Sample File:

	MD5 hash:
		11ea007cddafcc1822d8327763d20864

	SHA1 hash:
		fcb750d1c5c9f9295e1d6182de79fdd885da2f58

	SHA256 hash:
		91e5ac08b2af92a1e1772c1e703ff7975c8f96c74a0c3361e66ac89dd1cc0db4

	SSDEEP hash:
		1536:5kcgYgbig9EhjWNMSTdwp++lj/iLnUWUQa:5j8ijWNw++luniQ

	Filename(s):
		cusersnextadminappdatalocalfast.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		Global\<<BID>>9C354B4200000001
		Global\<<BID>>9C354B4200000000


Registry Key IOCs:

		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Startup
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Startup
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\cusersnextadminappdatalocalfast
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cusersnextadminappdatalocalfast
		HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh


Domain IOCs:

		- None -

IP IOCs:

		- None -

URL IOCs:

		- None -

File IOCs:

	Filenames:
		\\?\C:\Boot\Fonts\chs_boot.ttf.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\sv-SE\bootmgr.exe.mui
		\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi
		\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab
		\\?\C:\Boot\es-ES\bootmgr.exe.mui
		\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml
		\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi
		\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab
		\\?\C:\Boot\zh-HK\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\BCD.LOG
		\\?\C:\Boot\pl-PL\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\ja-JP\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\nl-NL\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop
		\\?\C:\Boot\Fonts\cht_boot.ttf.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\es-ES\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\Fonts\jpn_boot.ttf.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\BOOTSECT.BAK.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\BOOTSECT.BAK
		\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini
		\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml
		\\?\C:\bootmgr.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\fr-FR\bootmgr.exe.mui
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\tlup.txt
		\\?\C:\Boot\zh-TW\bootmgr.exe.mui
		\\?\C:\Boot\el-GR\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\ru-RU\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		C:\Windows\system32\cmd.exe
		\\?\C:\Boot\ko-KR\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\da-DK\bootmgr.exe.mui
		\\?\C:\Boot\sv-SE\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\zh-CN\bootmgr.exe.mui
		\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab
		\\?\C:\Boot\Fonts\kor_boot.ttf.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\cs-CZ\bootmgr.exe.mui
		\\?\C:\Boot\hu-HU\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\Fonts\kor_boot.ttf
		\\?\C:\Boot\tr-TR\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab
		\\?\C:\Boot\BCD.LOG1
		\\?\C:\Boot\memtest.exe
		\\?\C:\Boot\it-IT\bootmgr.exe.mui
		\\?\C:\Boot\cs-CZ\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\it-IT\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\fi-FI\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\bootmgr
		\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\BCD
		\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\en-US\memtest.exe.mui
		\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab
		\\?\C:\Boot\de-DE\bootmgr.exe.mui
		\\?\C:\Boot\pt-PT\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\nl-NL\bootmgr.exe.mui
		\\?\C:\Boot\zh-TW\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\el-GR\bootmgr.exe.mui
		\\?\C:\Boot\Fonts\wgl4_boot.ttf
		\\?\C:\Boot\ko-KR\bootmgr.exe.mui
		\\?\C:\Boot\de-DE\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\fi-FI\bootmgr.exe.mui
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cusersnextadminappdatalocalfast.exe
		\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml
		\\?\C:\Boot\en-US\memtest.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\BOOTSTAT.DAT
		\\?\C:\Boot\Fonts\chs_boot.ttf
		\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml
		\\?\C:\Boot\memtest.exe.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\en-US\bootmgr.exe.mui
		\\?\C:\Boot\pl-PL\bootmgr.exe.mui
		\\?\C:\Boot\zh-CN\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml
		\\?\C:\Boot\ja-JP\bootmgr.exe.mui
		\\?\C:\Boot\fr-FR\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\Fonts\jpn_boot.ttf
		\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml
		\\?\C:\Boot\en-US\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\da-DK\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\hiberfil.sys
		\\?\C:\Boot\nb-NO\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\nb-NO\bootmgr.exe.mui
		\\?\C:\Boot\tr-TR\bootmgr.exe.mui
		\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\hu-HU\bootmgr.exe.mui
		\\?\C:\Boot\Fonts\wgl4_boot.ttf.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\zh-HK\bootmgr.exe.mui
		\\?\C:\Boot\pt-BR\bootmgr.exe.mui.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\pt-BR\bootmgr.exe.mui
		\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml
		\\?\C:\Boot\BCD.LOG2
		\\?\C:\Boot\pt-PT\bootmgr.exe.mui
		\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi
		\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml
		\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi
		\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\Fonts\cht_boot.ttf
		\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id[9C354B42-2803].[mccreight.ellery@tutanota.com].eight
		\\?\C:\Boot\ru-RU\bootmgr.exe.mui

	MD5 hashes:
		5eb072ef9fc1c24ea48f89ebd6511e61
		6f855681d717cd0fa8890cadaf8727df
		32a9ff12d7c5ee8504cbdc7f6d4836be
		62fa560d47049b1423f26e784b68db22
		9f569b0191c6b69fb753f12bf1132c94
		0af1e5ef9002955218cbcd3cf04056dd
		c95dbbacc928179455414dae1494849b
		463e9281c4cd0f23d2a2b9c247b1ffe3
		baade909ebb62b8554348b40b2282631
		6a90d6aec96b56ced7ef47cf392db914
		205addb0338ff83cdf23c99049c6c174
		2fb10a322517f7cbfb3a6cfe3f7ec571
		fc603a005dfe816dd7d91b9d98e28963
		11ea007cddafcc1822d8327763d20864
		a206cc5b1770f9326358eaf28e3480b7
		4044618b81c6a271aa023d7a7808b432
		6d3a09f02f7a4f6938676f515df6d8a0
		6b078cbccbab0d5edeaa1d85f11ba58a
		0132354deb06c352353675fce278a129
		082a625b2441fae327702683e9ad0779

	SHA1 hashes:
		f398a6ec56a19835e58eee94337a424924a429cb
		f50dbea0bf05e4a4f73abb265fef52fa43db4e07
		82f447263c0d4d83d398af15034413083edcbc35
		6a8d83ec5abf00f008afb26d41bb146bb43906e5
		389c6ad1a90fce0d15c7c3b189773a51fd52a0a5
		0eb98fc82e4defb34cf7bbd0612f11f771a9f5f3
		bf48fa2e1ec33849b511b43250c1ff2717b4267d
		66820f091ea72f244d2d2019748cbda0b7b9702d
		51b5a2e21d087135a99902cf48d10e9a767d52a1
		d31c2b961795ca0a0890535a57c52c9725cad215
		fcb750d1c5c9f9295e1d6182de79fdd885da2f58
		6ad904d65753940ddb5b732d9a1c9546f676e310
		b383e9b5a65a91f91dd3768727127d4158b0e3a1
		536cc0ab232ae67fd38575ff6197916ae112070d
		25db0439c0c5512e334b63cb9b9cd8cdea9e9671
		d2338e01267c1fc807dd727f955672827765319c
		be5d57b85d2f8050a0eefb44f7c3b475c1d40a04
		880a00249877a6bb1be243983dd307417032d13f
		08e0b9c479a207d9a50d532d1266f5ff35a821c6
		7b1268191650571328014041faf2211b22ac4e52

	SHA256 hashes:
		5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4
		a6bc0b5f6b19be96a8fd54856df16fb3d5c48f6eaad30ff356f5d6301954c597
		4edace8ad845409df0636cbe0593c23ad26563cbff9b22600aee531ec31e4a7b
		ee64b7b2d0c51063e1fc3d7e7bf9bb7e29a7e89675d248dcd7869f7c58a6fdc4
		91e5ac08b2af92a1e1772c1e703ff7975c8f96c74a0c3361e66ac89dd1cc0db4
		7779b0de011b637d91b281d3254293cf912793cbb263b835f5d29d07c7f48505
		9c54138a29aa0539feb6967f4e8b30b7c067a5ccf07e482632a54f428f59e9f1
		6a33430e4a689c28c719180a109e1c9f4969920fd485f616cc4846f7025a5276
		5a2f6583804bacba64e58903b0eb3f5a526bc0df5476d3a6595661afdfdde56d
		8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307
		06ef17cf84c67eb7d90e7d34e86e4b9915b823eabd4519d8ba3035299c5494b0
		b99644c0290b9a10e706579183e196468964ddf7bce19dc61979319358d3805b
		cf776605d5a998a1fe8e60535d9b111b7b8b6bc527e98458a72ae52a1ec23967
		11378b809c7a878526ed1fef9d434b2f61c78c2b326fdb4e6d1295c427f962ee
		f5ae9655bbdd05370e073acbc48c1408e330ecf4921582e746f098e406c6dec7
		890446a2f9a391895d6ad8383d227d8ec86623c6efc74481053e70fac6eb8818
		6180aa2dd84e041df747f5b03be083a5830025ce673b0c76bccebb18156782b0
		2a6aa5adb88057d5c46918859256224daca0b834636d5e5670742295b63b3598
		c87fc2db822f4c22ea9a0caa55389957dc4968153fe8f4e67a3156387a8c8326
		7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774

	SSDEEP hashes:
		196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+u:MUvTiNhU4L7tZiTnprP0txRsu
		196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai
		48:XuLKkKgzvZxdsKZBk8ss7bp/ZK/m0Zeh6sDnx299/K5C3r6IML:eGhShZqx2/w/a6sLx2f/xNML
		1536:5kcgYgbig9EhjWNMSTdwp++lj/iLnUWUQa:5j8ijWNw++luniQ
		196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ
		96:JGybuohPle8tS9bKRrJ3V2l0sCEEBly5Y8sY9sZMM29XQ+9mrVFML:JTS8tSKH3VVsCEcv89su9R9GVFI
		49152:zDxL8QBo0Tex4S120ytJyuaT4Z+RtDzZfRjJ:zR89t12iI+RJz1j
		48:+gQOH8CFxo8z9gP8DFmVO1qqyUtYmW3SqOnhNXPlML:+g6nQ9gyFmbq/mmWS/nhpPlML
		49152:fHYLL/WoWLljb1R6rOSN20yRJ6YPtQj87sgvNZH1KXFD7F0Nd:fqLVW6vStM8ZvHHM7i
		6:4X6LjPi/U/FCnz+3oUHe59ipE2iBWTbN5C5/t/u7FtVUbumvsNqo:HP3FCnz+3U59+E2iwbNINtWfBNqo
		1536:IHXAfjNQitoi70+UToOVUsEVemryz0SYGAERlMr:IkjNdtoiY+E9m5r8NYG7Mr
		48:Zf7FBZSGy6GioXCo83+0c265gqS5GxsyWHPnDNML:JZSGy6GiQCo80266iabvDNML
		48:fMRNXeQEP9lLS9sAXbiwNlLlZRMgFf1W/4QoIWW5ynbo7FMqrFAoabSXQRO6Qeua:fMTX0lsHrf/FfMQIWWkqQ9b9MML
		192:u0drTMVnEIEeKpnWj58eLehTpimcayuZ/xriufH57kfs6AwyECYWKSy4VBwkI:z/pnYahVcuZ/t9f5kfsPRUSymI
		49152:zDxL8QBo6Tex4S120ytJyeEvKHtXyGoaDbR:zR89j1Ctila5
		48:DWh1qZ6g3ajF8l5L70cbK6rq4VUYVwkdnrMS:6plkf+4V5VVMS
		48:0I1nZDUMNBZYu873D1Axlya7esl+5fhDrn19uF5ZUKaML:040u87TKlya7eHJDrXuF5vaML
		48:aD61zOrThbQlmI+Ga29q8RnIfvOkmPGFFMS:aOxcbQlxaOq8RnCEGFFMS
		196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT
		49152:zDxL8QBonTex4S120ytJyAGiIra0lnHbqiUPLYiY:zR89K15zGMFL