Sample File:

	MD5 hash:
		d40863c1d11d96d51e09252558e09946

	SHA1 hash:
		f4a52b0eccaaebfeb65ee380be4c10c114d0fcfb

	SHA256 hash:
		cc4e6e42f73500c72d0d0820b4a3c131e2f8fce4d7d730eb8f9fc1b5cc3e882e

	SSDEEP hash:
		6144:UQBm+kz6grRxMZ38cyUJEpKSg3PswF2K95wr8Br3qlJcnnVNpRr:UQBm+kz6g1xY8cyKnVNpRr

	Filename(s):
		emotet_e2_cc4e6e42f73500c72d0d0820b4a3c131e2f8fce4d7d730eb8f9fc1b5cc3e882e_2020-07-17__192909.doc

	Filetype:
		Word Document


Mutex IOCs:

		Global\.net clr networking


Registry Key IOCs:

		HKEY_CLASSES_ROOT\Licenses
		HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7
		HKEY_CLASSES_ROOT\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\DesignerFeatures
		HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32
		HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32\ThreadingModel
		HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\Instance CLSID
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\RequireDeclaration
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\CompileOnDemand
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\NotifyUserBeforeStateLoss
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BackGroundCompile
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnAllErrors
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnServerErrors
		HKEY_CLASSES_ROOT\TypeLib
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\9
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0
		HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64
		HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}
		HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2
		HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9
		HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\VbaCapability
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64
		HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}
		HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0
		HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0
		HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64
		HKEY_CLASSES_ROOT\Typelib
		HKEY_CLASSES_ROOT\Typelib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}
		HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}
		HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}\Control
		HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}\Insertable
		HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}
		HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}\Control
		HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}\Insertable
		HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}
		HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}\Control
		HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}\Insertable
		HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}
		HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}\Control
		HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}\Insertable
		HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}
		HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}\Control
		HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}\Insertable
		HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}
		HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\Control
		HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\Insertable
		HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}
		HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\Control
		HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\Insertable
		HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}
		HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}\Control
		HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}\Insertable
		HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}
		HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}\Control
		HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}\Insertable
		HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}
		HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}\Control
		HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}\Insertable
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\MdiMaximized
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\GridWidth
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\GridHeight
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\ShowGrid
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\AlignToGrid
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\SaveBeforeRun
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\ShowToolTips
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\CollapseWindows
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\UpgradeVBX
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\ReadOnlyMode
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BackgroundProjectLoad
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\FolderView
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\Tool
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\PropertiesWindow
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\UI
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\Dock
		HKEY_CURRENT_USER\Software\Microsoft\VBA\VBE\6.0\Addins64
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\Designers
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\ToolboxControls
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\CtlsShowSelected
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\DsnShowSelected
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\MainWindow
		HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
		HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Impersonation Level
		HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Namespace
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine\ApplicationBase
		HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
		HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PSMODULEPATH
		HKEY_CURRENT_USER\Environment
		HKEY_CURRENT_USER\Environment\PSMODULEPATH
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\path
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\StackVersion
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ApplicationBase
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\InstallationType
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance\Library
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance\IsMultiInstance
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance\First Counter
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance\CategoryOptions
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance\FileMappingSize
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance\Counter Names
		HKEY_CURRENT_USER
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
		HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetConnectDisconnect
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\PipelineMaxStackSizeMB
		HKEY_PERFORMANCE_DATA
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\705ba84c
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\certmgr
		HKEY_LOCAL_MACHINE\Software\Clients\Mail\Microsoft Outlook\DLLPathEx
		HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine
		HKEY_LOCAL_MACHINE\Software\Classes\Software\Qualcomm\Eudora\CommandLine\current
		HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Thunderbird
		HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
		HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
		HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes
		HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
		HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
		HKEY_CURRENT_USER\Identities
		HKEY_CURRENT_USER\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}
		HKEY_CURRENT_USER\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\Username
		HKEY_CURRENT_USER\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\Software\Microsoft\Internet Account Manager\Accounts
		HKEY_CURRENT_USER\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
		HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTP User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Server
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\Display Name
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\Email
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Server
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Port
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Port
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Use SPA
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Password
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTP User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTP User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP User
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
		HKEY_CURRENT_USER\Software\IncrediMail\Identities
		HKEY_LOCAL_MACHINE\Software\IncrediMail\Identities
		HKEY_LOCAL_MACHINE\Software\Group Mail
		HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
		HKEY_CURRENT_USER\Software\Microsoft\MessengerService
		HKEY_CURRENT_USER\Software\Yahoo\Pager
		HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL
		HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe


Domain IOCs:

		www.20190607.com
		lovely-lollies.com
		www.angage.com
		connect-plus.co.uk
		mapas.hoonicorns.pt


IP IOCs:

		217.76.132.184
		104.18.45.44
		162.241.134.29
		212.51.142.238
		185.113.141.220
		109.117.53.230
		198.144.158.120
		129.226.70.136
		104.18.44.44
		172.67.213.43


URL IOCs:

		http://mapas.hoonicorns.pt/comp3/ly8cmti/
		109.117.53.230/h9KwF77rJs0/srYoffRTKQLiDrk/
		212.51.142.238/nqkT01osQLyAs/15X0nVOnuOspsmkfrLT/
		212.51.142.238/JpzDVk/ijHUK3Ac/oTTKpyo67TZnK/SMgyRF7NbNrrs/LqZsptof/
		212.51.142.238/iFtpCjKtBZim/vTc7j3KJk40KNodx/gIgyAsstsKSgdW/gkIn2igrnQS9Z/K2kdFUz4VmR4fZ/
		212.51.142.238/ssolF8lYq2/Fa2Vhoxxbc/TV5GyFe6aKo/
		212.51.142.238/npE0yW4/qEaoY2/
		212.51.142.238/sWqCBDcC6Cka/pGjJjeJRh3gA0Q8ST/JwB5nuzLh/uxPirjdRCb2NrS9Ct/4XWSfO94wctW6B/
		212.51.142.238/VTpAoVk2f6mTr1/ZhsRWx/NR5qOwGfaQ/
		212.51.142.238/oaWoOGk5/
		198.144.158.120/85GsNT3dM7F/wyDg4k/LvoDMotKOS/qAnT3HNwyt3t/ruUnD7/TokKAIWjm8PdsxTHKA/


File IOCs:

	Filenames:
		C:\Program Files (x86)\Adobe\isspos.exe
		C:\Program Files (x86)\Sea Monkey\nss3.dll
		C:\Program Files (x86)\Windows Sidebar\pidgin.exe
		C:\Program Files (x86)\Google\foxmailincmail.exe
		749ba93c96a6629ee9fcab60b20ea0fc157aecbfefc56608f4853bd7428cb665
		C:\Program Files (x86)\MSBuild\webdrive.exe
		C:\Users\aETAdzjz\AppData\Roaming\Opera\Opera\wand.dat
		C:\Users\aETAdzjz\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
		C:\Program Files\Common Files\phys.exe
		C:\Program Files\Microsoft Office\bean-crack-remote.exe
		C:\Program Files (x86)\Mozilla Thunderbird
		C:\Program Files (x86)\Windows Sidebar\yahoomessenger.exe
		C:\Users\aETAdzjz\AppData\Local\msvcr100\certmgroe.exe
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Login Data
		C:\Users\aETAdzjz\AppData\Local\Temp\VBE
		C:\Program Files\Windows Media Player\fpos.exe
		C:\Program Files\Windows Defender\spcwin.exe
		C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Profiles
		C:\Program Files\Windows Defender\omnipos.exe
		C:\Program Files\MSBuild\hl-wendy.exe
		C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL
		C:\Program Files\Windows Journal\active-charge.exe
		C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012020071720200718\index.dat
		C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070320170710\index.dat
		C:\Program Files\Windows NT\absolutetelnet.exe
		C:\Users\aETAdzjz\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
		C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite
		C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml
		394b0fc779cd10347c01329f1651f2152c002bd38bab4b464eb9e169649a6c8e
		C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\EVWhitelist\Login Data
		C:\Program Files\Uninstall Information\accupos.exe
		C:\Program Files\Microsoft Office\icq.exe
		C:\Program Files\DVD Maker\leechftp.exe
		C:\Program Files\Internet Explorer\notepad.exe
		C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db
		C:\Program Files\Windows Photo Viewer\3dftp.exe
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\WidevineCdm\Login Data
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\WidevineCdm\Web Data
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Crashpad\Login Data
		C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml
		C:\Program Files (x86)\Windows Sidebar\outlook.exe
		C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
		C:\Program Files\Reference Assemblies\spgagentservice.exe
		C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
		C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount
		C:\Program Files (x86)\Windows NT\utg2.exe
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\PepperFlash\Web Data
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\SwReporter\Web Data
		C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1
		ab8adc12f84134880ad134a59a16043b8a4e6498ece42fd7c03efec51367913f
		C:\Program Files (x86)\Google\totalcmd.exe
		C:\Windows\system32
		C:\Program Files (x86)\Windows Photo Viewer\minutes.exe
		C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key4.db
		C:\Program Files (x86)\Mozilla Maintenance Service\tab.exe
		C:\Program Files\Windows Media Player\agreementfifteen.exe
		C:\Users\aETAdzjz\Documents\WindowsPowerShell\profile.ps1
		C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config
		C:\Program Files (x86)\Internet Explorer\trillian.exe
		C:\Users\aETAdzjz
		C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
		C:\Program Files\Windows Media Player\alftp.exe
		C:\Users\aETAdzjz\AppData\Local\msvcr100\certmgr_lng.ini
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Web Data
		C:\Windows\System32\WindowsPowerShell\v1.0\powersheLL.exe
		C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
		bcbea49e37a6979eef59bc44dd6f9a9f24229e14969007ab0426a3e272c66670
		C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\key4.db
		C:\Program Files (x86)\Java\richmondlilbadge.exe
		C:\Program Files (x86)\Windows Portable Devices\fling.exe
		C:\Program Files (x86)\Windows Defender\edcsvr.exe
		C:\Program Files\Windows Defender\aldelo.exe
		C:\Users\aETAdzjz\Desktop\emotet_e2_cc4e6e42f73500c72d0d0820b4a3c131e2f8fce4d7d730eb8f9fc1b5cc3e882e_2020-07-17__192909.doc
		C:\
		C:\Program Files\Reference Assemblies\benchmark-performed-channel.exe
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Login Data
		C:\Program Files (x86)\Windows Mail\centralcreditcard.exe
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Web Data
		C:\Program Files (x86)\Microsoft OneDrive\trips.exe
		C:\Program Files (x86)\Windows Portable Devices\bitkinex.exe
		C:\Program Files\Microsoft Office\ncftp.exe
		C:\Users\aETAdzjz\AppData\Roaming\Opera\Opera7\profile\wand.dat
		C:\Program Files\Internet Explorer\gmailnotifierpro.exe
		Normal
		C:\Users\aETAdzjz\AppData\Local\msvcr100\certmgr.exe:Zone.Identifier
		C:\Users\aETAdzjz\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\pnacl\Login Data
		C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml
		C:\Program Files (x86)\Common Files\smartftp.exe
		C:\Users\aETAdzjz\AppData\Local\msvcr100\certmgr.exe
		C:\Program Files\MSBuild\afr38.exe
		C:\Windows\System32\WindowsPowerShell\v1.0
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\OriginTrials\Web Data
		C:\Program Files\Internet Explorer\selecting_rome_xl.exe
		C:\Program Files\Windows Journal\te_counsel.exe
		571939c7c2762e40e1db60316071765c91fb898b91180be7345dd19de7ace147
		C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db
		C:\Program Files (x86)\Microsoft.NET\thunderbird.exe
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Login Data
		C:\Users\aETAdzjz\AppData\Roaming\Opera Software\Opera Stable\Login Data
		C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\OriginTrials\Login Data
		C:\Users\aETAdzjz\AppData\Local\Temp\FC38.tmp
		C:\Users\aETAdzjz\AppData\Local\msvcr100\certmgr.cfg
		C:\Program Files (x86)\MSBuild\far.exe
		C:\Program Files (x86)\Windows Mail\nights_draft.exe
		C:\Program Files\Microsoft Office 15\dates toolbox logistics.exe
		c4f25636a1586d8aea1b11d0ca4825c2bdfcb6d6f0e85e909fc02c7a05a4e715
		C:\Program Files (x86)\Mozilla Firefox\barca.exe
		C:\Users\aETAdzjz\870.exe
		C:\Program Files (x86)\Java\wherever-dual.exe
		C:\Program Files (x86)\Windows Defender\flashfxp.exe
		C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
		C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount
		C:\Program Files (x86)\Java\robin-rec.exe
		C:\Program Files (x86)\Windows NT\audinkjethonors.exe
		C:\Program Files (x86)\Windows NT\significance-difficulties-kate.exe
		C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\history.dat
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
		C:\Program Files (x86)\Windows NT\fx-criticism.exe
		C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml
		C:\Program Files\Windows Defender\skype.exe
		C:\Users\aETAdzjz\AppData\Roaming\Thunderbird\Profiles
		C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount
		C:\Users\aETAdzjz\AppData\Local\msvcr100\\webcheck7ab.exe
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\EVWhitelist\Web Data
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Web Data-wal
		24a59c160127a2579c8873608c44da561c011958f7a6e811fd89778f4b7b4444
		C:\Program Files (x86)\Microsoft Office\mxslipstream.exe
		C:\Program Files\Windows Mail\operamail.exe
		System Paging File
		C:\Program Files\Windows Sidebar\scriptftp.exe
		C:\Users\aETAdzjz\AppData\Local\msvcr100\certmgref835be5.exe
		C:\Users\aETAdzjz\AppData\Local\Vivaldi\User Data\Default\Login Data
		C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\profiles.ini
		C:\Program Files\Reference Assemblies\filezilla.exe
		C:\Program Files (x86)\Mozilla Firefox\automobiles.exe
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\SwReporter\Login Data
		yhlkTUMlTEiHtvYNHBY
		C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\pnacl\Web Data
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
		C:\Program Files (x86)\Windows Defender\winscp.exe
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Web Data
		C:\Windows
		C:\Program Files (x86)\Java\ccv_server.exe
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Login Data
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Login Data-wal
		C:\Windows\System32\WindowsPowerShell\v1.0\powersheLL.config
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Web Data
		93effaca5181bd6cc7aae18fa37135325307365bbc840e6a9eb07fa99f4bf943
		C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
		C:\Program Files (x86)\Windows Portable Devices\whatsapp.exe
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\PepperFlash\Login Data
		C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\WebCache\WebCacheV24.dat
		C:\Program Files (x86)\Windows NT\coreftp.exe
		C:\Users\aETAdzjz\AppData\Roaming\Apple Computer\Preferences\keychain.plist
		C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017071220170713\index.dat
		C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Crashpad\Web Data
		C:\Program Files\Uninstall Information\creditservice.exe
		C:\Program Files\Windows Media Player\eco ours inquire.exe
		C:\Program Files\Windows Mail\states.exe
		C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1

	MD5 hashes:
		9c83d56d9091f4c732fec07c5b9c6e1b
		d40863c1d11d96d51e09252558e09946
		d6a2c71a40e63dc747ed0d27a9aa7dc9
		7b37450b816d1c40c54c55ccfd836272
		95f991ef95f8bec7c12da41c87df434c
		dd6ec36560f1b7fc8d7f557492aed6f5
		6f497b5539bdb42d71f487b6e9463840
		8e2669458e841c79adafd99ecefc23a1
		0b86534256350fe3ad6b7bd7b4a56afe
		f097a3cdc0f194114bbcb75a3171bb48
		d8561fbf41fd5b4b07e12e8f799d2de4
		4f7d90f045ae07792fb8d76bce925854
		5746bd7e255dd6a8afa06f7c42c1ba41
		d41d8cd98f00b204e9800998ecf8427e
		9f17c4bd8f9843bb2971d5c687e65fb3

	SHA1 hashes:
		0f3c4ff28f354aede202d54e9d1c5529a3bf87d8
		d95e83ab66ba3b38e2dd379eee62ab4567a1765c
		d498b0e28dcb351e54ce7beb86051e02d193948c
		19f4375ac1aca340617d999e3fc1b10e5a3a7eb0
		c822d839ac10530e264f64dc0f6c1a6ca974e0d1
		da39a3ee5e6b4b0d3255bfef95601890afd80709
		9ba7b1c1fcab9e6865f23152c743968b37f4f48d
		f4a52b0eccaaebfeb65ee380be4c10c114d0fcfb
		6feacefeac1d825775168868072061dcc51c926d
		d90dbdca5f74cc7cb6cef0ae391ff18f992ce1cf
		f0a382e05cb9deb0f24f6503e26eba01e925aa34
		13b5ec8ed03757d30ccdb1130f792d8ed02ae83e
		c39b2866368f2c88c1865aa5577792bd2fb8bfe5
		1daa618b2dbe06ef1cc012fcaa192e07f8ba1955
		1a42f52d57b462b6ebd4184109f1ab8c607f56fe

	SHA256 hashes:
		df74b997137fec63589828cafa9df9bfe272b330ffb8743fa4db79096a0fdc34
		24a59c160127a2579c8873608c44da561c011958f7a6e811fd89778f4b7b4444
		db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386
		571939c7c2762e40e1db60316071765c91fb898b91180be7345dd19de7ace147
		749ba93c96a6629ee9fcab60b20ea0fc157aecbfefc56608f4853bd7428cb665
		c4f25636a1586d8aea1b11d0ca4825c2bdfcb6d6f0e85e909fc02c7a05a4e715
		93effaca5181bd6cc7aae18fa37135325307365bbc840e6a9eb07fa99f4bf943
		4110a2697e0ed0e8990847f3828f9b0e4078cff2e423500f69ea0e35228afb28
		8aee4d46b90f06e10635a7584d506d1dc1cd1b81adb6d7cca04a472af44881bd
		bcbea49e37a6979eef59bc44dd6f9a9f24229e14969007ab0426a3e272c66670
		cc4e6e42f73500c72d0d0820b4a3c131e2f8fce4d7d730eb8f9fc1b5cc3e882e
		394b0fc779cd10347c01329f1651f2152c002bd38bab4b464eb9e169649a6c8e
		5791474e355ce6542cc21cf1c3aba2959c6a17cd17bea543c2ff1f6f90f5d054
		ab8adc12f84134880ad134a59a16043b8a4e6498ece42fd7c03efec51367913f
		e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

	SSDEEP hashes:
		1536:zZzcXxKRAHiNCHwy4aEYqnouCHDkPDlrQoMPZG78tiUiTQhbNicJlsREr:Sx5iNCHX4a9qnvCjkPprQoMPU84UiTqp
		6144:nt+e1lhqM0IzvQsS+l5pOn3qKiTb+nJFo1C2eeHd8Vff4Ij+qwJ0IFP2CToGYLFk:tvlhYI/Sq5YRmbEJFo1seHif4I6lJrhF
		6144:59AZ0jbH3bYJfhShfyWkwh9kDBIL8bP2NuQjwUyYjDzFoS:XA+YJENyWe9IL8bPxUyZS
		3072:6EzPDY+DeCCTEeCnUETRZq2tC1tQowkpaR8dM9ZEeaQLnyiklTj2QJ4nHnjG6Bzj:6EzPDPKV8joHtck0UOZE7QLnyi4j2PHr
		384:i9RVRqs835W/N+qeNAfBPt8H1H8m4uFuqq/wXW2o4ojhv1NbxmWTLguNu:uRVNa0V+qeNMLalR4uFuqCwXW2HYJHx6
		24:7r5sIGjCL3ma23CaiZ/vLbR4CK+3yM1U4qOGWHvxyTk9v5h+6jO7tzdqYQJn8r:7r5shCP23o3RvKjlVekwa6Q+Yc8r
		3072:vLIDAjiSvUcA1ylbFnjViGBPybxK94pw0gCuifG+GAq/9JMe6:vTuSsk/exK942PAq716
		6144:NVl7yDR2iaGcsVXFBM6IT77aVebJWC1jIdDWCoCX9Sm:jdyDRwpmFq6ITSebJWwjIdDbNS
		6144:O9AZ0jbH3bYJfhShfyWkwh9kD8IL8bP2NuQjwUyYjDzFoS:aA+YJENyWeoIL8bPxUyZS
		3:q8CJGEIUEF7eSAMzr+WABEImBzEWVAZGXhRAJ1zKIC9iov:hCyUEZNiWSmBzNmeRAHCh
		3072:nWXd9i4h8PtwMuTVMrKN2TDXwk3Os2BDZU2+/:K8E8GMWMrKNMsbs2LD+/
		1536:afopauwyYQrGJslLKlMRlauAGzaiKNQEVhITZiKFp7EBjN9boXwk7d1/xkFVn/53:l7wOWsUmRlRzaiKNTUZiKFpVXD7piGbk
		6144:UQBm+kz6grRxMZ38cyUJEpKSg3PswF2K95wr8Br3qlJcnnVNpRr:UQBm+kz6g1xY8cyKnVNpRr
		3::
		3:HdXiQ+G27eLnOasNsS56otXRYFaBmXyB/AcbCAEN9vln:E1G1LOaseS56oXoZv9vln