Sample File:

	MD5 hash:
		97942ee9cbe7c759fab55917e44d2996

	SHA1 hash:
		87765ed26b9f75f028ba7061a8abaadec0a2bc92

	SHA256 hash:
		7ea94da41974adefe99eeb883523b757cea10becf09185af05b9f464faa70712

	SSDEEP hash:
		768:QaqX8YtVb4akw6L/HaZojJCcL9p/QIQZ3yVX:w8YtV1H6L/6ZDcLgty

	Filename(s):
		2019 Order File TTYYUGH.doc

	Filetype:
		Word Document


Mutex IOCs:

		598MPR44-CZEWG7B
		9468738FSVT1AWZz
		Global\.net clr networking
		S-1-5-21-2345716-11203441957301


Registry Key IOCs:

		HKEY_CLASSES_ROOT\Licenses
		HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7
		HKEY_CLASSES_ROOT\TypeLib
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64
		HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}
		HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2
		HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9
		HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\9
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64
		HKEY_CURRENT_USER
		HKEY_CURRENT_USER\Control Panel\Mouse
		HKEY_CURRENT_USER\Control Panel\Mouse\SwapMouseButtons
		HKEY_CURRENT_USER\Environment
		HKEY_CURRENT_USER\Environment\PSMODULEPATH
		HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BackGroundCompile
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnAllErrors
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnServerErrors
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\CompileOnDemand
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\NotifyUserBeforeStateLoss
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\RequireDeclaration
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\VbaCapability
		HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\path
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\PipelineMaxStackSizeMB
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\StackVersion
		HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\
		HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\25.0 (en-US)\Main
		HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\25.0 (en-US)\Main\Install Directory
		HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\\CurrentVersion
		HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird\
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine\ApplicationBase
		HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
		HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PSMODULEPATH
		HKEY_PERFORMANCE_DATA
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Internet Explorer\IntelliForms\Storage2
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook_2016\
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\J0HDI47HUBA


Domain IOCs:

		jadema.com.py
		kitetou.com
		maps.googleapis.com
		www.kitetou.com
		www.loscaballerosdelzodiaco.net
		www.melvelazco.biz


IP IOCs:

		192.185.73.158
		146.66.85.39


URL IOCs:

		http://maps.googleapis.com/maps/api/distancematrix/json?origins=
		http://jadema.com.py/jj/2019%20Order%20File%20TTYYUGH.scr
		http://www.kitetou.com/j0g2z5t/?MRX4IZ0=1ta0u+itrrAJehBQ4dNhYDNYY/Q9dKySqWg9v+Re6ggZfnmWT/IWZMLldMwHqth8UHaPj5jYW70=&Bx=Et88VVcXZ8Ohw


File IOCs:

	Filenames:

		*.*
		C:\
		C:\Users
		C:\Users\aETAdzjz
		C:\Users\aETAdzjz\AppData
		C:\Users\aETAdzjz\AppData\Local
		C:\Users\aETAdzjz\AppData\Local\Temp
		C:\Users\aETAdzjz\AppData\Local\Temp\62890218
		C:\Users\aETAdzjz\AppData\Local\Temp\62890218\HFKMZ
		C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.0.cs
		C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.cmdline
		C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.dll
		C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.err
		C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.out
		C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.pdb
		C:\Users\aETAdzjz\AppData\Local\Temp\atsamxnv.tmp
		C:\Users\aETAdzjz\AppData\Roaming\z79473a.exe
		C:\Users\aETAdzjz\Desktop
		C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config
		C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
		C:\Windows\Microsoft.NET\Framework\v4.0.30319
		C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
		C:\Windows\System32\WindowsPowerShell\v1.0
		C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config
		C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml
		C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
		C:\Windows\system32
		\??\C:\Program Files (x86)\Lihhl\services3f4.exe
		\??\C:\Program Files (x86)\Mozilla Firefox\Firefox.exe
		\??\C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Login Data
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946log.ini
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946log00.ini
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946logcl.ini
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946logim.jpeg
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946logrc.ini
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946logrf.ini
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946logrg.ini
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946logri.ini
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946logrm.ini
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946logro.ini
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946logrt.ini
		\??\C:\Users\aETAdzjz\AppData\Roaming\9468738F\946logrv.ini
		\??\C:\Users\aETAdzjz\AppData\Roaming\Opera Software\Opera Stable\Login Data
		\??\C:\Users\aETAdzjz\AppData\Roaming\v4.0.30319\RegSvcs.exe
		\??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
		\??\C:\Windows\SysWOW64\ntdll.dll
		\??\C:\Windows\SysWOW64\systray.exe
		\??\C:\Windows\System32\drivers\etc\hosts
		__tmp_rar_sfx_access_check_18129278
		abe.ppt
		alx.docx
		chq.mp3
		csn.mp4
		dbb.jpg
		ddt.ico
		duw.pdf
		evp.dat
		fbp.icm
		fpj.pdf
		fsk.exe
		fxw.dat
		ggu.bmp
		grd.mp3
		gxt.docx
		huf.dat
		iqg.mp4
		jwm.jpg
		kcj.icm
		kcp.dat
		khj.jpg
		lqw.docx
		lug.docx
		lvi.bmp
		mfj.pdf
		muu=ksm
		mwq.xl
		nbs.xl
		nfp.bmp
		nil.pdf
		nit.pdf
		nkp.xl
		plk.mp4
		pvg.pdf
		qms.xl
		ree.jpg
		rxi.mp3
		sst.ppt
		svl.mp3
		svq.mp3
		ten.jpg
		tqx.dat
		tre.bmp
		trh.txt
		trq.ico
		unh.txt
		upl.dat
		uvx.jpg
		vch.xl
		vfn.docx
		vxa.docx
		xkh.dat
		xmj.docx

	MD5 hashes:

		04bd73a1d9fda61e3ad313c84f09d326
		04d4126e2d6854ae04af042d952832b4
		05b6ad15c5e72cecc2ae7551aa2b2729
		0ad646e8b9167d14509e274246e392d1
		0deaf22a0453a72a7320affc8786cd56
		0e411c705c5c8d99f833cf3ca0de0907
		10aa42f3b8cbb6e8190bcf0df0b6fb23
		10ba1c5cc20a0e382b6dd1e9fa5175d6
		172db04a2316a11359e01f24b4226bea
		19ad45cbff8b9b259107061223559e4e
		1c5b85c574bfb46d90b874d2deeb5951
		261afe7fd1afe696f67de05b78ed8262
		2dfb5fb08be4ec49d403e4a21bd91845
		331467ead4b010a088844ef8845cc2be
		37eb7134cf8d057d57535a9543a2e9aa
		3c48e00ff63af49eb112bf815b86e194
		3deb495a5b50682cec431bdb61a1bdb1
		3e69381379ddef74cc73b63465681281
		421e0b975a0f4e4839843096da6cb6a0
		478157c7bf9dfbe824aa4e05e7618503
		4f13217e1b62d70fea155547324babb0
		54b1718bbeb14b8210dc08425978ca96
		5e11856cb595f61204704a7c62f02a95
		683b94e1c988690d12e5f7850d415c77
		6b01737af429275f12d9c515ee8ebb2e
		71fc5398f431f459431371c8b748ce96
		74c71841a56440f5f9fd6523df8c15f9
		75cea46fe2092e99eb6995005ba76cbe
		7934a2046f960261231745d18ce3cfac
		7f8e0a685171cf3870862e69cb083cd1
		80703510a4206ff57c74ea4d485cc8c9
		872ef6b6c176b1f46210fc444ccac0c6
		8ba8c3966c4149b911c315c36ee8eae8
		919481955b7fe5419185b0e3f766bfb6
		91e18a864346516f6fb5d44787896b0b
		93abf6f756728e6c9fcc449805d91108
		978efb0034be4fc23c2afc415da4bfbf
		98d7663cebe6f41fdb2d00f1cbcff11c
		9d318ae251ab4b948f310ec90553c5b3
		9ed3e62c9319e1620a6bfbf264430cdc
		aba03df5ad61be00a89463f313515664
		bbbeff1e02394cb90d5e113821651824
		bc0ef14aae02a18d8b668738bd6ff178
		be9f1ff301429b46c7e000be73f64edb
		c088181e26560565f842ae2b14d0b9ea
		c25a1a0d6ae24577bc69672ff54c6ad0
		c56b5f0201a3b3de53e561fe76912bfd
		d19ac2d43e7ed80a4efa131a70900603
		d41d8cd98f00b204e9800998ecf8427e
		d4fff2d71cd8cffc05d907436089d9db
		d91a8f8eded88eab0e4aaeae26cc41b0
		df82fc75b6dc77efce4c313959e9f0cd
		e3626b18690f0bc0878c4e075ebb3ec9
		e7b4e02f7a44a6e8ad59daa3c35bf6c9
		ebf1827fbd8ff98a4176f969d1616cd6
		f1d5fd3cde55fd012867aa7db8f5f3af
		f89e2e198cce9305678343e6274a87b7
		ff4d046e5057d419b28d3a7bdb47176e

	SHA1 hashes:

		022fe98ff5a2d2ac027e173c0739f8608c56373d
		0991275dd4ebe4d0f0d905627b2465cbf1164e26
		178d322effc007d2b457acdbe646c9c9a8562809
		1e3ad25630ccc11885362c25381604d69310b511
		21e0bac1350a462a9c647da0a3530204bfc1f5ad
		26e7a94c38e05e0f519916f1db0e68b0496b5fdc
		2709296a5c5b2d47dac135bb29c03460cf6c1e98
		2a4062e10a5de813f5688221dbeb3f3ff33eb417
		3122745a1f41e8b44ddd6e715b83165625ff177c
		3901d5b803d57228ae031d8cf5cc4a7ad4fe7c0a
		3b49b161dbd61c3c32710d7e697d378a37faffc3
		3c3703fa2017deeb45f07a2da11aa0740cdf6d1a
		4523a2c0dc3f2a1085811db4239a50bedc1e01d4
		47b0244818dc079fd8532ea9801c969da1c86533
		4c40013fe730ff720acc20f3f278a93e4e5146a9
		4dd3cb5f0bb69cbb9bcd219f78b17417047beffd
		5251f2c12ff1fbb5ece46e508e9f750db0691c86
		530452fe543239adb3df7a2118e2101fa6398126
		56acb48705e1ccafe2cfb7d3d3f8265e5c4bb929
		5d17186589545b6d225c382f9f0a2f9977f56c18
		5e7f8cae1cae68439e64eccc63b51675dac0eff9
		6185df2885feeb063ea0890068852b215ab96793
		668c433b7d99b53cf5e9f15881ee766d03cdb9d9
		696392cfcb9feb1721aa7571a6c33d20ab59aa92
		69ad6b02ccbd1c4dc4cab881e5272d7adf268653
		6bfd5fd5d1145565853a893a118f5cec989076a3
		739726b7368668af4975c7d1149dc4c418c015fe
		7bf8c9d3d4819b40c7f1b5e832c34e9e711d428f
		7e94b028100e31ee923653eed557a709db9f4586
		815430b8054056f9b70d9519b1c5682c47181453
		89b640c6d9151d787d7a18d71e15f7d32b788aff
		8c53ea61e1ce845486c5824ac8f0e1e4712909ad
		8ee78187c4f4d3e8710e599c788da5de53eca105
		904a5a7c3e7db18afffb7604bdadcd462f37ae9d
		90ed2719f8b4fe30516380f8442e869d8d15ef57
		957bd26e52b1ee7d0d2d49ec5f406718cb47998e
		9a3c7b57bff99e4d015f9321978de416fbb4143f
		9fb7b670788b5905650fce676f7d7edcef75b5a5
		a65b9d77500c98e44414198915ae388881abef78
		a7afaad870835c6a65f006fcc30edd6f9786aff0
		ab655af267e1c69d87b514390bcbcd32a5fea896
		b3be7b2227b7be1c4077f2553de6f9cdd23f7c63
		b79e78d08f0195f97372b43de2955af43eab22da
		b85f0fd7b8dc12cf20d29f49911da64f923c87fa
		c3bc7a5cfe65b1a8923a4e973cb61ad3f53a2010
		c82df970ebc990e4b84109ded9d6828ddbcdc418
		cc9af4e056cb8a3a12c1111b00a02d23894a11e8
		cd530385175314bc9cc5ee0bcfdafb137035a3f5
		cdaa560f48201d068b63d90cd6a1e61dc9f8427e
		ce1e815000b2e2c30e17102d3585a6c59584ff4d
		d218ea96be9d37c2acf5b360030c2f0d7ab5aa84
		d2746a17103fa95a3f6b1b791dd2523cc5fb0884
		d45475700ba7a899948397fcf3e2dd43efef335d
		da39a3ee5e6b4b0d3255bfef95601890afd80709
		e2abdda361e4c27af0244d520e3278de9c219a50
		e3b7e98e55cea9282cc6b6e2ca6717a90287b400
		f771acd91b6c8690b7982bbffc3d79629dd8c79a
		ffc46c33ce946d12fbb130631b307717d7854f6b

	SHA256 hashes:

		05949c009e7564e653f32fd2a320fcda90fb7a6f3e3ef6120fe460a2799ebfaf
		177c76e41182726100c07ebb0f71e9d6e99a924683101d6e3800089f3f56318e
		1e63e4987b0fce6310b3394a3e2d2c089bd29a89de72fb1ff911da61b784726e
		237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
		277609cd6aa1c85b7d048943123b79b3941d04c16fc84683aa2dc7b70b31419b
		27f3abc6239b6e10ef76045321f0fab13c090a58462513203de5edd1b57ab730
		2bfd31f56feae2afce5f7bd3dc74fe41dfd8ef946f13d9b15aebad3e9db8d119
		2e70a1581f771b09a05d815ad80ed0cc557e0951583be3c0e6ec4393d6ccb844
		3066bf4da349b9d21457836b21f7c93acc192238f0bc7d11b7e025d333912cf4
		389f2243a308cc6e9d72c286ede9d886092316bd68e0aded3821cc6e14f7b492
		3ea7b79b276351a393adb7821aa980369ba7dd8e8eda92620338caed436beb7b
		4b1cb7d570dd1442c01b613163a9db3f34d22a27905d692bdc1eee71ebe0b21c
		57f4de3e977c23575a52abb79de0d794391ea210d177a2368f4ebc2269c5e355
		5b69ecb8f62eb0b2f69704cc9b53f6186067032905141a0c2dbdb11ac69fa573
		62e928865d75413a669ccd3afca31e2d8aca6edc21a1f710e59095cc5f1b42cf
		631ef2c637ca732099e7e25130919d3e88a6e0fc14e9a29d4fa9460a2e73ca04
		65db5e30a5a78af5072de57a62b02cd128e790fad9a903b0f26eeadb793512f8
		685c0ee0a671c29a3f98f17461e2c4adbd0cbc56b25cf31321fb8610c1bc1a0d
		6a611ef2c2235d3a20ecdf5ed6f469d0d30d7e4a2659f58be4eab8c24675b17f
		6ac66484d823eaf067c2ede6de45e75b7c20ed1743d7e4b4da6e5ee04b968a28
		7007ea6fdd6c683d90f89c646324b39cc74d836aeb5b0e2e9aef5a7eba149c04
		712a4bfa1830865327fb5c4a69746854d9da8acb12143ea2c7c7150d69fae8cb
		735b8ff809a56cafb3ab868d606d4f0018fb6b68da10852de200c0481e70de0e
		7f9954a582fd3891fed4a511077b903da7c7edee3b7dbbdbffea2099f99da7d8
		81deb9c9e98392743e2c5b273bdc067a607920e33271e1a1690879bdca5a20d6
		848411a52c5bef547570362f9b17d5be0c980a3b017e6907b429b0b7fb0feca8
		8afa51af0363d88a9f4a833b47929cc9aaebbc85112ec3856bfb3b59455ec720
		8f9dd39e8b9eeac6dd04e7f79fc1f483d60c55f4d291e56ae2295a18a658f9b8
		9055f369cb9f5b6092beb1c0d3d454d3f48c225450c861998de3b7e9bce8373a
		911bd63bf5f068c6be58ac0a46b38a9f6e58d4e2b5efff627ed9ea21c76e813a
		98f1a6f04fe56e9e2ab2f4664cf798dcca625029097eb5a2cd561f9efe4f5232
		9a04eea89846e407d4dfceeec3904b501c156dba9d96408b0695c427806344fa
		9a1dfa5ae6122218a28290c649132e4d5b48bdc42aa1e42287b10973b01f9341
		9ea481958d56bdcd0c7ea7ae62310046fe1917ce43b3ea83b01f0f27769a5581
		9ec36bb1ddb33d063abc9d457f25d75a467fa0802318ca427c87afb8f0c0b6c8
		a770cb2ac9e49a7547e3ca61f43a5c5aaaeaa3bc6b95c95ce7a24653a0a740d3
		a7aee8330919c3b972c730712e3cf5dd6914cb721d41686d6064332c4c635422
		a9d7104041250170861c5ca493b3acdce6cab8c2152036d88c2578de496f797d
		c63368e53f2cc535f5f30bdd09ad65b8b28c39943a557768ad4f6c8d13c5109f
		c83734161ecbd81a7dcc7b7807a862bb2b6c425fcc5b13461449cea72ba30a6e
		cd26daab043c63deac59e23ff27aec7ff19263fab03cd57e83a026473192c488
		d3ac91b1f3654f6fff0544d5e825b1417ef528f9cd0dd84b747fc070d2cce0b2
		d51e5466a58602cd2f177bab5b2dd34e2802bb3b32a3acf6853cdd0a0fb27b37
		d5ba075687c7280d528753520c9d7b896f06582336d0b41745c536cac3d726a0
		d64affc80493ca2a363ab339be4564e062cdc33006a34efce7315524488a299b
		d69def1ac8b799357658b2e90a6aae326df12604936bf1210d1e68bb74387e4f
		dcc7fa70f5ea2f538c9b092cdec9fb3de97aca0321e2f22ff188e2d500a6316e
		dd99d9dca4e53ce618f2cf17bacdf080b62f62ff2e0717c4e198851849bd7415
		e13c4cc330807d9cd246eaad56530933801197903c375bd87ea187a0345ab937
		e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
		e6cc21f515fc0ab2b4126915ff231ae6a213498ec6bffd2b05b100880827d30f
		e96e2f2d6bfc64e53ad8f53cf20455404e34842d107d2e1d149c606273b37f99
		eb1eb2a40d35f56805a4e5bf68d893b0cac606eca59be5cba08e3dd4e8988adc
		ee5127c646348623f19b9d7e4f960ef2b5a78fbc76658ca6908473e61e083d74
		f29fc87660b2a1cc5a8fe58f63c196e8250a3d672ae111178e4c7126c06645ce
		f2dd2af99ace3f04ca3bed819f31f3eddb3ce9622a2a89a5b456e541c326e666
		f7764f240a4d94e5e82828268b855502a57e544367aaaedab916b230259a360d
		fe4f0e670b03e01f693fed3538a42eef69aeca3849b93320209f283e8da8bd86

	SSDEEP hashes:

		12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
		12:0cjz+JBkKSQIQuzhVWSMGS3UBxCrdjnJcTD/lpZxAFV:0cjcBkKZgFVNMFctFU
		12:4+fyDXryMHgQgcy6fa6adPK8wKaFH2gfhUC4PIZGuIhOhtb5tqWczn:4+fQHJazIrV/qROhtb5tQn
		12:49EjQIRsLTnAF3q2q34xw/kvshIX4yRrFdRzSeZcOdqJN+F9w:q+RLBjfxsPhryFFdRGcqDS9w
		12:4cPHRtBxVm9GzOxg72D89ZoU3ZA5/h+Gey5RvHODwtJo0P/eIv7W2v:4SzBxUxg748xSphey5R2DwtJhP2EB
		12:7VU73A4MJAKZl/HYxvuIoEdmsOp8G2r0KGIAsQTTssVMyHqS2dc:74eJVV4xvndnG8GOAsQPHXBl
		12:A/rhNo4GvZiEWYwVKfRSIgIIzB6R0ACPZ791T6/YBhzEt:P4Gh4JKfE9B6JCxvm/Dt
		12:AQNpXUZlHer4WkVkbPIjyyM0XpTKylpQH/YgOul6eU6/BMUfni+ihR:FpXgHYdbPIW70ZTKyl+fYkVU69fnxqR
		12:ECxhvBRUZ3MLvnc14Q0kZgzRUXXWVPTHAUk9IMf9dDDcdERmA7EijDk521E:59BK3MbncGQzz2PTgUGdvcoXHvkQE
		12:Es490COfOXTh/luLiAqBeNWimRKVvVREqnKjWKFkNHbPD3iZHU:5GdOfc/wQBFKF/ETWKqwU
		12:GirJha0NKDezFIGvVvUyU2uxKFFzT2rLZEYCKVcSCKm6RaA8:dc6zS4VvUauYFOrLZEY9hJy
		12:GmN9nAjQr5swrQTCWGJPgphVmOBZh+O3nuK/aJSjkztAWYMQ2t:FnAjQTsGhT6tnu57AWXR
		12:I3PeVxIr6cSU4crIW5KUc+xQWg4FdDVIH78Iy/TcLkz/WWQdmSov:I3Wkr32crIW5KUc+eaJIHATWmSy
		12:JLkIDir+F2l9+9t6LilCvavgPhiD2xuXlTTU8CVzgwyor8RzI3KEox1Rv:vvQlmt6LilCCvMhiD6uVfxGgTor93KvD
		12:KXtgHo8tkNSKuEErBAcVwrn6uyp/gG3eaGItV/xO:KXSHwNvMB3Vw6vp/gG3eTWxO
		12:Mdoc+AeciD8IEht1H7gdfu8os7U6ews//j5xYbqz4CdJCOR:MG9BD8IQPgdfh7U6w39Obqz4CdJ7
		12:N6mA/cC6eVWhW7cTsMxzgBKzJctWy2H3hKs1P9YiNb8vIpYwm1:5iXNAzJcOx5P9T3Bm1
		12:Pw1MoYgVMA+aOjcTM/6htXHDGiC97GuFuRNOBz7CWOjpZCjpBig1:P2M9aOgA/+XHDtC5GuQU7FspMig1
		12:QqyUHkroY8OTdk5GBl6nDzsz5MUm1nVAHP7yCFVzXHEO:QqyRFMYBlQDO5CVAHGCnzXkO
		12:RanFOVyNmA6S5nYdgx+EzmiiSsrRK1z4gWXSKTn:RucyNmAV5nFYEzbsrRK1zUTn
		12:S9Ey0f+W+EpcVQUFQCEsHbkjZbVmR7K6KlPMVW2TSNdVy:SR4cVQatEsHgjWeLPMIk
		12:VGwOUJeBXlv7/azhGhzcV8z9tPO/kWEOCWrgmEW3gtgEurYQ+OOgIbN/Yn:8pYeB1vrxJc2z9o/kWEOv8WagWQxx
		12:W9XdwRwHj/v0dKAiOTjxNVtdyKuD8cksPnfcJJAHhiMTS7tOqDn:qXdk2r8dKtOTTJyFD3Dfc/AHhiMTS7YY
		12:WR54+HB8eIx7Ja9mKm2MZ5QL4Jk7vm1GrQwDbgKh6DtIa9fUd5tDAtAkv:WlabNM9pm2y5Qk6vm1cQwPStbfG5IAm
		12:XigHNR5VLBD17YbjSwhzDZsLvfTR50WZDy3FBdA+6LkC4ceYvmw6TBDEItNK:9bbBwZDZsrfTR504D8FBdpydvmw6xK
		12:bQCzPWaK5shAyuMzyXGyisw53t5nTj4wCATHgZY:bQ1B2e2zy0JHCwCGHCY
		12:bZXPnQVMUdtCiJObh2jU61LurYMf6Vqwjn5kD2RKx9Qy0a3GVOm:RAVdtC4U7YdZr5k6OGVOm
		12:dA8jZ2irYSqOmK1SM6cpdzvfktcFblbHsWJKNqgoQQMmmE//iUWFrjJs:SKOSq4p9v8oTXcQL//38rm
		12:e7uHMPVGYpNu5FIW71RG0cDFJ8KJ74sdP0BUZE9ov:PsPVTpE53Gdz86PX3
		12:eCaRPxW4O37HJJzWn0YORA+WHLaK++hb234i2tm4bbE7j:MtQ4OjJl40mpHLaKFhb2at7bbC
		12:euWFzvDizQLI2MxPKjCh5XUxT9T3+Lm0WLvlRRt1ja3M7frb:tm6gGh09T3+uLdHkMj3
		12:gG+QfDHyZiQb8mAEGjhIdO2/yYMm7SAGggSfMlIk62ly:cQf2AS8aUWdTy/PAwOk628
		12:gOurKMVUEXjav4kAfKeDWFBT9SrqVaIK99G4226dS61lWjF96:T8XjG9ACKMT9KIKruPC4
		12:gbM20+EfRlYobNRDlqnRZw5OEyUeSb4jRQNQ76eKDc8pfzUyDT2U+d6p:gbMn+kRljinU5OE5eWuRQNg6zg8ftUq
		12:j9l4r4iBGazREwOKdjpTAkUkwFyYBSK4hscjsn3xkfVNgP5y1mnf:j9lM4YJjpTH0/4hsX3xBxMof
		12:jBk93Vj91AHChDipIZgvKh96/Gk5tc3AlzSfLvvy5JfuDv7m:Oh91MCwKhavtc3AlmD3yPuDTm
		12:keuLYwVYSwfTc3tbRotkNKTgAKTrqKHbeSDUfmAKCmVgKTdT:k72SwL6bjAKTGLSDGnctRT
		12:kjeYIY9zPOpGCoa2/KPHWTphJtbiN4HEXAdUXmTksZBxPkaOvDUy:qIWzGpGO2/K0pxC4H/gmTFToIy
		12:lNR3Qn8HygWuyC81FNdVcUWTKFIqVkGMnZVLmhXXhRPPNcTt3VuN:RJS571FNc3Ky9Gy2hjUt3O
		12:ldMk1HQviZRY/OReXcvJTbQoRaMIQJOv3QuSf6iJtRq2rZFc:PyvifjRvhgM5JOIPi0vq2lS
		12:md2KCWWyb4QUEY3dA++kj7gTa14UMYMv9eq5RteTCNVDdju:M2hRycQXY3df+keaC3Y89nRtpdju
		12:rGpG2n8kqdTE3wUw+Di9K1iR4J5tXWWIHSLp7u7VA:mGBkqdTow1eik1iR8tXWWIHShyVA
		12:rQYCCiclLvpfOuQhTXcu62mbL9JQiXgVKUw0nvvVYp8r3:rQ/CicRMdcII9TXCKQVYpU
		12:s3zaBAEvP2OCxuahjAdbdo3vkYYShsIMMBBqy5hmxDCv:GzzEJCYX6vQezvsx2v
		12:sqiKX882gtjJKgFXqTCUn4zRR6CK8tVjI/PzR7bmQNETdEgj7:sqiKx2gt1KoXMp4MCK53l76kERV
		12:wWB0t5g8drzE/uWWmxUAEy+FEdZoJ2VTO:wWBgueAb+FcZCMK
		12:zs5+ZF5tn2Vo7bFQR53ryYulFgbtROiiEQAgM9RtKbv:45WFr2VIQLrSgbtGA9pKL
		12:zyFq3eehfEXh/jOXC2dFLFtsEJQzexttYs6EN:zyFMeehfEXJKS4FtJQzKws/
		3::
		48:Joi+n+oeZIFcIDe/ijsV/8zph0RSEyeR12:JoYoCccqGCsVMeLm
		6144:hs3kjm88H0hnaU/CwZyxk+7g7bX+g8CJXvlzdNh6qP2F/5Uc8jQnK:hHMUxauCwZy+ieXICJ/ZdN5P2F/xKt
		6:KO/8/LAwmPwRhMuAu+H2LvFJDdq++bDdqBn/zpJ23fbqmGsSAE2N/zpJ23fbzy:K3/NzR37LvtMTqnPAE2jMTG
		6:OLv14VYP3UTUoRXVxWkZU0kTcTWfwZISZx4PGeRd6WK5wJfvCnNyc:OGe3UTBpZ6cKf3bRDJJHCNyc
		6:SbTfERAcWRVKXIWYouDcwoooA2HKf4m41vSrk2QRvdFgTPrmxOdB1Bg0ML2wnw3/:UTfqAcWh9cwXo1fgk2weVvgR9UCNVGv
		6:pAu+H2LvFJDdq++bDdqBn/zpJ23fbqmGsSAE2N/zpJ23fbP:p37LvtMTqnPAE2jMTP
		6:rkQGANuwV1XC5G7YUygXXtSgBHnX9PVBIeUX0KzAP9EXeNw:AUrV1d7YQXXhHntPVn1EXP
		96:ICoMd+5mSxgs3IAYyH8IYlMSFMWDwYJ/aOxcG1FNUYs:ICo9xx3Im87DwYJ/aOiG1FNi
		96:qHptyXHkdDlaNNovdXUvP0HcXvlM0yYK:qhBoNovdXUvO4lMD