3 59a3 ..9..O.Ed.....Y. e9a0 1289 6341 76cd d215 1bca c8df edc6 ....cAv......... e737 8572 a20e d13d 1bf9 e4fe da7a 34bb .7.r...=.....z4. 7faa 40e6 f7e5 b7fd 97f6 e84e d553 b696 ..@........N.S.. cc05 74d3 2e7a 24f6 0cc0 079b b915 437b ..t..z$.......C{ 9c72 0952 34d3 57be caec 9c60 d8cb b326 .r.R4.W....`...& c8f2 233d 98f6 3095 6bda 4129 f78b 3a1c ..#=..0.k.A)..:. 8e57 4a05 d8e1 6376 46c0 b77d 2d27 38f0 .WJ...cvF..}-'8. cebc 40e4 7666 3a71 6602 13a1 a3d7 08f3 ..@.vf:qf....... 0496 c6a5 2bf1 89f9 5a2b 166b 9bc9 1ba2 ....+...Z+.k.... 7cac ec66 0758 9227 5d82 0f90 ba66 e8bc |..f.X.']....f.. 5326 a373 5337 c9ba e3cc 30df 0049 3f01 S&.sS7....0..I?. 231b 5f32 fb50 1db7 e424 f8c6 7d04 8039 #._2.P...$..}..9 039e 7a97 b84b 3925 c6a1 d8a6 298e 9a21 ..z..K9%....)..! 57d0 4add 37aa e790 8c5a 4374 ad0c ebea W.J.7....ZCt.... c137 5eb6 024e 9e5a e5eb fb49 9a5a 524c .7^..N.Z...I.ZRL 6027 9f05 1246 4b28 f1b9 1a71 2587 3823 `'...FK(...q%.8# 4218 daaa ae0f 12fb 5b8e f6ab 86df 5e2f B.......[.....^/ 090c e473 b43e 1fa6 7ff6 d97d 8ade dd71 ...s.>.....}...q 9f4c 8d01 4604 f5bc c9af 2e7a 6c6f 2c31 .L..F......zlo,1 1617 5161 c81b b0c1 f8cf 5f06 16d9 07d9 ..Qa......_..... 7b41 ce7b 5244 b403 1a9b ff4d 7fd1 e7ed {A.{RD.....M.... dd78 c292 4ca3 4a65 8fe9 4f32 afe0 46b3 .x..L.Je..O2..F. 1236 d9af 697b 7e25 d9db bdf0 ee5d e192 .6..i{~%.....].. 0a3e f48e 8b32 4772 6503 42b1 db15 e299 .>...2Gre.B..... 2a42 1c4c 9c17 8a42 f792 ff54 4462 2f29 *B.L...B...TDb/) 690d 78a8 20de a48b f40a d0aa 400d c221 i.x. .......@..! dcc2 9b09 bddd d0ed 9767 6ef3 67fe 3b4a .........gn.g.;J 2ac0 eb27 c8e7 22cd 7d73 2c82 4e91 83cf *..'..".}s,.N... 4411 d5a7 2ba5 91ce 26ac 3843 81d8 b09a D...+...&.8C.... 42a3 e5f6 30b6 2a57 e729 ad70 6fb9 057f B...0.*W.).po... 768a ab5e 424a 3cb4 1e63 2b74 b84b b158 v..^BJ<..c+t.K.X ff13 29a2 a7f3 60f2 cd62 f365 da34 b9ba ..)...`..b.e.4.. 4943 7037 9087 56d9 348b a094 b429 6650 ICp7..V.4....)fP 148b e287 b3f5 0785 413d f7df b28a c9fa ........A=...... f4b8 fd83 854e c19c 12ad 8702 8c9e 82ff .....N.......... 52e9 fa13 beb6 e83f 71a1 0d7d 8617 7853 R......?q..}..xS 9481 9699 171a a095 ca0d 363a e472 5034 ..........6:.rP4 e4b0 e176 b728 93ae 1e29 a4f3 255e 6c84 ...v.(...)..%^l. 4540 90c0 9de0 ec26 6b16 29f4 20ca 231d E@.....&k.). .#. 5f81 c520 abcf 39a6 f75e 062b a8c5 0afb _.. ..9..^.+.... 1c95 b86c 1693 4867 45da df9a 4674 b353 ...l..HgE...Ft.S 8c81 cdb1 3d1b 5d19 f3ae bf26 939f 6e3d ....=.]....&..n= e751 675a f8e6 a6c9 9ed4 a6f2 0718 0a53 .QgZ...........S df3a 400a ccfb 1a77 2605 a2f5 fe3c 98fc .:@....w&....<.. 3878 09cc 1d35 9bf0 17e8 2b52 59e9 97bc 8x...5....+RY... 070d 4399 9324 3f23 7965 b46b 54dc 10b2 ..C..$?#ye.kT... c768 0c43 6251 6b8e 662b 08c5 e4af 6e11 .h.CbQk.f+....n. 078e 5c0d b0cf 8a4d d493 cb82 f71a d560 ..\....M.......` dfb1 47e2 be26 55e1 ab8b 00c9 a094 0a6a ..G..&U........j 1148 4730 6de6 2f9d 561a 17db 51a2 d39a .HG0m./.V...Q... 28c4 301e db60 0c36 4257 fa24 fb97 0678 (.0..`.6BW.$...x 335c 038f e196 af77 a1ff 0af9 75c1 7ed4 3\.....w....u.~. 0009 9f8b 15b5 8527 bf65 37c6 847f 90a3 .......'.e7..... a890 ba2d f7e5 b7fd 97f6 e84e d553 b696 ...-.......N.S.. cc05 74d3 61bd 573e 9208 a508 4294 4f56 ..t.a.W>....B.OV 24ed 7f98 8c81 f9fe fefb 198d 9dff b448 $..............H d6f8 0340 798c 3883 62ff 2589 25a9 a522 ...@y.8.b.%.%.." d1bd def1 c941 4dad a375 5093 66e9 66b5 .....AM..uP.f.f. 489e da19 a41a 1173 53a8 407a 4ef9 ffd7 H......sS.@zN... a4b4 d011 ec66 385a cb38 807f 5c46 9bd6 .....f8Z.8..\F.. 7d22 bef7 2176 b25a e70a 8c30 be7f 38ff }"..!v.Z...0..8. b2c0 9640 6400 e46e de95 5db1 7ba8 846a ...@d..n..].{..j b8e6 fc54 294e 833e 461e 2e2c 9dd7 2aef ...T)N.>F..,..*. 39cb e1ee 437a 0655 2cb9 8082 a647 c859 9...Cz.U,....G.Y 0ef1 f14b f1ac dc2a 399d fe84 4485 e6f7 ...K...*9...D... 109a 09b0 5861 da53 2ec8 7d9f 6067 4742 ....Xa.S..}.`gGB a738 195b a0b7 06a9 425d fa38 4eb1 555b .8.[....B].8N.U[ 1834 3dfb 8a0c 09e5 52e9 d79d 41ed 15e0 .4=.....R...A... 48c3 a02d 6b84 b718 f097 8708 208d 7797 H..-k....... .w. 53f5 ffb0 48ea fe1e 4852 9428 f188 f9cf S...H...HR.(.... 91fd 59b4 093e 4df2 3a71 36fb de23 ef6e ..Y..>M.:q6..#.n 475f 1f00 18f0 6789 6831 4694 7cdb abc0 G_....g.h1F.|... 5325 2984 c897 e3e8 cd97 c387 a9f4 c3cf S%)............. 44ab 72dc 68cb 463e 44c9 a522 be2f 9b9a D.r.h.F>D.."./.. 91d1 5ee7 eecc 48f0 1075 af5d a719 6063 ..^...H..u.]..`c 9440 9450 4357 951e 7121 1303 043e 4991 .@.PCW..q!...>I. a1cb bdc7 c765 2852 c040 3d34 b0b6 5932 .....e(R.@=4..Y2 4a3d eec9 655f 6b1a f576 2e0b 06c3 b087 J=..e_k..v...... 6aae 4060 f1be d586 ca1e 55e1 d298 b191 j.@`......U..... a276 c3cd 3255 7cd9 19e8 0a74 731a 1457 .v..2U|....ts..W 1a2b fc3b e1e1 b58c 7752 d1f2 ebc6 f2c5 .+.;....wR...... 6a96 0fa7 6ee5 de84 bfab 1d43 6dba 5986 j...n......Cm.Y. 84d6 cc1b a374 6bd9 989d 4e59 3a44 044d .....tk...NY:D.M f66e e236 edf9 b6f0 a63d c8d3 29ad e188 .n.6.....=..)... 4ebc e969 0977 64ab 52d3 fa8a 7ec3 d28a N..i.wd.R...~... 028f 6d18 2287 c79b 4902 7341 3390 506c ..m."...I.sA3.Pl 3190 0da6 b728 93ae 1e29 a4f3 255e 6c84 1....(...)..%^l. 4540 90c0 c175 546a 3814 289b 5fe0 17f3 E@...uTj8.(._... 9a85 b3d5 .... Data received: 4725 bbba 666f 6eb3 b5cf 92d3 07ec 80ae G%..fon......... 92f1 1656 2934 3128 0fe3 cc7a 8dba d5d4 ...V)41(...z.... 90bf c252 baa8 6648 20f1 a832 88e4 2b21 ...R..fH ..2..+! 2a0e 0379 c368 b1a5 8bba 3373 ac63 5e59 *..y.h....3s.c^Y f740 27e3 c970 3ed1 90ef 22a4 5503 b17e .@'..p>...".U..~ 463b 9561 986b 080b e5ac e5c2 50a1 59fe F;.a.k......P.Y. 5bdc 8973 70b6 f418 64f2 4cfc ab89 278b [..sp...d.L...'. 49bd 4a80 1216 adf9 9bc5 284e a160 6307 I.J.......(N.`c. 838c d247 0bcb f879 cb3d 573f a953 40c7 ...G...y.=W?.S@. 6271 5080 4139 5233 af99 70d1 73a4 2f51 bqP.A9R3..p.s./Q caf4 57af b127 9da3 1d7d 4d04 15dc 8078 ..W..'...}M....x 2848 c8cc a67c 4a51 1015 0312 a18f 0b26 (H...|JQ.......& 5481 06ff 0200 8d79 766c 68bf 4832 c996 T......yvlh.H2.. e6db ad3c 667f d274 b793 da8f 3a81 a08b ...<f..t....:... fc86 dff5 49bb f7c4 7ec2 3eb3 861c 4344 ....I...~.>...CD a083 e13e b64b c365 a7f3 29cc 6c39 7d88 ...>.K.e..).l9}. 56f9 6686 232d 888a d0f4 5b50 8c60 492f V.f.#-....[P.`I/ d9d6 4a9b df55 b3a8 70e5 0863 5a3e 5a21 ..J..U..p..cZ>Z! 68b7 dd08 179c 6dce eac3 6719 536e ba72 h.....m...g.Sn.r 3fc5 8917 d88c 1cb2 369b 4f7f e2d4 d42a ?.......6.O....* c073 1496 ae36 32b1 5896 e6d5 bdea dd95 .s...62.X....... ffaa d261 087d 6c14 5c35 b19b bd48 c43f ...a.}l.\5...H.? f681 2f00 f7bd cae7 8e0c fd44 62ec a524 ../........Db..$ 5b29 0266 e7cd a586 627d 1b5c cedb 45e5 [).f....b}.\..E. e547 ebfe ddd0 587d fd53 d169 4b7c 3196 .G....X}.S.iK|1. 678f 13dd 1607 f40d 4dd2 6465 d4b3 4bc8 g.......M.de..K. 8cf0 713e c2d9 faf6 be57 2b0b e565 7294 ..q>.....W+..er. 5e32 ea9e e5ee e19a 15d2 9cb0 b967 127e ^2...........g.~ 8def 184e 9119 109a 0461 601e ff44 9b7e ...N.....a`..D.~ 56e2 8570 105f da0b 560a a5d6 8db1 b110 V..p._..V....... 698d a263 481a f0d3 c792 ed24 4bb3 3cbe i..cH......$K.<. dcd7 cc77 165f 4a09 8bff 5110 6e89 d942 ...w._J...Q.n..B 6a8a 6352 19b6 c7d1 8668 e303 56bd d7fc j.cR.....h..V... 7208 6238 8e0d 4e26 197e a40d 4ae8 ab0e r.b8..N&.~..J... 97e2 9565 51e8 8f8e c55f 8aeb e59b 456b ...eQ...._....Ek 67e0 a594 05fb 7368 4dfd 2878 be76 d883 g.....shM.(x.v.. 60e0 d944 8531 be0e 3841 1b86 2912 `..D.1..8A..). Data received: afb8 b18f 944c e3b7 aa64 95dc 28fd 00ff .....L...d..(... a2dc b5a6 b368 9d21 d10d 3a16 46cd f4ac .....h.!..:.F... 62e4 3f87 59f1 5f44 bb29 5c99 04a9 3cd5 b.?.Y._D.)\...<. 1db9 235f 3d0f 016e 0440 af5c eac6 74c8 ..#_=..n.@.\..t. b980 bc60 1cc8 4210 de99 c6f2 b75c 5676 ...`..B......\Vv 5b58 facd 3c17 ef3e 7dfb cbe3 0ee2 7550 [X..<..>}.....uP 3d53 793a faa8 b2ab 2d74 6ffd 1ace 7c1d =Sy:....-to...|. 5d72 2ef5 98d2 0db8 9f0a b837 8105 03ef ]r.........7.... 7f4a f084 ef76 08ca 5fe4 76eb 60d4 40b2 .J...v.._.v.`.@. d7ea 20a6 3cda b07f 89da a6f9 44a6 4e73 .. .<.......D.Ns 4808 4216 e647 b4e1 8572 dc04 60d8 3d45 H.B..G...r..`.=E 2462 b830 d70d efa7 ee91 c675 c27f 76cd $b.0.......u..v. 453d e8e2 4ee2 f874 59cd 0ac0 247f 8b5d E=..N..tY...$..] 17e3 fd09 27e9 16d9 dee3 d3ee 8ef9 f073 ....'..........s 8a15 0838 8f9c 27aa 70da 81b2 a5b6 56b4 ...8..'.p.....V. 82ed dace c9c4 0d4c c451 606f 5da5 3e75 .......L.Q`o].>u 2ee6 c22a 9515 e0b0 a05b ed9e 7df0 96d6 ...*.....[..}... 7c45 a00e 9a4c 73fc 8134 bdb8 df9f 2171 |E...Ls..4....!q 3ab5 9d06 3397 00b0 fd9b b1a7 448e 3ed1 :...3.......D.>. 95a4 2b7e 4b55 ca45 4322 5605 6d84 90f1 ..+~KU.EC"V.m... 55bf 0241 b715 7d1c f2cf 842d f1ee bad9 U..A..}....-.... 36c2 0a8c 4ad9 d623 3b47 ac9a 00df bdc3 6...J..#;G...... 14f0 f549 9dc3 d835 b68a 4d0f 7d8f 23b4 ...I...5..M.}.#. 9f3f 9afc 7ba4 f285 8ae5 c5e3 4a17 040f .?..{.......J... 4c90 9772 4355 46b9 d098 5dce dc3c c31b L..rCUF...]..<.. 1a44 8fd8 9c66 611a 5395 dc3d 1842 891e .D...fa.S..=.B.. 88fa 3917 8680 ec60 354f ebc3 146f 09f9 ..9....`5O...o.. 3f5d bdd1 6180 c14c c8a2 7ab9 c9c7 527f ?]..a..L..z...R. cc0f 02b9 0dfe 8bfd 5481 cf4b 66f1 7bcb ........T..Kf.{. af2c a7c4 cfe8 c7b2 fae6 523c a786 2a74 .,........R<..*t f62a b1ba cc96 1000 937b 42e7 74be 7e4a .*.......{B.t.~J 9b27 3ce2 5e9b eca8 9285 05bb 2c75 12c8 .'<.^.......,u.. e815 1f78 4094 2588 b6c8 fc1e c599 9826 ...x@.%........& 96c2 d8d4 c13e d9f5 1a60 aa1a 169d f820 .....>...`..... f089 047f 1332 6880 bf8f a0b2 17d0 5193 .....2h.......Q. 69c8 2660 0d07 3144 5ad9 aa7f 9782 d326 i.&`..1DZ......& 4a5f 75a3 615c 0544 3cdc a418 f70b d1a1 J_u.a\.D<....... 703c 1af2 9d81 d470 708a 3b9c c846 0ac8 p<.....pp.;..F.. 4cee c81f 95dc f989 0d8e 8398 c71b 337b L.............3{ b67b 63c9 77fc 608f abcf 44aa cf32 01bc .{c.w.`...D..2.. d527 7d83 4c4b 68b6 a53d 88e4 5daf bb29 .'}.LKh..=..]..) bcab 8bab 78f2 620d bc96 1679 ffa8 c088 ....x.b....y.... 326b 577d a36e 62ce 110f a6fa 3d5d 9ce3 2kW}.nb.....=].. c190 d71a 0101 4231 701d b3e9 82da f784 ......B1p....... fe11 2f21 0517 2a58 33bc 851b bfe8 d2f2 ../!..*X3....... 76ae 8caa 7a23 d87a 5f59 9ba3 c302 bda3 v...z#.z_Y...... 430d dbf0 99c7 dbef 0a24 3b03 9b4a a8dc C........$;..J.. 64c9 7e27 022e f6c1 227e b7c4 a4d4 51c1 d.~'...."~....Q. d815 3f3c c6b9 9fcb 142d c561 c3b9 8a5c ..?<.....-.a...\ ba00 cf6f d340 bfbc ceff 222d 63b8 ce7f ...o.@...."-c... c98b a66c ef4d 0965 409b 676f 9272 04e8 ...l.M.e@.go.r.. 9522 e834 2132 c72a 10d5 6287 9d0a a0b3 .".4!2.*..b..... 97ee 1087 57d8 ccd0 6893 e7d0 8fa2 7621 ....W...h.....v! 6661 0704 f72d 1e87 231b 747b 3c49 34ed fa...-..#.t{<I4. 8ca2 10fe ff25 ee27 b51d c301 b098 239a .....%.'......#. 88e6 9ff4 3d24 92d6 162c 1b38 7dfc 1e42 ....=$...,.8}..B aed0 8c08 d551 a9e3 f105 5ab1 4402 de3c .....Q....Z.D..< 975e 17f0 7017 f58e 0afd cf36 d5ff 2df2 .^..p......6..-. 5955 ec7b 4300 33a8 8f07 0320 cf61 9b10 YU.{C.3.... .a.. 1ee7 172a 1000 9cc9 b124 de9e a0c2 a822 ...*.....$....." 0938 c7f7 dd4b adba c91c c284 1f56 ca52 .8...K.......V.R 46f8 a541 9ac8 b5ab 9361 1fc6 dcf5 f9cc F..A.....a...... 8ba5 df78 7719 4df0 af6d 5ddc 5484 795d ...xw.M..m].T.y] 575e bf93 d557 b87f 0e17 33dc c78d f913 W^...W....3..... 8ab6 4b38 f6a5 48d8 223d 1a7e 36c0 f59c ..K8..H."=.~6... 2195 e046 415a 0a2b c448 e4c5 44eb 42fa !..FAZ.+.H..D.B. d0a1 1c5e fad5 0cc7 fc17 0ac3 5e89 41c2 ...^........^.A. 3c07 598a 1290 6e7a 5f4b 9ffd d7ed f48b <.Y...nz_K...... 5d71 66f3 b937 5b7d 8875 2c74 664f a711 ]qf..7[}.u,tfO.. eee9 0040 eec0 fec4 1641 17a1 da17 c1f0 ...@.....A...... 86a6 c06c cb1d b95a 21d4 3bd0 3ecb 2519 ...l...Z!.;.>.%. e082 5b3b d424 23ba a5fe f028 4fdc f783 ..[;.$#....(O... 498b 6f36 a55b 2953 6cc7 336c ebc3 23e6 I.o6.[)Sl.3l..#. 962e 6285 b2cc 1382 22cb 9fbe 2192 bd42 ..b....."...!..B 7067 c3af 4609 f9f7 20a4 6472 1b77 809a pg..F... .dr.w.. a0d9 3197 7989 6b7b b926 4c70 6ab0 a86e ..1.y.k{.&Lpj..n 1b04 63a7 d93d cfb5 d428 712d 5307 c3b6 ..c..=...(q-S... 59ca 41f8 4080 a606 6526 54a6 5814 4364 Y.A.@...e&T.X.Cd 8a98 2c00 85ee f5a7 d851 93c0 c5e6 a8d8 ..,......Q...... 3451 0718 feaf b5bd 1b0b 7b15 8a0f 00dd 4Q........{..... 3735 b3b5 f1f8 8647 e6f9 76df 95e1 9417 75.....G..v..... 0199 6db3 1316 ed8c 4351 a0f1 9cd0 86dc ..m.....CQ...... c3c2 326b 7b9a bace 4b89 0f42 4a29 025f ..2k{...K..BJ)._ 29bd 0a62 f7eb 3057 4f58 b3d1 1971 7734 )..b..0WOX...qw4 31c7 25d6 27b0 da38 d75b 8b8e c449 d6c4 1.%.'..8.[...I.. 8c5d 4381 4583 d034 d211 c841 2aa8 5a8b .]C.E..4...A*.Z. a4d3 e03c e838 b65d 1223 50bc a0f9 8e2c ...<.8.].#P...., 24c9 7331 4cfc a7f4 0de7 04d6 0a5b 38b2 $.s1L........[8. ced9 9e90 3088 4dd0 5d3c 0822 d642 3855 ....0.M.]<.".B8U 198f dc53 0549 582e 8212 78e1 064b ccfa ...S.IX...x..K.. 5385 705c 1c5c be66 138f 0cf9 9149 150d S.p\.\.f.....I.. f9ea d34c ...L Data received: 9433 6ecb 98e6 777a 5102 132d b3cc 38c5 .3n...wzQ..-..8. c142 a3bf 8f4d c700 e5d8 b50d 9bbf dd54 .B...M.........T 3d91 e607 e128 edf9 b14e 26a6 4a40 cae0 =....(...N&.J@.. b268 fa4b 9332 717b 01c9 8f8f d1e5 0744 .h.K.2q{.......D aea2 e816 db22 78f4 8568 4a3a 0d36 b599 ....."x..hJ:.6.. 212a bfb1 2b66 5191 ef1c dbed 2c78 6bb7 !*..+fQ.....,xk. 5236 2aba 2990 e0db fa72 2996 9554 4754 R6*.)....r)..TGT f9f3 db77 7a23 b8f2 603d dde4 820e 4d01 ...wz#..`=....M. 2559 e0fe d15f e014 0fab 6375 37ad d64d %Y..._....cu7..M cae5 102b fa73 9f5f ff82 2441 283c f78e ...+.s._..$A(<.. ff5f 883a a2d0 b437 026d 0632 e428 ddea ._.:...7.m.2.(.. 4a04 2ba2 bc0a 243e 1927 42d4 1f9e 4232 J.+...$>.'B...B2 b9ab 29f3 d535 7810 a008 f46d 62c4 7343 ..)..5x....mb.sC d0cb f8ac 6063 a6e6 af73 1839 bbea db71 ....`c...s.9...q 2369 0959 e391 9d9d d3d3 adc8 3bd2 80df #i.Y........;... 19ef c165 2bcd e270 8d93 ce28 abed 386f ...e+..p...(..8o 34d0 1a9a 6b28 9f49 e530 f031 6367 576a 4...k(.I.0.1cgWj f8c7 d2ba fa06 6407 dd64 3c78 11d8 d59d ......d..d<x.... fc49 4c8a 7054 1849 7031 0a79 a48e e57e .IL.pT.Ip1.y...~ 1d21 d29f e87f dca5 5e1b e09c 8358 24cc .!......^....X$. f3ad 237f 71d1 4dd1 6933 ac26 d2c8 0fe6 ..#.q.M.i3.&.... 8839 6e1a a0bf fc03 eff4 f5c1 f9c5 f665 .9n............e c62f ee7e f87e 2b7e e620 eb80 bde6 afda ./.~.~+~. ...... 7a16 6163 15ef b1c2 5697 1676 55da 3e95 z.ac....V..vU.>. 3781 f04a 27a8 412e 0c73 f126 bd37 0c7f 7..J'.A..s.&.7.. 6add 0ac6 9a78 f617 9037 eb34 a901 465d j....x...7.4..F] 5449 f3f5 1503 b203 a0b7 a374 dd4c b7eb TI.........t.L.. 214d 4c5c 5b19 f6e0 5b7a b7bc ec7d ada2 !ML\[...[z...}.. cbf3 9bd1 6b30 c329 bcb4 7347 8f3b 472d ....k0.)..sG.;G- 1b3f bb69 8e85 5fa3 2523 c6f0 60e4 5503 .?.i.._.%#..`.U. b8a1 7aef c3eb 2b64 9533 9683 7935 93c4 ..z...+d.3..y5.. 90fd 7aac 6c3f ad09 f3be d17c b9e9 7ca9 ..z.l?.....|..|. bb39 8aff 481b 1e60 08eb 9718 36bf c8ec .9..H..`....6... cc3c db3a 321d 6c4a 8963 4641 ee2a 2af9 .<.:2.lJ.cFA.**. a670 42bf 35f8 b474 7752 f664 0a29 9a69 .pB.5..twR.d.).i 313c 6bed 53b0 c8a0 3b59 2d27 02f2 1787 1<k.S...;Y-'.... d0d7 4c79 ec5a 2e4e c77f 3af7 0ab3 95d2 ..Ly.Z.N..:..... ca42 f3ba a1bf 79db 5a0d e912 6085 8423 .B....y.Z...`..# 6a6f bf19 41f5 b3dc 3334 8cc4 fb40 12ea jo..A...34...@.. 02b0 1995 70cd f095 470c ea90 a374 6bb6 ....p...G....tk. 9d4d e246 874d 7136 34f3 32d0 d254 4224 .M.F.Mq64.2..TB$ fd0b 084c 1313 e4af a095 0bae c3c4 4513 ...L..........E. 4928 9bd6 b97f 9c45 276b ea7d 69fa 65bd I(.....E'k.}i.e. 8444 a44f 3872 a58c 8752 d8e9 cf0b ed93 .D.O8r...R...... ea9a 9568 f21f c55b 1ef3 b338 4bdd 4146 ...h...[...8K.AF 782d 3e7e 2712 f03f 5047 a5a5 d211 77ba x->~'..?PG....w. f5f7 8a8f b609 e6bb 5688 c954 dbd3 a8b7 ........V..T.... e05a 9763 d761 30be 16c5 b368 6f83 ef92 .Z.c.a0....ho... 8b11 474f 7e39 7041 8958 217f f9fb 191d ..GO~9pA.X!..... 9078 abec 93be 977e ac6e 1200 b9f0 a988 .x.....~.n...... 87ad 555a 0fc0 085a b12d ae06 6319 731e ..UZ...Z.-..c.s. e8ad 63bf 56db f10f f1aa 0dd1 2307 c565 ..c.V.......#..e 0d72 ff04 5ae0 5ec7 ca27 443c 7886 1143 .r..Z.^..'D<x..C f891 d1d9 3e0e e07c bdbe 4612 d723 760a ....>..|..F..#v. c805 6362 518f cfa8 f9e3 faf9 eba7 bc81 ..cbQ........... 5989 b2f6 c0d7 b7e4 3332 2fbc f00c 7765 Y.......32/...we ffa1 ef0c 1f31 2c8d 6b32 c607 47f1 753e .....1,.k2..G.u> e4be ddd9 5e66 1a97 98d6 568a ab74 da62 ....^f....V..t.b 39cb a006 1834 dd3c f32f 97c0 9a82 73ea 9....4.<./....s. 3b98 4ca8 385e e4cf 3db0 2a2a 0de5 8f42 ;.L.8^..=.**...B f768 b1f9 f7f4 03da 1659 9e18 d4a0 f27c .h.......Y.....| 35cf 0c09 32bb 94bc 5959 fb5f c841 267b 5...2...YY._.A&{ 1b69 63f9 7aec e2cc 529d b0a7 c5bc 2345 .ic.z...R.....#E a664 95fc 79ef 782b 1014 c500 cf62 9c3c .d..y.x+.....b.< 8cc3 fa68 f742 2e27 09fd d974 35a1 11d8 ...h.B.'...t5... f47f 9d28 9aa1 8d13 ac58 459e 2fd8 67bb ...(.....XE./.g. 6b05 2ab1 aabb aaf4 7068 2a98 195e 5f15 k.*.....ph*..^_. 8bae e13c 84f1 b9cd 5214 eceb 88df 3bcc ...<....R.....;. 8a12 0c42 21b0 dc2a 1fa6 e73e def5 f57c ...B!..*...>...| 64cb 1a3b 6d41 0be2 a21d d473 4980 b7cd d..;mA.....sI... c76a f6e0 169a a09b 282c e005 cecb b6d2 .j......(,...... f725 bdf3 dc27 08e5 38d9 72b1 581d a70e .%...'..8.r.X... f35b 7da5 55ec d209 7aa6 4946 1aec a317 .[}.U...z.IF.... a782 5aed 7f5c 5ebd 4a03 7070 b290 9783 ..Z..\^.J.pp.... 2174 8a72 7f91 7b71 8a98 9706 78a2 9ba6 !t.r..{q....x... 22e3 bf63 d7ca 94ab d16b 3a4c e1da eb56 "..c.....k:L...V 721d 9030 f5ed ee24 78eb a489 30d5 fabe r..0...$x...0... dbae 2eff 5552 e98d 4a8a cef1 b117 b095 ....UR..J....... bdc7 bd73 4afe 174f 146c a470 7524 349e ...sJ..O.l.pu$4. e1cd 79a0 ef10 f83b 9238 aa73 372f f87c ..y....;.8.s7/.| 72c9 4852 e77c a0a5 79af 77ac 0f44 0a2a r.HR.|..y.w..D.* 3110 948a abaa 4af3 93ee fe54 ff07 cfff 1.....J....T.... e2ae 6ce3 38d5 8c63 8ccf 3992 e2ec 3dd5 ..l.8..c..9...=. 8842 a25d abbe 1dbf d5de ba36 a66a feb7 .B.].......6.j.. 692a 86d4 e539 a9b4 a49a c491 322d a0e6 i*...9......2-.. bc9e fbe7 26e7 b2ad eadd 89d3 6f03 5c46 ....&.......o.\F 7f6f e461 be43 ad9f a996 c79c f1ef f4db .o.a.C.......... 91da a4c1 1bea 4a4e 9893 a003 7c92 92da ......JN....|... 954a e557 582b e62d 19df 1906 2aa5 ddd3 .J.WX+.-....*... 9ada da33 32ae eaba c666 0ea8 7b23 7a3b ...32....f..{#z; c63b edd7 edd0 7570 8758 e16c 4189 0845 .;....up.X.lA..E 1d68 f43d .h.= Data received: 8247 2dee a81c 3f1e 7cea 89f2 be8d d181 .G-...?.|....... ef48 17da 82a9 c9f3 8af7 2d96 8701 d06a .H........-....j 7b10 ef49 b60c 6895 829b 9a47 7a38 4000 {..I..h....Gz8@. a168 fa4a d512 e412 41cf e176 bd18 a02f .h.J....A..v.../ 81c0 dc3d 4a0e f94e e27d fa29 ca07 e7d3 ...=J..N.}.).... 0a7b 4c5a 7568 67c0 1097 a7f7 8533 67ed .{LZuhg......3g. edc1 74a5 5164 231c d9f4 c3e0 12fd a8c0 ..t.Qd#......... 1e3e 74bc 3df7 3af0 055a 2ce4 c2d0 9d72 .>t.=.:..Z,....r 1901 4b3f eab5 60f9 70a5 0763 3cf4 54d2 ..K?..`.p..c<.T. f628 8a4c 4bfa 28e6 86bf 5ce7 29b9 7e14 .(.LK.(...\.).~. 05c9 dfd7 41bc c278 81c7 1444 d7da 5575 ....A..x...D..Uu f1a5 d0f0 a84f 715f dab5 0c13 f477 e3b4 .....Oq_.....w.. 9f71 15f9 298c 065d bc68 4fdd 1d49 98aa .q..)..].hO..I.. 0df6 6228 2ade 9b24 605c fba1 f315 3390 ..b(*..$`\....3. 3ce9 c276 5767 c064 c3fb 5db1 7be7 f5e6 <..vWg.d..].{... 09a3 d008 d09f bace 1973 e2a7 5065 2e50 .........s..Pe.P b9a4 542f 74fe db1c de87 5032 1a95 fc5e ..T/t.....P2...^ 9435 182c 94bd c7a8 f2c6 ec3e 8f35 c8f3 .5.,.......>.5.. 3595 9fd2 1d86 7d5d 3d26 bba9 c89f 56ce 5.....}]=&....V. b895 dc71 03c5 2234 e5da d4eb 9a74 5420 ...q.."4.....tT d425 9a40 de4a 9df3 08ed 20a0 b671 4bf1 .%.@.J.... ..qK. afc2 0744 70db 0985 5054 c7b6 550a 1b30 ...Dp...PT..U..0 dd64 8495 9e39 97e9 a282 9296 7cf5 6d54 .d...9......|.mT e623 96d8 80c3 f821 ea6c 7a9d 736f 108d .#.....!.lz.so.. f72d 1ad1 3b9d defa 1e84 0eb0 00eb 70d0 .-..;.........p. 5ad1 0cfa 478a 054a c1d3 d3ed c0ee a3ed Z...G..J........ f0fb e4c1 eb1a 6008 00fd e328 cd82 828f ......`....(.... 5cb3 bfcd 900d c8c1 f72d 78dc 9bda ad6b \........-x....k 7e9f 7ac0 e2b2 f1c7 7532 6709 a5bf 7d4f ~.z.....u2g...}O 7a34 1197 5625 8233 c3c4 be5a 1650 fe37 z4..V%.3...Z.P.7 3e59 73dd 0c64 e279 9e8c e51d e5b2 076b >Ys..d.y.......k 90b3 8227 b8ff f019 d164 fee6 a74c 597a ...'.....d...LYz 6773 f616 7164 35a5 b5de 7319 975b 48b9 gs..qd5...s..[H. 6dfa 7c8d 9821 ebc6 68e4 d7ad 1696 1152 m.|..!..h......R 17ad c72c 8d71 a94c 7933 a9da 808c c204 ...,.q.Ly3...... 4fd3 63fc 8810 3bd4 9bf8 fde0 e075 0211 O.c...;......u.. 761b 6ee3 f803 1617 098c ef0e 689f 03a5 v.n.........h... 3ddc b8d9 1eb3 91d9 624d 790c 8617 0c0b =.......bMy..... 896e 6c4d 1b42 933e 2a5a e800 0000 050c .nlM.B.>*Z...... 0000 02b9 0dfe 8bfd 5481 cf4b 66f1 7bcb ........T..Kf.{. af2c a7c4 cfe8 c7b2 fae6 523c a786 2a74 .,........R<..*t f62a b1ba cc96 1000 937b 42e7 74be 7e4a .*.......{B.t.~J 9b27 3ce2 5e9b eca8 9285 05bb 2c75 12c8 .'<.^.......,u.. e815 1f78 4094 2588 b6c8 fc1e c599 9826 ...x@.%........& 96c2 d8d4 c13e d9f5 1a60 aa1a 169d f820 .....>...`..... f089 047f 1332 6880 bf8f a0b2 17d0 5193 .....2h.......Q. 69c8 2660 0d07 3144 5ad9 aa7f 9782 d326 i.&`..1DZ......& 4a5f 75a3 615c 0544 3cdc a418 f70b d1a1 J_u.a\.D<....... 703c 1af2 9d81 d470 708a 3b9c c846 0ac8 p<.....pp.;..F.. 4cee c81f 95dc f989 0d8e 8398 c71b 337b L.............3{ b67b 63c9 77fc 608f abcf 44aa cf32 01bc .{c.w.`...D..2.. d527 7d83 4c4b 68b6 a53d 88e4 5daf bb29 .'}.LKh..=..]..) bcab 8bab 78f2 620d bc96 1679 ffa8 c088 ....x.b....y.... 326b 577d a36e 62ce 110f a6fa 3d5d 9ce3 2kW}.nb.....=].. c190 d71a 0101 4231 701d b3e9 82da f784 ......B1p....... fe11 2f21 0517 2a58 33bc 851b bfe8 d2f2 ../!..*X3....... 76ae 8caa 7a23 d87a 5f59 9ba3 c302 bda3 v...z#.z_Y...... 430d dbf0 99c7 dbef 0a24 3b03 9b4a a8dc C........$;..J.. 64c9 7e27 022e f6c1 227e b7c4 a4d4 51c1 d.~'...."~....Q. d815 3f3c c6b9 9fcb 142d c561 c3b9 8a5c ..?<.....-.a...\ ba00 cf6f d340 bfbc ceff 222d 63b8 ce7f ...o.@...."-c... c98b a66c ef4d 0965 409b 676f 9272 04e8 ...l.M.e@.go.r.. 9522 e834 2132 c72a 10d5 6287 9d0a a0b3 .".4!2.*..b..... 97ee 1087 57d8 ccd0 6893 e7d0 8fa2 7621 ....W...h.....v! 6661 0704 f72d 1e87 231b 747b 3c49 34ed fa...-..#.t{<I4. 8ca2 10fe ff25 ee27 b51d c301 b098 239a .....%.'......#. 88e6 9ff4 3d24 92d6 162c 1b38 7dfc 1e42 ....=$...,.8}..B aed0 8c08 d551 a9e3 f105 5ab1 4402 de3c .....Q....Z.D..< 975e 17f0 7017 f58e 0afd cf36 d5ff 2df2 .^..p......6..-. 5955 ec7b 4300 33a8 8f07 0320 cf61 9b10 YU.{C.3.... .a.. 1ee7 172a 1000 9cc9 b124 de9e a0c2 a822 ...*.....$....." 0938 c7f7 dd4b adba c91c c284 1f56 ca52 .8...K.......V.R 46f8 a541 9ac8 b5ab 9361 1fc6 dcf5 f9cc F..A.....a...... 8ba5 df78 7719 4df0 af6d 5ddc 5484 795d ...xw.M..m].T.y] 575e bf93 d557 b87f 0e17 33dc c78d f913 W^...W....3..... 8ab6 4b38 f6a5 48d8 223d 1a7e 36c0 f59c ..K8..H."=.~6... 2195 e046 415a 0a2b c448 e4c5 44eb 42fa !..FAZ.+.H..D.B. d0a1 1c5e fad5 0cc7 fc17 0ac3 5e89 41c2 ...^........^.A. 3c07 598a 1290 6e7a 5f4b 9ffd d7ed f48b <.Y...nz_K...... 5d71 66f3 b937 5b7d 8875 2c74 664f a711 ]qf..7[}.u,tfO.. eee9 0040 eec0 fec4 1641 17a1 da17 c1f0 ...@.....A...... 86a6 c06c cb1d b95a 21d4 3bd0 3ecb 2519 ...l...Z!.;.>.%. e082 5b3b d424 23ba a5fe f028 4fdc f783 ..[;.$#....(O... 498b 6f36 a55b 2953 6cc7 336c ebc3 23e6 I.o6.[)Sl.3l..#. 962e 6285 b2cc 1382 22cb 9fbe 2192 bd42 ..b....."...!..B 7067 c3af 4609 f9f7 20a4 6472 1b77 809a pg..F... .dr.w.. a0d9 3197 7989 6b7b b926 4c70 6ab0 a86e ..1.y.k{.&Lpj..n 1b04 63a7 d93d cfb5 d428 712d 5307 c3b6 ..c..=...(q-S... 59ca 41f8 4080 a606 6526 54a6 5814 4364 Y.A.@...e&T.X.Cd 8a98 2c00 85ee f5a7 d851 93c0 c5e6 a8d8 ..,......Q...... 3451 0718 feaf b5bd 1b0b 7b15 8a0f 00dd 4Q........{..... 3735 b3b5 75.. Data received: f1f8 8647 e6f9 76df 95e1 9417 0199 6db3 ...G..v.......m. 1316 ed8c 4351 a0f1 9cd0 86dc c3c2 326b ....CQ........2k 7b9a bace 4b89 0f42 4a29 025f 29bd 0a62 {...K..BJ)._)..b f7eb 3057 4f58 b3d1 1971 7734 31c7 25d6 ..0WOX...qw41.%. 27b0 da38 d75b 8b8e c449 d6c4 8c5d 4381 '..8.[...I...]C. 4583 d034 d211 c841 2aa8 5a8b a4d3 e03c E..4...A*.Z....< e838 b65d 1223 50bc a0f9 8e2c 24c9 7331 .8.].#P....,$.s1 4cfc a7f4 0de7 04d6 0a5b 38b2 ced9 9e90 L........[8..... 3088 4dd0 5d3c 0822 d642 3855 198f dc53 0.M.]<.".B8U...S 0549 582e 8212 78e1 064b ccfa 5385 705c .IX...x..K..S.p\ 1c5c be66 138f 0cf9 9149 150d f9ea d34c .\.f.....I.....L 9433 6ecb 98e6 777a 5102 132d b3cc 38c5 .3n...wzQ..-..8. c142 a3bf 8f4d c700 e5d8 b50d 9bbf dd54 .B...M.........T 3d91 e607 e128 edf9 b14e 26a6 4a40 cae0 =....(...N&.J@.. b268 fa4b 9332 717b 01c9 8f8f d1e5 0744 .h.K.2q{.......D aea2 e816 db22 78f4 8568 4a3a 0d36 b599 ....."x..hJ:.6.. 212a bfb1 2b66 5191 ef1c dbed 2c78 6bb7 !*..+fQ.....,xk. 5236 2aba 2990 e0db fa72 2996 9554 4754 R6*.)....r)..TGT f9f3 db77 7a23 b8f2 603d dde4 820e 4d01 ...wz#..`=....M. 2559 e0fe d15f e014 0fab 6375 37ad d64d %Y..._....cu7..M cae5 102b fa73 9f5f ff82 2441 283c f78e ...+.s._..$A(<.. ff5f 883a a2d0 b437 026d 0632 e428 ddea ._.:...7.m.2.(.. 4a04 2ba2 bc0a 243e 1927 42d4 1f9e 4232 J.+...$>.'B...B2 b9ab 29f3 d535 7810 a008 f46d 62c4 7343 ..)..5x....mb.sC d0cb f8ac 6063 a6e6 af73 1839 bbea db71 ....`c...s.9...q 2369 0959 e391 9d9d d3d3 adc8 3bd2 80df #i.Y........;... 19ef c165 2bcd e270 8d93 ce28 abed 386f ...e+..p...(..8o 34d0 1a9a 6b28 9f49 e530 f031 6367 576a 4...k(.I.0.1cgWj f8c7 d2ba fa06 6407 dd64 3c78 11d8 d59d ......d..d<x.... fc49 4c8a 7054 1849 7031 0a79 a48e e57e .IL.pT.Ip1.y...~ 1d21 d29f e87f dca5 5e1b e09c 8358 24cc .!......^....X$. f3ad 237f 71d1 4dd1 6933 ac26 d2c8 0fe6 ..#.q.M.i3.&.... 8839 6e1a a0bf fc03 eff4 f5c1 f9c5 f665 .9n............e c62f ee7e f87e 2b7e e620 eb80 bde6 afda ./.~.~+~. ...... 7a16 6163 15ef b1c2 5697 1676 55da 3e95 z.ac....V..vU.>. 3781 f04a 27a8 412e 0c73 f126 bd37 0c7f 7..J'.A..s.&.7.. 6add 0ac6 9a78 f617 9037 eb34 a901 465d j....x...7.4..F] 5449 f3f5 1503 b203 a0b7 a374 dd4c b7eb TI.........t.L.. 214d 4c5c 5b19 f6e0 5b7a b7bc ec7d ada2 !ML\[...[z...}.. cbf3 9bd1 6b30 c329 bcb4 7347 8f3b 472d ....k0.)..sG.;G- 1b3f bb69 8e85 5fa3 2523 c6f0 60e4 5503 .?.i.._.%#..`.U. b8a1 7aef c3eb 2b64 9533 9683 7935 93c4 ..z...+d.3..y5.. 90fd 7aac 6c3f ad09 f3be d17c b9e9 7ca9 ..z.l?.....|..|. bb39 8aff 481b 1e60 08eb 9718 36bf c8ec .9..H..`....6... cc3c db3a 321d 6c4a 8963 4641 ee2a 2af9 .<.:2.lJ.cFA.**. a670 42bf 35f8 b474 7752 f664 0a29 9a69 .pB.5..twR.d.).i 313c 6bed 53b0 c8a0 3b59 2d27 02f2 1787 1<k.S...;Y-'.... d0d7 4c79 ec5a 2e4e c77f 3af7 0ab3 95d2 ..Ly.Z.N..:..... ca42 f3ba a1bf 79db 5a0d e912 6085 8423 .B....y.Z...`..# 6a6f bf19 41f5 b3dc 3334 8cc4 fb40 12ea jo..A...34...@.. 02b0 1995 70cd f095 470c ea90 a374 6bb6 ....p...G....tk. 9d4d e246 874d 7136 34f3 32d0 d254 4224 .M.F.Mq64.2..TB$ fd0b 084c 1313 e4af a095 0bae c3c4 4513 ...L..........E. 4928 9bd6 b97f 9c45 276b ea7d 69fa 65bd I(.....E'k.}i.e. 8444 a44f 3872 a58c 8752 d8e9 cf0b ed93 .D.O8r...R...... ea9a 9568 f21f c55b 1ef3 b338 4bdd 4146 ...h...[...8K.AF 782d 3e7e 2712 f03f 5047 a5a5 d211 77ba x->~'..?PG....w. f5f7 8a8f b609 e6bb 5688 c954 dbd3 a8b7 ........V..T.... e05a 9763 d761 30be 16c5 b368 6f83 ef92 .Z.c.a0....ho... 8b11 474f 7e39 7041 8958 217f f9fb 191d ..GO~9pA.X!..... 9078 abec 93be 977e ac6e 1200 b9f0 a988 .x.....~.n...... 87ad 555a 0fc0 085a b12d ae06 6319 731e ..UZ...Z.-..c.s. e8ad 63bf 56db f10f f1aa 0dd1 2307 c565 ..c.V.......#..e 0d72 ff04 5ae0 5ec7 ca27 443c 7886 1143 .r..Z.^..'D<x..C f891 d1d9 3e0e e07c bdbe 4612 d723 760a ....>..|..F..#v. c805 6362 518f cfa8 f9e3 faf9 eba7 bc81 ..cbQ........... 5989 b2f6 c0d7 b7e4 3332 2fbc f00c 7765 Y.......32/...we ffa1 ef0c 1f31 2c8d 6b32 c607 47f1 753e .....1,.k2..G.u> e4be ddd9 5e66 1a97 98d6 568a ab74 da62 ....^f....V..t.b 39cb a006 1834 dd3c f32f 97c0 9a82 73ea 9....4.<./....s. 3b98 4ca8 385e e4cf 3db0 2a2a 0de5 8f42 ;.L.8^..=.**...B f768 b1f9 f7f4 03da 1659 9e18 d4a0 f27c .h.......Y.....| 35cf 0c09 32bb 94bc 5959 fb5f c841 267b 5...2...YY._.A&{ 1b69 63f9 7aec e2cc 529d b0a7 c5bc 2345 .ic.z...R.....#E a664 95fc 79ef 782b 1014 c500 cf62 9c3c .d..y.x+.....b.< 8cc3 fa68 f742 2e27 09fd d974 35a1 11d8 ...h.B.'...t5... f47f 9d28 9aa1 8d13 ac58 459e 2fd8 67bb ...(.....XE./.g. 6b05 2ab1 aabb aaf4 7068 2a98 195e 5f15 k.*.....ph*..^_. 8bae e13c 84f1 b9cd 5214 eceb 88df 3bcc ...<....R.....;. 8a12 0c42 21b0 dc2a 1fa6 e73e def5 f57c ...B!..*...>...| 64cb 1a3b 6d41 0be2 a21d d473 4980 b7cd d..;mA.....sI... c76a f6e0 169a a09b 282c e005 cecb b6d2 .j......(,...... f725 bdf3 dc27 08e5 38d9 72b1 581d a70e .%...'..8.r.X... f35b 7da5 55ec d209 7aa6 4946 1aec a317 .[}.U...z.IF.... a782 5aed 7f5c 5ebd 4a03 7070 b290 9783 ..Z..\^.J.pp.... 2174 8a72 7f91 7b71 8a98 9706 78a2 9ba6 !t.r..{q....x... 22e3 bf63 d7ca 94ab d16b 3a4c e1da eb56 "..c.....k:L...V 721d 9030 f5ed ee24 78eb a489 30d5 fabe r..0...$x...0... dbae 2eff 5552 e98d 4a8a cef1 b117 b095 ....UR..J....... bdc7 bd73 4afe 174f 146c a470 7524 349e ...sJ..O.l.pu$4. e1cd 79a0 ef10 f83b 9238 aa73 372f f87c ..y....;.8.s7/.| 72c9 4852 r.HR Data received: e77c a0a5 79af 77ac 0f44 0a2a 3110 948a .|..y.w..D.*1... abaa 4af3 93ee fe54 ff07 cfff e2ae 6ce3 ..J....T......l. 38d5 8c63 8ccf 3992 e2ec 3dd5 8842 a25d 8..c..9...=..B.] abbe 1dbf d5de ba36 a66a feb7 692a 86d4 .......6.j..i*.. e539 a9b4 a49a c491 322d a0e6 bc9e fbe7 .9......2-...... 26e7 b2ad eadd 89d3 6f03 5c46 7f6f e461 &.......o.\F.o.a be43 ad9f a996 c79c f1ef f4db 91da a4c1 .C.............. 1bea 4a4e 9893 a003 7c92 92da 954a e557 ..JN....|....J.W 582b e62d 19df 1906 2aa5 ddd3 9ada da33 X+.-....*......3 32ae eaba c666 0ea8 7b23 7a3b c63b edd7 2....f..{#z;.;.. edd0 7570 8758 e16c 4189 0845 1d68 f43d ..up.X.lA..E.h.= 8247 2dee a81c 3f1e 7cea 89f2 be8d d181 .G-...?.|....... ef48 17da 82a9 c9f3 8af7 2d96 8701 d06a .H........-....j 7b10 ef49 b60c 6895 829b 9a47 7a38 4000 {..I..h....Gz8@. a168 fa4a d512 e412 41cf e176 bd18 a02f .h.J....A..v.../ 81c0 dc3d 4a0e f94e e27d fa29 ca07 e7d3 ...=J..N.}.).... 0a7b 4c5a 7568 67c0 1097 a7f7 8533 67ed .{LZuhg......3g. edc1 74a5 5164 231c d9f4 c3e0 12fd a8c0 ..t.Qd#......... 1e3e 74bc 3df7 3af0 055a 2ce4 c2d0 9d72 .>t.=.:..Z,....r 1901 4b3f eab5 60f9 70a5 0763 3cf4 54d2 ..K?..`.p..c<.T. f628 8a4c 4bfa 28e6 86bf 5ce7 29b9 7e14 .(.LK.(...\.).~. 05c9 dfd7 41bc c278 81c7 1444 d7da 5575 ....A..x...D..Uu f1a5 d0f0 a84f 715f dab5 0c13 f477 e3b4 .....Oq_.....w.. 9f71 15f9 298c 065d bc68 4fdd 1d49 98aa .q..)..].hO..I.. 0df6 6228 2ade 9b24 605c fba1 f315 3390 ..b(*..$`\....3. 3ce9 c276 5767 c064 c3fb 5db1 7be7 f5e6 <..vWg.d..].{... 09a3 d008 d09f bace 1973 e2a7 5065 2e50 .........s..Pe.P b9a4 542f 74fe db1c de87 5032 1a95 fc5e ..T/t.....P2...^ 9435 182c 94bd c7a8 f2c6 ec3e 8f35 c8f3 .5.,.......>.5.. 3595 9fd2 1d86 7d5d 3d26 bba9 c89f 56ce 5.....}]=&....V. b895 dc71 03c5 2234 e5da d4eb 9a74 5420 ...q.."4.....tT d425 9a40 de4a 9df3 08ed 20a0 b671 4bf1 .%.@.J.... ..qK. afc2 0744 70db 0985 5054 c7b6 550a 1b30 ...Dp...PT..U..0 dd64 8495 9e39 97e9 a282 9296 7cf5 6d54 .d...9......|.mT e623 96d8 80c3 f821 ea6c 7a9d 736f 108d .#.....!.lz.so.. f72d 1ad1 3b9d defa 1e84 0eb0 00eb 70d0 .-..;.........p. 5ad1 0cfa 478a 054a c1d3 d3ed c0ee a3ed Z...G..J........ f0fb e4c1 eb1a 6008 00fd e328 cd82 828f ......`....(.... 5cb3 bfcd 900d c8c1 f72d 78dc 9bda ad6b \........-x....k 7e9f 7ac0 e2b2 f1c7 7532 6709 a5bf 7d4f ~.z.....u2g...}O 7a34 1197 5625 8233 c3c4 be5a 1650 fe37 z4..V%.3...Z.P.7 3e59 73dd 0c64 e279 9e8c e51d e5b2 076b >Ys..d.y.......k 90b3 8227 b8ff f019 d164 fee6 a74c 597a ...'.....d...LYz 6773 f616 7164 35a5 b5de 7319 975b 48b9 gs..qd5...s..[H. 6dfa 7c8d 9821 ebc6 68e4 d7ad 1696 1152 m.|..!..h......R 17ad c72c 8d71 a94c 7933 a9da 808c c204 ...,.q.Ly3...... 4fd3 63fc 8810 3bd4 9bf8 fde0 e075 0211 O.c...;......u.. 761b 6ee3 f803 1617 098c ef0e 689f 03a5 v.n.........h... 3ddc b8d9 1eb3 91d9 624d 273b 1eb6 8063 =.......bM';...c 366c 7959 1804 a3b3 fb00 90e1 3675 a969 6lyY........6u.i 8560 a0d0 4103 6f99 517a 6312 5aa2 cb17 .`..A.o.Qzc.Z... 0eef e971 a911 c872 6f33 c582 166b 7117 ...q...ro3...kq. cb1f da42 e4d8 3e1c 1b66 4c55 d597 e6d3 ...B..>..fLU.... 1393 f252 8f4c 7a3d 2c46 ba62 b668 6f6e ...R.Lz=,F.b.hon 01da 0ab2 4158 9a44 99da 1b4f 2db9 4353 ....AX.D...O-.CS 5e28 5d9a f3c5 daef 5da2 f40b 5442 52e4 ^(].....]...TBR. 752c 0590 a58d 106f 111f 29c3 790f 4333 u,.....o..).y.C3 fc61 8437 cd61 979a 2dfe 071c 0deb 72cc .a.7.a..-.....r. d86d db59 8427 d7e8 9008 6b84 0f47 fe39 .m.Y.'....k..G.9 fc83 0138 5eba 3a28 0f4c 0f63 6d00 0655 ...8^.:(.L.cm..U 8359 8d05 bfbb 7888 0e05 ff77 bd29 abe5 .Y....x....w.).. 78e1 3ed5 883b 4aba ed3a 51e0 b00d 0bc1 x.>..;J..:Q..... ed50 aa7a d6e7 f1a3 c0e9 efb1 cce3 3c1a .P.z..........<. b1db 5637 a4ea b1e4 040f 8f02 c869 5464 ..V7.........iTd dbf7 3f5d 133f 26a2 6c95 d07e 761f bb5a ..?].?&.l..~v..Z d865 b776 1b33 83c6 0eef 1557 15d2 70cb .e.v.3.....W..p. 4370 2a17 a985 271b 8e92 5072 4288 f64c Cp*...'...PrB..L b83b 6b2d b55e b3e4 db42 dc67 a2ad 5b14 .;k-.^...B.g..[. c189 5506 158f 5510 8f7e d24d 0b43 a0a1 ..U...U..~.M.C.. 12f4 1383 f41f b8b3 9174 6bec 7b44 1731 .........tk.{D.1 4e46 3485 143b 856d ee47 76e9 7421 5275 NF4..;.m.Gv.t!Ru 5929 ebfe 1a50 6d0f 7079 3ebe ed7d d46e Y)...Pm.py>..}.n bb0e f923 d1cf 586a 4d61 4eb1 fd3c 4573 ...#..XjMaN..<Es 3ead afca b14b 34ae 5977 ba36 ef1a d3fd >....K4.Yw.6.... c4ef 5a8d 6ce2 07aa 309c a626 95ed 0281 ..Z.l...0..&.... 2d57 ca64 1d21 4aa9 08b4 74e8 fa4f c712 -W.d.!J...t..O.. 72a7 273d 21dc fce2 ca4c d4c7 48cf f922 r.'=!....L..H.." bfa1 20eb 89b9 81c8 7ee7 d62b f1ec 5fbf .. .....~..+.._. fb82 19bf 0905 92e3 1393 e3c1 f176 61fb .............va. 0175 8a7b 5253 aa47 788f 5990 da2a cc67 .u.{RS.Gx.Y..*.g 8b08 0e0f 9fce e459 1c10 b21b e057 3728 .......Y.....W7( c0d0 9fde c93a 9638 22aa 262f 2441 533e .....:.8".&/$AS> 7eb8 3f36 0ffc dda9 8c12 c3c7 0cc6 014b ~.?6...........K 07d1 094f 1ceb 0201 3757 16b1 33f1 63b7 ...O....7W..3.c. 565a a0ca c5cc db3a ced2 fa46 ac83 03ad VZ.....:...F.... 4622 f6e8 eb48 d357 2bd8 d793 58bb e80f F"...H.W+...X... 8203 030d 4a42 e760 d986 1f38 b58e 9234 ....JB.`...8...4 eb31 4582 6751 138f ff23 c640 0bae 5de5 .1E.gQ...#.@..]. 2656 ed82 2acb b78c 5c76 5edf cc99 ea0e &V..*...\v^..... 39af 92fa df3b 065d a145 28b6 a948 3b44 9....;.].E(..H;D 6157 43af 4061 5cb1 aa88 3dd2 e7ae f127 aWC.@a\...=....' a934 812e .4.. Data received: 8787 9d7a c355 609d 1629 8148 feee 7b4d ...z.U`..).H..{M d8fa 6bba 79fc b5a7 abb1 d722 ff85 0e4b ..k.y......"...K fd90 dd44 a80d 3b1f d199 121e 4301 83b1 ...D..;.....C... 723c 4805 2ff5 fd2b fbed 99dd 0856 9a85 r<H./..+.....V.. c32b f749 ffb0 ccf7 cb92 9239 2a47 879a .+.I.......9*G.. 8fac dd57 5a23 0d4d 4b72 ddfa d3cb d8f0 ...WZ#.MKr...... fbd7 0ebe 0f58 e104 3483 bd4f 4600 42d5 .....X..4..OF.B. ac6c 65ad ecea 6557 2d19 27db 1d99 8e87 .le...eW-.'..... e7fb 5904 09b5 f93e 12f5 6abc 42d1 124d ..Y....>..j.B..M 5441 17b2 796a 1f44 c787 c07f fd8d d01a TA..yj.D........ 0ef9 e26d ed4b 10a9 ecee fdf1 523a fa7d ...m.K......R:.} a43d 3814 7227 9678 a191 f351 4310 6b8b .=8.r'.x...QC.k. 7cf2 1455 5491 7422 6e21 3fea 4b10 e427 |..UT.t"n!?.K..' ce6f 42df 0c49 94bc e4f5 4328 88d1 1a0e .oB..I....C(.... a4db 5373 d2c9 fc3d d2d4 e4aa fe04 2712 ..Ss...=......'. 844b e1b0 8d8a 1d5f 3535 c5fa 0e43 a6e0 .K....._55...C.. da36 845d 63cb aed0 2fe1 fa66 9c63 b287 .6.]c.../..f.c.. 4045 c3cd 1d6a 96b7 dfa2 7855 878e 8228 @E...j....xU...( d300 3ce1 bbdd 6e34 470b 07b0 bb40 972c ..<...n4G....@., 2e55 474e 18d2 c3d9 816f b1d9 3ec5 3488 .UGN.....o..>.4. 556d fda2 15cc e3c6 c33a d245 529c 3b33 Um.......:.ER.;3 6d5c 4dd3 d776 9026 98b9 ec21 9f97 1d43 m\M..v.&...!...C 386e 4f5d f805 a309 534b 34ef 7394 0005 8nO]....SK4.s... 0534 3a95 5862 6867 81cd 605f bd5b 6224 .4:.Xbhg..`_.[b$ bf20 85fa ab43 3940 75c5 e9c2 4b00 1051 . ...C9@u...K..Q 716f c5b7 7bcd 1051 fcf9 82a1 4dc4 0ab7 qo..{..Q....M... 71ca 47ac 21b1 4ed5 3afb d4c8 2a81 5f8b q.G.!.N.:...*._. 8ff1 b179 a325 7e0a b99f ecbf cb0e eacf ...y.%~......... 104c 7cd8 ba54 8650 ed06 3942 e231 584b .L|..T.P..9B.1XK 2323 305a 55ed a782 a608 421a bc19 3b15 ##0ZU.....B...;. 0305 5b93 fd2d fe1e c4f3 dcdb c77a 3fe2 ..[..-.......z?. c0dc f5bd 427a f861 9127 00d9 d535 805f ....Bz.a.'...5._ d10b b577 d795 3a8f 62d7 50ee bee3 71f6 ...w..:.b.P...q. 88ae 39e2 a958 532b f59e dcd0 30d9 b488 ..9..XS+....0... bbb0 c079 96e1 7c6f 920e 6230 9c7c 0e7c ...y..|o..b0.|.| 0085 84b9 ced3 161b ac4d 3d4d 59ed e901 .........M=MY... 6d99 221d fd00 5624 c1c7 061f 3304 03fe m."...V$....3... b016 f368 7935 291e 74d2 cbc1 e01f 1a46 ...hy5).t......F 714c fbb9 2bc1 7a0b 5c01 ca0d 032c f420 qL..+.z.\....,. b78c 5cc2 a5e5 e7b0 eddd 8dba e4aa 4956 ..\...........IV a485 4e4f 6c90 0e00 3db5 9432 4cc9 56c6 ..NOl...=..2L.V. acb4 32dc 3cd7 81f0 1f10 5f81 c8f5 ecfb ..2.<....._..... 8538 5dd3 db3e 5b57 e2f3 6b0e 6ff5 5a95 .8]..>[W..k.o.Z. 6c81 56dd 6437 4e76 d696 5d31 ebac f926 l.V.d7Nv..]1...& 160e 7d9b 7860 e71a 606b 4760 3813 9933 ..}.x`..`kG`8..3 fea2 719c 1c19 5320 b5ea 4865 040c 70fc ..q...S ..He..p. 7d54 d5fe f31b bc6a aeba e8ee 410e 7bd6 }T.....j....A.{. 2581 2df9 18ab 9828 9517 1458 ea3d e2ec %.-....(...X.=.. 6e0d 9cce 4096 c73d 136b b3ba b551 9744 n...@..=.k...Q.D e1b5 8475 ccfa 0e94 ef87 c27c e50c b803 ...u.......|.... 42c6 d74f 7362 e67b 1ac2 6e07 1aca 4dc8 B..Osb.{..n...M. 0251 cb80 3b4b 02c0 f264 97fb d57b ec0c .Q..;K...d...{.. 5e4b e468 2ff5 c89e b35d 28d9 5f9a e350 ^K.h/....](._..P 43db a30d 25e6 4a97 1c9d f4fc 4204 50fb C...%.J.....B.P. d6c1 07d8 0d3d d383 e0f6 9ecf b60e 89f1 .....=.......... 38f9 7396 c760 ccb1 9c94 bed2 449f 0db3 8.s..`......D... efa3 77ee 5869 e037 f267 1ad7 cf54 63d6 ..w.Xi.7.g...Tc. 9b7e 6e00 071a 3b46 e4ad 45b8 db23 cf1e .~n...;F..E..#.. 4425 253d bd14 143f 8a78 f0de a93c 85de D%%=...?.x...<.. ea14 cc26 5017 c4b4 99cb 5d1e 744c b0dd ...&P.....].tL.. 7dbf 758c 1a6d 07d4 db85 24fd eca8 ee51 }.u..m....$....Q 9ae4 81ee 155c 11d5 1bb1 cc0c 8041 5f63 .....\.......A_c db9d 46c2 9230 738b ae85 01a4 49ae 42dc ..F..0s.....I.B. 48c8 05a8 9922 7213 d0ac 4584 c06f 5858 H...."r...E..oXX 0df3 6830 6991 8e9f c59a 78e2 c82f a63c ..h0i.....x../.< 4cc4 24ae 9218 06bf 371f 87f4 da78 2dde L.$.....7....x-. afeb 4328 33cf 16fc 0088 648a 878d b252 ..C(3.....d....R 2cdf 1a16 a25f b3a7 e2b4 8eb4 edb3 35a8 ,...._........5. 570d 200a a6e8 d81e f0cf 7bd8 3722 e54c W. .......{.7".L 3523 e211 58e5 626e b58d c920 e4a2 b758 5#..X.bn... ...X 4322 e7aa 7c7f ae15 cfcf d3af d8bf 2711 C"..|.........'. 2e12 c437 fa5f cf39 a9ed ecda 47e7 682d ...7._.9....G.h- 1df3 79e2 8119 9f02 f858 50e6 0bf5 afc1 ..y......XP..... dfba 2cec 2528 6ee6 38ee 4918 bf0a f4d4 ..,.%(n.8.I..... a72f 7992 b1a9 43ef 5eec 57c9 7701 5e54 ./y...C.^.W.w.^T 4773 dee5 0c1a 059d 9923 dbaa 6106 bf26 Gs.......#..a..& b61b cd19 6695 3eec e3c8 1638 7ed7 2b5e ....f.>....8~.+^ 2fbb ba1c 2662 b682 af75 6d98 62eb 6aaa /...&b...um.b.j. baf7 6ed6 267b d3a1 1705 44a9 f9c4 c11e ..n.&{....D..... 43a5 cd06 90cc 54cc 3759 d39b 181f b221 C.....T.7Y.....! 6b71 9ac6 3a39 c97f 9191 7c69 5057 3b8b kq..:9....|iPW;. 86ea 3c36 4b4e e805 731a 7260 96d3 6e60 ..<6KN..s.r`..n` ba43 cf5f 0376 c774 7ac0 96e2 e0b5 56e8 .C._.v.tz.....V. 658a 9155 79d0 0680 6b42 eb98 8537 a83f e..Uy...kB...7.? 304b 51ac a0cc 64de cac1 590e 4943 6bc7 0KQ...d...Y.ICk. b8d2 48ad 6827 6829 778e 6c24 1e2e ec06 ..H.h'h)w.l$.... 0f4e 5857 1132 2c97 7ff4 b91e b4cb 8ece .NXW.2,......... 54e6 f225 e168 7a01 e034 1f81 31f0 6a29 T..%.hz..4..1.j) 9318 0a4a 0080 b0e8 944e 9596 7110 6e5c ...J.....N..q.n\ 1af5 6eb8 bb5a 6a55 3191 9cf1 358f 8b2a ..n..ZjU1...5..* 3064 b466 92a1 b574 df5c 215c d9e0 83af 0d.f...t.\!\.... 9e39 287c .9(| Data received: 35a9 12a4 9c78 7ea4 2f87 f759 3834 c2b6 5....x~./..Y84.. 9237 e794 9812 5761 fc55 05e4 1f93 6984 .7....Wa.U....i. f2e1 0787 3700 6770 f6ca 4bc2 dad0 808f ....7.gp..K..... 72fa ef2a dfbb 2815 ef92 f75e 6499 cf62 r..*..(....^d..b 6dbd 3aa4 b66c 3d36 963a b9b1 0377 84ba m.:..l=6.:...w.. d0c2 6ec2 1d96 69c9 a4a5 2b22 25a8 4089 ..n...i...+"%.@. dd26 5b98 85c4 ef84 23dd 6250 cb91 888e .&[.....#.bP.... 21e1 7461 56c6 b916 fdc6 7ce7 6fab e403 !.taV.....|.o... 08a5 29ac aa09 9ecb 5f2e c429 d0a6 7e4f ..)....._..)..~O 8d96 ebda bb70 d61b 3f2c 4006 7f41 8e48 .....p..?,@..A.H 4bd0 7420 0e07 3f46 1a8a 45ca 06b3 6b9a K.t ..?F..E...k. f443 da90 4b85 1c7c 66e7 d510 a8d7 8600 .C..K..|f....... fa00 dcfd 051e cdd6 5071 7cb3 380e 4313 ........Pq|.8.C. f60e e832 7f94 c19d 106d 4917 10a8 9d47 ...2.....mI....G 5a59 518f a8e4 757c bbc3 6392 193e 5e4f ZYQ...u|..c..>^O 5a09 1759 2d21 e1be 23e8 b426 044a da43 Z..Y-!..#..&.J.C 85e5 ddd1 50de db90 1cdf 5fbe f811 e5e2 ....P....._..... 5693 b5c8 1404 5af5 3f7c 9c45 fb52 9583 V.....Z.?|.E.R.. 1fdb 95ea 878c 51b6 53ca 958d ff42 8998 ......Q.S....B.. d6dd 985d f1bd a11c 25fa d4e8 1784 e3b1 ...]....%....... 7377 d992 b67b f80f fd76 83e3 4286 6670 sw...{...v..B.fp b069 e34c 34b0 769c 6a22 bfb1 f116 4ce7 .i.L4.v.j"....L. 2fdf d7d0 9300 ee8c 0a02 2c62 07d2 be1a /.........,b.... 807a 4a2f cd91 65b9 007e 2662 ba11 dd68 .zJ/..e..~&b...h 1ac4 b124 d3cc 25ea caf1 ffd6 62e8 77b8 ...$..%.....b.w. 3a63 d11d 03f6 67d6 0088 abfe 600a a614 :c....g.....`... 2f47 3bdd 23fe 7083 21da c748 1831 9d29 /G;.#.p.!..H.1.) 347b 27de 6f5d 6471 e732 16f7 6412 2ec6 4{'.o]dq.2..d... ecba 52a5 1d4d bea8 8360 d083 2770 993f ..R..M...`..'p.? 24f8 12ea eb51 c90d 1893 ff42 efe8 5bba $....Q.....B..[. 6dee eb56 29f0 2afd c1bf 9cc1 2c46 fdb3 m..V).*.....,F.. 8dee 422b 7853 8c69 8560 a0d0 4103 6f99 ..B+xS.i.`..A.o. 517a 6312 5aa2 cbfc 9738 e7e0 1699 d422 Qzc.Z....8....." a247 7d79 626a 1fea 5802 e895 bb31 836e .G}ybj..X....1.n 535c 30dd 9041 648c d744 3d3d fe0e 466f S\0..Ad..D==..Fo ceda 7c0c 0344 f82b 7d91 ad27 b253 2bd3 ..|..D.+}..'.S+. 16fd 6cd2 9d53 c5f3 3015 b994 faa7 3689 ..l..S..0.....6. 11d1 38f9 15e5 ee4d 62a7 1e08 a35b 0b26 ..8....Mb....[.& fd27 25e5 820b 551a ca8f 833b 1a1b 5883 .'%...U....;..X. 4224 ed6f 9b92 09e3 7b80 e219 df55 aa9e B$.o....{....U.. 09be 9cd8 d9f0 1fba f922 6001 081f 34ed ........."`...4. 88c0 7b4f df34 c75e a86d 2fee bb03 6026 ..{O.4.^.m/...`& 4d88 d68e b835 781e 0c3b ed7c 0a11 9ba5 M....5x..;.|.... 7e02 9188 e494 ca6a 6539 60c9 2424 b02d ~......je9`.$$.- 0faf 623d cf8d 2607 ee8a e011 e7cb 50a8 ..b=..&.......P. 139a e7fa e45a f336 5da9 d2c6 2b4c acaa .....Z.6]...+L.. 2ed4 597f 4408 d304 cf98 5850 ec03 ea2a ..Y.D.....XP...* cd11 e76a 158b 2a05 9abe 1e70 9f65 8785 ...j..*....p.e.. 64f9 74ac 0853 9e14 ccb0 004a adf4 0fb5 d.t..S.....J.... a0a8 64e8 657e 046e 44e5 4f32 b21e 938f ..d.e~.nD.O2.... 594e 81c5 6cba b688 f8c0 df2b e23d 76be YN..l......+.=v. f04a d56f 2676 ed0a 8732 013c 35a1 dcd2 .J.o&v...2.<5... 63c3 9274 2305 65e6 bfeb 1011 5601 5a1f c..t#.e.....V.Z. c78e d64b 54c8 04a4 9f10 f83d 2f0f 0a20 ...KT......=/.. 9960 f629 6d5e 6d9a 46cb 4dac 5de6 6bf9 .`.)m^m.F.M.].k. b947 4aa5 9560 a4ee 35e3 099b df05 d297 .GJ..`..5....... 0f84 65b9 dfd3 0e48 0f92 d0fa f808 7ede ..e....H......~. 6278 a266 6019 fb74 894d d8d2 e444 40fa bx.f`..t.M...D@. 2a4d 6125 c44d 1266 72b7 f3a2 1e60 df90 *Ma%.M.fr....`.. 5194 335b 0391 a56a c25d 24f5 ae5d 7c31 Q.3[...j.]$..]|1 b16e 5cc3 1545 7da9 d871 da69 9855 4bdb .n\..E}..q.i.UK. 955f a107 f116 ff9f 4a9b 2315 9872 a5cf ._......J.#..r.. 2cca 1b88 ec80 2d36 3c6e 2d90 3551 58e8 ,.....-6<n-.5QX. 67a5 8ae2 84e5 55a8 25cf bb11 d93b 44b0 g.....U.%....;D. 197f 207e 4dd0 a652 3268 79fb f456 d986 .. ~M..R2hy..V.. 4e37 5244 555a f278 5144 52f5 e59e d8e7 N7RDUZ.xQDR..... 13f2 e7d2 06ed 755f 9aab 1e34 7f83 8650 ......u_...4...P 0992 78ec 635a 3a82 1d83 ed50 b6c3 84f4 ..x.cZ:....P.... 867f 8903 9274 6801 4158 52ab bfdd a747 .....th.AXR....G 0728 4a4f 4695 8953 9a49 d425 cca7 d14e .(JOF..S.I.%...N d808 e31c 5db8 2617 e0be c41d 7410 94eb ....].&.....t... 7ba0 7687 0c5d c217 0679 9131 078d 2161 {.v..]...y.1..!a 0e3b 37c8 5890 6d04 20a2 91e1 4f10 398a .;7.X.m. ...O.9. f8db b56c 7370 428e 5436 c54c ecf2 91e1 ...lspB.T6.L.... d6a0 b6da 4955 6be7 15ff 197a a39c 6b57 ....IUk....z..kW ca63 3033 174d 3f03 88cc 269d a2b4 aea2 .c03.M?...&..... 170b 81b7 909c ddf8 0ebf 589d 4577 7e5d ..........X.Ew~] 6ec9 dc1a f4a3 bbb1 e73b 0cb6 d517 af8c n........;...... c18f 85ba 6d40 16fd 90c7 788f cb02 2d91 ....m@....x...-. af73 ea55 1f04 616f feb0 a34c 220b 6bf1 .s.U..ao...L".k. 99fb c373 ad19 bf3d 1c77 1615 a89c 91c5 ...s...=.w...... 1be3 d225 d7e4 02f0 efb6 1960 a075 e68b ...%.......`.u.. 4be2 ecfa 0392 c78b d3b6 c890 f8b9 70dd K.............p. c106 5bad 562b b3d7 1803 569d 7dc6 eb58 ..[.V+....V.}..X 7945 1d38 a678 e839 b7b1 4f85 1c55 e031 yE.8.x.9..O..U.1 06cf 51a9 5731 a252 e6ab ac8f 225e 99e7 ..Q.W1.R...."^.. 4e43 5035 6902 bfc0 9993 9ccd 7b57 7a1a NCP5i.......{Wz. f02a a881 d223 8b89 8265 7c80 cd4e abd8 .*...#...e|..N.. edab 0da2 d36c 2027 7bb7 8437 3526 55cb .....l '{..75&U. 0c0d ed95 ef25 8bb0 c70b 19b5 57c2 1ddd .....%......W... 3211 efbd ae59 3b61 6d78 d31c 0a08 3c62 2....Y;amx....<b f2cd 9f6a ...j Data received: b036 8f14 5c34 58bd 5102 d963 67a7 9e36 .6..\4X.Q..cg..6 eeff c645 b69a 3e2b e275 0f18 fa55 f194 ...E..>+.u...U.. 5583 2bb9 f076 37fb 0d15 0ab6 3c7b 308f U.+..v7.....<{0. 800b faf6 6e39 fb22 8b77 915b 5235 0ca4 ....n9.".w.[R5.. 2843 eaf5 2642 a905 9d93 2848 9730 5dac (C..&B....(H.0]. 1d8e d5b7 b8ed 7c4e d85d b98e c54e 4dd7 ......|N.]...NM. 0ba3 ec93 5a5f b78a 624c 46c1 2d25 5f0f ....Z_..bLF.-%_. 05ea 9d8f a949 d183 c875 ad1a 8040 720a .....I...u...@r. ad9d f41f 470b 80a3 e34e e8b5 ef33 3bba ....G....N...3;. b0f2 f9c0 5b62 44f3 4d4c e363 dc1a 4d83 ....[bD.ML.c..M. f514 1f14 4229 d720 a520 ce92 eb71 3a93 ....B). . ...q:. 2b9f da5e 1e09 44f4 963b 24c7 3e90 d307 +..^..D..;$.>... fec7 0403 76a6 84fe cc76 9d5b 009d 5790 ....v....v.[..W. f3c6 6fc6 69c2 dbdf 6ef3 3d29 c215 ef5c ..o.i...n.=)...\ e4a4 1ce8 e596 2726 21f9 b250 9802 cb29 ......'&!..P...) 9ce5 29d3 01c0 fd3f 4854 7158 448e 03a1 ..)....?HTqXD... a984 72c9 5b52 669c 57a5 fab8 c11f f494 ..r.[Rf.W....... 523b 5906 bdff 2585 a986 8e7b 006c 18b9 R;Y...%....{.l.. 8c39 0e05 2870 a333 5a3a 62cf c6b7 f200 .9..(p.3Z:b..... 2723 402b 69c4 84d5 f61f e480 687b d2af '#@+i.......h{.. ebc5 643b f656 97b7 c887 3ad5 4ae4 358d ..d;.V....:.J.5. cf21 fa9d d3bb 52bb e20b 3c3a 7831 5809 .!....R...<:x1X. 73ad e025 1fb8 61cd ca54 3e34 3ec4 34ae s..%..a..T>4>.4. c1dc b050 e1cb 771b ee3a 101a 658b 90f4 ...P..w..:..e... bf49 c429 fa20 36ab 5fb4 002f 71b4 2d90 .I.). 6._../q.-. bdc6 39d1 a4ba cd7c 540f 0f1c 16c2 6427 ..9....|T.....d' 7556 4e0c 81bc 5197 8d73 d3f5 f933 abfd uVN...Q..s...3.. f9b6 e90e 50f2 c439 9c5e 305a e1fc fd6e ....P..9.^0Z...n 53cc 45f2 5d36 7ad6 8fb8 c1f7 007d ec46 S.E.]6z......}.F 439a e9f3 261f 3576 8438 b1d6 774b 0152 C...&.5v.8..wK.R 0f6e 6c8f 6628 1514 74d4 904a 2f13 0f1d .nl.f(..t..J/... 5da9 1252 3e55 dc59 6c11 27fc d194 f8fc ]..R>U.Yl.'..... 687c d8dc abe6 ebbf 6906 1908 543e 353d h|......i...T>5= 758b 9f43 a6a0 8c33 007b 2949 60dc 6775 u..C...3.{)I`.gu c984 6663 dac6 eece e020 8397 7697 7603 ..fc..... ..v.v. 104d 1f45 3fc6 4a73 a394 4c8d 195f d46c .M.E?.Js..L.._.l 683d 1c02 6f41 c959 4ff7 2b50 e9ee f938 h=..oA.YO.+P...8 fb04 cb47 e791 513d daea cd16 7e61 ff31 ...G..Q=....~a.1 8eda f2c7 db8e 0b4e b949 bff2 53f7 c55b .......N.I..S..[ 8ff6 cfdb 1da0 6855 3d60 22a5 e795 eaf6 ......hU=`"..... 793e 706f da61 15c2 edb2 39ad 6f09 ec40 y>po.a....9.o..@ cb6b d84e dd3a e19d 3966 ceda cf47 b426 .k.N.:..9f...G.& d3c5 1265 62ca b4ce cd0d 2c1e ac25 30a1 ...eb.....,..%0. 79be 0883 addf 3bfa c879 3272 bdca 6353 y.....;..y2r..cS c980 7d8e 53be 5504 f3f1 a10a 2d8b a7b0 ..}.S.U.....-... 1c6f edbd 595e 98a5 4010 5181 121c 1819 .o..Y^..@.Q..... 3074 f452 1d2a 4c4d b46d 932f 5072 cf24 0t.R.*LM.m./Pr.$ 133d 4952 1641 7855 1fdf 9918 62a5 b472 .=IR.AxU....b..r be1a ef82 942d 72c4 9620 e3c9 18a1 0f9c .....-r.. ...... 285b cb98 cf15 8e86 f2a5 e778 d764 34c4 ([.........x.d4. e4e8 0281 c54c 5368 d2e7 9b3f 8cfb ad19 .....LSh...?.... cff5 63cd ec33 501b e445 c3c5 9cdc 7e51 ..c..3P..E....~Q 4728 f393 65fb 3c22 c02e 1990 22d4 3af2 G(..e.<"....".:. 2f98 9212 e5db 0fd1 5f1e a4ff 84a2 2b6d /......._.....+m e9bb 2650 e2d9 1e13 ec9b c2ca cc94 34a0 ..&P..........4. fa97 89f8 8fb0 a218 1432 7193 6bf5 0d80 .........2q.k... 8606 00c0 5873 2750 9825 27c0 10c6 fdda ....Xs'P.%'..... 1409 479a e926 8f09 a085 b1e5 50fc a452 ..G..&......P..R 1b8f fb5c 8f5c f938 b7d6 bce1 efa1 dd8f ...\.\.8........ 41d3 9d4e b73d 7059 fac4 a575 6769 0f3e A..N.=pY...ugi.> 11de 2285 09b8 d6de 6e0c c1a6 02da 12e0 ..".....n....... 15ef 3857 4c5f 5f0e 7627 5567 d2d2 c1d8 ..8WL__.v'Ug.... 8960 380b f892 055f 67b8 4b35 d10e 6e60 .`8...._g.K5..n` de97 6805 c7a1 fa3f a566 f5a3 7375 6d24 ..h....?.f..sum$ 7c44 8bcd 2a80 1ed2 c448 b0f6 b86d e5f6 |D..*....H...m.. f811 4c09 d782 54e5 acbb 38f7 578a d806 ..L...T...8.W... 386e c1ef 7760 aa42 8a07 4c12 3687 d665 8n..w`.B..L.6..e e9b4 6628 2129 fe4a 5c00 5bce 45f7 6d4a ..f(!).J\.[.E.mJ 2f80 e179 dd52 e1ee e02c 41f6 8aff 4992 /..y.R...,A...I. 557b f774 276b 7a00 1b03 befe 9195 0e52 U{.t'kz........R a3fb 773d 52ea 3add 20ea 8e8e 63c3 e290 ..w=R.:. ...c... 6feb b643 2486 3e39 52a3 c586 8c98 8685 o..C$.>9R....... e1be 96d1 71d8 9ca5 5a38 452b 868f b529 ....q...Z8E+...) 68e1 8248 f58d 7d41 4655 ad26 6aee 6951 h..H..}AFU.&j.iQ f781 680f d861 20bb 5db3 b203 0067 6de4 ..h..a .]....gm. 64bb ff4d 8c7a 14a2 8947 7c2a b436 6cca d..M.z...G|*.6l. 7fee a41e fe92 d172 f260 6c9f 32fb c4f9 .......r.`l.2... 77a2 7ae7 e8b0 27e1 4b22 6161 258c b19a w.z...'.K"aa%... 4e0b c3c4 dc7e 6e7c a7cd c6a6 cb08 2caf N....~n|......,. 1c03 a438 552b 8da5 6d5a 2bd8 e01e e1f4 ...8U+..mZ+..... 6748 dbdd 494b ec91 bade 92dc 931e c2ce gH..IK.......... 9729 167a 4ed2 73a0 6610 3b6a 4c5a 98c4 .).zN.s.f.;jLZ.. dcca e289 0ad2 3d1e c257 1a2d 89dc f26b ......=..W.-...k 3688 281e 4533 efb9 2675 ddae f0d0 fced 6.(.E3..&u...... 64db e46a f6f0 c4b9 3a3d a647 43ea 90cc d..j....:=.GC... d8b4 72eb b940 efd8 a18e 64c9 1b45 ca55 ..r..@....d..E.U 392f f614 f076 825a 3edb 0515 d6a0 dff0 9/...v.Z>....... 9d59 ff75 18db 8d47 c41c 2436 c2bd 09a8 .Y.u...G..$6.... 0300 1a17 a804 a902 cf1a 74e5 1801 651a ..........t...e. d063 0254 0d5d 6bdc d0b4 0403 5b26 5180 .c.T.]k.....[&Q. 2ff1 9aa3 89f2 7725 0558 5a4d 671e 688c /.....w%.XZMg.h. df23 77be .#w. Data received: 1062 5f32 c420 04dd 5db9 1244 cb18 3aac .b_2. ..]..D..:. b4af 9b17 68be 18fb aec7 26aa 4c3c 7650 ....h.....&.L<vP 2a91 24ca 10c8 9dca 47aa c888 ad72 b007 *.$.....G....r.. 6a74 8037 ad0c ecb3 627a 9b86 014b 2031 jt.7....bz...K 1 1f60 2cd0 457f 7cc3 6510 09cd 59ab 28e5 .`,.E.|.e...Y.(. 266c b500 447f efb8 843e 77b5 41f5 632e &l..D....>w.A.c. 3551 c2e7 629e 9ab8 e6c9 8399 ec40 3c99 5Q..b........@<. 91e8 711c 7365 7651 05a1 b1f5 f2d6 f46f ..q.sevQ.......o 19ba 1771 49b4 eea1 7b26 78f8 7fcb 1c92 ...qI...{&x..... 860e 83c5 c7ec c2cc bf50 2c8d 5da9 456e .........P,.].En fb1a 6d88 9994 b3f2 e6d1 d1a6 3700 827d ..m.........7..} e65d 010d b2d2 0408 6fb1 ba7a a7a1 f28b .]......o..z.... 8b02 c79c 32dc bad6 c085 1192 fef9 c7 ....2.......... Data received: 7a75 2351 9b90 997e 62d0 ec41 c7e1 72a2 zu#Q...~b..A..r. ecf3 d3f4 7b91 da77 d691 3b0a d665 1e46 ....{..w..;..e.F f7c8 6bde 882b 2624 3506 4a14 fd75 5d87 ..k..+&$5.J..u]. 0b49 9b7f 081e 635a c912 87a9 8ff0 1e73 .I....cZ.......s 7194 5522 816e c541 968e f959 185a 3fe3 q.U".n.A...Y.Z?. 1cd7 bec9 e4a8 33d4 db16 f9ae 438e 36c5 ......3.....C.6. 8e02 9ec5 c134 d5f6 a88f c924 b401 e936 .....4.....$...6 0d1b c6e3 e061 6c64 cc33 fb45 5931 43fd .....ald.3.EY1C. 3661 4096 753d ea44 31d8 3764 626c 64c3 6a@.u=.D1.7dbld. 1991 7500 0b6b 87f3 799d 177e b48e dd74 ..u..k..y..~...t 3271 5dcc 653d 200b 7121 ca71 3009 7648 2q].e= .q!.q0.vH 9c9b 6195 c184 4f6c 0dae 5e39 43f9 01a1 ..a...Ol..^9C... 8459 b008 e370 143e 49a6 753c 9fb8 ffea .Y...p.>I.u<.... f00a 17ab 05c8 3093 1988 4395 9566 4da4 ......0...C..fM. a9ce fa21 2864 80f0 e46c 0033 2bbc 5661 ...!(d...l.3+.Va db86 2d99 d472 9c88 e7d0 b5b2 ae2f 7fa4 ..-..r......./.. c2bc e766 a40e 9261 1e95 29fd 5057 08c9 Data sent: 483b 067e d940 8ddb bdcc f047 f83f 793d H;.~.@.....G.?y= d13e 32f3 fadf beaf 7e3f 9661 977d 4a9b .>2.....~?.a.}J. 29dc 040b 1597 0f34 e4c9 170d f51d 6854 )......4......hT 705c ab3b ff73 1de3 2afb ff8f ac59 7fa7 p\.;.s..*....Y.. 1451 e4c8 18ba 510c e1fd 0627 2c9e 22cb .Q....Q....',.". c627 4358 6dfc 665b 3c53 617e 14d4 1dfc .'CXm.f[<Sa~.... 86d5 291c 2595 2582 49f2 9d7b 7940 bd01 ..).%.%.I..{y@.. 8f14 3ba0 b2fb ab18 757d e832 6b0a 637e ..;.....u}.2k.c~ 6127 574f cdba 5421 ba9b 548a 51b8 2e71 a'WO..T!..T.Q..q f0e7 fefa 7d72 1dfc 1128 ee74 5f0f acca ....}r...(.t_... 3436 18f5 57df 1f76 f6a1 f5ad 56e7 6234 46..W..v....V.b4 3042 7706 6859 d375 2951 62e1 e08a b69f 0Bw.hY.u)Qb..... 36dd c160 ede8 2375 46b7 ae53 ab4d d3dd 6..`..#uF..S.M.. 9883 6c40 80cf 035a d34b b46a 63b4 7d5e Data received: b9e1 a57e c7b7 826e 226e 0bcb fd77 ed49 ...~...n"n...w.I 8e02 29f3 4459 639f 7f71 7251 1775 5ac7 ..).DYc..qrQ.uZ. 7542 1147 cc57 aed0 24dc da7e 759d 18ec Data sent: e0f5 3dc1 f0ea 15db 433e 65f8 9be2 14ba ..=.....C>e..... 9048 5cd5 ec70 a38b 4172 2850 ecf6 d52a .H\..p..Ar(P...* d204 3938 cf70 5f66 7521 82de 4c67 e6ed Data received: b9e1 a57e c7b7 826e 226e 0bcb fd77 ed49 ...~...n"n...w.I 8e02 29f3 4459 639f 7f71 7251 1775 5ac7 ..).DYc..qrQ.uZ. 7542 1147 cc57 aed0 24dc da7e 759d 18ec Data sent: e0f5 3dc1 f0ea 15db 433e 65f8 9be2 14ba ..=.....C>e..... 9048 5cd5 ec70 a38b 4172 2850 ecf6 d52a .H\..p..Ar(P...* 5931 5a8f d507 f38f 5f14 f558 9b73 d561 Data received: b9e1 a57e c7b7 826e 226e 0bcb fd77 ed49 ...~...n"n...w.I 8e02 29f3 4459 639f 7f71 7251 1775 5ac7 ..).DYc..qrQ.uZ. 7542 1147 cc57 aed0 24dc da7e 759d 18ec Data sent: e0f5 3dc1 f0ea 15db 433e 65f8 9be2 14ba ..=.....C>e..... 9048 5cd5 ec70 a38b 4172 2850 ecf6 d52a .H\..p..Ar(P...* f6c2 055c cee5 0174 c00b bf4c 2987 b5dd Data received: b9e1 a57e c7b7 826e 226e 0bcb fd77 ed49 ...~...n"n...w.I 8e02 29f3 4459 639f 7f71 7251 1775 5ac7 ..).DYc..qrQ.uZ. 7542 1147 cc57 aed0 24dc da7e 759d 18ec Data sent: e0f5 3dc1 f0ea 15db 433e 65f8 9be2 14ba ..=.....C>e..... 9048 5cd5 ec70 a38b 4172 2850 ecf6 d52a .H\..p..Ar(P...* 4722 c981 0803 9664 d967 901f e5d1 6692 Data received: b9e1 a57e c7b7 826e 226e 0bcb fd77 ed49 ...~...n"n...w.I 8e02 29f3 4459 639f 7f71 7251 1775 5ac7 ..).DYc..qrQ.uZ. 7542 1147 cc57 aed0 24dc da7e 759d 18ec Data sent: e0f5 3dc1 f0ea 15db 433e 65f8 9be2 14ba ..=.....C>e..... 9048 5cd5 ec70 a38b 4172 2850 ecf6 d52a .H\..p..Ar(P...* 5797 50c7 86e5 5e36 9906 c010 1ebc a8b8 [=-==-=-=-=-=-=-=-=-=-=-=-=] TCP Connection Attempts: [=--=-=-=-=-=-=-=-=-=-=-=-=] From ANUBIS:1038 to 218.23.30.101:80 [###########################] International Secure Systems Lab http://www.iseclab.org